CN114884733A - Authority management method and device, electronic equipment and storage medium - Google Patents

Authority management method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114884733A
CN114884733A CN202210503805.2A CN202210503805A CN114884733A CN 114884733 A CN114884733 A CN 114884733A CN 202210503805 A CN202210503805 A CN 202210503805A CN 114884733 A CN114884733 A CN 114884733A
Authority
CN
China
Prior art keywords
role
authority
identifier
target
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210503805.2A
Other languages
Chinese (zh)
Inventor
张双敏
杨超
吴亚伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202210503805.2A priority Critical patent/CN114884733A/en
Publication of CN114884733A publication Critical patent/CN114884733A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a method and a device for managing authority, electronic equipment and a storage medium, wherein the method comprises the following steps: the method comprises the steps of applying to electronic equipment, logging in a target role on the electronic equipment, and acquiring a first role identifier of the target role; acquiring a first device identifier of the electronic device, wherein the first device identifier at least represents a device type of the electronic device; in an authority group, searching authorities corresponding to the first role identifier and the first device identifier, and if a first target authority corresponding to the first role identifier and the first device identifier is found, determining that the target role has the first target authority on the electronic device, so that the target role can execute an operation corresponding to the first target authority on the electronic device; the authority group comprises one or more groups of authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively.

Description

Authority management method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of information management technologies, and in particular, to a method and an apparatus for managing permissions, an electronic device, and a storage medium.
Background
In the authority management of an information system, a corresponding role is generally assigned to a user so that the user has authority corresponding to the role in the information system, and the user can perform an operation corresponding to the authority in the information system.
However, in the current rights management of users in the information system, one user can only have one group of roles, that is, can only be assigned to one group of rights. Therefore, there is a problem that the right assignment is relatively single.
Disclosure of Invention
In view of this, the present application provides a method for managing and controlling permissions, which is used to solve the problem that the distribution of user permissions in an information system is relatively single. The following were used:
the application provides a permission management method, which is applied to electronic equipment, wherein a target role is logged on the electronic equipment, and the method comprises the following steps:
acquiring a first device identifier of the electronic device, wherein the first device identifier at least represents a device type of the electronic device;
acquiring a first role identification of the target role;
in an authority group, searching authorities corresponding to the first role identifier and the first device identifier, and if a first target authority corresponding to the first role identifier and the first device identifier is found, determining that the target role has the first target authority on the electronic device, so that the target role can execute an operation corresponding to the first target authority on the electronic device;
the authority group comprises one or more authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively.
Preferably, in the method, searching for the right corresponding to the first role identifier and the first device identifier in the right group includes:
acquiring a first authority in the authority group as a current authority;
acquiring a preset role identifier and a preset device identifier corresponding to the current authority;
searching whether the first role identification is included in the preset role identification corresponding to the current authority;
if the first role identification is found in the preset role identification corresponding to the current authority, obtaining a preset device identification corresponding to the first role identification according to the preset device identification corresponding to the current authority;
searching whether the first equipment identifier is included in a preset equipment identifier corresponding to the first corner identifier;
if the first equipment identifier is found in the preset equipment identifier corresponding to the first role identifier, determining that the current authority is a first target authority corresponding to the first role identifier and the first equipment identifier;
if the first role identifier is not found in the preset role identifier corresponding to the current authority, or if the first device identifier is not found in the preset device identifier corresponding to the first role identifier, obtaining the next authority in the authority group as a new current authority, and returning to execute the step: and acquiring a preset role identifier and a preset device identifier corresponding to the current authority.
Preferably, in the method, searching for the right corresponding to the first role identifier and the first device identifier in the right group includes:
acquiring a first authority in the authority group as a current authority;
acquiring a preset role identifier and a preset device identifier corresponding to the current authority;
searching whether the first equipment identifier is included in a preset equipment identifier corresponding to the current authority;
if the first equipment identifier is found in the preset equipment identifier corresponding to the current authority, obtaining a preset role identifier corresponding to the first equipment identifier according to the preset role identifier corresponding to the current authority;
searching whether the first role identifier is included in a preset role identifier corresponding to the first equipment identifier;
if the first equipment identifier is found in the preset role identifier corresponding to the first equipment identifier, determining the current authority as a first target authority corresponding to the first role identifier and the first equipment identifier;
if the first device identifier is not found in the preset device identifier corresponding to the current permission, or if the first role identifier is not found in the preset role identifier corresponding to the first device identifier, obtaining the next permission in the permission group as a new current permission, and returning to execute the step: and acquiring a preset role identifier and a preset device identifier corresponding to the current authority.
Preferably, the method further includes, after obtaining the first device identifier of the electronic device and before obtaining the first character identifier of the target character:
judging whether the target role has a second role identification, wherein the second role identification is different from the first role identification;
if the target role has the second role identification, searching the authority corresponding to the second role identification and the first equipment identification in the authority group, and if the second target authority corresponding to the second role identification and the first equipment identification is searched, determining that the target role has the second target authority on the electronic equipment so that the target role can execute the operation corresponding to the second target authority on the electronic equipment, wherein the second target authority and the first target authority are different authorities;
if the target role does not have the second role identification, or if no authority corresponding to the second role identification and the first device identification is found in the authority group, executing the following steps: and acquiring a first role identifier of the target role.
In the method, preferably, the first target permission includes at least one sub-permission, and each sub-permission in the first target permission corresponds to at least one preset role identifier and at least one preset device identifier respectively;
wherein after determining that the target role has the first target permission on the electronic device, the method further comprises:
and acquiring all first target sub-permissions corresponding to the first role identifier and the first device identifier from all sub-permissions in the first target permission, so that the target role can execute operations corresponding to the first target sub-permissions on the electronic device.
In the method, preferably, the second target permission includes at least one sub-permission, and each sub-permission in the second target permission corresponds to at least one preset role identifier and at least one preset device identifier respectively;
wherein after determining that the target role has the second target permission on the electronic device, the method further comprises:
and acquiring all second target sub-permissions corresponding to the second role identifier and the first device identifier in all sub-permissions in the second target permission, so that the target role can execute operations corresponding to the second target sub-permissions on the electronic device.
The application also provides a permission management device, which is applied to the electronic equipment, and a target role is logged on the electronic equipment, and the method comprises the following steps:
a first device identifier obtaining unit, configured to obtain a first device identifier of the electronic device, where the first device identifier at least represents a device type of the electronic device;
a first role identifier obtaining unit, configured to obtain a first role identifier of the target role;
a first permission searching unit, configured to search, in a permission group, permissions corresponding to the first role identifier and the first device identifier, and if a first target permission corresponding to the first role identifier and the first device identifier is found, determine that the target role has the first target permission on the electronic device, so that the target role can perform an operation corresponding to the first target permission on the electronic device; the authority group comprises one or more authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively.
The application also provides an electronic device, a target role is logged on the electronic device, and the method comprises the following steps:
a memory for storing a computer program and data generated by the execution of the computer program;
a processor for executing the computer program to implement: acquiring a first device identifier of the electronic device, wherein the first device identifier at least represents a device type of the electronic device; acquiring a first role identification of the target role; in an authority group, searching authorities corresponding to the first role identifier and the first device identifier, and if a first target authority corresponding to the first role identifier and the first device identifier is found, determining that the target role has the first target authority on the electronic device, so that the target role can execute an operation corresponding to the first target authority on the electronic device; the authority group comprises one or more authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively.
The present application further provides a storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the rights management method as claimed in any one of claims 1-7 above.
The present application also provides a computer program product comprising a computer program which, when executed by a processor, carries out the steps of the rights management method as claimed in any one of claims 1 to 7.
According to the technical scheme, under the condition that the target role is logged in the electronic equipment, the first equipment identifier of the electronic equipment and the first role identifier of the target role are obtained, and then the first target authority corresponding to the first role identifier and the equipment identifier of the electronic equipment is found from the authority group. Therefore, in the application, the device identification of the electronic device also participates in the authority distribution of the target role, and the user is also distributed with different authorities according to different device types of the logged-in electronic device, so that the problem of single authority distribution is avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a flowchart illustrating an implementation of a rights management method according to an embodiment of the present application;
fig. 2 is a flowchart of a partial implementation of a rights management method according to an embodiment of the present application;
fig. 3 is a flowchart of a partial implementation of a rights management method according to an embodiment of the present application;
fig. 4 is a flowchart of another implementation of a rights management method according to an embodiment of the present application;
fig. 5 is a flowchart of a partial implementation of a rights management method according to an embodiment of the present application;
fig. 6 is a flowchart of another implementation of a rights management method according to an embodiment of the present application;
fig. 7 is a flowchart of another implementation of a rights management method according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a rights management device according to a second embodiment of the present application;
fig. 9 is a schematic structural diagram of a rights management device according to a second embodiment of the present application;
fig. 10 is a schematic structural diagram of a rights management device according to a second embodiment of the present application;
fig. 11 is a schematic structural diagram of a rights management device according to a second embodiment of the present application;
fig. 12 is a schematic structural diagram of an electronic device according to a third embodiment of the present application;
FIG. 13 is a general implementation structure diagram of a menu authority management method supporting authority difference under multiple scenes according to the present application;
FIG. 14 is a flowchart illustrating an implementation of a recursive method in a menu privilege management method supporting privilege differences in multiple scenarios according to the present application;
FIG. 15 is a flowchart of another implementation of a recursive method in a menu rights management method supporting rights differences under multiple scenarios according to the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, a flowchart of an implementation of a rights management method provided in an embodiment of the present application is shown, where the method may be applied to an application or a device for a specific user, such as an electronic device or an application installed in an electronic device, such as a mobile phone, a tablet computer, a personal computer (pc), a television, and the like. The embodiment is mainly used for solving the problem that the distribution of the user authority in the information system is single.
Specifically, the method in this embodiment may include the following steps:
step 101: a first device identification of an electronic device is obtained.
Wherein the first device identification at least characterizes a device type of the electronic device. Specifically, the device type of the electronic device may be: a mobile phone terminal, a PC terminal, a tablet computer terminal, and a television terminal, etc. The device type of the user login device can be obtained by obtaining a user agent ua (user agent) of the browser.
For example, taking a mobile phone with a browser as an example, a UA of the browser is acquired, and if the UA includes an iphone, it may be determined that the device type of the login device used by the user is a mobile phone end.
For another example, taking a computer with a browser as an example, the UA of the browser is obtained, and if the UA includes Windows, it may be determined that the device type of the login device used by the user is the PC side.
Step S102: acquiring a first role identification of a target role;
the first role identification is a role identification carried by the target role.
In a specific implementation, in this embodiment, the target role may be logged in the electronic device, so as to obtain the first role identifier from the role code of the target role. Each target role has a unique role code, and the role code comprises a first role identifier of the target role. The character code may be a character string consisting of numbers and/or letters, and the first character identification is obtained by intercepting a segment of characters in the character code. The target role is given to the user, so that the user has the role code of the target role and the first role identifier contained in the role code, and the corresponding authority is distributed to the user according to the role code. Accordingly, the user can perform a corresponding operation on the electronic device according to the assigned authority.
For example: taking the case that the user performs authority allocation on the mobile phone, the user number of the user is 1012345678, the first two characters "10" of the user number are intercepted as the roles possessed by the user, and then the corresponding authority is matched for the user according to the roles possessed by the user, so that the user can execute corresponding operation on the mobile phone according to the allocated authority.
It is noted that the target role may be a target role logged into a user system of the electronic device, or the target role may be a target role logged into a user system of an application in the electronic device. And logging in through a login interface in the electronic equipment or a login interface in an application program in the electronic equipment.
In addition, the first role identifier of the target role may also be obtained in other manners, for example, after the target role is logged in the electronic device, the role code corresponding to the target role is uploaded to the corresponding server, so that the server queries the corresponding first role identifier according to the role code corresponding to the target role, and returns the first role identifier to the electronic device.
Step S103: and whether a first target authority corresponding to the first role identifier and the first equipment identifier is found in the authority group.
And if the first target authority corresponding to the first role identifier and the first device identifier is found, executing the step S104. If the permissions corresponding to the first role identifier and the first device identifier are not found, it can be determined that the target role does not have any permission on the electronic device, and at this time, the current process is ended, that is, the permissions corresponding to the first role identifier and the first device identifier do not exist in the permission group, and the user cannot perform any operation in the electronic device.
The authority group comprises one or more authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively.
In a specific implementation, the preset role identifier and the preset device identifier corresponding to each authority in the authority group may be compared with the first role identifier and the first device identifier, that is, whether each authority corresponds to the first role identifier and the first device identifier is sequentially determined according to an order between the authorities in the authority group, and if it is determined that the first target authority corresponding to the first role identifier and the first device identifier exists, it may be determined that the target role has the first target authority on the electronic device. For example: in the permission group, acquiring a first permission as a current permission, and acquiring a preset role identifier and a preset device identifier corresponding to the current permission; searching whether a first role identifier and a first device identifier correspond to a preset role identifier and a preset device identifier corresponding to the current authority; if so, determining that the current authority is a first target authority corresponding to the target role; if not, acquiring the next authority in the authority group as a new current authority, acquiring a preset role identifier and a preset device identifier corresponding to the current authority, and so on until the first target authority corresponding to the first role identifier and the first device identifier is found.
Step S104: determining that the target role has a first target authority on the electronic device, so that the target role can execute an operation corresponding to the first target authority on the electronic device.
In a specific implementation, the first target permission in this embodiment may be a set of a group of function permissions, and the function permission corresponding to the first target permission in the electronic device is opened to the target role, so that the target role may perform an operation of a corresponding function on the electronic device according to the first target permission. Therefore, the user endowed with the target role can operate the corresponding function on the electronic equipment according to the first target authority.
According to the technical scheme, in the permission management method provided by the embodiment of the application, under the condition that the target role is logged in the electronic device, the first device identifier of the electronic device and the first role identifier of the target role are obtained, and then the first target permission corresponding to the first role identifier and the device identifier of the electronic device is found from the permission group.
In a specific implementation based on fig. 1, step S103 may be specifically implemented by the following manner, as shown in fig. 2:
step S201: the first right is obtained in the right group as the current right.
In a specific implementation, the authority group in this embodiment may be embodied in a form of an authority table, as shown in table 1:
TABLE 1 Authority Table
Authority 1 Authority code 1
Authority 2 Authority code 2
Authority n Permission code n
Each row in the authority table corresponds to one authority and the corresponding authority code, for example, "authority 1" in the authority table 1 corresponds to "authority code 1"; "Authority 2" corresponds to "Authority code 2".
The privilege code may be represented by a string of one or more digits and/or letters, such as a 10-ary number, a 16-ary number, and so forth. The digit corresponding to each number or letter in the character string corresponds to a role identifier, such as: the first digit in the string is "role 1", the second digit is "role 2", and so on. Each digit in the character string is added with a role identifier. That is, if a new role identifier needs to be set, only a new digit needs to be added to the privilege code.
In a specific implementation, this embodiment may obtain one right in the right table as the current right through a preset reading mode, for example, the right table is read through a top-down sequence, the first right in the right table is obtained as the current right, or one right in the right table is randomly obtained as the current right, and so on.
Obtaining a numerical value on a digit corresponding to a certain role identifier in the authority code, and performing binary conversion on the numerical value to obtain a binary number, wherein each digit in the binary number corresponds to a device identifier, for example: the first digit from last corresponds to a 'mobile phone end', the second digit from last corresponds to a 'PC end', and so on, several digits of the binary number correspond to several equipment identifications. That is, if the number of device identifiers needs to be increased, only the number of digits of the binary number needs to be increased. For example, the value of a certain digit in a certain authority code is 3, and the value is 11 after being converted into a binary number, so that at most 2 device identifiers can be simultaneously provided; for another example, a value of a certain number in a certain authority code is 7, and the value is 111 after being converted into a binary number, so that at most 3 device identifiers can be provided at the same time. And so on, the more digits of a binary number the more device identifications.
Step S202: and acquiring a preset role identifier and a preset device identifier corresponding to the current authority.
The preset role identification corresponds to the current authority, and one authority corresponds to at least one preset role identification; the preset device identification corresponds to the preset role identification, and each preset role identification corresponds to at least one preset device identification.
In a specific implementation, in this embodiment, the authority table may be read, the first authority in the authority table is obtained as the current authority in an order from top to bottom, the authority code corresponding to the current authority is obtained, the preset role identifier corresponding to the current authority is obtained according to the difference between the numerical values corresponding to each digit in the authority codes, for example, the numerical value corresponding to one digit in the authority code of the current authority is obtained, if the numerical value on the digit is not "0", the preset role identifier corresponding to the current authority includes the role identifier corresponding to the digit, if the numerical value on the digit is 0, the preset role identifier corresponding to the current authority does not include the role identifier corresponding to the digit, and so on, the role identifiers corresponding to all digits whose numerical values are not "0" in the authority code corresponding to the current authority are obtained as the preset role identifiers corresponding to the current authority, and subsequent authority distribution is carried out according to the preset role identifications. That is to say, the role identifiers corresponding to all digits with numerical values not being "0" in the authority code corresponding to the current authority are obtained, that is, the preset role identifiers corresponding to the current authority are obtained. For example: taking the authority code of the current authority as 2130 as an example, where the role identifier corresponding to the digit where "2", "1", and "3" are located is the preset role identifier corresponding to the current authority, and the role identifier corresponding to the digit where "0" is located is not included in the preset role identifier corresponding to the current authority.
The numerical value of a certain digit in the authority code of the current authority is converted through a binary system to obtain a corresponding binary number, each digit in the binary number corresponds to a device identifier, for example, the first digit in the last digit of the binary number represents a mobile phone terminal, the second digit in the last digit of the binary number represents a PC terminal, and so on, the application scenes of a plurality of device types can be supported. When the numerical value on the digit of the binary number is "1", it can be determined that the preset device identifier corresponding to the current permission contains the device identifier corresponding to the digit, and when the numerical value on the digit of the binary number is "0", it can be determined that the preset device identifier corresponding to the current permission does not contain the device identifier corresponding to the digit, so as to obtain all the device identifiers in the permission code corresponding to the current permission, that is, obtain the preset device identifier corresponding to the current permission, and then perform subsequent permission allocation according to the preset device identifiers. That is, after the values on all non-0 digits in the authority code corresponding to the current authority are obtained and converted into binary numbers, the device identifiers corresponding to all digits with the values of "1" in the binary numbers are all the preset device identifiers corresponding to the current authority.
For example: taking the menu authority distribution on a computer by a user as an example, the authority code of the menu authority is 2130, the user number of the user is 01123456789, the number corresponding to the first digit in the authority code is obtained according to the role of the user as "01", the number corresponding to the first digit in the authority code is obtained and converted into a binary number, the binary number is "10", the number corresponding to the last digit in the binary number is "0", then, it can be determined that the preset device type corresponding to the menu authority does not include a mobile phone terminal, the reciprocal second is the number of "1", then, it can be determined that the preset device type corresponding to the menu authority includes a PC terminal, and then, the subsequent menu authority distribution is performed according to the obtained preset device type. Therefore, the user can execute corresponding operation on the computer according to the assigned menu authority.
The following steps are repeated: taking the menu authority distribution of a user on a computer as an example, the authority code of the menu authority is 2130, the user number of the user is 03123456789, the numerical value corresponding to the third digit in the authority code is acquired according to the role of the user as '03', the binary number '11' is acquired after the numerical value corresponding to the first digit and the second digit after the last digit of the binary number is converted into the binary number, and the numerical values corresponding to the first digit and the second digit after the last digit of the binary number are both '1', so that the preset equipment type corresponding to the menu authority can be determined to simultaneously comprise a mobile phone terminal and a PC terminal, and subsequent authority distribution is performed according to the result, and accordingly, the user can execute corresponding operation on the computer according to the distributed menu authority.
Step S203: and searching whether the preset role identification corresponding to the current authority contains the first role identification. If the first role identifier is found in the preset role identifiers corresponding to the current authority, executing the step S204; if the first role identifier is not found in the preset role identifiers corresponding to the current permission, step S205 is executed.
In a specific implementation, in this embodiment, a numerical value on a digit corresponding to a first role identifier may be obtained in an authority code corresponding to a current authority according to the first role identifier of a target role, and if the numerical value corresponding to the digit is not "0", it may be determined that a preset identifier corresponding to the current authority includes the first role identifier, and step S204 and subsequent steps are performed; if the value corresponding to the digit is "0", it may be determined that the preset role identifier corresponding to the current authority does not include the first role identifier, step S205 is executed, and step S202 and subsequent steps are executed again. Based on the authority, the user can perform corresponding operation on the electronic equipment according to the assigned authority.
For example, taking menu authority allocation of a user in a mobile phone as an example, the user number of the user is 0212345678, the authority code corresponding to the menu authority is 2130, the first two digits "02" of the user number are intercepted as the role corresponding to the user, the numerical value corresponding to the 2 nd digit is obtained from the authority code of the current menu authority, and the numerical value corresponding to the 2 nd digit is "1", so that it can be determined that the preset role corresponding to the current menu authority includes the role corresponding to the user, and subsequent authority allocation is performed according to the role. Therefore, the user can perform corresponding operation on the mobile phone according to the possessed authority.
For another example, taking the menu authority allocation of the user in the mobile phone as an example, the user number of the user is 04123456789, the authority code corresponding to the menu authority is 2130, the first two digits "04" of the user are intercepted as roles possessed by the user, the numerical value corresponding to the 4 th digit is obtained from the authority code of the menu authority, and the numerical value on the 4 th digit is "0", so that it can be determined that the preset role corresponding to the menu authority does not include the role corresponding to the user, the next menu authority and the menu authority code corresponding to the next menu authority are obtained, and subsequent menu authority allocation is performed accordingly. Therefore, the user can perform corresponding operation on the mobile phone according to the possessed authority.
It should be noted that, in this embodiment, the digit corresponding to the first authority identifier in the authority code may be obtained by any one of the following methods.
The corresponding digit of the first role identifier in the authority code corresponds to the first role identifier, such as: the first role identification is 01, and the first digit or the last digit in the authority code is the digit corresponding to the first role identification; the following steps are repeated: the first role mark is 10, and the tenth digit or the tenth last digit in the authority code is the digit corresponding to the first role mark.
Or when the authority is allocated in the electronic device, the first role identifier is sent to the corresponding server, so that the service queries the digital information of the first role identifier corresponding to the authority code according to the first role identifier, and returns the digital information of the first role identifier corresponding to the authority code to the electronic device, thereby acquiring the digital information corresponding to the first role identifier.
Step S204: and obtaining the preset device identifier corresponding to the first corner identifier, and executing step S206.
And acquiring a preset device identifier corresponding to the first role identifier in the current authority according to the first role identifier.
In specific implementation, after a numerical value on a digit corresponding to a first angle code identifier is acquired in an authority code corresponding to a current authority, the numerical value is converted into a binary number through binary conversion, each digit in the binary number corresponds to an equipment identifier, if the numerical value on a certain digit is '1', it can be determined that a preset equipment identifier corresponding to the first angle code identifier contains the equipment identifier corresponding to the digit, if the numerical value on a certain digit is '0', the preset equipment identifier corresponding to the first angle code identifier does not contain the equipment identifier corresponding to the digit, and all acquired equipment identifiers corresponding to digits with numerical values of '1', namely the preset equipment identifier corresponding to the first angle code identifier, are acquired. That is, after the numerical value on the digit corresponding to the first corner identifier is converted into a binary number, the device identifier corresponding to the digit with the numerical value "1" is the preset device identifier corresponding to the first corner identifier.
For example, taking the authority allocation of the user in the mobile phone as an example, the authority code of the current menu authority is 2130, the role code of the user is 02123456789, a numerical value "1" corresponding to the 2 nd digit in the authority code of the current authority is obtained, the numerical value "1" is converted into a binary number "01", the first reciprocal digit of the binary number represents a mobile terminal, and the second reciprocal digit of the binary number represents a PC terminal, so that it can be determined that the preset device type corresponding to the role corresponding to the user in the current menu authority includes the mobile phone terminal but not the PC terminal, and accordingly, the user can perform corresponding operations on the mobile phone according to the possessed authority.
Step S205: and acquiring the next authority in the authority group as a new current authority, and returning to execute the step S202, namely acquiring the preset role identifier and the preset device identifier corresponding to the current authority.
In a specific implementation, the right table may be read again, and the next right in the right table is obtained as a new current right in the order from top to bottom, where if the current right obtained in the right group for the first time is "right 1", then "right 2" is obtained in the right group for the next time as a new current right.
Step S206: and searching whether the preset equipment identifier corresponding to the first corner identifier contains the first equipment identifier. If the first device identifier is found in the preset device identifier corresponding to the first role identifier, step S207 is executed, that is, the current permission is determined to be a first target permission corresponding to the first role identifier and the first device identifier; if the first device identifier is not found in the preset device identifier corresponding to the first role identifier, step S205 is executed, that is, in the permission group, a next permission is obtained as a new current permission, and step S202 is returned to be executed, that is, the preset role identifier and the preset device identifier corresponding to the current permission are obtained.
In a specific implementation, after acquiring a numerical value on a digit corresponding to the first corner identifier in a permission code corresponding to a current permission and converting the numerical value into a binary number, acquiring a numerical value on a digit corresponding to the first device identifier in the binary number according to the first device identifier of the electronic device, if the numerical value on the digit is "1", executing step S207, and if the numerical value on the digit is "0", executing step S205, and returning to execute step S202 and subsequent steps. That is to say, as long as the value on the digit corresponding to the first authority identifier in the authority code corresponding to the current authority is converted into a binary number, and the value on the digit corresponding to the first device identifier in the binary number is "1", it can be determined that the current authority is the first target authority corresponding to the target role, otherwise, the next authority in the authority group is acquired as the new current authority, and the authority allocation is continued.
For example, taking the distribution of the menu authority on the mobile phone by the user as an example, the authority code of the current menu authority is 2130, the user number of the user is 02123456789, a numerical value "1" corresponding to the second digit in the menu authority code is obtained, and the numerical value "1" is converted into a binary number "01", the first digit in the reciprocal of the binary number represents the authority of the mobile terminal, and the second digit in the reciprocal represents the authority of the PC terminal, so that the user can be determined to have the current menu authority on the mobile phone, and accordingly, the user can perform corresponding operations on the mobile phone according to the possessed authority.
Step S207: and determining the current authority as a first target authority corresponding to the first role identifier and the first equipment identifier.
The first target authority is the authority of the target role on the electronic device, and the first target authority is opened to the target role so that the target role can execute the operation corresponding to the first target authority on the electronic device. Accordingly, the user given the target role is opened with the first target authority so that the user can execute the operation corresponding to the first target authority on the electronic equipment.
For example, taking a user logging in a mobile phone bank APP as an example, when the user logs in the mobile phone bank APP with own bank card account information, the bank background management system may allocate a group of permissions to the user according to the account information of the user, so that the user performs function operations corresponding to the permissions, for example, if the user inquires the current account balance and expenditure details in the allocated permissions, the user may inquire the current account balance and expenditure details, and accordingly, the user may perform corresponding operations on the mobile phone bank APP according to the permissions.
In a specific implementation based on fig. 1, step S103 may also be implemented in the following manner, as shown in fig. 3:
step S301: the first right is obtained in the right group as the current right.
In a specific implementation, the authority group in this embodiment may be embodied in a form of an authority table, which is shown with reference to table 1.
Each row in the authority table corresponds to one authority and the corresponding authority code, for example, "authority 1" in the authority table 1 corresponds to "authority code 1"; "Authority 2" corresponds to "Authority code 2".
The privilege code may be represented by a string of one or more digits and/or letters, such as a 10-ary number, a 16-ary number, and so forth. The digit corresponding to each number or letter in the character string corresponds to a device identifier, such as: the first digit from last corresponds to a 'mobile phone end', the second digit from last corresponds to a 'PC end', and so on, and each digit is added, so that an equipment identifier is added. That is, if a new device identifier needs to be set, only a new digit needs to be added to the authorization code.
In a specific implementation, in this embodiment, one right in the right table may be obtained as the current right in a preset reading manner, for example, the right table is read in a top-down sequence, the first right in the right table is obtained as the current right, or one right in the right table is randomly obtained as the current right, and so on.
Obtaining a numerical value on a digit corresponding to a certain equipment identifier in the authority code, and performing binary conversion on the numerical value to obtain a binary number, wherein each digit in the binary number corresponds to a role identifier respectively, and the steps are as follows: the first digit in the string is "role 1", the second digit is "role 2", and so on. That is, if the number of the role identifiers needs to be increased, the number of the digits of the binary number only needs to be increased by changing the numerical value of the digit corresponding to the device identifier corresponding to the authority code. For example, the value of a certain digit in a certain authority code is 3, and the value is 11 after being converted into a binary number, so that the code can have 2 role identifiers at most; for another example, a value of a certain number in a certain authority code is 7, and the value is 111 after being converted into a binary number, so that at most 3 character identifiers can be provided at the same time. And so on, the more digits of the binary number the more role identifiers are provided.
Step S302: and acquiring a preset role identifier and a preset device identifier corresponding to the current authority.
The preset device identification corresponds to the current authority, and one authority corresponds to at least one preset device identification; the preset role identification corresponds to preset device identification, and each preset device identification corresponds to at least one preset role identification.
In the specific implementation, by reading the authority table, the first authority in the authority table is obtained as the current authority according to the top-down sequence, and the authority code corresponding to the current authority is obtained, each digit in the authority code corresponds to an equipment identifier, if the last digit represents a mobile phone end, the last digit represents a PC end, and so on, the application scenarios of multiple equipment types can be supported, according to the difference of the corresponding numerical values on each digit in the authority code, the preset equipment identifier corresponding to the current authority is obtained, if the numerical value on one digit in the authority code of the current authority is obtained, if the numerical value on the digit is not "0", the equipment identifier corresponding to the digit is included in the preset equipment identifier corresponding to the current authority, if the numerical value on the digit is 0, the equipment identifier corresponding to the digit is not included in the preset equipment identifier corresponding to the current authority, by analogy, the device identifications corresponding to all digits with the numerical values not being 0 in the authority code corresponding to the current authority are obtained and serve as the preset device identifications corresponding to the current authority, and subsequent authority distribution is carried out according to the preset device identifications. That is to say, the device identifiers corresponding to all digits of which the numerical values are not "0" in the authority code corresponding to the current authority are obtained, that is, the preset device identifiers corresponding to the current authority are obtained.
For example: taking the authority code corresponding to the current authority as 2130 as an example, where the device identifier corresponding to the digit where "2", "1", and "3" are located is the preset device identifier corresponding to the current authority, and the device identifier corresponding to the digit where "0" is located is not included in the preset device identifier corresponding to the current authority.
And carrying out binary conversion on the numerical value of a certain digit in the authority code of the current authority to obtain a corresponding binary number, wherein each digit in the binary number corresponds to a role identifier. When the numerical value on the digit of the binary number is "1", it can be determined that the preset role identifier corresponding to the current authority includes the role identifier corresponding to the digit, and when the numerical value on the digit of the binary number is "0", it can be determined that the preset role identifier corresponding to the current authority does not include the role identifier corresponding to the digit, so that all the preset role identifiers in the authority code corresponding to the current authority are obtained, and subsequent authority allocation is performed according to the preset role identifiers. That is, after the numerical values on all non-0 digits in the authority code corresponding to the current authority are obtained and converted into binary numbers, the role identifiers corresponding to all digits with numerical values of "1" in the binary numbers are all the preset role identifiers corresponding to the current authority.
For example: taking the menu authority distribution on a computer by a user as an example, the authority code of the menu authority is 1023, the computer is used as a user login device, namely a PC terminal, the numerical value 2 on the last digit in the authority code is obtained and converted into a binary number, the binary number 10 is obtained, the numerical value corresponding to the last digit of the binary number is 0, the role corresponding to the digit is not contained in the preset role corresponding to the menu authority, the numerical value on the last digit is 1, the role corresponding to the menu authority is contained in the preset role corresponding to the menu authority, and the subsequent authority distribution is carried out according to the obtained preset role, therefore, the user can carry out corresponding operation on the computer according to the possessed authority.
And the following steps: taking the menu authority distribution of the user on the mobile phone as an example, the authority code of the menu authority is 1023, the numerical value "3" on the first digit from the last in the authority code is obtained according to the type of the login device of the user as the mobile phone end, the numerical value "11" is obtained after the numerical value "3" on the first digit from the last and the numerical value "1" on the second digit from the last, then, the role corresponding to the menu authority can be determined to be simultaneously contained in the preset role, the subsequent authority distribution is carried out according to the obtained preset role, and accordingly, the user can carry out corresponding operation on the mobile phone according to the possessed authority.
Step S303: and searching whether the preset equipment identifier corresponding to the current authority contains the first equipment identifier. If the first device identifier is found in the preset device identifier corresponding to the current authority, executing step S304; if the first device identifier is not found in the preset device identifier corresponding to the current permission, step S305 is executed.
In a specific implementation, in this embodiment, a numerical value on a digit corresponding to a first device identifier in an authorization code corresponding to a current authorization may be obtained according to the first device identifier of the electronic device, and if the value corresponding to the digit is not "0", it may be determined that a preset device identifier corresponding to the current authorization includes the first device identifier, and step S304 and subsequent steps are performed; if the value corresponding to the digit is "0", it may be determined that the preset device identifier corresponding to the current authority does not include the first device identifier, perform step S305, and return to perform step S302 and subsequent steps. Based on the method, the user can perform corresponding operation on the electronic equipment according to the possessed authority.
For example, taking menu authority allocation of a user in a mobile phone as an example, the authority code corresponding to the menu authority is 1203, and a value "3" on the last digit of the authority code is obtained according to that the user equipment type is a "mobile phone terminal", so that it can be determined that the preset equipment type corresponding to the current menu authority includes the equipment type corresponding to the electronic equipment, and subsequent authority allocation is performed according to the equipment type of the electronic equipment. Therefore, the user can perform corresponding operation on the mobile phone according to the possessed authority.
Step S304: and obtaining a preset role identifier corresponding to the first device identifier, and executing step S306.
And acquiring a preset role identifier corresponding to the first equipment identifier in the current authority according to the first equipment identifier.
In the specific implementation, after a numerical value on a digit corresponding to a first device identifier is obtained in an authority code corresponding to a current authority, the numerical value is converted into a binary number through binary conversion, each digit in the binary number corresponds to a role identifier, if the numerical value on one digit in the binary number is '1', it can be determined that a preset role identifier corresponding to the first device identifier contains the role identifier corresponding to the digit, if the numerical value on one digit is '0', the preset role identifier corresponding to the first device identifier does not contain the role identifier corresponding to the digit, and role identifiers corresponding to digits with the obtained numerical values of '1' are the preset role identifiers corresponding to the first device identifier. That is to say, after the numerical value on the digit corresponding to the first role identifier is converted into a binary number, the role identifier corresponding to the digit with the numerical value of "1" is the preset role identifier corresponding to the first device identifier.
For example, taking the menu authority allocation of the user in the mobile phone as an example, the authority code of the menu authority is 2103, according to the fact that the device type of the user login device is "mobile phone end", the numerical value "3" on the last digit in the authority code is obtained, the numerical value "3" is converted into the binary number "11", and the numerical values on the two digits are both "1", then, it can be determined that the role corresponding to the two digits is the preset role corresponding to the device type "mobile phone end" of the user in the menu authority, and subsequent authority allocation is performed according to the obtained preset role, and accordingly, the user can perform corresponding operations on the mobile phone according to the possessed authority.
Step S305: and acquiring the next authority in the authority group as a new current authority, and returning to execute the step S302, namely acquiring the preset device identifier and the preset role identifier corresponding to the current authority.
In a specific implementation, the right table may be read again, and the next right in the right table may be obtained as a new current right from top to bottom, where if the current right obtained in the right group for the first time is "right 1", then "right 2" is obtained in the right group for the next time as a new current right.
Step S306: and searching whether the preset role identification corresponding to the first equipment identification contains the first role identification.
If the first role identifier is found in the preset role identifier corresponding to the first device identifier, executing step S307, that is, determining that the current permission is the first target permission corresponding to the first device identifier and the first role identifier; if the first role identifier is not found in the preset role identifier corresponding to the first device identifier, step S305 is executed, that is, in the permission group, a next permission is obtained as a new current permission, and step S302 is returned to, that is, the preset device identifier and the preset role identifier corresponding to the current permission are obtained.
In a specific implementation, after acquiring a numerical value on a digit corresponding to a first device identifier in an authority code corresponding to a current authority and obtaining a binary number through binary conversion, acquiring a numerical value on a digit corresponding to the first role identifier in the binary number according to the first role identifier of the electronic device, if the numerical value on the digit is "1", executing step S307, and if the numerical value on the digit is "0", executing step S305, and returning to execute step S302 and subsequent steps. That is, as long as the value on the digit corresponding to the first device identifier in the authority code corresponding to the current authority is converted into a binary number, and the value on the digit corresponding to the first role identifier in the binary number is "1", it can be determined that the current authority is the first target authority corresponding to the target role, otherwise, the next authority of the authority group is obtained as the new current authority, and the authority allocation is continued.
For example, taking the case that the user performs menu authority allocation on a mobile phone, the authority code of the current menu authority is 2113, the role code of the user is 02123456789, the numerical value "3" corresponding to the first digit from the last in the authority code is obtained according to the type of the device where the user logs in the device is "mobile phone end", the numerical value "3" is converted into the binary number "11", the numerical value corresponding to the second digit from the last in the second binary number is obtained according to the role "02" of the user, and the numerical value is "1", so that it can be determined that the user has the current menu authority on the mobile phone, and accordingly, the user can perform corresponding operation on the mobile phone according to the possessed authority.
Step S307: and determining the current authority as a first target authority corresponding to the first role identifier and the first equipment identifier.
The first target authority is the authority of the target role on the electronic equipment, and the first target authority is opened to the target role so that the target role can execute the operation corresponding to the first target authority on the electronic equipment. Accordingly, the user given the target role is opened with the first target authority so that the user can execute the operation corresponding to the first target authority on the electronic equipment.
For example, taking a user logging in a mobile phone bank APP as an example, when the user logs in the mobile phone bank APP with own bank card account information, the bank background management system allocates a group of permissions to the user so as to enable the user to perform function operations corresponding to the permissions, for example, if the user inquires the permissions of the current bank account in the allocated permissions, the user can inquire the current account balance, the expenditure details and the like, and accordingly, the user can perform corresponding function operations in the mobile phone bank APP according to the allocated permissions.
In the implementation manner based on fig. 1, after step S101 and before step S102, the following steps may also be included, as shown in fig. 4:
step S105: and judging whether the target role has the second role identification.
The second role identifier is a variable role identifier, is stored in a role identifier table established in advance, and can be added, deleted or changed by setting. The second role identification is a different role identification than the first role identification. For example, if the authority code is a character string with 10 digits, that is, an authority can have 10 role identifiers at most, the first role identifier must be one of the role identifiers corresponding to the first 7 digits, and the second role identifier must be one of the role identifiers corresponding to the last 3 digits.
In a specific implementation, in this embodiment, whether the target role has the second role identifier may be determined by querying the role identifier table. If the queried role identification table is empty, it may be determined that the target role does not have the second role identification, and step S102 and subsequent steps are performed, and if the queried role identification table is not empty, it may be determined that the target role has the second role identification, and step S106 and subsequent steps are performed. That is, when the target character has the second character identifier, the permission search operation is first performed according to the second character identifier and the first device identifier, and the permission search operation is not performed according to the first character identifier of the target character for the moment, that is, step S102 is not performed for the moment.
Step S106: and acquiring a second role identification of the target role.
In a specific implementation, after determining that the role identification table is not empty, directly reading the role identification table, obtaining a second role identification corresponding to a target role in the role identification table, and executing step S107.
Step S107: and whether a second target authority corresponding to the second role identifier and the first equipment identifier is found in the authority group.
The authority group comprises one or more authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively.
If the second target authority corresponding to the second role identifier and the first device identifier is found, executing step S108, namely determining that the target authority has a second target authority on the electronic device; and if the authority corresponding to the second role identifier and the first device identifier is not found, executing the step S102 and the subsequent steps. That is, if the authority corresponding to the second role identifier and the first device identifier is not found, the first device identifier of the target role is obtained, and the authority searching operation according to the first role identifier of the target role and the first device identifier of the electronic device is started, that is, step S102 is started.
In a specific implementation, the preset role identifier and the preset device identifier corresponding to each authority in the authority group may be compared with the second role identifier and the first device identifier, that is, whether each authority corresponds to the second role identifier and the first device identifier is sequentially determined according to an order between the authorities in the authority group, and if it is determined that the second target authority corresponding to the second role identifier and the first device identifier exists, it may be determined that the target role has the second target authority on the electronic device. For example: in the permission group, acquiring a first permission as a current permission, and acquiring a preset role identifier and a preset device identifier corresponding to the current permission; searching whether a second role identifier and a first device identifier correspond to a preset role identifier and a preset device identifier corresponding to the current authority; if so, determining that the current authority is a second target authority corresponding to the target role; if not, acquiring the next authority in the authority group as a new current authority, acquiring a preset role identifier and a preset device identifier corresponding to the current authority, and so on. If a second target authority corresponding to the second role identification and the first equipment identification is found in the authority group, determining that the target role has a second target authority on the electronic equipment; and if the second target permission corresponding to the second role identification and the first equipment identification is not searched in the permission group, starting to acquire the first role identification of the target role, and performing subsequent permission searching operation.
It should be noted that if the second target permission corresponding to the second role identifier and the first device identifier is found in the permission group, the first role identifier of the target role and subsequent permission search are not obtained any more. That is, after the second target authority is found and the target role is determined to have the second target authority on the electronic device, the current process is ended. And if the second target authority corresponding to the second role identification and the first equipment identification is not found in the authority group, acquiring the first role identification of the target role.
S108: and determining that the target role has a second target authority on the electronic equipment. So that the target role can execute the operation corresponding to the second target authority on the electronic device.
In a specific implementation, the second target permission in this embodiment may be a set of function permissions, and the function permission corresponding to the second target permission in the electronic device is opened to the target role, so that the target role may perform an operation of a corresponding function on the electronic device according to the second target permission. Therefore, the user endowed with the target role can operate the corresponding function on the electronic equipment according to the second target authority.
In a specific implementation based on fig. 4, step S107 may specifically be implemented by the following steps, as shown in fig. 5:
step S501: the first right is obtained in the right group as the current right.
In a specific implementation, the authority group in this embodiment may be embodied in a form of an authority table, which is shown with reference to table 1.
Each row in the authority table corresponds to one authority and the corresponding authority code, for example, "authority 1" in the authority table 1 corresponds to "authority code 1"; "Authority 2" corresponds to "Authority code 2".
The privilege code may be represented by a string of one or more digits and/or letters, such as a 10-ary number, a 16-ary number, and so forth. The digit corresponding to each number or letter in the character string corresponds to a role identifier, such as: the first digit in the string is "role 1", the second digit is "role 2", and so on. Each digit in the character string is added with a role identifier. That is, if a new role identifier needs to be set, only a new digit needs to be added to the privilege code.
In a specific implementation, in this embodiment, one right in the right table may be obtained as the current right in a preset reading manner, for example, the right table is read in a top-down sequence, the first right in the right table is obtained as the current right, or one right in the right table is randomly obtained as the current right, and so on.
Obtaining a numerical value on a digit corresponding to a certain role identifier in the authority code, and performing binary conversion on the numerical value to obtain a binary number, wherein each digit in the binary number corresponds to a device identifier, for example: the first digit from last corresponds to a 'mobile phone end', the second digit from last corresponds to a 'PC end', and so on, several digits of the binary number correspond to several equipment identifications. That is, if the number of device identifiers needs to be increased, only the number of digits of the binary number needs to be increased. For example, the value of a certain digit in a certain authority code is 3, and the value is 11 after being converted into a binary number, so that at most 2 device identifiers can be simultaneously provided; for another example, a value of a certain number in a certain authority code is 7, and the value is 111 after being converted into a binary number, so that at most 3 device identifiers can be provided at the same time. And so on, the more digits of a binary number the more device identifications.
Step S502: and acquiring a preset role identifier and a preset device identifier corresponding to the current authority.
The preset role identification corresponds to the current authority, and one authority corresponds to at least one preset role identification; the preset device identification corresponds to the preset role identification, and each preset role identification corresponds to at least one preset device identification.
In a specific implementation, in this embodiment, the authority table may be read, a first authority in the authority table is obtained as a current authority according to a top-down sequence, an authority code corresponding to the current authority is obtained, a preset role identifier corresponding to the current authority is obtained according to a difference between corresponding numerical values on each digit in the authority code, for example, a numerical value corresponding to one digit in the authority code of the current authority is obtained, if the numerical value on the digit is not "0", the preset role identifier corresponding to the current authority includes a role identifier corresponding to the digit, if the numerical value on the digit is 0, the preset role identifier corresponding to the current authority does not include the role identifier corresponding to the digit, and so on, a role identifier corresponding to all digits whose numerical values are not "0" in the authority code corresponding to the current authority is obtained as a preset role identifier corresponding to the current authority, and subsequent authority distribution is carried out according to the preset role identifications. That is to say, the role identifiers corresponding to all digits with numerical values not being "0" in the authority code corresponding to the current authority are obtained, that is, the preset role identifiers corresponding to the current authority are obtained. For example: taking the authority code of the current authority as 2130 as an example, where the role identifier corresponding to the digit where "2", "1", and "3" are located is the preset role identifier corresponding to the current authority, and the role identifier corresponding to the digit where "0" is located is not included in the preset role identifier corresponding to the current authority.
The numerical value of a certain digit in the authority code of the current authority is converted through a binary system to obtain a corresponding binary number, each digit in the binary number corresponds to a device identifier, for example, the first digit in the last digit of the binary number represents a mobile phone terminal, the second digit in the last digit of the binary number represents a PC terminal, and so on, the application scenes of multiple device types can be supported. When the numerical value on the digit of the binary number is "1", the preset device identifier corresponding to the current authority contains the device identifier corresponding to the digit, and when the numerical value on the digit of the binary number is "0", the preset device identifier corresponding to the current authority does not contain the device identifier corresponding to the digit, so that all the device identifiers in the authority code corresponding to the current authority are obtained, namely the preset device identifier corresponding to the current authority is obtained, and then subsequent authority distribution is performed according to the preset device identifiers. That is, after the values on all non-0 digits in the authority code corresponding to the current authority are obtained and converted into binary numbers, the device identifiers corresponding to all digits with the values of "1" in the binary numbers are all the preset device identifiers corresponding to the current authority.
For example: taking the menu authority distribution of a user on a computer as an example, the authority code of the menu authority is 2130, the user number of the user is 01123456789, the number corresponding to the first digit in the menu authority code is obtained according to the role of the user as "01", the number corresponding to the first digit in the menu authority code is obtained, the number corresponding to the binary number is "10", the number corresponding to the last digit in the binary number is "0", then, it can be determined that the preset device type corresponding to the menu authority does not include a mobile phone terminal, the number corresponding to the last digit is "1", then, it can be determined that the preset device type corresponding to the menu authority includes a PC terminal, then, the subsequent menu authority distribution is performed according to the obtained preset device type, and accordingly, the user can perform corresponding operations on the computer according to the distributed menu.
Step S503: and searching whether a second role identifier is included in the preset role identifier corresponding to the current authority. If the second role identifier is found in the preset role identifiers corresponding to the current authority, executing step S504; if the second role identifier is not found in the preset role identifiers corresponding to the current permission, step S505 is executed.
In a specific implementation, in this embodiment, a numerical value on a digit corresponding to a second role identifier in an authority code corresponding to a current authority may be obtained according to the second role identifier of the target role, and if the value corresponding to the digit is not "0", it may be determined that a preset identifier corresponding to the current authority includes the second role identifier, and step S504 and subsequent steps are performed; if the numerical value on the digit is "0", it may be determined that the preset role identifier corresponding to the current authority does not include the second role identifier, the step S505 is executed, and the step S502 and subsequent steps are executed again. Based on the authority, the user can perform corresponding operation on the electronic equipment according to the assigned authority.
For example, taking the menu authority allocation of a user in a mobile phone as an example, the user number of the user is 02123456789, the menu authority code corresponding to the menu authority is 2130, the first two digits of the user number are intercepted "02", the numerical value corresponding to the 2 nd digit is obtained from the authority code of the current menu authority, and the numerical value corresponding to the 2 nd digit is "1", so that it can be determined that the preset role corresponding to the menu authority includes the role corresponding to the user, and subsequent authority allocation is performed according to the role. Therefore, the user can perform corresponding operation on the mobile phone according to the possessed authority.
For another example, taking the menu authority allocation of the user in the mobile phone as an example, the menu authority code corresponding to the user number 04123456789 menu authority of the user is 2130, the first two digits "04" of the user are intercepted as roles possessed by the user, the numerical value corresponding to the 4 th digit is obtained from the authority code of the current menu authority, and the numerical value on the 4 th digit is "0", so that it can be determined that the preset role corresponding to the menu authority does not include the role corresponding to the user, and the next menu authority is obtained for subsequent menu authority allocation. Therefore, the user can perform corresponding operation on the mobile phone according to the possessed authority.
Step S504: and obtaining a preset device identifier corresponding to the second role identifier, and executing step S506.
And acquiring a preset device identifier corresponding to the second role identifier in the current authority according to the second role identifier.
In specific implementation, after a numerical value on a digit corresponding to a second role identifier is acquired in an authority code corresponding to a current authority, the numerical value is converted into a binary number through binary conversion, each digit in the binary number corresponds to an equipment identifier, if the numerical value on a certain digit is "1", a preset equipment identifier corresponding to the second role identifier contains the equipment identifier corresponding to the digit, if the numerical value on a certain digit is "0", the preset equipment identifier corresponding to the second role identifier does not contain the equipment identifier corresponding to the digit, and equipment identifiers corresponding to digits with all numerical values of "1" in the acquired binary number are acquired, that is, the preset equipment identifier corresponding to the second role identifier is acquired. That is, after the numerical value on the digit corresponding to the second role identifier is converted into a binary number, the device identifier corresponding to the digit with the numerical value of "1" is the preset device identifier corresponding to the second role identifier.
For example, taking the authority allocation of the user in the mobile phone as an example, the authority code of the current menu authority is 2130, the role code of the user is 02123456789, a numerical value "1" corresponding to the 2 nd digit in the authority code of the current authority is obtained, the numerical value "1" is converted into a binary number "01", the first reciprocal digit of the binary number represents a mobile terminal, and the second reciprocal digit of the binary number represents a PC terminal, so that it can be determined that the preset device type corresponding to the role corresponding to the user in the current menu authority includes the mobile phone terminal but not the PC terminal, and accordingly, the user can perform corresponding operations on the mobile phone according to the possessed authority.
Step S505: and acquiring the next authority in the authority group as a new current authority, and returning to execute the step S502, namely acquiring the preset role identifier and the preset device identifier corresponding to the current authority.
In a specific implementation, the next authority in the authority table may be obtained as a new current authority by reading the authority table again, and if the current authority obtained in the authority group for the first time is "authority 1", then "authority 2" is obtained in the authority group next time as a new current authority.
Step S506: and searching whether the preset device identification corresponding to the second role identification contains the first device identification. If the first device identifier is found in the preset device identifier corresponding to the second role identifier, executing step S507, that is, determining that the current permission is a second target permission corresponding to the second role identifier and the first device identifier; if the first device identifier is not found in the preset device identifier corresponding to the second role identifier, step S505 is executed, that is, in the permission group, a next permission is obtained as a new current permission, and step S502 is returned to be executed, that is, the preset role identifier and the preset device identifier corresponding to the current permission are obtained.
In a specific implementation, after acquiring a numerical value on a digit corresponding to the second role identifier in the authority code corresponding to the current authority and converting the numerical value into a binary number, acquiring a numerical value on a digit corresponding to the first device identifier in the binary number according to the first device identifier of the electronic device, if the numerical value on the digit is "1", executing step S507, and if the numerical value on the digit is "0", executing step S505, and returning to execute step S502 and subsequent steps. That is, as long as the value on the digit corresponding to the second role identifier in the authority code corresponding to the current authority is converted into a binary number, and the value on the digit corresponding to the first device identifier is "1", it can be determined that the current authority is the second target authority corresponding to the target role, otherwise, the next authority in the authority group is obtained as the new current authority, and the authority allocation is continued.
For example, taking the distribution of the menu authority on the mobile phone by the user as an example, the authority code of the current menu authority is 2130, the user number of the user is 02123456789, a numerical value "1" corresponding to the second digit in the menu authority code is obtained, and the numerical value "1" is converted into a binary number "01", the first digit in the reciprocal of the binary number represents the authority of the mobile terminal, and the second digit in the reciprocal represents the authority of the PC terminal, so that the user can be determined to have the current menu authority on the mobile phone, and accordingly, the user can perform corresponding operations on the mobile phone according to the possessed authority.
Step S507: and determining the current authority as a second target authority corresponding to the second role identifier and the first equipment identifier.
The second target authority is the authority of the target role on the electronic device, and the second target authority is opened to the target role so that the target role can execute the operation corresponding to the second target authority on the electronic device. Accordingly, the user given the target role is opened with the second target authority so that the user can execute the operation corresponding to the second target authority on the electronic device.
For example, taking a user logging in a bank mobile phone bank APP as an example, when the user logs in the mobile phone bank APP with own bank card account information, the bank background management system may allocate a group of permissions to the user according to the account information of the user, so that the user performs function operations corresponding to the permissions, for example, if the user inquires the current account balance and expenditure details in the allocated permissions, the user may inquire the current account balance and expenditure details, and accordingly, the user may perform corresponding operations on the mobile phone bank APP according to the permissions.
In the implementation manner based on fig. 1, the following steps may be further included after step S104, as shown in fig. 6:
step S109: and obtaining all first target sub-rights corresponding to the first role identification and the first device identification of the electronic device in all sub-rights in the first target rights, so that the target role can execute the operation corresponding to the first target sub-rights in the electronic device.
The first target permission comprises at least one sub-permission, and each sub-permission in the first target permission corresponds to at least one preset role identifier and at least one preset device identifier respectively.
And traversing the first target permission to obtain all sub-permissions in the first target permission, and comparing whether each traversed sub-permission corresponds to the first role identifier and the first equipment identifier to obtain all first target sub-permissions corresponding to the first role identifier and the first equipment identifier in the first target permission.
In a specific implementation, the sub-rights in the first target right in this embodiment may be embodied in the form of a sub-right table, as shown in table 2:
TABLE 2 sub-Authority Table
Sub-rights 1 Authority code 1
Sub-rights 2 Authority code 2
Sub-authority n Permission code n
Reading the sub-permission tables according to a certain sequence, for example, traversing the sub-permission tables from top to bottom, acquiring a first sub-permission in the sub-permission tables as a current sub-permission, comparing whether the current sub-permission corresponds to the first role identifier and the first device identifier, then acquiring a next sub-permission in the sub-permission tables as the current sub-permission, comparing whether the current sub-permission corresponds to the first role identifier and the first device identifier, and so on, performing comparison operation on all sub-permissions in the first target permission. For example: acquiring a preset role identifier and a preset device identifier corresponding to the current sub-permission according to a permission code corresponding to the current sub-permission; searching whether a preset role identifier corresponding to the current sub-authority contains a first role identifier or not; if the preset role identification corresponding to the current sub-authority contains a first role identification, acquiring a preset device identification corresponding to the first role identification; if the preset device identifier corresponding to the first role identifier contains the first device identifier, the current sub-authority can be determined to be a first target sub-authority corresponding to a target role in the first target authority; if the preset role identifier corresponding to the current sub-authority does not contain the first role identifier, or the preset device identifier corresponding to the first role identifier does not contain the first device identifier, it can be determined that the current sub-authority is not a first target sub-authority corresponding to the target role, and so on until all first target sub-authorities in the first target authority are obtained.
That is, when performing the comparison operation on one sub-authority in the first target authority, regardless of the comparison result, the comparison operation needs to be performed on all sub-authorities in the first target authority once to obtain all first target sub-authorities corresponding to the target role in the first target authority. Accordingly, the user can perform a corresponding operation in the electronic device according to the assigned rights.
In the implementation manner based on fig. 4, the following steps may be further included after step S108, as shown in fig. 7:
step S110: and obtaining all second target sub-rights corresponding to the second role identification and the first device identification of the electronic device in all sub-rights in the second target rights, so that the target role can execute the operation corresponding to the second target sub-rights in the electronic device.
The second target permission comprises at least one sub-permission, and each sub-permission in the second target permission corresponds to at least one preset role identifier and at least one preset device identifier respectively.
And traversing the second target permission to obtain all sub-permissions in the second target permission, and comparing whether each traversed sub-permission corresponds to the second role identifier and the first equipment identifier to obtain all second target sub-permissions in the second target permission corresponding to the second role identifier and the first equipment identifier.
In a specific implementation, the sub-rights in the second target rights in this embodiment may be embodied in the form of a sub-rights table, which is shown with reference to table 2.
Reading the sub-permission tables according to a certain sequence, for example, traversing the sub-permission tables from top to bottom, acquiring a first sub-permission in the sub-permission tables as a current sub-permission, comparing whether the current sub-permission corresponds to the second role identifier and the first device identifier, then acquiring a next sub-permission in the sub-permission tables as the current sub-permission, comparing whether the current sub-permission corresponds to the second role identifier and the first device identifier, and so on, performing comparison operation on all sub-permissions in the first target permission. For example: acquiring a preset role identifier and a preset device identifier corresponding to the current sub-permission according to a permission code corresponding to the current sub-permission; searching whether a preset role identifier corresponding to the current sub-authority contains a second role identifier; if the preset role identification corresponding to the current sub-authority contains a second role identification, acquiring a preset device identification corresponding to the second role identification; if the preset device identifier corresponding to the second role identifier contains the first device identifier, the current sub-authority can be determined to be a second target sub-authority corresponding to the target role in the second target authority; if the preset role identifier corresponding to the current sub-authority does not contain the second role identifier, or the preset device identifier corresponding to the second role identifier does not contain the first device identifier, it can be determined that the current sub-authority is not a second target sub-authority corresponding to the target role, and so on until all second target sub-authorities in the second target authorities are obtained.
That is, when performing the comparison operation on one sub-authority in the second target authority, regardless of the comparison result, the comparison operation needs to be performed on all sub-authorities in the second target authority once to obtain all second target sub-authorities corresponding to the target role in the second target authority. Accordingly, the user can perform a corresponding operation in the electronic device according to the assigned rights.
Referring to fig. 8, a flowchart of an implementation of an authority management apparatus according to a second embodiment of the present application is provided, where the apparatus may be applied to an application program or device for a specific user, such as an electronic device like a mobile phone, a tablet computer, a PC, a television, or an application program installed in the electronic device. The embodiment is mainly used for solving the problem that the distribution of the user authority in the information system is single.
A first device identifier obtaining unit 801, configured to obtain a first device identifier of an electronic device, where the first device identifier at least represents a device type of the electronic device;
a first role identifier obtaining unit 802, configured to obtain a first role identifier of a target role;
a first permission searching unit 803, configured to search, in the permission group, permissions corresponding to the first role identifier and the first device identifier, and if a first target permission corresponding to the first role identifier and the first device identifier is found, determine that the target role has a first target permission on the electronic device, so that the target role can perform an operation corresponding to the first target permission on the electronic device; the authority group comprises one or more authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively;
according to the technical scheme, in the right management device provided by the second embodiment of the application, under the condition that the target role is logged on the electronic device provided with the device, the first device identifier of the electronic device and the first role identifier of the target role are obtained, and then the first target right corresponding to the first role identifier and the device identifier of the electronic device is searched from the right group.
In an implementation manner, the first permission searching unit 803 is specifically configured to:
acquiring a first authority in the authority group as a current authority; acquiring a preset role identifier and a preset device identifier corresponding to the current authority; searching whether a first role identifier is included in a preset role identifier corresponding to the current authority; if the first role identification is found in the preset role identification corresponding to the current authority, obtaining a preset device identification corresponding to the first role identification according to the preset device identification corresponding to the current authority; searching whether a first equipment identifier is included in a preset equipment identifier corresponding to the first corner identifier; if the first equipment identifier is found in the preset equipment identifier corresponding to the first role identifier, determining that the current authority is a first target authority corresponding to the first role identifier and the first equipment identifier; if the first role identifier is not found in the preset role identifier corresponding to the current permission, or if the first device identifier is not found in the preset device identifier corresponding to the first role identifier, the next permission is obtained in the permission group as a new current permission, and the first permission finding unit 803 is continuously triggered.
In one implementation, the first permission searching unit 803 may also be configured to:
acquiring a first authority in the authority group as a current authority; acquiring a preset role identifier and a preset device identifier corresponding to the current authority; searching whether a first device identifier is included in a preset device identifier corresponding to the current authority; if the first equipment identifier is found in the preset equipment identifiers corresponding to the current authority, obtaining preset role identifiers corresponding to the first equipment identifiers according to the preset role identifiers corresponding to the current authority; searching whether a first role identifier is contained in a preset role identifier corresponding to the first equipment identifier; if the first equipment identifier is found in the preset role identifier corresponding to the first equipment identifier, determining that the current authority is a first target authority corresponding to the first role identifier and the first equipment identifier; if the first device identifier is not found in the preset device identifier corresponding to the current permission, or if the first role identifier is not found in the preset role identifier corresponding to the first device identifier, the next permission is obtained in the permission group as a new current permission, and the first permission finding unit 803 is continuously triggered.
In one implementation, the apparatus in this embodiment may further include the following units, as shown in fig. 9:
a second role identification determining unit 804, configured to determine, after the first device identification obtaining unit 801 obtains the first device identification of the electronic device, whether the target role has a second role identification before the first role identification obtaining unit 802 obtains the first role identification of the target role, where a second target permission and a first target permission are different permissions;
if the target role has the second role identifier, triggering a second permission search unit 805;
if the target role does not have the second role identifier, triggering a first role identifier acquisition unit 802;
a second permission searching unit 805 which searches for permissions corresponding to the second role identifier and the first device identifier in the permission group, and if a second target permission corresponding to the second role identifier and the first device identifier is found, determines that the target role has a second target permission on the electronic device, so that the target role can execute an operation corresponding to the second target permission on the electronic device, wherein the second target permission is different from the first target permission; if no authority corresponding to the second role identifier and the first device identifier is found in the authority group, the first role identifier obtaining unit 802 is triggered.
In one implementation, the apparatus in this embodiment further includes the following units, as shown in fig. 10:
a first sub-authority searching unit 806, configured to, after the first authority searching unit 803 determines that the target role has the first target authority on the electronic device, obtain, in all sub-authorities in the first target authority, all first target sub-authorities corresponding to the first role identifier and the first device identifier, so that the target role can perform an operation corresponding to the first target sub-authority on the electronic device; the first target permission comprises at least one sub-permission, and each sub-permission in the first target permission corresponds to at least one preset role identifier and at least one preset device identifier respectively.
In one implementation, the apparatus in this implementation may further include the following units, as shown in fig. 11:
a second sub-right searching unit 807, configured to, after the second right searching unit 805 determines that the target role has the second target right on the electronic device, obtain, in all sub-rights in the second target right, all second target sub-rights corresponding to the second role identifier and the first device identifier, so that the target role can perform an operation corresponding to the second target sub-right on the electronic device; the second target permission comprises at least one sub-permission, and each sub-permission in the second target permission corresponds to at least one preset role identifier and at least one preset device identifier respectively.
Referring to fig. 12, a schematic structural diagram of a rights management device according to a third embodiment of the present application is shown, where the electronic device may be an electronic device such as a mobile phone, a tablet computer, a PC, a television, and the like. The embodiment is mainly used for solving the problem that the distribution of the user authority in the information system is single.
A memory 1201 for storing a computer program and data generated by the computer program;
a processor 1202 for executing a computer program to implement: acquiring a first device identifier of the electronic device, wherein the first device identifier at least represents the device type of the electronic device; acquiring a first role identification of a target role; in the permission group, permissions corresponding to a first role identifier and a first device identifier are searched, and if a first target permission corresponding to the first role identifier and the first device identifier is searched, the target role is determined to have a first target permission on the electronic device, so that the target role can execute an operation corresponding to the first target permission on the electronic device; the authority group comprises one or more authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively.
According to the technical scheme, in the electronic device provided by the third embodiment of the application, under the condition that the target role is logged in the electronic device, the first device identifier of the electronic device and the first role identifier of the target role are obtained, and then the authority corresponding to the first role identifier and the device identifier of the electronic device is found from the authority group.
Embodiments of the present application further provide a computer-readable storage medium, and when instructions in the computer-readable storage medium are executed by a processor 1202 in an electronic device, the electronic device is enabled to execute the rights management method provided in any embodiment of the present application.
The embodiment of the present application further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the method for managing the rights provided in any embodiment of the present application is implemented.
By taking the menu authority management and verification method supporting authority difference under multiple scenes as an example, the current information system generally provides menus, and most information systems realize control of menu authority for the purposes of guaranteeing information safety or facilitating users to find needed functions quickly and the like. The current menu authority control method aims at the same system, and one user only can correspond to one group of roles and one group of authorities. However, the current scenario supported by the information system is not limited to a computer, but there are many scenarios such as tablet and PC. For the characteristics of different electronic products, the functions that the same user can enjoy have differences, and thus, the menu authority should also have differences accordingly. The current menu authority control method cannot support authority differentiation management under multiple scenes. The application provides a menu authority management and verification method supporting authority difference under multiple scenes, and aims to solve the problems that in the prior art, the same system cannot be supported to have different functions under different scenes, menu authorities are inconsistent, and menu authorities are difficult to manage in a unified mode.
The basic scheme is as follows: and establishing a menu authority code table, a menu role table and a user role table in a database. The menu authority code table comprises two columns, wherein the first column stores menu codes, and the second column stores corresponding menu authority codes. Each digit of the menu privilege code represents a role. And converting characters corresponding to each role into a binary system, wherein the last bit of the binary system represents the authority of the PC terminal, the authority is 1, the no authority is 0, the second last bit of the binary system represents the authority of the Pad terminal, the authority is 1, the no authority is 0, and the like, so that a plurality of scenes are supported. The menu administrator can select the menu authority through a visual interface of the menu management terminal and write the generated menu authority into the database menu authority code table. Therefore, when the client uses the information system, the information system can carry out menu authority verification according to the menu authority stored in the database.
In various information systems, menus provide the ability to sort functions, facilitating users to quickly find desired functions. Most information systems control the access rights of menus for the purposes of information security, system security, convenience of user operation, and the like.
Currently, menu authority control generally assigns a group of menu authorities with similar functions to a role, and then assigns the role to a user, so that the user can have all the authorities of the role. The current menu management method generally performs menu authority management by adjusting the authority possessed by a role and the role possessed by a user. The current menu authority control method aims at the same system, and one user only can correspond to one group of roles and one group of authorities. Under the condition of multiple scenes, one set of authority management model needs to be separately realized for each scene, and the same set of authority model cannot be used for realizing the differentiated management of menu authorities under the multiple scenes.
The application provides a menu authority management and verification method supporting authority difference under multiple scenes, and aims to solve the problems that in the prior art, the same system cannot be supported to have different functions under different scenes, menu authorities are inconsistent, and menu authorities are difficult to manage in a unified mode.
The menu authority management method supports the use of a menu authority management system to set menu authority under multiple scenes so as to generate a set of uniform menu authority codes to be written into a database. The menu authority verification method supports that when a user uses a client system in different scenes, the user can carry out difference authority control according to the menu authority codes in the database and user login equipment. In addition, the method and the device support fixed roles and variable roles, and have multi-dimensional difference authority control capability under multiple scenes.
In a first aspect, referring to fig. 13, a general implementation structure diagram of a menu authority management method supporting authority difference in multiple scenarios is provided for the present application, and includes the following steps:
and S11, establishing a menu authority code table, a menu role table and a user role table in the database. The menu authority code table comprises two columns, wherein the first column stores menu codes, and the second column stores corresponding menu authority codes. Each digit of the menu authority code represents a role, and the roles comprise a fixed role and a variable role, wherein the variable role needs to be configured in a database menu role table and a user role table.
The data stored in the menu authority code is shown in table 3:
TABLE 3 Menu Authority code sheet
Figure BDA0003636492770000351
For example, a system supports both a PC side and a mobile side, and we use the first bit of the binary number to represent the mobile side authority, the second bit to represent the PC side authority, 1 to represent the permission, and 0 to represent the non-permission. When the menu opens the move end right, the right is 10 (binary), and the corresponding character is 2 (decimal). When the menu opens the authority of the PC terminal, the authority is 01 (binary system), and the corresponding character is 1 (decimal system); when the menu opens the mobile terminal and the PC terminal at the same time, the authority is 11 (binary system), and the corresponding character is 3 (decimal system).
If the authority code of a menu is 21300, the first digit corresponds to role 1, the second digit corresponds to role 2, and so on. The authority code means that the user having the character 1 can access the menu when the mobile terminal logs in, the user having the character 2 can access the menu when the PC terminal logs in, the user having the character 3 can access the menu when the PC terminal and the mobile terminal log in, and the user having the character 4 and the character 5 does not have the menu access authority.
The relationship between the menu codes and the menu authority codes is one-to-one, namely, one menu code only corresponds to one menu authority code.
The data stored in the menu role table is shown in table 4:
TABLE 4 Menu roles table
Attribute name Data item categories Value range
Menu code ID identification class Self-defining, no duplication
Role identification ID identification class Self-defining, no duplication
The corresponding relation between the menu code and the role identification is many-to-many, namely, the authority of one menu can be assigned to a plurality of roles, and one role can have the authority of a plurality of menus.
The contents stored in the user role table are shown in table 5:
TABLE 5 user roles Table
Attribute name Data item categories Value range
Customer number ID identification class Self-defining, no duplication
Role identification ID identification class Self-defining, no duplication
The relationship between the client number and the role identification is many-to-many, that is, one client can have a plurality of roles, and one role can be assigned to a plurality of clients.
And S12, managing the menu authority by using the menu management system. In the menu management system, a scene type (such as a mobile phone terminal, a PC terminal, a television terminal, and the like) can be selected for an input menu, and a role of the menu under the scene type can be selected.
For example, in the system, a total of 100 roles are set. The first 70 roles are fixed roles and the last 30 roles are changeable roles.
And S13, calculating the authority code of the menu. For each role, the last bit of the binary system represents the authority of the PC terminal, the authority is 1, the no authority is 0, the penultimate bit represents the authority of the Pad terminal, the authority is 1, the no authority is 0, and the like, so that a plurality of scenes are supported. And finally, converting the binary number into a character corresponding to the 16-system number, wherein the obtained character is the value of the position of the role in the authority code. With a 16-ary digital representation, 4 different scenarios can be supported. Other character representation modes can be adopted to support more scenes.
And S14, writing the calculated menu authority code into a database.
And S15, performing heat recovery operation to ensure the menu authority code to take effect. The case where the menu privilege code table, menu role table, and user role table use Redis cache is applicable to this step.
The heat recovery operation means: some information systems can cache the menu and the menu authority information in a redis cache in order to prevent the problems of system resource consumption, slow login speed and the like caused by the fact that the menu is read from the database during login every time, and therefore the database does not need to be fetched every time. Fetching data from the redis cache is much faster than fetching data from the database.
When the menu management system is used for modifying the menu authority, the menu authority codes stored in the database are modified, so that the redis cache needs to be cleared and the menu authority codes are obtained from the database again, and the operation at this time is the heat recovery operation.
In a second aspect, the present application provides a menu permission verification method supporting permission differences under multiple scenes, including the following steps:
and S21, acquiring the full menu when the client logs in the system. The first time, the data is read from the database and put into the cache, and then the data is obtained from the cache.
The full menu is as follows: the full menu refers to all menus contained in the system, and is obtained from a database. The client can automatically acquire all menus that the client can access according to the role of the current login user.
And S22, acquiring a menu authority code table, a menu role table and a user role table. The first time, the data is read from the database and put into the cache, and then the data is obtained from the cache.
S23, if the menu role is empty, no variable role exists, and menu filtering without participation of the variable role is executed S24; if the menu role table is not empty, a changeable role exists and menu filtering with participation of the changeable role is performed S25.
And S24, executing menu filtering without variable role participation. And putting the vertex menu into the current menu set. And inquiring whether the current menu has the authority code or not from the cache aiming at each menu in the menu set. If the current menu has the authority code, checking whether the menu has the fixed role possessed by the current user, if so, opening the menu to the user, then acquiring the submenu of the menu as a menu set, and recursively executing menu filtering without variable role participation, as shown in fig. 14. And if not, masking the menu. If the current menu has no authority code, acquiring the submenu of the menu as a menu set, and recursively executing menu filtering without variable role participation. Execution ends with S26.
Vertex menu: a system has only one top level menu, and all submenus of the top level menu are all the top level menus in the system. As shown in table 6, a partial menu list of an electronic banking system of a certain bank is provided, and the submenus of the top menu of the electronic banking system include: an account menu, a transfer menu, a deposit menu, and a credit card menu, among others.
Table 6 partial menu list of electronic bank system of certain bank
Figure BDA0003636492770000381
And S25, executing menu filtering with variable role participation. And putting the vertex menu into the current menu set. And inquiring whether the current menu has the authority code or not from the cache aiming at each menu in the menu set. If the current menu has the authority code, checking whether the menu and the current user have the same variable role at the same time, if the menu and the current user have the same variable role at the same time, opening the menu, then acquiring a submenu of the menu as a menu set, and recursively executing menu filtering with variable role participation, as shown in fig. 15. If the menu and the current user do not have the same role in the user role table at the same time, checking whether the menu has the fixed role possessed by the current user, if so, opening the menu, then acquiring a submenu of the menu as a menu set, recursively executing menu filtering with variable role participation, and if not, shielding the menu. If the current menu has no authority code, acquiring the submenu of the menu as a menu set, and recursively executing menu filtering with variable role participation. Execution ends with S26.
Menu filtering with variable role participation is performed recursively: and filtering out menus which do not have access rights of the current client, and only leaving the menus which have the access rights of the client. The open menu that has been acquired also needs to have its sub-menus filtered, because it is possible that the client has access to the "account" menu, but not to its sub-menus (e.g., account-other bank account).
And S26, displaying the menu which is still opened after the authority filtering in the system.
Specifically, the method for judging whether a certain menu has a fixed role of a current user according to the authority code comprises the following steps:
and S241, acquiring the device type of the user login and the fixed role of the user.
S242, the characters of the corresponding position of the fixed role of the user are obtained from the authority codes of the menu, and the obtained characters are converted into binary numbers.
S243, obtaining the value of the corresponding bit in the binary number corresponding to the user login equipment, if the value is 1, the menu has the fixed role of the current user, and if the value is 0, the menu does not have the fixed role of the current user.
Specifically, the method for judging whether a certain menu and the current user have the same variable role at the same time according to the authority code comprises the following steps:
and S251, acquiring the equipment type of the user login.
And S252, acquiring all changeable roles of the current user from the user role table. For each variable role that the user possesses, S253-S254 are performed.
S253, the character of the corresponding bit of the variable character is obtained from the authority code of the menu, and the obtained character is converted into a binary number.
And S254, obtaining a value of a corresponding bit in a binary number corresponding to the user login equipment, if the value is 1, enabling the menu and the current user to have the same variable role at the same time, finishing the judging process, if the value is 0 and the user does not have the next variable role, enabling the menu and the current user not to have the same variable role at the same time, finishing the judging process, otherwise, obtaining the next variable role of the user, and continuing to execute S253.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method for managing authority is applied to an electronic device, a target role is logged on the electronic device, and the method comprises the following steps:
acquiring a first device identifier of the electronic device, wherein the first device identifier at least represents a device type of the electronic device;
acquiring a first role identification of the target role;
in an authority group, searching authorities corresponding to the first role identifier and the first device identifier, and if a first target authority corresponding to the first role identifier and the first device identifier is found, determining that the target role has the first target authority on the electronic device, so that the target role can execute an operation corresponding to the first target authority on the electronic device;
the authority group comprises one or more authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively.
2. The method of claim 1, wherein searching for the permission corresponding to the first role identifier and the first device identifier in a permission group comprises:
acquiring a first authority in the authority group as a current authority;
acquiring a preset role identifier and a preset device identifier corresponding to the current authority;
searching whether the first role identification is included in the preset role identification corresponding to the current authority;
if the first role identification is found in the preset role identification corresponding to the current authority, obtaining a preset device identification corresponding to the first role identification according to the preset device identification corresponding to the current authority;
searching whether the first equipment identifier is included in a preset equipment identifier corresponding to the first corner identifier;
if the first equipment identifier is found in the preset equipment identifier corresponding to the first role identifier, determining that the current authority is a first target authority corresponding to the first role identifier and the first equipment identifier;
if the first role identifier is not found in the preset role identifier corresponding to the current authority, or if the first device identifier is not found in the preset device identifier corresponding to the first role identifier, obtaining the next authority in the authority group as a new current authority, and returning to execute the step: and acquiring a preset role identifier and a preset device identifier corresponding to the current authority.
3. The method of claim 1, wherein searching for the permission corresponding to the first role identifier and the first device identifier in a permission group comprises:
acquiring a first authority in the authority group as a current authority;
acquiring a preset role identifier and a preset device identifier corresponding to the current authority;
searching whether the first equipment identifier is included in a preset equipment identifier corresponding to the current authority;
if the first equipment identifier is found in the preset equipment identifier corresponding to the current authority, obtaining a preset role identifier corresponding to the first equipment identifier according to the preset role identifier corresponding to the current authority;
searching whether the first role identifier is included in a preset role identifier corresponding to the first equipment identifier;
if the first device identifier is found in a preset role identifier corresponding to the first device identifier, determining that the current authority is a first target authority corresponding to the first role identifier and the first device identifier;
if the first device identifier is not found in the preset device identifier corresponding to the current permission, or if the first role identifier is not found in the preset role identifier corresponding to the first device identifier, obtaining the next permission in the permission group as a new current permission, and returning to execute the step: and acquiring a preset role identifier and a preset device identifier corresponding to the current authority.
4. The method of claim 1, wherein after obtaining the first device identification of the electronic device, and before obtaining the first role identification of the target role, further comprising:
judging whether the target role has a second role identification, wherein the second role identification is different from the first role identification;
if the target role has the second role identification, searching the authority corresponding to the second role identification and the first equipment identification in the authority group, and if the second target authority corresponding to the second role identification and the first equipment identification is searched, determining that the target role has the second target authority on the electronic equipment so that the target role can execute the operation corresponding to the second target authority on the electronic equipment, wherein the second target authority and the first target authority are different authorities;
if the target role does not have the second role identification, or if no authority corresponding to the second role identification and the first device identification is found in the authority group, executing the following steps: and acquiring a first role identifier of the target role.
5. The method according to claim 1 or 2, wherein the first target permission includes at least one sub-permission, and each sub-permission in the first target permission corresponds to at least one preset role identifier and at least one preset device identifier respectively;
wherein after determining that the target role has the first target permission on the electronic device, the method further comprises:
and acquiring all first target sub-permissions corresponding to the first role identifier and the first device identifier in all sub-permissions in the first target permission, so that the target role can execute operations corresponding to the first target sub-permissions on the electronic device.
6. The method according to claim 4, wherein the second target permission includes at least one sub-permission, and each sub-permission in the second target permission corresponds to at least one preset role identifier and at least one preset device identifier respectively;
wherein after determining that the target role has the second target permission on the electronic device, the method further comprises:
and acquiring all second target sub-permissions corresponding to the second role identifier and the first device identifier in all sub-permissions in the second target permission, so that the target role can execute operations corresponding to the second target sub-permissions on the electronic device.
7. An authority management device, applied to an electronic device, on which a target role is logged, the method comprising:
a first device identifier obtaining unit, configured to obtain a first device identifier of the electronic device, where the first device identifier at least represents a device type of the electronic device;
a first role identifier obtaining unit, configured to obtain a first role identifier of the target role;
a first permission searching unit, configured to search, in a permission group, permissions corresponding to the first role identifier and the first device identifier, and if a first target permission corresponding to the first role identifier and the first device identifier is found, determine that the target role has the first target permission on the electronic device, so that the target role can perform an operation corresponding to the first target permission on the electronic device; the authority group comprises one or more authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively.
8. An electronic device, wherein a target role is registered on the electronic device, comprising:
a memory for storing a computer program and data generated by the execution of the computer program;
a processor for executing the computer program to implement: acquiring a first device identifier of the electronic device, wherein the first device identifier at least represents a device type of the electronic device; acquiring a first role identification of the target role; in an authority group, searching authorities corresponding to the first role identifier and the first device identifier, and if a first target authority corresponding to the first role identifier and the first device identifier is found, determining that the target role has the first target authority on the electronic device, so that the target role can execute an operation corresponding to the first target authority on the electronic device; the authority group comprises one or more authorities, and each authority in the authority group corresponds to at least one preset role identifier and at least one preset device identifier respectively.
9. A storage medium having stored thereon a computer program for implementing the steps of the rights management method according to any one of claims 1-7 when executed by a processor.
10. A computer program product comprising a computer program, wherein the computer program, when executed by a processor, performs the steps of the rights management method of any one of claims 1 to 7.
CN202210503805.2A 2022-05-10 2022-05-10 Authority management method and device, electronic equipment and storage medium Pending CN114884733A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210503805.2A CN114884733A (en) 2022-05-10 2022-05-10 Authority management method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210503805.2A CN114884733A (en) 2022-05-10 2022-05-10 Authority management method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114884733A true CN114884733A (en) 2022-08-09

Family

ID=82676151

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210503805.2A Pending CN114884733A (en) 2022-05-10 2022-05-10 Authority management method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114884733A (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090092699A (en) * 2008-02-27 2009-09-01 성균관대학교산학협력단 Context Aware - Access Control Management System, Management Method Thereof and The Recorder
CN101909298A (en) * 2010-07-15 2010-12-08 优视科技有限公司 Secure access control method and device for wireless network
US20130326588A1 (en) * 2012-05-29 2013-12-05 International Business Machines Corporation Enabling Host Based RBAC Roles for LDAP Users
CN107770146A (en) * 2016-08-23 2018-03-06 北京嘀嘀无限科技发展有限公司 A kind of user data authority control method and device
CN110516452A (en) * 2019-08-07 2019-11-29 浙江大搜车软件技术有限公司 RBAC access authorization for resource distribution method, device, electronic equipment and storage medium
CN111953708A (en) * 2020-08-24 2020-11-17 北京金山云网络技术有限公司 Cross-account login method and device based on cloud platform and server
CN113569257A (en) * 2021-06-29 2021-10-29 中国人民财产保险股份有限公司 User authority management method and device in gray scale release
CN113839942A (en) * 2021-09-22 2021-12-24 上海妙一生物科技有限公司 User authority management method, device, equipment and storage medium
CN113872991A (en) * 2021-10-28 2021-12-31 郑州云海信息技术有限公司 Method, device, equipment and medium for controlling cloud platform interface authority
CN114004527A (en) * 2021-11-09 2022-02-01 中国建设银行股份有限公司 Processing method, device and equipment for product distribution and storage medium
CN114124886A (en) * 2021-11-08 2022-03-01 北京天融信网络安全技术有限公司 Network address translation control method and device based on terminal equipment type

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090092699A (en) * 2008-02-27 2009-09-01 성균관대학교산학협력단 Context Aware - Access Control Management System, Management Method Thereof and The Recorder
CN101909298A (en) * 2010-07-15 2010-12-08 优视科技有限公司 Secure access control method and device for wireless network
US20130326588A1 (en) * 2012-05-29 2013-12-05 International Business Machines Corporation Enabling Host Based RBAC Roles for LDAP Users
CN107770146A (en) * 2016-08-23 2018-03-06 北京嘀嘀无限科技发展有限公司 A kind of user data authority control method and device
CN110516452A (en) * 2019-08-07 2019-11-29 浙江大搜车软件技术有限公司 RBAC access authorization for resource distribution method, device, electronic equipment and storage medium
CN111953708A (en) * 2020-08-24 2020-11-17 北京金山云网络技术有限公司 Cross-account login method and device based on cloud platform and server
CN113569257A (en) * 2021-06-29 2021-10-29 中国人民财产保险股份有限公司 User authority management method and device in gray scale release
CN113839942A (en) * 2021-09-22 2021-12-24 上海妙一生物科技有限公司 User authority management method, device, equipment and storage medium
CN113872991A (en) * 2021-10-28 2021-12-31 郑州云海信息技术有限公司 Method, device, equipment and medium for controlling cloud platform interface authority
CN114124886A (en) * 2021-11-08 2022-03-01 北京天融信网络安全技术有限公司 Network address translation control method and device based on terminal equipment type
CN114004527A (en) * 2021-11-09 2022-02-01 中国建设银行股份有限公司 Processing method, device and equipment for product distribution and storage medium

Similar Documents

Publication Publication Date Title
US7865521B2 (en) Access control for elements in a database object
US20150067881A1 (en) Method and system for providing anonymized data from a database
CN101655892A (en) Mobile terminal and access control method
CN107220266B (en) Method and device for creating service database, storing service data and determining service data
CN110363012B (en) Method for configuring authority of authority resource, authority system and storage medium
CN110727930B (en) Authority control method and device
EP2659351A1 (en) Method and apparatus for ascertaining data access permission of groups of users to groups of data elements
CN111209586A (en) Document management system and method
CN105022939A (en) Information verification method and device
CN111460496A (en) Permission configuration method based on user role, electronic device and storage medium
CN103870480A (en) Dynamic data masking method and database system
CN110581835A (en) Vulnerability detection method and device and terminal equipment
CN107025102B (en) Decision method and system based on rule file
CN111177700A (en) Method and device for controlling row-level authority
CN108520401B (en) User list management method, device, platform and storage medium
CN114356898A (en) Data storage method and device, electronic equipment and storage medium
EP2348676B1 (en) Method for accessing magnanimity data of intelligent network service database and system and device thereof
CN109165712A (en) Distributed generation method, device and computer storage medium by stages number
CN114884733A (en) Authority management method and device, electronic equipment and storage medium
CN102868525A (en) Authorization management method based on digital certificate
CN112926084A (en) Access authority management method and system
CN114969834B (en) Page authority control method, device, storage medium and equipment
CN111371761B (en) Information processing method and device based on risk identification
CN106469166B (en) A kind of information processing method and device
CN108959910B (en) Parameter setting method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination