CN114661208A - Method and system for configuring account and authority for application system group - Google Patents
Method and system for configuring account and authority for application system group Download PDFInfo
- Publication number
- CN114661208A CN114661208A CN202210231530.1A CN202210231530A CN114661208A CN 114661208 A CN114661208 A CN 114661208A CN 202210231530 A CN202210231530 A CN 202210231530A CN 114661208 A CN114661208 A CN 114661208A
- Authority
- CN
- China
- Prior art keywords
- application
- account
- application system
- authority
- creating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000007726 management method Methods 0.000 description 27
- 238000012550 audit Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 238000003860 storage Methods 0.000 description 4
- 230000007547 defect Effects 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
- G06F3/0481—Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
- G06F3/0482—Interaction with lists of selectable items, e.g. menus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
- G06F3/0484—Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
- G06F3/04847—Interaction techniques to control parameter settings, e.g. interaction with sliders or dials
Abstract
The invention discloses a method and a system for configuring accounts and authorities for an application system group, which comprises an account management module, a permission management module and a permission management module, wherein the account management module is used for creating a common user account, creating an application system and creating an application administrator account for managing one or more application systems; the system also comprises an authority management module used for receiving an authority management request from an application administrator account and configuring the authority of the application system used by the common user account for the application system managed by the application administrator account.
Description
Technical Field
The invention belongs to the technical field of computer security, and particularly relates to a method and a system for configuring accounts and authorities for a sub-application system group in a company.
Background
When a background business system of a company is used as a relatively private application, a large amount of business secret information and privacy information of enterprises and internal users are usually stored, and in order to ensure information security, account authority management of an application system is particularly critical.
However, when the currently adopted method is used for account authority management of an application system, the following disadvantages exist:
(1) when a company has a plurality of associated internal service system groups, if a related use account is configured for each application subsystem individually and a specific authority of the use account is used, the problems of poor management effect, insufficient flexibility in management and the like exist because the number of subsystems is large, the number of system users is large, and the types of the authorities required by the system users are large and unfixed;
(2) the existing management mode has the defects of poor expansibility and adaptability, so that the authority management efficiency is low.
(3) The super administrator allocates all the authority and account information, the protection on the information of the company service system is insufficient, the workload of the super administrator is too large, and the management of a plurality of systems is difficult. Therefore, for a security-related system with high security requirements, restrictions on the administrator's management authority need to be considered.
(4) An administrator of the existing management system has the authority to create users, authorize the users and delete the users, and when the number of the users is large, the display workload of a configuration company is large.
Disclosure of Invention
The purpose of the invention is as follows: in order to overcome the defects of the conventional management method in account authority management of a plurality of associated internal business system groups, the invention provides a method for configuring accounts and authorities for application system groups.
The technical scheme is as follows: a method of configuring accounts and permissions for a group of application systems, the steps of, for each application system:
creating menu authority information and creating roles for the current application system;
associating the created role with menu authority information;
and matching corresponding roles for 1 or more users needing to be associated with the current application system, so that the users have corresponding menu authority information in the current application system, and completing the association between the users and the application system.
Further, the application system is an application system recorded in the account system.
The invention also discloses a system for configuring accounts and authorities for the application system group, which comprises the following steps:
an account management module for creating a common user account, creating an application system, and creating an application administrator account for managing one or more application systems;
and the authority management module is used for receiving an authority management request from an application administrator account and configuring the authority of the application system for the common user account to use for the application system managed by the application administrator account based on the method for configuring the account and the authority for the application system group disclosed above.
Further, one common user account may be associated with one or more application systems, and when a certain application system is associated with a common user account, the common user account may access and only log in and use the application system within the corresponding authority.
Further, the application system is an application system recorded in the account system.
Has the advantages that: compared with the prior art, the invention has the following advantages:
(1) the method of the invention uniformly configures the accounts and the authorities used in the interior for a plurality of associated internal service system groups, improves the efficiency, avoids the repeated work and ensures the information safety;
(2) the account and permission system manages accounts and permissions of other systems in a unified manner, and the problem of redundancy of a background database about account number permission storage is solved;
(3) the newly added application administrator can configure the associated application system for management, and the rights of the super administrator are dispersed, so that the working pressure of the super administrator is relieved.
Drawings
FIG. 1 is a logical block diagram of a generic user and application system in an account management module;
FIG. 2 is a logical block diagram of an application administrator and application system in an account management module;
FIG. 3 is a logical block diagram of a rights management module;
FIG. 4 is a schematic view of an interface of a customer audit system;
FIG. 5 is a schematic view of an operation interface for entering basic information of a customer auditing system in an account system;
FIG. 6 is a schematic interface diagram of an account system;
FIG. 7 is a schematic view of an operation interface of a new add/edit user in the account system;
FIG. 8 is a schematic illustration of an interface after a user has associated a customer audit system in an account system;
FIG. 9 is a schematic diagram of a display interface of all configurable application systems of the login permission system with an account number of an application administrator;
FIG. 10 is a schematic view of an operator interface for entering all menus for the system in a customer audit system;
FIG. 11 is a schematic view of the display interface for all menus in the customer audit system;
FIG. 12 is a schematic view of an operation interface for creating partition right role information in a client auditing system;
FIG. 13 is a schematic view of a display interface for all roles in a customer audit system;
FIG. 14 is a schematic view of an operation interface for adding permissions for roles to use the system in a client audit system;
FIG. 15 is a schematic view of an operator interface for matching a user with a role in a customer audit system;
FIG. 16 is a schematic illustration of an interface for associating users in a customer audit system;
FIG. 17 is a schematic diagram of an interface after logging into a customer audit system using a generic account set by the application system administrator;
FIG. 18 is a schematic illustration of an operator interface for modifying roles using the application administrator rights login rights system;
FIG. 19 is a diagram illustrating an interface after a role has been modified using the application administrator rights login rights system.
Detailed Description
The technical solution of the present invention will be further explained with reference to the accompanying drawings.
The configuration system comprises an account management module and a permission management module.
As shown in fig. 1 and 2, an account management module for creating general users, creating application systems, and creating application administrators for managing one or more application systems.
When the common user is associated with an existing application system, the common user can access and only access the authorized resource or log in and use the application system in the authority.
The application administrator can be associated with one or more application systems, and the application administrator associated with a certain application system can directly log in and use the associated application system. The application administrator can configure the authority of the application system for the managed application system by the authority management module.
The above-mentioned application systems are, for example, base station operation and maintenance management systems, integrity systems, customer auditing systems, positioning product management systems, solution management systems, and other enterprise internal systems.
Before the method is used, each application system must be firstly logged into an account system for unified management.
As shown in fig. 3, the right management module is used for configuring the right of a general user to use an application system, and is implemented by the following steps:
for a certain application administrator, creating a menu and a role for each application system managed by the application administrator;
associating the created role with a menu;
and matching corresponding roles for the common users associated with the application system, and controlling each account to have different menu authority information in each application system.
The technical solution of the present invention will be further explained by taking a customer auditing system as an example.
The customer auditing system is an application system used by an internal company staff for checking customer information and orders, and as shown in fig. 4, a corresponding account and account authority are configured for the application system.
First, the basic information of the customer auditing system is entered in the account system application system module so as to be managed uniformly, as shown in fig. 5 and 6.
In an account system, an account management module adds/edits a user into a related client auditing system, wherein the related client auditing system can be directly logged in by an account, the user type is set as that an application manager can log in an authority system to perform authority distribution on a common account of the client auditing system, and the common user can only use the function of the distributed client auditing system; -account quick association, new creation, and decomposition of hypervisor tasks implemented as an application system; see fig. 7 and 8.
The account number of the system application administrator is used for logging in the authority system, and all configurable systems of the system application administrator can be displayed, including the client auditing system which is just related to the system; see fig. 9.
Inputting all menus of the system into a menu module of a customer auditing system; see fig. 10 and 11.
In a role module of a client auditing system, creating role information which a user wants to divide the authority, such as information of an audit client of key client information, and audit upper and lower shelves of a commodity by an audit client of upper and lower shelves of the commodity; see fig. 12 and 13.
Adding the authority of the system which can be used by the role for the role, for example, distributing a menu for commodity audit for a commodity auditor and distributing a client order audit menu authority for a client order auditor; see fig. 14.
In a user module of a client auditing system, matching a common user of the system with a role to set the authority of the account; see fig. 15.
And clicking the associated user to realize the rapid association of the account number and the authority distribution of the personnel in the company for the client auditing system, and forming a closed loop for distributing the account number and the authority by the application system. See fig. 16.
Logging in a customer auditing system by using a common account number set by an application system administrator, wherein a distributed authority menu page can be used; see fig. 17.
Modifying the role of the application manager by using the authority login authority system, so that the corresponding account authority is changed; see fig. 18 and 19.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow in the flow diagrams can be implemented by computer program instructions. These computer program instructions may be provided to a computer to cause the computer to perform instructions to implement the functions specified in the flowchart or flowcharts.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows.
These computer program instructions may also be loaded onto a computer to cause a series of operational steps to be performed on the computer to perform a process such that the instructions which execute on the computer provide steps for implementing the functions specified in the flowchart flow or flows.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (5)
1. A method of configuring accounts and permissions for a group of application systems, the method comprising: for each application system, the following steps are performed:
creating menu authority information and creating roles for the current application system;
associating the created role with menu authority information;
and matching corresponding roles for 1 or more users needing to be associated with the current application system, so that the users have corresponding menu authority information in the current application system, and completing the association between the users and the application system.
2. The method of claim 1, wherein the method comprises: the application system is an application system recorded in the account system.
3. A system for configuring accounts and permissions for a group of application systems, comprising: the method comprises the following steps:
an account management module for creating a common user account, creating an application system, and creating an application administrator account for managing one or more application systems;
the permission management module is configured to receive a permission management request from an application administrator account based on the method for configuring the account and the permission for the application system group according to claim 1 or 2, and configure the permission of the application system for the application system managed by the application administrator account with a common user account.
4. The system of claim 3, wherein the system is configured to configure accounts and permissions for a group of application systems, and wherein: one common user account can be associated with one or more application systems, and when the common user account is associated with one application system, the common user account can access and only log in and use the application system within corresponding authority.
5. The system of claim 3, wherein the system is configured to configure accounts and permissions for a group of application systems, and wherein: the application system is an application system recorded in the account system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210231530.1A CN114661208A (en) | 2022-03-09 | 2022-03-09 | Method and system for configuring account and authority for application system group |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210231530.1A CN114661208A (en) | 2022-03-09 | 2022-03-09 | Method and system for configuring account and authority for application system group |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114661208A true CN114661208A (en) | 2022-06-24 |
Family
ID=82029176
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210231530.1A Pending CN114661208A (en) | 2022-03-09 | 2022-03-09 | Method and system for configuring account and authority for application system group |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114661208A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090287529A1 (en) * | 2008-05-15 | 2009-11-19 | Wells Fargo Bank, N.A. | Graphical user interface system and method |
| CN113407914A (en) * | 2021-06-15 | 2021-09-17 | 上海安畅网络科技股份有限公司 | Network software authority control method, device, equipment and storage medium |
| CN114065161A (en) * | 2021-11-22 | 2022-02-18 | 京东方科技集团股份有限公司 | Authority control method and system of management platform, management platform and storage medium |
-
2022
- 2022-03-09 CN CN202210231530.1A patent/CN114661208A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090287529A1 (en) * | 2008-05-15 | 2009-11-19 | Wells Fargo Bank, N.A. | Graphical user interface system and method |
| CN113407914A (en) * | 2021-06-15 | 2021-09-17 | 上海安畅网络科技股份有限公司 | Network software authority control method, device, equipment and storage medium |
| CN114065161A (en) * | 2021-11-22 | 2022-02-18 | 京东方科技集团股份有限公司 | Authority control method and system of management platform, management platform and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11451529B2 (en) | Security migration in a business intelligence environment | |
| CN109492991B (en) | Intelligent integrated management system for power distribution project construction | |
| US7284000B2 (en) | Automatic policy generation based on role entitlements and identity attributes | |
| CN109522707B (en) | Role and resource-based user data read-write security authority control method and system | |
| US20070250833A1 (en) | Managing virtual machines with system-wide policies | |
| CN105184144A (en) | Multi-system privilege management method | |
| CN111259378B (en) | Multi-tenant management system and implementation method thereof | |
| CN113287112A (en) | Auditing data protection compliance for cloud services using blockchain techniques | |
| CN105373726A (en) | User authority management system | |
| CN111046421A (en) | Enterprise management sharing method based on APP | |
| CN114866346B (en) | Password service platform based on decentralization | |
| CN111680310A (en) | Authority control method and device, electronic equipment and storage medium | |
| CN112702348A (en) | System authority management method and device | |
| Raj et al. | Analysis for security implementation in SDLC | |
| WO2017114210A1 (en) | Apparatus and method for security control of data processing system | |
| CN113162950A (en) | Mobile application secondary authority authentication and management system based on i country network | |
| CN109408196A (en) | A kind of virtual management system, construction method and computer readable storage medium based on Xen | |
| CN102801743B (en) | Based on the SAP security sensitive information system of multi-party authorization and dynamic password | |
| WO2016122684A1 (en) | Data sandboxing for multiple user data storage and separation | |
| CN114661208A (en) | Method and system for configuring account and authority for application system group | |
| CN117034227A (en) | Authority management method and device, electronic equipment and storage medium | |
| KR20200072857A (en) | System and method for it infra operation and management | |
| KR102179185B1 (en) | Server Management system | |
| CN114417311A (en) | Role authority management method and device, computer equipment and storage medium | |
| CN113486322A (en) | Control method, device and medium for integrated platform based on single sign-on |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |