CN113660219A - Hierarchical authorization management method based on micro-service management and control - Google Patents

Abstract

The invention discloses a hierarchical authorization management method based on micro-service management and control, which comprises a development platform, wherein the development platform comprises an identity authentication system, a user management system and a hierarchical authorization system, the identity authentication system comprises an aggregation authentication module, a user center authentication module, a short message authentication module and a local authentication module, the user management system comprises a personal data editing module and an account binding application module, and the hierarchical authorization system comprises a personnel management module, a role management module, an authorization management module and an organization architecture management module. Using an OAuth2.0+ SpringSecurity framework as a system application authorization and unified login mode, and abstracting a role concept by improving and expanding a RBAC model according to actual application, and endowing different authorities for different roles; adding the role concept of the organization mechanism and associating the organization structure with the role; and giving the new user certain roles or leading the user to be affiliated to a certain organizational structure node so that the new user has corresponding authority.

Description

Hierarchical authorization management method based on micro-service management and control

Technical Field

The invention belongs to the technical field of account authority management, and particularly relates to a hierarchical authorization management method based on micro-service management and control.

Background

Spring is an open source code design level framework, which solves the problem of loose coupling between a business logic layer and other layers, so that the interface-oriented programming idea is applied throughout the whole system. Spring is a lightweight Java development framework that arose in 2003 and was created by RodJohnson. Briefly, Spring is a layered JavaSE/EE full-stack (one-stop) lightweight open source framework.

The microservice management and control is Spring security, and can provide an declarative security access control solution security framework for Spring-based enterprise application systems. The method provides a set of beans which can be configured in Spring application context, fully utilizes Spring IoC, DI (control inversion of control, DI: dependent injection) and AOP (section-oriented programming) functions, provides an explicit security access control function for an application system, and reduces the work of writing a large amount of repeated codes for security control of an enterprise system.

With the operation and development of enterprise information systems, data sharing between the enterprise information systems and peripheral platforms is more and more intimate, and more enterprise information systems provide internal core data resources for third parties or internal cross-department system access, so that the data resources are conveniently developed together. Besides building core data resources, authentication and authorization during system access are also main components of a development technology platform, and a system needs to provide a platform for adding subsystem access based on a database configurable mode.

After the application systems of enterprises are gradually increased, each system independently manages respective user data and organizational structure data to easily form an information isolated island, a dispersed user management mode hinders the evolution of enterprise applications to a platform, when the internet business of the enterprises develops to a certain scale, a unified standardized account management system is indispensable to be constructed, because the system is an important infrastructure of the internet platform of the enterprises, the system can bring unified basic capabilities of user management, user authorization and the like to the platform, the system-crossing single sign-on, user management, user hierarchical authorization and the like to the enterprises, necessary conditions are provided for constructing an open platform and business ecology, the current enterprises just lack the capability of constructing the unified standardized account management system and the basic capabilities of bringing unified user management, user authorization and the like to the platform, basic capabilities such as cross-system single sign-on, user management, user hierarchical authorization and the like are not brought to enterprises, so that the enterprises cannot construct a uniform standardized account management system, and the space and benefit of enterprise development are greatly influenced. Therefore, a hierarchical authorization management method based on micro-service management and control is provided.

Disclosure of Invention

The invention aims to provide a hierarchical authorization management method based on microservice management and control, which aims to solve the problems that the current enterprise provided in the background technology just lacks the capability of constructing a unified standardized account management system, lacks the basic capability of bringing unified user management, user authorization and the like for a platform, lacks the basic capability of bringing cross-system single sign-on, user management, user hierarchical authorization and the like for the enterprise, causes the enterprise to be incapable of constructing the unified standardized account management system, and greatly influences the space and benefit of enterprise development, and utilizes the following processes to solve the problems that: entering a grading manager of a top-level department designated by a system manager in a grading manner; setting an authorized role set of a top-level department; forming a department grading manager; authorizing a department or a person; completing the authorization of the department or the personnel; if there is a sub-department under the authorized department, designating a sub-department hierarchical manager; setting authorized role levels of sub-departments, and repeatedly forming a department level manager step until the process is finished, wherein the OAuth2.0+ spring security framework is used as a system application authorization and unified login mode, and the role concept is abstracted by improving and expanding the RBAC model according to actual application, and different authorities are given to different roles; adding the role concept of the organization mechanism and associating the organization structure with the role; when the right needs to be distributed to a new user, the new user is given certain roles or is affiliated to a certain organizational structure node, so that the new user has corresponding right.

In order to achieve the purpose, the invention provides the following technical scheme: the hierarchical authorization management method based on micro-service management and control comprises a development platform, wherein the development platform comprises an identity authentication system, a user management system and a hierarchical authorization system, the identity authentication system comprises an aggregation authentication module, a user center authentication module, a short message authentication module and a local authentication module, the user management system comprises a personal data editing module and an account binding application module, the hierarchical authorization system comprises a personnel management module, a role management module, an authorization management module and an organization framework management module, and the personnel management module comprises a user data synchronization unit, an account binding verification unit and a copying/moving unit.

Furthermore, the identity authentication system is used for verifying the legality of the logged-in user, and the user can be authenticated and logged in the system through various optional modes of aggregation authentication (third party logging in such as qq, WeChat and the like), user center authentication, short message authentication and local authentication.

Furthermore, the user management system means that the user is a system operator and completes system user configuration, and the user management module means that the user is a system operator and comprises a personal data editing and account binding application function for maintaining user data.

Further, the organizational structure management module displays an organizational structure tree structure and grants role information in organizational management, and the development platform is a platform based on OAuth2.0+ SpringSecurity framework hierarchical authorization application.

Further, the personnel management module is data of a user which is not created in the system, and after the personnel management module is associated with the user, the personnel management module logs in the system through the bound user and acquires the role of the organization where the personnel is located.

Furthermore, the role management module comprises authority distribution and role setting for dividing data range authorities according to mechanisms.

Furthermore, the authorization management module is used for authorizing users under an organization in a centralized manner, and the hierarchical authorization system is used for maintaining and configuring the relationship among the users, the personnel, the organization and the roles.

The management method of the hierarchical authorization management system based on micro-service management and control specifically comprises the following process steps:

step 101: entering a grading manager of a top-level department designated by a system manager in a grading manner;

step 102: setting an authorized role set of a top-level department;

step 103: forming a department grading manager;

step 104: authorizing a department or a person;

step 105: completing the authorization of the department or the personnel;

step 106: if there is a sub-department under the authorized department, designating a sub-department hierarchical manager;

step 107: and setting the authorized role level of the sub-department, and repeating the step 103 until the process is finished.

Compared with the prior art, the invention has the beneficial effects that:

1. entering a grading manager of a top-level department designated by a system manager in a grading manner; setting an authorized role set of a top-level department; forming a department grading manager; authorizing a department or a person; completing the authorization of the department or the personnel; if there is a sub-department under the authorized department, designating a sub-department hierarchical manager; setting up authorized role grade of sub-department, repeating the steps of forming department grade manager to end the process.

2. Using an OAuth2.0+ SpringSecurity framework as a system application authorization and unified login mode, and abstracting a role concept by improving and expanding a RBAC model according to actual application, and endowing different authorities for different roles; adding the role concept of the organization mechanism and associating the organization structure with the role; when the right needs to be distributed to a new user, the new user is given certain roles or is affiliated to a certain organizational structure node, so that the new user has corresponding right.

Drawings

Fig. 1 is a functional module diagram of a hierarchical authorization management method based on micro-service management and control according to the present invention.

Fig. 2 is a schematic view of a hierarchical authorization flow of the hierarchical authorization management method based on micro-service management and control according to the present invention.

Detailed Description

In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further described with the specific embodiments.

In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention.

In the description of the present invention, it should be noted that unless otherwise explicitly stated or limited, the terms "mounted," "connected," and "disposed" are to be construed broadly, e.g., as meaning fixedly connected, disposed, detachably connected, disposed, or integrally connected and disposed; the type of the electrical appliance provided by the invention is only used for reference. For those skilled in the art, different types of electrical appliances with the same function can be replaced according to actual use conditions, and for those skilled in the art, the specific meaning of the above terms in the present invention can be understood in specific situations.

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Example 1

As shown in fig. 1-2, the hierarchical authorization management system based on micro-service management and control includes a development platform, where the development platform includes an identity authentication system, a user management system, and a hierarchical authorization system, the identity authentication system includes an aggregation authentication module, a user center authentication module, a short message authentication module, and a local authentication module, the user management system includes a personal data editing module and an account binding application module, the hierarchical authorization system includes a personnel management module, a role management module, an authorization management module, and an organization framework management module, and the personnel management module includes a user data synchronization unit, an account binding audit unit, and a copy/move unit.

The identity authentication system is used for verifying the legality of a login user, and the user can be authenticated and logged in the system through aggregation authentication (third party login such as qq, WeChat and the like) and user center authentication.

The user management module is a system operator and comprises a personal data editing function for maintaining user data.

The organization structure management module displays an organization tree structure and grants role information in organization management, and the development platform is a platform based on OAuth2.0+ SpringSecurity framework hierarchical authorization application.

The personnel management module is used for creating data of a user in the system, and after being associated with the user, the personnel management module logs in the system through the bound user and acquires the role of the organization where the personnel are located.

The role management module comprises authority distribution and role setting for dividing data range authorities according to mechanisms.

The authorization management module is used for centrally authorizing users under an organization, and the hierarchical authorization system is used for maintaining and configuring the relationship among the users, personnel, the organization and roles.

The management method of the hierarchical authorization management system based on micro-service management and control specifically comprises the following process steps:

step 101: entry into the hierarchy administrator for the top level department is specified by the system administrator.

Step 102: setting an authorized role set of a top-level department;

step 103: forming a department grading manager;

step 104: authorizing departments;

step 105: completing the authorization of the department;

step 106: if there is a sub-department under the authorized department, designating a sub-department hierarchical manager;

step 107: and setting the authorized role level of the sub-department, and repeating the step 103 until the process is finished.

Example 2

As shown in fig. 1-2, the hierarchical authorization management system based on micro-service management and control includes a development platform, where the development platform includes an identity authentication system, a user management system, and a hierarchical authorization system, the identity authentication system includes an aggregation authentication module, a user center authentication module, a short message authentication module, and a local authentication module, the user management system includes a personal data editing module and an account binding application module, the hierarchical authorization system includes a personnel management module, a role management module, an authorization management module, and an organization framework management module, and the personnel management module includes a user data synchronization unit, an account binding audit unit, and a copy/move unit.

The identity authentication system is used for verifying the legality of a login user, and the user can log in the system through short message authentication and local authentication.

The user management module is used for maintaining user data, and comprises a personal data editing and account binding application function.

The organization structure management module displays an organization tree structure and grants role information in organization management, and the development platform is a platform based on OAuth2.0+ SpringSecurity framework hierarchical authorization application.

The personnel management module is used for creating data of a user in the system, and after being associated with the user, the personnel management module logs in the system through the bound user and acquires the role of the organization where the personnel are located.

The role management module comprises authority distribution and role setting for dividing data range authorities according to mechanisms.

The authorization management module is used for centrally authorizing users under an organization, and the hierarchical authorization system is used for maintaining and configuring the relationship among the users, personnel, the organization and roles.

The management method of the hierarchical authorization management system based on micro-service management and control specifically comprises the following process steps:

step 101: entry into the hierarchy administrator for the top level department is specified by the system administrator.

Step 102: setting an authorized role set of a top-level department;

step 103: forming a department grading manager;

step 104: authorizing the person;

step 105: completing personnel authorization;

step 106: if the personnel have the same type of authority under the authority of the personnel, setting a hierarchical manager;

step 107: and setting authorized role levels of the same type of authorized personnel, and repeating the step 103 until the process is finished.

Example 3

As shown in fig. 1-2, the hierarchical authorization management system based on micro-service management and control includes a development platform, where the development platform includes an identity authentication system, a user management system, and a hierarchical authorization system, the identity authentication system includes an aggregation authentication module, a user center authentication module, a short message authentication module, and a local authentication module, the user management system includes a personal data editing module and an account binding application module, the hierarchical authorization system includes a personnel management module, a role management module, an authorization management module, and an organization framework management module, and the personnel management module includes a user data synchronization unit, an account binding audit unit, and a copy/move unit.

The identity authentication system is used for verifying the legality of a login user, and the user can be authenticated and logged in the system through aggregation authentication (third party login such as qq, WeChat and the like) and short message authentication.

The user management module is used for maintaining user data, and comprises a personal data editing and account binding application function.

The organization structure management module displays an organization tree structure and grants role information in organization management, and the development platform is a platform based on OAuth2.0+ SpringSecurity framework hierarchical authorization application.

The personnel management module is used for creating data of a user in the system, and after being associated with the user, the personnel management module logs in the system through the bound user and acquires the role of the organization where the personnel are located.

The role management module comprises authority distribution and role setting for dividing data range authorities according to mechanisms.

The authorization management module is used for centrally authorizing users under an organization, and the hierarchical authorization system is used for maintaining and configuring the relationship among the users, personnel, the organization and roles.

The management method of the hierarchical authorization management system based on micro-service management and control specifically comprises the following process steps:

step 101: initializing a system administrator, and designating a hierarchical administrator of a top-level department;

step 102: maintaining an authorized role set of a top level department;

step 103: forming a department grading manager;

step 104: authorising departments and personnel;

step 105: completing the authorization of the department and the personnel;

step 106: assigning a sub-department hierarchical manager;

step 107: the maintenance sub-department can authorize the role level; the step 103 is repeated until the process ends.

Example 4

As shown in fig. 1-2, the hierarchical authorization management system based on micro-service management and control includes a development platform, where the development platform includes an identity authentication system, a user management system, and a hierarchical authorization system, the identity authentication system includes an aggregation authentication module, a user center authentication module, a short message authentication module, and a local authentication module, the user management system includes a personal data editing module and an account binding application module, the hierarchical authorization system includes a personnel management module, a role management module, an authorization management module, and an organization framework management module, and the personnel management module includes a user data synchronization unit, an account binding audit unit, and a copy/move unit.

The identity authentication system is used for verifying the legality of a login user, and the user can log in the system through authentication of a user center and authentication of the local authentication.

The user management module is used for maintaining user data, and comprises a personal data editing and account binding application function.

The organization structure management module displays an organization tree structure and grants role information in organization management, and the development platform is a platform based on OAuth2.0+ SpringSecurity framework hierarchical authorization application.

The personnel management module is used for creating data of a user in the system, and after being associated with the user, the personnel management module logs in the system through the bound user and acquires the role of the organization where the personnel are located.

The role management module comprises authority distribution and role setting for dividing data range authorities according to mechanisms.

The authorization management module is used for centrally authorizing users under an organization, and the hierarchical authorization system is used for maintaining and configuring the relationship among the users, personnel, the organization and roles.

The management method of the hierarchical authorization management system based on micro-service management and control specifically comprises the following process steps:

step 101: initializing a system administrator, and entering a hierarchical administrator of a top-level department designated by the system administrator in a hierarchical manner;

step 102: an authorized role set of the top protection level department;

step 103: forming a department grading manager;

step 104: authorizing departments;

step 105: authorization of departments is completed;

step 106: if there is a sub-department under the authorized department, designating a sub-department hierarchical manager;

step 107: and setting the authorized role level of the sub-department, and repeating the step 103 until the process is finished.

The working principle and the using process of the invention are as follows: entering a grading manager of a top-level department designated by a system manager in a grading manner; setting an authorized role set of a top-level department; forming a department grading manager; authorizing a department or a person; completing the authorization of the department or the personnel; if there is a sub-department under the authorized department, designating a sub-department hierarchical manager; the identity authentication module is used for verifying the legality of a login user, and the user can be authenticated and logged in the system in various optional modes of aggregation authentication (third party login such as qq, WeChat and the like), user center authentication, short message authentication and local authentication; the user management module is a system operator, and the functions mainly comprise a personal data editing function and an account binding application function and are used for maintaining user data; the hierarchical authorization module is used for maintaining and configuring the relationship among users, personnel, organizations and roles; setting authorized role levels of sub-departments, and repeating the steps of forming department level managers until the process is finished; using an OAuth2.0+ SpringSecurity framework as a system application authorization and unified login mode, and abstracting a role concept by improving and expanding a RBAC model according to actual application, and endowing different authorities for different roles; adding the role concept of the organization mechanism and associating the organization structure with the role; when the right needs to be distributed to a new user, the new user is given certain roles or is affiliated to a certain organizational structure node, so that the new user has corresponding right.

Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (8)

1. The hierarchical authorization management system based on micro-service management and control comprises a development platform and is characterized in that the development platform comprises an identity authentication system, a user management system and a hierarchical authorization system, the identity authentication system comprises an aggregation authentication module, a user center authentication module, a short message authentication module and a local authentication module, the user management system comprises a personal data editing module and an account binding application module, the hierarchical authorization system comprises a personnel management module, a role management module, an authorization management module and an organization framework management module, and the personnel management module comprises a user data synchronization unit, an account binding audit unit and a copying/moving unit.

2. The micro-service regulation-based hierarchical authorization management system according to claim 1, characterized in that: the identity authentication system is used for verifying the legality of a login user, and the user can be authenticated and logged in the system through various optional modes such as aggregation authentication (third party login such as qq, WeChat and the like), user center authentication, short message authentication and local authentication.

3. The micro-service regulation-based hierarchical authorization management system according to claim 1, characterized in that: the user management module is used for maintaining user data, and comprises functions of personal data editing and account binding application.

4. The micro-service regulation-based hierarchical authorization management system according to claim 1, characterized in that: the organization structure management module displays an organization tree structure and grants role information in organization management, and the development platform is a platform based on OAuth2.0+ SpringSecurity framework hierarchical authorization application.

5. The micro-service regulation-based hierarchical authorization management system according to claim 1, characterized in that: the personnel management module is data of a user which is not created in the system, and after the personnel management module is associated with the user, the personnel management module logs in the system through the bound user and acquires the role of the organization where the personnel is located.

6. The micro-service regulation-based hierarchical authorization management system according to claim 1, characterized in that: the role management module comprises authority distribution and role setting to divide data range authority according to mechanisms.

7. The micro-service regulation-based hierarchical authorization management system according to claim 1, characterized in that: the authorization management module is used for authorizing users under organizations in a centralized manner, and the hierarchical authorization system is used for maintaining and configuring the relationship among the users, personnel, organizations and roles.

8. The management method of the hierarchical authorization management system based on microservice management and control according to claims 1-7, characterized in that: the method specifically comprises the following steps:

step 101: entering a grading manager of a top-level department designated by a system manager in a grading manner;

step 102: setting an authorized role set of a top-level department;

step 103: forming a department grading manager;

step 104: authorizing a department or a person;

step 105: completing the authorization of the department or the personnel;

step 106: if there is a sub-department under the authorized department, designating a sub-department hierarchical manager;

step 107: and setting the authorized role level of the sub-department, and repeating the step 103 until the process is finished.

Images