CN114065248A - User access right control method and device, electronic equipment and storage medium - Google Patents

User access right control method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114065248A
CN114065248A CN202111359075.5A CN202111359075A CN114065248A CN 114065248 A CN114065248 A CN 114065248A CN 202111359075 A CN202111359075 A CN 202111359075A CN 114065248 A CN114065248 A CN 114065248A
Authority
CN
China
Prior art keywords
organization
management system
service management
list
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111359075.5A
Other languages
Chinese (zh)
Inventor
黎法良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Pinwei Software Co Ltd
Original Assignee
Guangzhou Pinwei Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Pinwei Software Co Ltd filed Critical Guangzhou Pinwei Software Co Ltd
Priority to CN202111359075.5A priority Critical patent/CN114065248A/en
Publication of CN114065248A publication Critical patent/CN114065248A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a method and a device for controlling user access authority, electronic equipment and a storage medium, wherein the method comprises the following steps: receiving a query request of current user access authority sent by a service management system, wherein the query request comprises a current user identity; determining a target organization list accessible to the current user according to the identity of the current user; and sending the target organization list to the service management system so that the service management system screens out target data corresponding to the target organization list, and avoiding the problems of data leakage and low data security of the service management system caused by that a user modifies the target organization list at will or modifies the target organization list maliciously by adopting other malicious tools.

Description

User access right control method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for controlling user access rights, an electronic device, and a storage medium.
Background
With the development of computer technology, more and more data needs to be viewed through a business management system. For a business management system of a company, different users have different identities, and users with different identities have different access rights, for example, a manager in a large area in the business management system can see the sales conditions of all branch companies or branch stores in the large area, and a store manager in the large area can only see the sales conditions of the store.
At present, after a user logs in a service management system, an explicit reference method is adopted, that is, the user selects an organization list with access right on a front-end page, and then the back-end displays corresponding data according to the organization list.
Disclosure of Invention
In order to solve the technical problem, the invention provides a method and a device for controlling user access authority, electronic equipment and a computer storage medium, and the specific scheme is as follows:
in a first aspect, a method for controlling user access rights is provided, and is applied to an access control device, and the method includes: receiving a query request of current user access authority sent by a service management system, wherein the query request comprises a current user identity; determining a target organization list accessible to the current user according to the identity of the current user; and sending the target organization list to the service management system so that the service management system screens out target data corresponding to the target organization list.
In a preferred embodiment, before the receiving the query request of the user access right sent by the service management system, the method further includes: generating an organization list set according to organization nodes which are configured by the authority management personnel and can be accessed by each user identity; determining a target organization listing accessible to the current user according to the current user identity comprises: and determining the target organization list from the organization list set according to the current user identity.
In a preferred embodiment, before the generating the organization list set according to the organization node accessible by each user identity configured by the authority manager, the method further includes: acquiring organization architecture information of the service management system; and displaying the organization architecture information to the authority management personnel so that the authority management personnel configure corresponding accessible organization nodes for different user identities.
In a preferred embodiment, before presenting the organization structure information to the authority management personnel, the method further comprises: generating a tree structure organization according to the organization architecture information; the displaying the organization architecture information to the authority management personnel comprises: the tree structure organization is presented to the rights manager in a list.
In a preferred embodiment, the organization structure information of the service management system is in a tree structure form, and acquiring the organization structure information of the service management system includes: acquiring a mapping relation with the organization structure information in the service management system; and generating the tree structure organization according to the mapping relation and the organization architecture information.
In a preferred embodiment, the generating an organization list set according to the organization node accessible by each user identity configured by the authority manager includes: acquiring an organization node of a tree structure organization selected by the authority management personnel for the identity of the user to be configured; if the organization node is a master node, traversing all slave nodes under the master node; generating an organization list according to the master node and the slave nodes; and generating the organization list set according to the organization list of each user identity.
In a preferred embodiment, after generating the organization list set according to the organization node accessible by each user identity configured by the authority manager, the method further includes: acquiring the organization architecture information from the service management system according to a preset time interval; traversing the organization architecture information according to each organization list in the organization list set; and if the nodes of the organization structure information are changed, modifying the corresponding organization nodes of the organization list.
In a second aspect, there is provided a device for controlling access rights of a user, the device being applied to an access control device, the device including: the system comprises a receiving module, a service management system and a service management module, wherein the receiving module is used for receiving a query request of the access authority of a current user, which is sent by the service management system, and the query request comprises the identity of the current user; the determining module is used for determining a target organization list accessible to the current user according to the identity of the current user; and the sending module is used for sending the target organization list to the service management system so that the service management system screens out the target data corresponding to the target organization list.
In a third aspect, an electronic device is provided, including: one or more processors; and memory associated with the one or more processors for storing program instructions which, when read and executed by the one or more processors, perform the method as previously described.
In a fourth aspect, a computer storage medium is provided, on which a computer program is stored, wherein the program, when executed by a processor, implements the method as described above.
The access control device in the invention receives the inquiry request of the current user access authority sent by the service management system, determining a target organization list accessible by the user according to the current user identity, then sending the target organization list to a service management system, screening corresponding target data according to the target organization list by the service management system, in this process, the access control means determines a list of target organizations that the user has access to, avoiding the user from selecting a list of target organizations, whereby, on the one hand, the target organization list is automatically determined according to the identity of the current user, the efficiency of determining the target organization list is improved, on the other hand, the user is prevented from randomly modifying the target organization list, or other malicious tools are adopted to modify the target organization list maliciously, so that the problems of data leakage of the business management system and low data security are caused.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flowchart of a method for controlling access rights of a user according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating organization node selection for different user identities in an embodiment of the present invention;
FIG. 3 is a flowchart illustrating configuring permissions for different user identities according to an embodiment of the present invention;
FIG. 4 is a flowchart of the present invention for periodically traversing organizational structure information;
FIG. 5 is a schematic diagram of a device for controlling access rights of a user according to an embodiment of the present invention;
fig. 6 is an architecture diagram of an electronic device in an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As introduced in the background art, currently, an explicit parameter transmission method is adopted when a user logs in a service management system, the user selects an organization list which can be accessed by the user at the front end of the service management system, the organization list can be transmitted to the back end as explicit transmission organization list parameters when submitting a request, the back end filters data according to the organization list, and then the data corresponding to the organization list is displayed at the front end, and the process can have the situation that the user maliciously modifies the accessible organization list at the front end, therefore, the invention provides a control method, a device, electronic equipment and a storage medium for user access authority, which are applied to an access control device, when the user logs in the service management system to request to view data, the service management system sends a query request of the user authority to the access control device, and the access control device determines the organization list which can be accessed by the user, the condition that the user maliciously modifies the accessible organization list at the front end of the service management system is avoided, and therefore the data security of the service management system is improved.
The following describes a method, an apparatus, an electronic device, and a storage medium for controlling user access rights in the present invention with reference to the accompanying drawings.
As shown in fig. 1, the present invention provides a method for controlling user access rights, which is applied to an access control device, and the method includes:
s101, receiving a query request of the current user access authority sent by a service management system, wherein the query request comprises the identity of the current user.
In this step, the business management system may be a financial system, or may be another business system, which is not limited herein. After the current user logs in the service management system, the service management system determines the current user identity according to the account information of the user, where the current user identity is the identity of the user in the organizational structure of the service management system, for example, the current user identity is northeast-large area manager, or northeast-vinpocetine-small area manager, or northeast-vinpocetine-vinpockmark middle east new-heaven and place store manager. The user triggers a request for checking the data of the corresponding authority, for example, a request for checking the sales condition in the current month, and then the service management system generates an inquiry request of the user access authority according to the request and sends the inquiry request to the access control device.
S102, determining a target organization list accessible to the current user according to the identity of the current user.
In this step, after receiving the query request, the access control device determines a target organization list accessible by the user according to the current user identity, where the target organization list is an organization accessible by the user, for example, if the current user identity is a northeast-major manager, the target organization list is all stores in the northeast major area accessible by the major manager.
S103, sending the target organization list to a service management system so that the service management system screens out target data corresponding to the target organization list.
In this step, after determining the target organization list, the access control device sends the target organization list to the business management system, and after receiving the target organization list, the business management system determines organization nodes accessible to the user, and then screens data in the back-end database to obtain target data that can be viewed by the user and displays the target data at the front end. In the process, the front end of the service management system is not involved to transmit the explicit transmission organization list parameters to the back end, but after the user logs in the service management system, the service management system triggers a query request of the user authority to the access control device, and the access control device manages the user authority.
In the invention, the access control device receives the inquiry request of the current user access authority sent by the service management system, determining a target organization list accessible by the user according to the current user identity, then sending the target organization list to a service management system, screening corresponding target data according to the target organization list by the service management system, in this process, the access control means determines a list of target organizations that the user has access to, avoiding the user from selecting a list of target organizations, whereby, on the one hand, the target organization list is automatically determined according to the identity of the current user, the efficiency of determining the target organization list is improved, on the other hand, the user is prevented from randomly modifying the target organization list, or other malicious tools are adopted to modify the target organization list maliciously, so that the problems of data leakage of the business management system and low data security are caused.
In a preferred embodiment, before receiving the query request of the user access right sent by the service management system, S101 further includes:
generating an organization list set according to organization nodes which are configured by the authority management personnel and can be accessed by each user identity;
determining a target organization listing accessible to a current user according to the identity of the current user comprises:
and determining a target organization list from the organization list set according to the current user identity.
In this embodiment, before the access control device receives the query request, it needs to configure the access right corresponding to each user identity, specifically, the access control device displays configurable content to the right management staff through a window, the right management staff configures the accessed service management system first, defines different user identities for users in the service management system, and configures an accessible organization node for each user identity, as shown in fig. 2, the organization node that the northeast-big district manager can access is configured as an organization node of the northeast big district in the overall organization architecture information of the service management system, the northeast-Changchun-Small district manager is configured as an organization node of the northeast-Changchun-Small district in the overall organization architecture information of the service management system, and the store manager of the northeast-Changchun-Zhongdong New Tian shop is configured as an organization node of the northeast-Changchun in the overall organization architecture information of the service management system A new world store. And after determining the organization node accessible by each user identity, generating a corresponding organization list according to the organization nodes for controlling the access authority of the user, and obtaining the organization list set after determining the organization lists of all the user identities.
After receiving a query request sent by a service management system, the access control device acquires a target organization list which can be accessed by the current user identity from the organization list set according to the current user identity.
In the invention, the service management system has the corresponding relation between the user and the user identity, the access control device has the corresponding relation between the user identity and the organization list, and the corresponding target organization list can be quickly acquired by the access device when the user logs in the service management system, thereby improving the query efficiency.
In a preferred embodiment, before generating the organization list set according to the organization node accessible by each user identity configured by the authority manager, the method further comprises:
acquiring organization architecture information of a service management system;
and displaying the organization architecture information to the authority management personnel so that the authority management personnel configure corresponding accessible organization nodes for different user identities.
In this embodiment, the access control device first needs to acquire organization structure information from the service management system, specifically, the access control device may send an http request to the service management system, the service management system returns complete organization structure information to the access control device, the access control device displays the organization structure information to the authority management person, the authority management person configures accessible organization nodes for different user identities, and referring to fig. 2, the access control device has a checkable box in front of each organization node in a window for displaying the organization structure information, and the authority management person can check the box, so as to configure a corresponding organization node for the user identity.
In the invention, the access control device acquires the organization architecture information from the service management system and displays the organization architecture information to the authority management personnel, so that the authority management is clear at a glance, and corresponding accessible organization nodes can be more quickly and efficiently configured for users with different user identities.
In the present invention, the access control device supports both a single-layer list structure and a tree structure for the presentation form of the organization structure information.
In a preferred embodiment, before presenting the organization structure information to the authority management personnel, the method comprises the following steps:
generating a tree structure organization according to the organization architecture information;
the step of displaying the organization architecture information to the authority management personnel comprises the following steps:
the tree structure organization is presented to the rights manager in a list.
In practical application, an organization in the service management system is a complex structure, such as department organization architecture information of a company, store organization of offline stores, building floor store organization of a square, and the like.
As shown in fig. 2, when the access control device displays tree organization structure information to the authority management staff, a list display is adopted, each master node and corresponding slave node of the tree organization can be displayed, and a corresponding selection box is configured before each master node and corresponding slave node, so that a user can easily check the tree organization.
In a preferred embodiment, the organization structure information of the service management system is in a tree structure form, and acquiring the organization structure information of the service management system includes:
acquiring a mapping relation with organization architecture information in a service management system;
and generating a tree structure organization according to the mapping relation and the organization architecture information.
In this embodiment, the organization structure information of the service management system is tree structure information, the tree structure of the access control device and the tree structure of the service management system have corresponding mapping relationships, for example, mapping of necessary fields of the tree, parent node ID field name, and node tag field name, the mapping relationship between the two is configured in advance by the authority management person, and after the access control device obtains the organization structure information, the mapping relationship is converted to generate a tree structure organization, and the tree structure organization is displayed to the authority management person.
In this embodiment, the access control device does not need to store an organization structure information before the authority management personnel configures the accessible organization nodes for users with different identities, but directly generates and displays a tree structure organization according to the mapping relationship and the organization structure information when the authority management personnel configures, so that on one hand, the requirement on the memory is reduced, and the access cost is reduced; on the other hand, the situation that the data of the access control device in the service management system are inconsistent can not occur.
In a preferred embodiment, generating the set of organization lists from accessible organization nodes of different user identities configured by the rights manager comprises:
acquiring an organization node of a tree structure organization selected by an authority manager for a user identity to be configured;
if the organization node is the master node, traversing all slave nodes under the master node;
generating an organization list according to the master node and the slave nodes;
a set of organization lists is generated from the organization list for each user identity.
In this embodiment, the rights manager can select nodes organized in a tree structure for different user identities, when the authority manager selects the main node, the access control device automatically traverses the subordinate nodes, generates an access control table according to the main node and the subordinate nodes, in practical application, the authority management personnel can select each level node of the tree structure organization according to the identity, that is, the identity has the right to check all the subordinate nodes of the node, and does not need to check all the subordinate nodes, the right is clear at a glance, the maintenance is simple, according to the example in fig. 2, all store lists below the northeast-big area are obtained, in this embodiment, after the rights management person selects an organization node, an organization list is generated according to the selected node, then the next access is to quickly obtain the organization list of the corresponding authority of the user identity without recalculation.
As shown in fig. 2, if the authority manager assigns the authority of the northeast organization, the access control device will go through the corresponding organization list to obtain a list of all stores below the northeast. Therefore, maintenance personnel can conveniently select only one main node, and the service management system can conveniently screen data according to the calculated store list. In general, it is convenient for the authority management personnel to set the authority of each level node, and it is also convenient for the service management system to have a uniform data screening logic.
As shown in fig. 3, the process of configuring the access control device with permissions for different user identities in the present invention is that the access control device first obtains organization structure information from the service management system, selects a user identity according to the organization structure information, and displays a tree structure organization to the permission manager, so that the permission manager selects an organization node of a corresponding permission and generates an organization list set.
In a preferred embodiment, the generating the organization list set according to the accessible organization nodes of different user identities configured by the authority management personnel further comprises:
acquiring organization architecture information from a service management system according to a preset time interval;
traversing the organizational structure information according to each organizational list in the organizational list set;
and if the nodes of the organization structure information are changed, modifying the organization nodes of the corresponding organization list.
In this embodiment, the organization structure information in the service management system may be changed, in order to capture the change of the organization structure information in time, the access control device obtains the organization structure information from the service management system according to a preset time interval, and then traverses the organization structure information according to each organization list in the access organization list set, specifically, may traverse nodes of a tree-structured organization correspondingly selected by an authority manager for a user identity, traverse its subordinate nodes for each host node, if the organization structure information is changed, modify the corresponding organization list, for example, if a subordinate node is newly added in the organization structure information, then add the access authority of the newly added access node to the access authority of the host node of the corresponding organization list in the organization list set, thereby, even if the organization structure information of the service management system is changed, the changed nodes can be automatically sensed and scanned without manual intervention.
The access control device can be suitable for various service management systems and is more suitable for service management systems with multiple organization frameworks, and corresponding access authorities are set for the user identities in the service management systems, so that after the user logs in the service management systems, the organization lists corresponding to the user authorities are sent to the service management systems, and the service management systems can conveniently screen out corresponding target data.
As shown in fig. 4, the access control device sends a request to the service management system at regular time to obtain the organization structure information of the service management system, and then determines whether the organization structure information is node-changed according to the traversal organization structure information of each organization list in the organization list set, and if so, modifies the organization nodes in the organization list correspondingly.
As shown in fig. 5, the present invention further provides a method for controlling user access rights, which is applied to an access control device, and the device includes:
a receiving module 501, configured to receive a query request of a current user access right sent by a service management system, where the query request includes a current user identity;
a determining module 502, configured to determine, according to the identity of the current user, a target organization list accessible by the current user;
the sending module 503 is configured to send the target organization list to the service management system, so that the service management system filters out target data corresponding to the target organization list.
In a preferred embodiment, the system further comprises a generating module, configured to generate an organization list set according to an organization node accessible by each user identity configured by the authority manager;
the determining module 502 is further configured to determine a target organization list from the organization list set according to the current user identity.
In a preferred embodiment, the system further comprises an obtaining module, configured to obtain organization structure information of the service management system; and the display module is used for displaying the organization architecture information to the authority management personnel so that the authority management personnel can configure corresponding accessible organization nodes for different user identities.
In a preferred embodiment, the generating module is further configured to generate a tree structure organization according to the organization architecture information; the display module is also used for displaying the tree structure organization to the authority management personnel in a list form.
In a preferred embodiment, the organization structure information of the service management system is in a tree structure form, and the obtaining module further includes a mapping relationship obtaining unit, configured to obtain a mapping relationship with the organization structure information of the service management system; and the tree structure organization generating unit is used for generating tree structure organization according to the mapping relation and the organization architecture information.
In a preferred embodiment, the generation module further includes a node acquisition unit, configured to acquire an organization node of a tree structure organization selected by an authority manager for the user identity to be configured; the traversal unit is used for traversing all the subordinate nodes under the main node if the organization node is the main node; the generating unit is used for generating an organization list according to the master node and the slave nodes; a set of organization lists is generated from the organization list for each user identity.
In a preferred embodiment, the obtaining module is further configured to obtain the organization structure information from the service management system according to a preset time interval; the traversing unit is also used for traversing the organization architecture information according to each organization list in the organization list set; the system also comprises a modification module used for modifying the organization nodes of the corresponding organization list if the nodes of the organization structure information are changed.
The present embodiment can achieve the beneficial effects of the foregoing method for controlling user access rights, which are not described herein again.
The present invention also provides an electronic device, comprising:
one or more processors; and
a memory associated with the one or more processors for storing program instructions which, when read and executed by the one or more processors, perform a method of controlling access rights of a user.
For the execution process and the technical effects that can be achieved in this embodiment, please refer to the description of the control method applied to the user access right, which is not described herein again.
The present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the method for controlling user access right, and please refer to the foregoing description for the execution process and the technical effects that can be achieved by the method, which are not described herein again.
The present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the method for controlling user access right, and please refer to the foregoing description for the execution process and the technical effects that can be achieved by the method, which are not described herein again.
Fig. 6 illustrates an architecture of an electronic device, which may specifically include a processor 610, a video display adapter 611, a disk drive 612, an input/output interface 613, a network interface 614, and a memory 620. The processor 610, the video display adapter 611, the disk drive 612, the input/output interface 613, the network interface 614, and the memory 620 may be communicatively connected by a communication bus 630.
The processor 610 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solution provided by the present invention.
The Memory 620 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 620 may store an operating system 621 for controlling the operation of the computer system, a Basic Input Output System (BIOS) for controlling low-level operations of the computer system. In addition, a web browser 623, a data storage management system 624, a device identification information processing system 625, and the like may also be stored. The device identification information processing system 725 may be an application program that implements the operations of the foregoing steps in the embodiment of the present invention. In summary, when the technical solution provided by the present invention is implemented by software or firmware, the relevant program codes are stored in the memory 620 and called for execution by the processor 610.
The input/output interface 613 is used for connecting an input/output module to realize information input and output. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The network interface 614 is used for connecting a communication module (not shown in the figure) to realize the communication interaction between the device and other devices. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
Bus 630 includes a path that transfers information between the various components of the device, such as processor 610, video display adapter 611, disk drive 612, input/output interface 613, network interface 614, and memory 620.
It should be noted that although the above devices only show the processor 610, the video display adapter 611, the disk drive 612, the input/output interface 613, the network interface 614, the memory 620, the bus 630, etc., in a specific implementation, the device may also include other components necessary for normal operation. Furthermore, it will be understood by those skilled in the art that the apparatus described above may also include only the components necessary to implement the inventive arrangements, and need not include all of the components shown in the figures.
The computer program product of the invention comprises a computer program carried on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means, or installed from the memory, or installed from the ROM. The computer program, when executed by a processor, performs the functions defined above in the method of embodiments of the invention.
It should be noted that the computer readable medium of the embodiments of the present invention may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In embodiments of the present invention, however, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (Radio Frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the server; or may exist separately and not be assembled into the server. The computer readable medium carries one or more programs which, when executed by the server, cause the server to: when the peripheral mode of the terminal is detected to be not activated, acquiring a frame rate of an application on the terminal; when the frame rate meets the screen-off condition, judging whether a client acquires screen information of the terminal; and controlling the screen to enter an immediate dimming mode in response to the judgment result that the client does not acquire the screen information of the terminal.
Computer program code for carrying out operations for embodiments of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the client computer, partly on the client computer, as a stand-alone software package, partly on the client computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the client computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The method, the apparatus, the electronic device and the storage medium for controlling user access rights provided by the present invention are introduced in detail, and a specific example is applied in the present document to explain the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (10)

1. A method for controlling access rights of a user, the method being applied to an access control device, the method comprising:
receiving a query request of current user access authority sent by a service management system, wherein the query request comprises a current user identity;
determining a target organization list accessible to the current user according to the identity of the current user;
and sending the target organization list to the service management system so that the service management system screens out target data corresponding to the target organization list.
2. The method of claim 1, wherein the receiving the query request of the user access right sent by the service management system further comprises:
generating an organization list set according to organization nodes which are configured by the authority management personnel and can be accessed by each user identity;
determining a target organization listing accessible to the current user according to the current user identity comprises:
and determining the target organization list from the organization list set according to the current user identity.
3. The method of claim 2, wherein generating the set of organization lists according to the organization nodes accessible by each user identity configured by the rights manager further comprises:
acquiring organization architecture information of the service management system;
and displaying the organization architecture information to the authority management personnel so that the authority management personnel configure corresponding accessible organization nodes for different user identities.
4. The method of claim 3, wherein exposing the organizational structure information to the rights manager comprises:
generating a tree structure organization according to the organization architecture information;
the displaying the organization architecture information to the authority management personnel comprises:
the tree structure organization is presented to the rights manager in a list.
5. The method according to claim 4, wherein the organization structure information of the service management system is in a tree structure form, and the obtaining the organization structure information of the service management system comprises:
acquiring a mapping relation with the organization structure information in the service management system;
and generating the tree structure organization according to the mapping relation and the organization architecture information.
6. The method of claim 2, wherein generating a set of organization lists from the organization nodes accessible for each user identity configured by the rights manager comprises:
acquiring an organization node of a tree structure organization selected by the authority management personnel for the identity of the user to be configured;
if the organization node is a master node, traversing all slave nodes under the master node;
generating an organization list according to the master node and the slave nodes;
and generating the organization list set according to the organization list of each user identity.
7. The method of claim 6, wherein generating the set of organization lists according to the organization nodes accessible by each user identity configured by the rights manager further comprises:
acquiring the organization architecture information from the service management system according to a preset time interval;
traversing the organization architecture information according to each organization list in the organization list set;
and if the nodes of the organization structure information are changed, modifying the corresponding organization nodes of the organization list.
8. An apparatus for controlling access rights of a user, the apparatus being applied to an access control apparatus, the apparatus comprising:
the system comprises a receiving module, a service management system and a service management module, wherein the receiving module is used for receiving a query request of the access authority of a current user, which is sent by the service management system, and the query request comprises the identity of the current user;
the determining module is used for determining a target organization list accessible to the current user according to the identity of the current user;
and the sending module is used for sending the target organization list to the service management system so that the service management system screens out the target data corresponding to the target organization list.
9. An electronic device, comprising:
one or more processors; and
a memory associated with the one or more processors for storing program instructions that, when read and executed by the one or more processors, perform the method of any of claims 1-7.
10. A computer storage medium having a computer program stored thereon, wherein the program when executed by a processor implements the method of any one of claims 1-7.
CN202111359075.5A 2021-11-17 2021-11-17 User access right control method and device, electronic equipment and storage medium Pending CN114065248A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111359075.5A CN114065248A (en) 2021-11-17 2021-11-17 User access right control method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111359075.5A CN114065248A (en) 2021-11-17 2021-11-17 User access right control method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114065248A true CN114065248A (en) 2022-02-18

Family

ID=80272943

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111359075.5A Pending CN114065248A (en) 2021-11-17 2021-11-17 User access right control method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114065248A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114372249A (en) * 2022-03-21 2022-04-19 北京纷扬科技有限责任公司 Data authority control method and device based on authority codes

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114372249A (en) * 2022-03-21 2022-04-19 北京纷扬科技有限责任公司 Data authority control method and device based on authority codes

Similar Documents

Publication Publication Date Title
CN108234168B (en) Data display method and system based on service topology
US11362923B2 (en) Techniques for infrastructure analysis of internet-based activity
CN109862064B (en) Configuration method and device for remote monitoring of equipment
US8539514B2 (en) Workflow integration and portal systems and methods
US10044837B2 (en) Generation and distribution of named, definable, serialized tokens
CA3169413A1 (en) Report generating method, device, electronic equipment, and computer-readable medium
CN113268260A (en) Routing method and device for web front end
KR20140099109A (en) System and method for supporting evaluation of application service by using multiple clouds
CN110489158B (en) Method, device, medium and electronic equipment for optimizing code hosting platform
CN115392718A (en) Processing method, device, equipment and medium of process model
CN114065248A (en) User access right control method and device, electronic equipment and storage medium
CN112261176B (en) Method for acquiring actual network access relationship and related equipment
US20120054682A1 (en) System and method for graphical context drill-down
CN117170784A (en) Menu and page rendering method and device thereof and electronic equipment
CN114756228A (en) Page processing method, device, equipment and storage medium
CN111222067B (en) Information generation method and device
CN113220381A (en) Click data display method and device
CN112083982A (en) Information processing method and device
CN113378346A (en) Method and device for model simulation
JP6128503B1 (en) Program, server and system for providing services related to electronic manuals
CN115086321B (en) Multi-cluster traffic forwarding method and device and electronic equipment
CN113448830B (en) Method and device for managing software information
KR20170136481A (en) Beacon apparatus using gs1 code, operating method thereof and service providing method using the same
CN111367517B (en) Information generation method and device
CN114943047A (en) Chart publishing method, system and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination