CN113901408A - Account management method and related device - Google Patents
Account management method and related device Download PDFInfo
- Publication number
- CN113901408A CN113901408A CN202111165129.4A CN202111165129A CN113901408A CN 113901408 A CN113901408 A CN 113901408A CN 202111165129 A CN202111165129 A CN 202111165129A CN 113901408 A CN113901408 A CN 113901408A
- Authority
- CN
- China
- Prior art keywords
- target
- user
- role
- service system
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application is suitable for the technical field of account management, provides an account management method and a related device, and aims to reduce the research and development time investment of research and development personnel on account authority functions in a business system on the premise of realizing the account authority functions, so that the business system is lighter. When the account management method is applied to the account management system, the account management method mainly comprises the following steps: receiving an authentication request, wherein the authentication request comprises a target user identifier, a target service system identifier and a request target authority; determining a target user according to the target user identification, and determining a target service system according to the target service system identification; inquiring the role authority of a target role of a target user in a target service system; judging whether the role authority of the target role comprises a request target authority or not; if the role authority of the target role comprises the requested target authority, the authentication is fed back to the target service system to be passed; and if the role authority of the target role does not comprise the requested target authority, feeding back that the authentication is not passed to the target service system.
Description
Technical Field
The application belongs to the technical field of account management, and particularly relates to an account management method and a related device.
Background
With the popularization and development of the internet, enterprises in various industries in the society develop online business systems, such as OA office systems, CRM management systems, ERP management systems, and the like. Each business system has the storage and management of initialized data such as administrative divisions, postal codes and the like, wherein the most indispensable is the user account, the user role and the role authority corresponding to the user role. In the prior art, each business system needs to be designed, developed and configured with one set of account authority function independently, and when a certain enterprise needs multiple sets of business systems, multiple sets of account authority functions need to be configured synchronously.
However, the technical scheme and the implementation process of each set of account number authority function are different, so that repeated partial coding programs for implementing the account number authority function appear among a plurality of sets of service systems, and the implementation of the account number authority function in reality has no strong correlation with the service logic of the specific implementation of the service systems.
Therefore, in the prior art, a plurality of sets of service systems respectively have similar account number permission functions, which causes overstaffed of the service systems and repeated investment of the account number permission functions in the service systems corresponding to research and development time.
Disclosure of Invention
The application aims to provide an account management method and a related device, aiming at reducing the research and development time investment of research and development personnel on account authority functions in a business system on the premise of realizing the account authority functions, so that the business system is lighter.
A first aspect of the present application provides an account management method applied to an account management system, including:
receiving an authentication request, wherein the authentication request comprises a target user identifier, a target service system identifier and a request target authority;
determining a target user according to the target user identification, and determining a target service system according to the target service system identification;
inquiring the role authority of the target role of the target user in the target service system;
judging whether the role authority of the target role comprises the request target authority;
if the role authority of the target role comprises the requested target authority, the authentication is fed back to the target service system to be passed;
and if the role authority of the target role does not comprise the requested target authority, feeding back that the authentication is not passed to the target service system.
Optionally, before receiving the authentication request, the method further includes:
receiving system registration requests of X service systems, wherein each system registration request comprises a user, a user role and a role authority corresponding to the user role, and X is a positive integer greater than 0;
configuring a unique service system identifier for each service system;
creating one or more user roles for each service system, and configuring corresponding role authorities for the user roles;
configuring a unique user identifier for the user;
associating the corresponding one or more user roles for the user identification;
storing the service system identification, the user role and the role authority corresponding to the user role of the same service system in an associated manner;
and feeding back registration success information to a target service system, wherein the registration success information comprises a target service system identifier and a target user identifier, and the target service system is one of the X service systems.
Optionally, after the service system identifier, the user role, and the role authority corresponding to the user role of the same service system are stored in association, and before the authentication request is received, the method further includes:
users binding the same communication number in different service systems are regarded as the same user account;
and configuring a unique unified user identification for the same user account.
Optionally, after configuring a unique unified user identifier for the same user account and before receiving an authentication request, the method further includes:
recording the service system identification, the user role and the role authority corresponding to the user role corresponding to each service system by the unified user identification association to obtain a user account data table;
the inquiring of the role authority of the target user in the target role of the target service system comprises:
and inquiring the role authority of the target user in the target role of the target service system through the user account data table.
Optionally, before receiving the authentication request, the method further includes:
receiving a registration request of a first user, wherein the registration request comprises a target registration service system and a target registration user role, the target registration service system is a service system which has been successfully registered, and the target registration user role is one or more user roles in the target registration service system;
configuring a unique first user identification for the first user;
associating the target registered user role corresponding to the target registered service system for the first user identifier;
storing the service system identification of the target registered service system, the first user identification, the target registered user role and the role authority corresponding to the target registered user role in an associated manner;
and feeding back registration success information to a target registration service system, wherein the registration success information comprises a service system identifier of the target registration service system and the first user identifier.
A second aspect of the present application provides an account management method, applied to a target service system, including:
receiving an operation request of a target user for executing target operation;
forming an authentication request according to the operation request, wherein the authentication request comprises a target service system identifier, a target user identifier and a request target authority;
sending the authentication request to an account management system so that the account management system inquires whether the role authority of the target role of the target user in the target service system represented by the target service system identifier comprises the requested target authority or not according to the target user identifier;
if receiving that the feedback authentication of the account management system is passed, allowing the target user to execute the target operation;
and if the received feedback authentication of the account management system is not passed, prohibiting the target user from executing the target operation.
Optionally, before receiving an operation request for a target user to perform a target operation, the method further includes:
sending system registration requests to the account management system, wherein each system registration request comprises a user, a user role and a role authority corresponding to the user role, so that the account management system completes registration according to the registration request and returns registration success information;
and receiving the registration success information fed back by the account management system, wherein the registration success information comprises a service system identifier and a target user identifier.
A third aspect of the present application provides an account management apparatus, which is applied to an account management system, and includes:
a receiving unit, configured to receive an authentication request, where the authentication request includes a target service system identifier, a target user identifier, and a request target permission;
a determining unit, configured to determine a target user according to the target user identifier, and determine a target service system according to the target service system identifier;
the query unit is used for querying the role authority of the target user in the target role of the target service system;
the judging unit is used for judging whether the role authority of the target role comprises the request target authority;
a feedback unit, configured to feed back, to the target service system, that the authentication is passed if the role permission of the target role includes the requested target permission;
and the feedback unit is further used for feeding back that the authentication is not passed to the target service system if the role authority of the target role does not include the requested target authority.
Optionally, the apparatus further comprises:
the system comprises a receiving unit and a processing unit, wherein the receiving unit is further used for receiving system registration requests of X service systems, each system registration request comprises a user, a user role and a role authority corresponding to the user role, and X is a positive integer larger than 0;
the configuration unit is used for configuring a unique service system identifier for each service system;
a creating unit, configured to create one or more user roles for each service system, and configure corresponding role permissions for the user roles;
the configuration unit is also used for configuring a unique user identifier for the user;
the association unit is used for associating one or more corresponding user roles for the user identification;
the storage unit is used for storing the service system identification, the user role and the role authority corresponding to the user role of the same service system in an associated manner;
and the feedback unit is further used for feeding back registration success information to the target service system, wherein the registration success information comprises a target service system identifier and a target user identifier, and the target service system is one of the X service systems.
Optionally, the apparatus further comprises:
the service system is used for binding users with the same communication number in different service systems as the same user account;
and the configuration unit is also used for configuring a unique unified user identifier for the same user account.
Optionally, the apparatus further comprises:
the recording unit is used for recording the service system identification, the user role and the role authority corresponding to the user role corresponding to each service system by the unified user identification association to obtain a user account data table;
when the querying unit queries the role right of the target role of the target user in the target service system, the querying unit is specifically configured to:
and inquiring the role authority of the target user in the target role of the target service system through the user account data table.
Optionally, the apparatus further comprises:
the system comprises a receiving unit and a registering unit, wherein the receiving unit is further used for receiving a registering request of a first user, the registering request comprises a target registering service system and a target registering user role, the target registering service system is a service system which is successfully registered, and the target registering user role is one or more user roles in the target registering service system;
the configuration unit is further used for configuring a unique first user identifier for the first user;
the association unit is further used for associating the target registered user role corresponding to the target registered service system for the first user identifier;
the storage unit is further configured to store a service system identifier of the target registered service system, the first user identifier, the target registered user role, and a role authority corresponding to the target registered user role in an associated manner;
and the feedback unit is further configured to feed back registration success information to the target registration service system, where the registration success information includes a service system identifier of the target registration service system and the first user identifier.
A fourth aspect of the present application provides an account management apparatus, which is applied to a target service system, and includes:
a receiving unit, configured to receive an operation request for a target user to perform a target operation;
a forming unit, configured to form an authentication request according to the operation request, where the authentication request includes a target service system identifier, a target user identifier, and a request target permission;
a sending unit, configured to send the authentication request to an account management system, so that the account management system queries, according to a target user identifier, whether a role permission of a target role in a target service system represented by the target service system identifier of the target user includes the requested target permission;
the allowing unit is used for allowing the target user to execute the target operation if the received feedback authentication of the account management system is passed;
and the forbidding unit is used for forbidding the target user to execute the target operation if the received feedback authentication of the account management system is not passed.
Optionally, the apparatus further comprises:
the sending unit is further configured to send system registration requests to the account management system, where each system registration request includes a user, a user role, and a role authority corresponding to the user role, so that the account management system completes registration according to the registration request and returns registration success information;
and the receiving unit is further configured to receive the registration success information fed back by the account management system, where the registration success information includes a service system identifier and a target user identifier.
A fifth aspect of the present application provides a computer device comprising:
the system comprises a processor, a memory, a bus, an input/output interface and a wireless network interface;
the processor is connected with the memory, the input/output interface and the wireless network interface through a bus;
the memory stores a program;
the processor, when executing the program stored in the memory, implements the account management method according to any one of the first and/or second aspects.
A sixth aspect of the present application provides a computer-readable storage medium having instructions stored therein, which when executed on a computer, cause the computer to perform the account management method according to any one of the first and/or second aspects.
A seventh aspect of the present application provides a computer program product, which when executed on a computer, causes the computer to execute the account management method according to any one of the first and/or second aspects.
According to the technical scheme, the embodiment of the application has the following advantages:
the account management system of the embodiment of the application uniformly performs the account authority authentication service for each service system, each service system does not need to independently configure an account authority function, the service system gives the target operation of the user to the account management system for authentication, and whether the user is allowed to execute the target operation is determined according to the conclusion that whether the target operation is authenticated or not fed back by the account management system. Therefore, on the premise that the account management method of the embodiment of the application realizes management of the account authority function, research and development time investment of research and development personnel on the account authority function in the service system is reduced, and the service system is lighter.
Drawings
Fig. 1 is a schematic flowchart of an embodiment in which the account management method of the present application is applied to an account management system;
fig. 2 is a schematic flowchart of an embodiment in which the account management method of the present application is applied to a target service system;
fig. 3 is a schematic view illustrating interaction of a flow of an embodiment in which the account management method of the present application is applied to an account management system and a target service system;
fig. 4 is a schematic structural diagram of an embodiment in which an account management apparatus is applied to an account management system according to the present application;
fig. 5 is a schematic structural diagram of an embodiment in which the account management apparatus of the present application is applied to a target business system;
FIG. 6 is a schematic structural diagram of an embodiment of a computer device according to the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
It will be understood that when an element is referred to as being "secured to" or "disposed on" another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected to" another element, it can be directly connected to the other element or intervening elements may also be present.
It should be noted that the terms of orientation such as left, right, up, down, etc. in the present embodiment are only relative concepts or reference to the normal use state of the product, and should not be considered as limiting.
The account management method is based on a new hardware architecture, the hardware architecture at least comprises an account management server where an account management system is located and one or more business servers where business systems are located, the account management server and the business servers are connected through the internet, and the connection mode of the internet can be a wired network or a wireless network. It should be noted that, in some special cases, the account management server and the service server may be two server modules implementing different functions in the same large server. The account management system or the service system in the embodiment of the application can be implemented by using a MySQL relational database, can use JAVA as a development language, and adopts a micro-service architecture.
Referring to fig. 1, an embodiment of an account management system to which the account management method of the present application is applied includes:
101. and receiving an authentication request, wherein the authentication request comprises a target user identifier, a target service system identifier and a request target authority.
The account management system of the embodiment of the application is used for uniformly managing account registration and authentication of all service systems and is used for realizing the account permission function. In this step, an authentication service may be provided for the target service system, and an authentication request sent by the target service system is received, where the authentication request includes a target user identifier, a target service system identifier, and a request target permission. The target service system is one of the plurality of service systems in the embodiment of the present application, and the target service system is a service system that has completed registration in the account management system, that is, the account management system stores resources required by all authentication services of the target service system.
102. And determining a target user according to the target user identification, and determining a target service system according to the target service system identification.
Because the account management system stores all resources required by the authentication service of the target service system, the step can determine the target user according to the target user identifier in the step 101, determine the target service system according to the target service system identifier, and further determine that the target user applies for the related authority authentication of the target service system.
103. And inquiring the role authority of the target user in the target role of the target service system.
The role authority refers to the authority of editing operations such as deletion, modification, addition and the like of objects such as certain functions or files and the like. The target role of this step may be one or more user roles associated with the target user, e.g., the target role may be one or more of an ordinary user, an administrator, a system administrator, etc.
104. Judging whether the role authority of the target role comprises a request target authority, if the role authority of the target role comprises the request target authority, executing the step 105; if the role authority of the target role does not include the request target authority, step 106 is executed.
This step further determines whether the target role of the target user in step 103 contains the requested target permission, so as to determine whether the target user is authorized.
105. And feeding back the passing of the authentication to the target service system.
When step 104 determines that the target role of the target user contains the requested target authority, the target user is given an authentication pass.
106. And feeding back that the authentication is not passed to the target service system.
When step 104 determines that the target role of the target user does not contain the requested target authority, the target user is not authenticated.
Therefore, on the premise that the account management method of the embodiment of the application realizes management of the account authority function, research and development time investment of research and development personnel on the account authority function in the service system is reduced, and the service system is lighter.
Referring to fig. 2, an embodiment of an account management method applied to a target service system includes:
201. and receiving an operation request of a target user for executing the target operation.
The target business system is used as a business system in the embodiment of the application, and the target business system does not need to be independently configured with an account number authority function, so that the target business system is lighter. In order to implement the account authorization function in the target service system, the target operation of the target user needs to be authenticated through communication between the target service system and the account management system. In this step, the target service system receives an operation request for a target user to execute a target operation, the target service system in this step is one of the service systems which have already been registered in the account management system, the target user is a user of the target service system, and the target operation includes editing operations such as deletion, modification, addition and the like on objects such as certain functions or files.
202. And forming an authentication request according to the operation request, wherein the authentication request comprises a target service system identifier, a target user identifier and a request target authority.
Since the target service system does not have the function of independent authentication, the operation request in step 201 is packaged to form an authentication request, and the authentication request at least comprises a target service system identifier, a target user identifier and a request target authority.
203. And sending an authentication request to an account management system so that the account management system inquires whether the role authority of the target role in the target service system represented by the target service system identifier of the target user comprises a request target authority or not according to the target user identifier.
The target service system forms an authentication request in step 202 according to the operation request and sends the authentication request to the account management system, and the account management system executes the processes from step 101 to step 106 in the embodiment of fig. 1, and the account management system completes the authentication process of the target operation of the target user and directly feeds back the authentication result to the target service system, so that the target service system determines whether to allow the target user to execute the target operation according to the authentication result.
204. And if the received feedback authentication of the account management system is passed, allowing the target user to execute the target operation.
205. And if the received feedback authentication of the account management system is passed, allowing the target user to execute the target operation.
Therefore, when the account management method is applied to a business system, only communication cooperation between the business system and the account management system is needed, the authentication function of the target operation behavior of a target user can be realized, and meanwhile, the research and development time investment of research and development personnel on the account authority function in the business system is reduced, so that the business system is lighter, the communication process and the test verification process of the account authority function of the business system are avoided, the delivery efficiency and the quality of the business system are improved to a certain extent, the business system and the account authority function are decoupled in coding, the account management system realizing the account authority function can be reused, and the research and development code quality of the business system is improved.
Referring to fig. 3, the account management method of the present application is applied to an interactive embodiment of an account management system and a target service system, and includes:
301. and the target service system sends a system registration request to the account management system, wherein the system registration request comprises a user, a user role and a role authority corresponding to the user role.
Firstly, the target service system needs to register with the account management system, so that the account management system can obtain all resources required by the authentication process of the target service system, that is, the account management system at least needs to know all users, all user roles, and the role authorities corresponding to the user roles and other related data included in the target service system, so as to realize the authentication function in the subsequent steps.
302. The account management system configures a unique service system identifier for each service system; the account management system creates one or more user roles for each business system.
It can be understood that, in order to accurately distinguish each business system, the account management system manages a large number of multi-business systems, and in this step, each business system is configured with a unique business system identifier at the time of registration, and according to the requirement of each business system, one or more user roles are created for the business systems, for example, the user roles include a common user, an administrator, a system administrator, and the like.
303. The account management system receives a registration request of a user, wherein the registration request comprises a target registration service system and a target registered user role.
It can be understood that, the account management system of the embodiment of the present application may also directly receive a registration request from a user, where the registration request includes at least a target registration service system and a target registered user role, the target registration service system should be one of service systems that have completed registration in the account management system, and the target registered user role should be one or more user roles in the target service registration system. For example, this step may receive a registration request of a first user, where the registration request includes a target registration service system and a target registration user role, where the target registration service system is a service system that has been successfully registered, and the target registration user role is one or more user roles in the target registration service system.
304. The account management system configures a unique user identifier for a user; and identifying one or more user roles corresponding to the associated service system for the user.
It can be understood that, in order to accurately identify each user in each service system, the account management system needs to configure a unique user identifier for the user, and associate one or more user roles corresponding to the service system for the user identifier (i.e., representing the user) according to the registration requirement of the target service system in step 301 or the registration requirement of the first user in step 303, that is, bind the role authority corresponding to the user role for the user.
305. And the account management system stores the service system identification, the user role and the role authority corresponding to the user role of the same service system in an associated manner.
And the association storage is carried out so that the associated service system identification, the user role and the role authority corresponding to the user role can be found more easily in the subsequent steps, and the rapid implementation of the authentication process is facilitated.
306. And the account management system feeds back registration success information to the target service system, wherein the registration success information comprises a target service system identifier and a target user identifier.
The account management system feeds back registration success information of the target service system successfully registered at the account management system, wherein the registration success information at least comprises a target service system identifier and a target user identifier, so that the target service system carries the target service system identifier and the corresponding target user identifier when requesting the account management system to authenticate.
307. The account management system regards users bound with the same communication number in different service systems as the same user account.
Further, when the account management system recognizes that a plurality of users in different service systems are all bound to the same communication number, the plurality of users in the different service systems can be considered as the same user account. For example, the communication number is a mobile phone number.
308. The account management system configures unique uniform user identification for the same user account.
It will be appreciated that in order to accurately identify the relevant users who are considered to be the same user account in step 307, the account management system additionally configures these relevant users with one more identical unique unified user identity.
309. The account management system records the service system identification, the user role and the role authority corresponding to the user role corresponding to each service system by associating the unified user identification to obtain a user account data table.
310. And the target business system receives an operation request of a target user for executing target operation.
The execution of this step is similar to the execution operation of step 201 in the embodiment of fig. 2, and repeated descriptions are omitted here.
311. And the target service system forms an authentication request according to the operation request, wherein the authentication request comprises a target service system identifier, a target user identifier and a request target authority.
The execution of this step is similar to the execution of step 202 in the embodiment of fig. 2, and repeated descriptions are omitted here.
312. The target service system sends an authentication request to the account management system, wherein the authentication request comprises a target user identifier, a target service system identifier and a request target authority.
The execution of this step is similar to the execution operation of step 203 in the embodiment of fig. 2, and repeated descriptions are omitted here.
313. And the account management system determines a target user according to the target user identification, and determines a target service system according to the target service system identification.
The execution of this step is similar to the execution operation of step 202 in the embodiment of fig. 1, and repeated descriptions are omitted here.
314. And the account management system inquires the role authority of the target role of the target user in the target service system through the user account data table.
The execution of this step is similar to the execution operation of step 103 in the embodiment of fig. 1, and repeated descriptions are omitted here.
It should be noted that in this step, which role permissions of the target user in the target role of the target service system are all found through the user account data table formed in step 309 may be queried, which is more convenient and faster.
315. The account management system judges whether the role authority of the target role comprises a request target authority.
The execution of this step is similar to the execution operation of step 104 in the embodiment of fig. 1, and repeated descriptions are omitted here.
316. And the account management system feeds back the passing or failing of the authentication to the target service system.
The execution of this step is similar to the execution operation of step 105 or step 106 in the embodiment of fig. 1, and repeated descriptions are omitted here.
317. The target service system allows or prohibits the target user to execute the target operation.
The execution of this step is similar to the execution operation of step 204 or step 205 in the embodiment of fig. 2, and the repeated parts are not described herein again.
Therefore, the account management method in the embodiment of the application only needs communication cooperation between the business system and the account management system, can realize the authentication function of the target operation behavior of the target user, and simultaneously reduces the research and development time investment of research and development personnel on the account authority function in the business system, so that the business system is lighter.
The above embodiment describes the account management method of the present application, and the following describes the account management device of the present application, referring to fig. 4, an embodiment of an account management device applied to an account management system includes:
a receiving unit 401, configured to receive an authentication request, where the authentication request includes a target service system identifier, a target user identifier, and a request target permission;
a determining unit 402, configured to determine a target user according to the target user identifier, and determine a target service system according to the target service system identifier;
an inquiring unit 403, configured to inquire a role authority of the target user in a target role of the target service system;
a determining unit 404, configured to determine whether the role authority of the target role includes the requested target authority;
a feedback unit 405, configured to feed back that the authentication is passed to the target service system if the role permission of the target role includes the requested target permission;
the feedback unit 405 is further configured to, if the role permission of the target role does not include the requested target permission, feed back that the authentication fails to the target service system.
Optionally, the apparatus further comprises:
the receiving unit 401 is further configured to receive system registration requests of X service systems, where each system registration request includes a user, a user role, and a role authority corresponding to the user role, and X is a positive integer greater than 0;
a configuration unit 406, configured to configure a unique service system identifier for each service system;
a creating unit 407, configured to create one or more user roles for each service system, and configure corresponding role permissions for the user roles;
a configuration unit 406, further configured to configure a unique user identifier for the user;
an associating unit 408, configured to associate, for the user identifier, one or more corresponding user roles;
a storage unit 409, configured to store the service system identifier, the user role, and the role authority corresponding to the user role of the same service system in an associated manner;
the feedback unit 405 is further configured to feed back registration success information to the target service system, where the registration success information includes a target service system identifier and a target user identifier, and the target service system is one of the X service systems.
Optionally, the apparatus further comprises:
a determining unit 410, configured to determine that users bound with the same communication number in different service systems are the same user account;
the configuring unit 406 is further configured to configure a unique unified user identifier for the same user account.
Optionally, the apparatus further comprises:
a recording unit 411, configured to record, in association with the uniform user identifier, a service system identifier, a user role, and a role authority corresponding to the user role corresponding to each service system of the user, so as to obtain a user account data table;
the querying unit 403, when querying the role right of the target role of the target user in the target service system, is specifically configured to:
and inquiring the role authority of the target user in the target role of the target service system through the user account data table.
Optionally, the apparatus further comprises:
the receiving unit 401 is further configured to receive a registration request of a first user, where the registration request includes a target registration service system and a target registration user role, the target registration service system is a service system that has been successfully registered, and the target registration user role is one or more user roles in the target registration service system;
a configuring unit 406, further configured to configure a unique first user identifier for the first user;
the associating unit 408 is further configured to associate, for the first user identifier, the target registered user role corresponding to the target registered service system;
the storage unit 409 is further configured to store a service system identifier of the target registered service system, the first user identifier, the role of the target registered user, and a role authority corresponding to the role of the target registered user in an associated manner;
the feedback unit 405 is further configured to feed back registration success information to the target registration service system, where the registration success information includes a service system identifier of the target registration service system and the first user identifier.
The operation performed by the account management device in the embodiment of the application is similar to the operation performed by the account management system in the embodiment of fig. 1 and fig. 3, and is not repeated here.
Referring to fig. 5, an embodiment of an account management apparatus applied to a target service system includes:
a receiving unit 501, configured to receive an operation request for a target user to perform a target operation;
a forming unit 502, configured to form an authentication request according to the operation request, where the authentication request includes a target service system identifier, a target user identifier, and a request target permission;
a sending unit 503, configured to send the authentication request to an account management system, so that the account management system queries, according to a target user identifier, whether a role right of a target role in a target service system represented by the target service system identifier of the target user includes the requested target right;
an allowing unit 504, configured to allow the target user to execute the target operation if the received account management system feedback authentication passes;
a prohibiting unit 505, configured to prohibit the target user from executing the target operation if it is received that the feedback authentication of the account management system is not passed.
Optionally, the apparatus further comprises:
a sending unit 503, further configured to send system registration requests to the account management system, where each system registration request includes a user, a user role, and a role authority corresponding to the user role, so that the account management system completes registration according to the registration request and returns registration success information;
the receiving unit 501 is further configured to receive the registration success information fed back by the account management system, where the registration success information includes a service system identifier and a target user identifier.
The operation performed by the account management apparatus in this embodiment is similar to the operation performed by the target service system in the foregoing embodiments in fig. 2 and fig. 3, and is not repeated here.
Referring to fig. 6, a computer device in an embodiment of the present application is described below, where an embodiment of the computer device in the embodiment of the present application includes:
the computer device 600 may include one or more processors (CPUs) 601 and a memory 602, where one or more applications or data are stored in the memory 602. Wherein the memory 602 is volatile storage or persistent storage. The program stored in the memory 602 may include one or more modules, each of which may include a sequence of instructions operating on a computer device. Still further, the processor 601 may be arranged in communication with the memory 602 to execute a series of instruction operations in the memory 602 on the computer device 600. The computer device 600 may also include one or more wireless network interfaces 603, one or more input-output interfaces 604, and/or one or more operating systems, such as Windows Server, Mac OS, Unix, Linux, FreeBSD, etc. The processor 601 may perform the operations performed in the embodiments shown in fig. 1 to fig. 3, which are not described herein again.
In the several embodiments provided in the embodiments of the present application, it should be understood by those skilled in the art that the disclosed system, apparatus and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the unit is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and the like.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (10)
1. An account management method is applied to an account management system and comprises the following steps:
receiving an authentication request, wherein the authentication request comprises a target user identifier, a target service system identifier and a request target authority;
determining a target user according to the target user identification, and determining a target service system according to the target service system identification;
inquiring the role authority of the target role of the target user in the target service system;
judging whether the role authority of the target role comprises the request target authority;
if the role authority of the target role comprises the requested target authority, the authentication is fed back to the target service system to be passed;
and if the role authority of the target role does not comprise the requested target authority, feeding back that the authentication is not passed to the target service system.
2. The account management method of claim 1, wherein before receiving the authentication request, the method further comprises:
receiving system registration requests of X service systems, wherein each system registration request comprises a user, a user role and a role authority corresponding to the user role, and X is a positive integer greater than 0;
configuring a unique service system identifier for each service system;
creating one or more user roles for each service system, and configuring corresponding role authorities for the user roles;
configuring a unique user identifier for the user;
associating the corresponding one or more user roles for the user identification;
storing the service system identification, the user role and the role authority corresponding to the user role of the same service system in an associated manner;
and feeding back registration success information to a target service system, wherein the registration success information comprises a target service system identifier and a target user identifier, and the target service system is one of the X service systems.
3. The account management method according to claim 2, wherein after storing the service system identifier, the user role, and the role authority corresponding to the user role of the same service system in association, and before receiving an authentication request, the method further comprises:
users binding the same communication number in different service systems are regarded as the same user account;
and configuring a unique unified user identification for the same user account.
4. The account management method according to claim 3, wherein after configuring a unique unified user identifier for the same user account and before receiving an authentication request, the method further comprises:
recording the service system identification, the user role and the role authority corresponding to the user role corresponding to each service system by the unified user identification association to obtain a user account data table;
the inquiring of the role authority of the target user in the target role of the target service system comprises:
and inquiring the role authority of the target user in the target role of the target service system through the user account data table.
5. The account management method according to claim 2, wherein before receiving the authentication request, the method further comprises:
receiving a registration request of a first user, wherein the registration request comprises a target registration service system and a target registration user role, the target registration service system is a service system which has been successfully registered, and the target registration user role is one or more user roles in the target registration service system;
configuring a unique first user identification for the first user;
associating the target registered user role corresponding to the target registered service system for the first user identifier;
storing the service system identification of the target registered service system, the first user identification, the target registered user role and the role authority corresponding to the target registered user role in an associated manner;
and feeding back registration success information to a target registration service system, wherein the registration success information comprises a service system identifier of the target registration service system and the first user identifier.
6. An account management method is applied to a target service system and comprises the following steps:
receiving an operation request of a target user for executing target operation;
forming an authentication request according to the operation request, wherein the authentication request comprises a target service system identifier, a target user identifier and a request target authority;
sending the authentication request to an account management system so that the account management system inquires whether the role authority of the target role of the target user in the target service system represented by the target service system identifier comprises the requested target authority or not according to the target user identifier;
if receiving that the feedback authentication of the account management system is passed, allowing the target user to execute the target operation;
and if the received feedback authentication of the account management system is not passed, prohibiting the target user from executing the target operation.
7. The account management method according to claim 6, wherein before receiving an operation request for a target user to perform a target operation, the method further comprises:
sending system registration requests to the account management system, wherein each system registration request comprises a user, a user role and a role authority corresponding to the user role, so that the account management system completes registration according to the registration request and returns registration success information;
and receiving the registration success information fed back by the account management system, wherein the registration success information comprises a service system identifier and a target user identifier.
8. An account management device, applied to an account management system, includes:
a receiving unit, configured to receive an authentication request, where the authentication request includes a target service system identifier, a target user identifier, and a request target permission;
a determining unit, configured to determine a target user according to the target user identifier, and determine a target service system according to the target service system identifier;
the query unit is used for querying the role authority of the target user in the target role of the target service system;
the judging unit is used for judging whether the role authority of the target role comprises the request target authority;
the first feedback unit is used for feeding back the passing of authentication to the target service system if the role authority of the target role comprises the requested target authority;
and the second feedback unit is used for feeding back that the authentication is not passed to the target service system if the role authority of the target role does not include the requested target authority.
9. An account management device, applied to a target business system, includes:
a receiving unit, configured to receive an operation request for a target user to perform a target operation;
a forming unit, configured to form an authentication request according to the operation request, where the authentication request includes a target service system identifier, a target user identifier, and a request target permission;
a sending unit, configured to send the authentication request to an account management system, so that the account management system queries, according to a target user identifier, whether a role permission of a target role in a target service system represented by the target service system identifier of the target user includes the requested target permission;
the allowing unit is used for allowing the target user to execute the target operation if the received feedback authentication of the account management system is passed;
and the forbidding unit is used for forbidding the target user to execute the target operation if the received feedback authentication of the account management system is not passed.
10. A computer device, comprising:
the system comprises a processor, a memory, a bus, an input/output interface and a wireless network interface;
the processor is connected with the memory, the input/output interface and the wireless network interface through a bus;
the memory stores a program;
the processor, when executing the program stored in the memory, implements the account management method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111165129.4A CN113901408A (en) | 2021-09-30 | 2021-09-30 | Account management method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111165129.4A CN113901408A (en) | 2021-09-30 | 2021-09-30 | Account management method and related device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113901408A true CN113901408A (en) | 2022-01-07 |
Family
ID=79189955
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111165129.4A Pending CN113901408A (en) | 2021-09-30 | 2021-09-30 | Account management method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113901408A (en) |
-
2021
- 2021-09-30 CN CN202111165129.4A patent/CN113901408A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107342992B (en) | System authority management method and device and computer readable storage medium | |
| CN110636492B (en) | Handover of mobile service providers using blockchains | |
| US20200285978A1 (en) | Model training system and method, and storage medium | |
| EP1514173B1 (en) | Managing secure resources in web resources that are accessed by multiple portals | |
| US7487348B2 (en) | System for authenticating and screening grid jobs on a computing grid | |
| WO2019232868A1 (en) | User information authentication method and apparatus, and computer device and storage medium | |
| US8204949B1 (en) | Email enabled project management applications | |
| CN111709046A (en) | User permission data configuration method, device, equipment and storage medium | |
| WO2015024261A1 (en) | Internet account number management method, manager, server and system | |
| CN112464212B (en) | Data authority control reconstruction method based on mature complex service system | |
| CN101753313A (en) | Password management method, password management system and password management server | |
| CN112818325A (en) | Method for realizing API gateway independent authentication based on application | |
| CN112118269A (en) | Identity authentication method, system, computing equipment and readable storage medium | |
| CN101741558A (en) | Method for realizing uniform identity authentication | |
| CN115552441A (en) | Low trust privilege access management | |
| US20080163191A1 (en) | System and method for file transfer management | |
| CN111259378A (en) | Multi-tenant management system and implementation method thereof | |
| CN108933789A (en) | A kind of method and third-party application server preventing personal information leakage | |
| CN108449348B (en) | Online authentication system and method supporting user identity privacy protection | |
| US9165027B2 (en) | Dynamic directory control registration | |
| US10333939B2 (en) | System and method for authentication | |
| CN113901408A (en) | Account management method and related device | |
| WO2013171879A1 (en) | Job execution system, job execution program, and job execution method | |
| CN113765676B (en) | Interface access control method based on multiple identities of user and related equipment | |
| CN111475802B (en) | Authority control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |