CN114978601A - Authority management method, device, equipment and medium - Google Patents
Authority management method, device, equipment and medium Download PDFInfo
- Publication number
- CN114978601A CN114978601A CN202210441440.5A CN202210441440A CN114978601A CN 114978601 A CN114978601 A CN 114978601A CN 202210441440 A CN202210441440 A CN 202210441440A CN 114978601 A CN114978601 A CN 114978601A
- Authority
- CN
- China
- Prior art keywords
- user
- identification information
- service subsystem
- user identification
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title description 36
- 238000000034 method Methods 0.000 claims abstract description 40
- 238000004590 computer program Methods 0.000 claims description 17
- 239000000126 substance Substances 0.000 claims description 2
- 238000012795 verification Methods 0.000 abstract description 19
- 238000004891 communication Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 230000009286 beneficial effect Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 238000013523 data management Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Abstract
The embodiment of the invention relates to the field of digital medical treatment and discloses a method, a device, equipment and a medium for managing authority. The method comprises the following steps: receiving a system access request input by a user through a system access page, wherein the system access request carries current user identification information of the user; determining the user roles of the current user identification information in each service subsystem; generating a user authority list of the current user identification information in each service subsystem according to the user roles of the current user identification information in each service subsystem; providing a user authority list in each service subsystem to a user through a system access page; and displaying the corresponding system resource according to the clicking operation of the user on the target control button. The embodiment of the invention can manage the user access authority of the system resource in the enterprise system from the dimension of each service subsystem, and meets the authority verification scene of different service subsystems.
Description
Technical Field
The invention relates to the technical field of computers, and also relates to the field of digital medical treatment, in particular to a method, a device, equipment and a medium for managing authority.
Background
Rights management has become an integral part of internet enterprises. In the related art, a role-based access control method is generally used for enterprise rights management. And dividing different roles according to different functional posts in the organization structure, and giving role access authority, so that the user exercises corresponding authority through the roles. The user has a role, the role sets the authority, and the user having the role has all the authorities under the role.
The related art has disadvantages in that: with the growing enterprise organization architecture, different business subsystems in an enterprise system are more and more. The access requirements of each service subsystem are various, and various and flexible authority control modes need to be provided so as to meet simple or complex authority verification scenes. The related technology allocates roles to users, and the permission verification scenes of different service subsystems are difficult to meet.
Disclosure of Invention
The invention provides a method, a device, equipment and a medium for authority management, which aim to solve the problem that the authority management scheme of the related technology is distributed to a user to difficultly meet the authority verification scene of different service subsystems.
According to an aspect of the present invention, there is provided a rights management method, including:
receiving a system access request input by a user through a system access page, wherein the system access request carries current user identification information;
determining the user roles of the current user identification information in each service subsystem according to the corresponding relation between the user identification information and the user roles in each service subsystem;
generating a user authority list of the current user identification information in each service subsystem according to the user role of the current user identification information in each service subsystem; each user authority list comprises an authority name and a control button of at least one system resource available authority of the current user identification information in each service subsystem, and the control button is used for triggering and displaying the system resource corresponding to the system resource available authority;
providing the user permission list of the current user identification information in each service subsystem to the user through the system access page;
and displaying the corresponding system resource according to the clicking operation of the user on the target control button.
According to another aspect of the present invention, there is provided a rights management apparatus including:
the request receiving module is used for receiving a system access request input by a user through a system access page, wherein the system access request carries current user identification information;
the role determination module is used for determining the user roles of the current user identification information in the service subsystems according to the corresponding relation between the user identification information in the service subsystems and the user roles;
the list generating module is used for generating a user authority list of the current user identification information in each service subsystem according to the user role of the current user identification information in each service subsystem; each user authority list comprises an authority name and a control button of at least one system resource available authority of the current user identification information in each service subsystem, and the control button is used for triggering and displaying the system resource corresponding to the system resource available authority;
the list providing module is used for providing the user permission list of the current user identification information in each service subsystem to the user through the system access page;
and the resource display module is used for displaying the corresponding system resource according to the clicking operation of the user on the target control button.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the method of rights management according to any of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions for causing a processor to implement the method of rights management according to any one of the embodiments of the present invention when executed.
According to the technical scheme of the embodiment of the invention, a system access request input by a user is received through a system access page, wherein the system access request carries current user identification information; then, determining the user roles of the current user identification information in each service subsystem according to the corresponding relation between the user identification information and the user roles in each service subsystem; generating a user authority list of the current user identification information in each service subsystem according to the user roles of the current user identification information in each service subsystem; each user authority list comprises an authority name and a control button of at least one system resource available authority of the current user identification information in each service subsystem, and the control button is used for triggering and displaying the system resource corresponding to the system resource available authority; providing a user authority list of the current user identification information in each service subsystem to the user through a system access page; the method has the advantages that the corresponding system resources are displayed according to the clicking operation of a user on the target control button, the problem that the authority management scheme of the related technology allocates roles for the user and cannot easily meet the authority verification scenes of different business subsystems is solved, the dimensionality of each business subsystem can be taken, the user access authority of the system resources in the enterprise system is managed, the information of the roles and the authority of the different business subsystems is effectively and physically separated, configuration errors caused by disordered data management are reduced, the system risk caused by human errors is reduced, independent authority verification processes among the different business subsystems are achieved, different authority control modes can be provided according to the access requirements of the different business subsystems, and the beneficial effect of the authority verification scenes of the different business subsystems is met.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a rights management method according to an embodiment of the present invention.
Fig. 2 is a flowchart of a rights management method according to a second embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a rights management device according to a third embodiment of the present invention.
Fig. 4 is a schematic structural diagram of an electronic device implementing the rights management method according to the embodiment of the invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "object," "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 is a flowchart of a rights management method according to an embodiment of the present invention, where the present embodiment is applicable to a case where user access rights of system resources in an enterprise system are managed from dimensions of service subsystems, and the method may be executed by a rights management apparatus, where the rights management apparatus may be implemented in a form of hardware and/or software, and the rights management apparatus may be configured in an electronic device. As shown in fig. 1, the method includes:
Optionally, the system access request is used to request access to each system resource in each business subsystem of the enterprise. Different business subsystems are set according to different businesses of the enterprise. Each service subsystem is for handling a specified one or more services. Each service subsystem includes at least one system resource. The system resource may be traffic data. Different system resources are different traffic data.
Optionally, the current user identification information is user identification information of the user. The user inputs a system access request by filling in or selecting own user identification information in a system access page provided by the electronic equipment. The system access page is used for interacting with a user, acquiring information which is input by the user and is related to system resources in each service subsystem, or displaying various information which is related to the system resources in each service subsystem to the user so that the user can access the page of the system resources in each service subsystem.
And 102, determining the user role of the current user identification information in each service subsystem according to the corresponding relation between the user identification information and the user role in each service subsystem.
Optionally, the user role of the current user identification information in each service subsystem is the user role of the user in each service subsystem.
Optionally, a plurality of user roles are set in each service subsystem. Such as developers, managers, maintenance personnel, etc. In the business subsystem, a user role may have one or more permissions for system resource availability.
Optionally, each service subsystem includes at least one system resource. Each system resource has a corresponding system resource availability right. The system resource availability rights are rights to access the system resource. If the user role of the user in the service subsystem has the system resource available authority corresponding to a certain system resource, the user can access the system resource under the user role.
In one embodiment, the target business subsystem is a business subsystem of an enterprise. The target service subsystem comprises 4 system resources: a first system resource, a second system resource, a third system resource, and a fourth system resource. Each system resource has a corresponding system resource availability right. The target service subsystem has 3 user roles: developers, managers, and maintainers.
The available authority of each system resource of the developer in the target business subsystem comprises the following steps: the system resource availability authority corresponding to the first system resource and the system resource availability authority corresponding to the second system resource. That is, the user can access the first system resource and the second system resource in the user role of the developer. If the user role of the current user identification information in the target service subsystem is a developer, that is, the user role of the user in the target service subsystem is a developer, the user can access the first system resource and the second system resource under the user role of the developer.
The authority of the manager for the availability of each system resource in the target business subsystem comprises the following steps: the system resource availability authority corresponding to the first system resource, the system resource availability authority corresponding to the second system resource, the system resource availability authority corresponding to the third system resource and the system resource availability authority corresponding to the fourth system resource. Namely, the user can access the first system resource, the second system resource, the third system resource and the fourth system resource under the user role of the manager. If the user role of the current user identification information in the target service subsystem is a manager, that is, the user role of the user in the target service subsystem is a manager, the user can access the first system resource, the second system resource, the third system resource and the fourth system resource under the user role of the manager.
The available authority of each system resource of the maintenance personnel in the target business subsystem comprises the following steps: the system resource availability authority corresponding to the third system resource and the system resource availability authority corresponding to the fourth system resource. I.e. the user has access to the third system resource and the fourth system resource in the user role of the maintenance staff. If the user role of the current user identification information in the target service subsystem is a maintainer, that is, the user role of the user in the target service subsystem is a maintainer, the user can access the third system resource and the fourth system resource under the user role of the maintainer.
Optionally, before receiving, by the system access page, a system access request input by the user, the method further includes: acquiring at least one user identification information uploaded by a user and user roles of the user identification information in service subsystems; and establishing a corresponding relation between the user identification information and the user roles in each service subsystem according to each user identification information and the user roles of each user identification information in the service subsystems.
Optionally, the user determines user identification information of at least one user who needs to access the system resource and user roles of the users who need to access the system resource in the service subsystems, that is, user roles of the user identification information in the service subsystems, and then uploads the user identification information and the user roles of the user identification information in the service subsystems to the electronic device. The electronic equipment acquires the user identification information uploaded by the user and the user roles of the user identification information in the service subsystems.
Optionally, establishing a corresponding relationship between the user identification information and the user role in each service subsystem according to each user identification information and the user role in each service subsystem of the user identification information, including: performing the following for each service subsystem: acquiring each user identification information and the user role of each user identification information in a service subsystem; and establishing a corresponding relation between each user identification information and the user role of each user identification information in the service subsystem, and correspondingly storing each user identification information and the user role of each user identification information in the service subsystem into a preset database.
The corresponding relation between each user identification information and the user role of each user identification information in the current processing service subsystem is the corresponding relation between the user identification information and the user role in the current processing service subsystem.
Optionally, the determining, according to a correspondence between user identification information in each service subsystem and a user role, the user role of the current user identification information in each service subsystem includes: performing the following for each service subsystem: inquiring target user identification information which is the same as the current user identification information in each stored user identification information; if the target user identification information is inquired, determining the user role in the service subsystem corresponding to the target user identification information as the user role of the current user identification information in the service subsystem; and if the target user identification information is not inquired, determining that the user role of the current user identification information in the service subsystem is a tourist.
Optionally, the guest does not have system resource availability rights in the business subsystem. That is, the user cannot access any system resource in the business subsystem in the user role of the guest.
Optionally, if the user role of the current user identification information in the target service subsystem is a guest, that is, the user role of the user in the target service subsystem is a guest, the user cannot access any system resource in the target service subsystem under the user role of the guest.
Optionally, after establishing a corresponding relationship between the user identification information in each service subsystem and the user role according to each user identification information and the user role of each user identification information in the service subsystem, the method further includes: acquiring the updated user roles of the user identification information uploaded by the user in each service subsystem; and for each service subsystem, updating the corresponding relation between the user identification information and the user role in the service subsystem according to the updated user role of each user identification information in the service subsystem.
Optionally, the updated user role of each user identification information in each service subsystem is a new user role of each user identification information in each service subsystem, which is determined by a user according to a service requirement. The electronic equipment acquires the updated user roles of the user identification information uploaded by the user in each service subsystem, and then updates the user roles of the user identification information in the service subsystem to the updated user roles of the user identification information in the service subsystem aiming at each service subsystem, so that the corresponding relation between the user identification information and the user roles in the service subsystem is updated. Therefore, the user can not only set the user role of the user identification information in the service subsystem in a personalized manner, but also update the user role of the user identification information in the service subsystem in real time according to the service requirement.
103, generating a user authority list of the current user identification information in each service subsystem according to the user roles of the current user identification information in each service subsystem.
Each user authority list comprises an authority name and a control button of at least one system resource available authority of the current user identification information in each service subsystem, and the control button is used for triggering and displaying the system resource corresponding to the system resource available authority.
Optionally, the authority name of the system resource availability authority is used to indicate that the system resource availability authority is an authority to access a certain system resource. And the control button of the system resource available authority is used for triggering and displaying the system resource corresponding to the system resource available authority.
Optionally, the user permission list of the current user identification information in each service subsystem is a list of permission names and control buttons for showing available permissions of each system resource of the current user identification information in each service subsystem.
Optionally, the generating a user permission list of the current user identification information in each service subsystem according to the user role of the current user identification information in each service subsystem includes: performing the following for each service subsystem: inquiring a target user role which is the same as the user role of the target user identification information in the service subsystem from all user roles in the service subsystem; if the target user role is inquired, determining the system resource available authority of the target user role in the service subsystem as the system resource available authority of the target user identification information in the service subsystem; and adding the authority names and the control buttons of the system resource available authorities of the target user identification information in the service subsystem into a preset list to obtain a user authority list of the target user identification information in the service subsystem.
Optionally, if the target user role is not queried, it is determined that the target user identification information has no system resource available permission in the current processing service subsystem, and a user permission list of the target user identification information in the current processing service subsystem is empty.
And step 104, providing the user permission list of the current user identification information in each service subsystem to the user through the system access page.
Optionally, the providing, by the system access page, the user permission list of the current user identification information in each service subsystem to the user includes: and respectively displaying the user authority list of the current user identification information in each service subsystem in a list display area corresponding to each service subsystem in the system access page.
Optionally, each service subsystem has a corresponding list display area. The list display area corresponding to the service subsystem is a page area for displaying the user authority list of the current user identification information in the service subsystem.
Optionally, the electronic device displays the user permission list of the current user identification information in each service subsystem in the list display area corresponding to each service subsystem in the system access page, so that a user can browse the permission name and the control button of the available permission of each system resource of the current user identification information in each service subsystem, which are included in each user permission list, and can trigger and display the system resource corresponding to the available permission of the system resource by clicking the control button of the available permission of a certain system resource.
And 105, displaying the corresponding system resource according to the clicking operation of the user on the target control button.
Optionally, the displaying, according to the click operation of the user on the target control button, the corresponding system resource includes: and responding to the clicking operation of the user on a target control button, and displaying the system resource corresponding to the target control button in a resource display area in the system access page.
Optionally, the target control button is a control button of an available right of the system resource displayed in the system access page. And the user triggers and displays the system resource corresponding to the available authority of the system resource by clicking the target control button. And the electronic equipment responds to the clicking operation of the user on a target control button, and displays the system resource corresponding to the target control button in a resource display area in the system access page so as to enable the user to access the system resource. The resource display area is a page area for displaying system resources.
According to the technical scheme of the embodiment of the invention, a system access request input by a user is received through a system access page, wherein the system access request carries current user identification information; then, determining the user roles of the current user identification information in each service subsystem according to the corresponding relation between the user identification information and the user roles in each service subsystem; generating a user authority list of the current user identification information in each service subsystem according to the user roles of the current user identification information in each service subsystem; each user authority list comprises an authority name and a control button of at least one system resource available authority of the current user identification information in each service subsystem, and the control button is used for triggering and displaying the system resource corresponding to the system resource available authority; providing a user authority list of the current user identification information in each service subsystem to the user through a system access page; the method has the advantages that the corresponding system resources are displayed according to the clicking operation of a user on the target control button, the problem that the authority management scheme of the related technology is distributed to the user to have roles and difficultly meet authority verification scenes of different business subsystems is solved, the dimensionalities of all the business subsystems can be taken, the user access authority of the system resources in an enterprise system can be managed, the roles and the authority information of different business subsystems are effectively and physically separated, configuration errors caused by disordered data management are reduced, system risks caused by human errors are reduced, independent authority verification processes among different business subsystems are achieved, different authority control modes can be provided according to the access requirements of different business subsystems, and the beneficial effect of the authority verification scenes of different business subsystems is met.
The service subsystems of the embodiments of the present invention may be individual service subsystems of a medical platform. Different service subsystems of the medical platform have different access requirements, and various and flexible authority control modes need to be provided so as to meet the authority verification scenes of the different service subsystems. Through the technical scheme of the embodiment of the invention, the problem that the permission verification scene of different service subsystems of a medical platform is difficult to meet in the related technology is solved, the dimension of each service subsystem of the medical platform is taken, the user access permission of system resources in the medical platform is managed, the information of roles and permissions of different service subsystems of the medical platform is effectively and physically separated, configuration errors caused by disordered data management are reduced, system risks caused by human errors are reduced, independent permission verification processes among different service subsystems of the medical platform are realized, different permission control modes can be provided according to the access requirements of the different service subsystems of the medical platform, and the beneficial effect of the permission verification scene of the different service subsystems of the medical platform is met.
Example two
Fig. 2 is a flowchart of a rights management method according to a second embodiment of the present invention, where the second embodiment of the present invention may be combined with each alternative in one or more of the foregoing embodiments. As shown in fig. 2, the method includes:
Step 202, determining the user role of the current user identification information in each service subsystem according to the corresponding relation between the user identification information and the user role in each service subsystem.
And 203, generating a user authority list of the current user identification information in each service subsystem according to the user roles of the current user identification information in each service subsystem.
Each user authority list comprises an authority name and a control button of at least one system resource available authority of the current user identification information in each service subsystem, and the control button is used for triggering and displaying the system resource corresponding to the system resource available authority.
And 204, respectively displaying the user authority lists of the current user identification information in each service subsystem in a list display area corresponding to each service subsystem in the system access page.
Optionally, each service subsystem has a corresponding list display area. The list display area corresponding to the service subsystem is a page area for displaying the user authority list of the current user identification information in the service subsystem.
Optionally, the electronic device displays the user permission list of the current user identification information in each service subsystem in the list display area corresponding to each service subsystem in the system access page, so that a user can browse the permission name and the control button of the available permission of each system resource of the current user identification information in each service subsystem, which are included in each user permission list, and can trigger and display the system resource corresponding to the available permission of the system resource by clicking the control button of the available permission of a certain system resource.
And step 205, responding to the click operation of the user on the target control button, and displaying the system resource corresponding to the target control button in a resource display area in the system access page.
Optionally, the target control button is a control button of an available right of the system resource displayed in the system access page. And the user triggers and displays the system resource corresponding to the available authority of the system resource by clicking the target control button. And the electronic equipment responds to the clicking operation of the user on a target control button, and displays the system resource corresponding to the target control button in a resource display area in the system access page so that the user accesses the system resource. The resource display area is a page area for displaying system resources.
According to the technical scheme of the embodiment of the invention, the dimensionality of each service subsystem is taken to manage the user access authority of the system resource in the enterprise system, the information of roles and authorities of different service subsystems is effectively and physically separated, configuration errors caused by disordered data management are reduced, system risks caused by human errors are reduced, independent authority verification processes among different service subsystems are realized, different authority control modes can be provided according to the access requirements of different service subsystems, and the beneficial effect of the authority verification scene of different service subsystems is met.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a rights management device according to a third embodiment of the present invention. The apparatus may be configured in an electronic device. As shown in fig. 3, the apparatus includes: a request receiving module 301, a role determining module 302, a list generating module 303, a list providing module 304, and a resource displaying module 305.
The request receiving module 301 is configured to receive a system access request input by a user through a system access page, where the system access request carries current user identification information; a role determination module 302, configured to determine, according to a correspondence between user identification information in each service subsystem and a user role, a user role of the current user identification information in each service subsystem; a list generating module 303, configured to generate a user permission list of the current user identification information in each service subsystem according to the user role of the current user identification information in each service subsystem; each user authority list comprises an authority name and a control button of at least one system resource available authority of the current user identification information in each service subsystem, and the control button is used for triggering and displaying the system resource corresponding to the system resource available authority; a list providing module 304, configured to provide a user permission list of the current user identification information in each service subsystem to the user through the system access page; and the resource display module 305 is configured to display the corresponding system resource according to the click operation of the user on the target control button.
According to the technical scheme of the embodiment of the invention, a system access request input by a user is received through a system access page, wherein the system access request carries current user identification information; then, determining the user roles of the current user identification information in each service subsystem according to the corresponding relation between the user identification information and the user roles in each service subsystem; generating a user authority list of the current user identification information in each service subsystem according to the user roles of the current user identification information in each service subsystem; each user authority list comprises an authority name and a control button of at least one system resource available authority of the current user identification information in each service subsystem, and the control button is used for triggering and displaying the system resource corresponding to the system resource available authority; providing a user authority list of the current user identification information in each service subsystem to the user through a system access page; the method has the advantages that the corresponding system resources are displayed according to the clicking operation of a user on the target control button, the problem that the authority management scheme of the related technology allocates roles for the user and cannot easily meet the authority verification scenes of different business subsystems is solved, the dimensionality of each business subsystem can be taken, the user access authority of the system resources in the enterprise system is managed, the information of the roles and the authority of the different business subsystems is effectively and physically separated, configuration errors caused by disordered data management are reduced, the system risk caused by human errors is reduced, independent authority verification processes among the different business subsystems are achieved, different authority control modes can be provided according to the access requirements of the different business subsystems, and the beneficial effect of the authority verification scenes of the different business subsystems is met.
In an optional implementation manner of the embodiment of the present invention, optionally, the rights management apparatus further includes: the information acquisition module is used for acquiring at least one user identification information uploaded by a user and user roles of the user identification information in the service subsystems; and the relationship establishing module is used for establishing the corresponding relationship between the user identification information and the user role in each service subsystem according to each user identification information and the user role in each service subsystem of the user identification information.
In an optional implementation manner of the embodiment of the present invention, optionally, the role determination module 302 is specifically configured to: performing the following for each service subsystem: inquiring target user identification information which is the same as the current user identification information in each stored user identification information; if the target user identification information is inquired, determining the user role in the service subsystem corresponding to the target user identification information as the user role of the current user identification information in the service subsystem; and if the target user identification information is not inquired, determining that the user role of the current user identification information in the service subsystem is a tourist.
In an optional implementation manner of the embodiment of the present invention, optionally, the rights management apparatus further includes: the updating information acquisition module is used for acquiring the updating user roles of the user identification information uploaded by the user in the service subsystems; and the relationship updating module is used for updating the corresponding relationship between the user identification information and the user role in the service subsystem according to the updated user role in the service subsystem by aiming at each service subsystem.
In an optional implementation manner of the embodiment of the present invention, optionally, the list generating module 303 is specifically configured to: performing the following for each service subsystem: inquiring a target user role which is the same as the user role of the target user identification information in the service subsystem from all user roles in the service subsystem; if the target user role is inquired, determining the system resource available authority of the target user role in the service subsystem as the system resource available authority of the target user identification information in the service subsystem; and adding the authority names and the control buttons of the system resource available authorities of the target user identification information in the service subsystem into a preset list to obtain a user authority list of the target user identification information in the service subsystem.
In an optional implementation manner of the embodiment of the present invention, optionally, the list providing module 304 is specifically configured to: and respectively displaying the user authority list of the current user identification information in each service subsystem in a list display area corresponding to each service subsystem in the system access page.
In an optional implementation manner of the embodiment of the present invention, optionally, the resource display module 305 is specifically configured to: and responding to the clicking operation of the user on a target control button, and displaying the system resource corresponding to the target control button in a resource display area in the system access page.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The right management device can execute the right management method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of executing the right management method.
Example four
Fig. 4 shows a schematic structural diagram of an electronic device 10 that can be used to implement the rights management method of an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 10 includes at least one processor 11, and a memory communicatively connected to the at least one processor 11, such as a Read Only Memory (ROM)12, a Random Access Memory (RAM)13, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM)12 or the computer program built from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data necessary for the operation of the electronic apparatus 10 can also be stored. The processor 11, the ROM 12, and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
A number of components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, or the like; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, or the like. The processor 11 performs the various methods and processes described above, such as the rights management method.
In some embodiments, the rights management method may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is built into the RAM 13 and executed by the processor 11, one or more steps of the rights management method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the rights management method by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the rights management method of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable rights management device such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method of rights management, comprising:
receiving a system access request input by a user through a system access page, wherein the system access request carries current user identification information;
determining the user roles of the current user identification information in each service subsystem according to the corresponding relation between the user identification information and the user roles in each service subsystem;
generating a user authority list of the current user identification information in each service subsystem according to the user role of the current user identification information in each service subsystem; each user authority list comprises an authority name and a control button of at least one system resource available authority of the current user identification information in each service subsystem, and the control button is used for triggering and displaying the system resource corresponding to the system resource available authority;
providing the user permission list of the current user identification information in each service subsystem to the user through the system access page;
and displaying the corresponding system resource according to the clicking operation of the user on the target control button.
2. The method of claim 1, prior to receiving a user-entered system access request via a system access page, further comprising:
acquiring at least one user identification information uploaded by a user and user roles of the user identification information in service subsystems;
and establishing a corresponding relation between the user identification information and the user roles in each service subsystem according to each user identification information and the user roles of each user identification information in the service subsystems.
3. The method of claim 2, wherein determining the user role of the current user identification information in each service subsystem according to the correspondence between the user identification information and the user role in each service subsystem comprises:
performing the following for each service subsystem:
inquiring target user identification information which is the same as the current user identification information in each stored user identification information;
if the target user identification information is inquired, determining the user role in the service subsystem corresponding to the target user identification information as the user role of the current user identification information in the service subsystem;
and if the target user identification information is not inquired, determining that the user role of the current user identification information in the service subsystem is a tourist.
4. The method of claim 2, wherein after establishing the correspondence between the user identification information and the user role in each service subsystem according to each piece of user identification information and the user role in each service subsystem of the user identification information, further comprising:
acquiring the updated user roles of the user identification information uploaded by the user in each service subsystem;
and for each service subsystem, updating the corresponding relation between the user identification information and the user role in the service subsystem according to the updated user role of each user identification information in the service subsystem.
5. The method of claim 1, wherein generating the user permission list of the current user identification information in each service subsystem according to the user role of the current user identification information in each service subsystem comprises:
performing the following for each service subsystem:
inquiring a target user role which is the same as the user role of the target user identification information in the service subsystem from all user roles in the service subsystem;
if the target user role is inquired, determining the system resource available authority of the target user role in the service subsystem as the system resource available authority of the target user identification information in the service subsystem;
and adding the authority names and the control buttons of the system resource available authorities of the target user identification information in the service subsystem into a preset list to obtain a user authority list of the target user identification information in the service subsystem.
6. The method of claim 1, wherein said providing the user with the list of user permissions of the current user identification information in each service subsystem via the system access page comprises:
and respectively displaying the user authority list of the current user identification information in each service subsystem in a list display area corresponding to each service subsystem in the system access page.
7. The method according to claim 1, wherein the displaying the corresponding system resource according to the click operation of the user on the target control button comprises:
and responding to the clicking operation of the user on a target control button, and displaying the system resource corresponding to the target control button in a resource display area in the system access page.
8. A rights management device, comprising:
the request receiving module is used for receiving a system access request input by a user through a system access page, wherein the system access request carries current user identification information;
the role determination module is used for determining the user roles of the current user identification information in the service subsystems according to the corresponding relation between the user identification information in the service subsystems and the user roles;
the list generating module is used for generating a user authority list of the current user identification information in each service subsystem according to the user role of the current user identification information in each service subsystem; each user authority list comprises an authority name and a control button of at least one system resource available authority of the current user identification information in each service subsystem, and the control button is used for triggering and displaying system resources corresponding to the system resource available authority;
the list providing module is used for providing the user permission list of the current user identification information in each service subsystem to the user through the system access page;
and the resource display module is used for displaying the corresponding system resource according to the clicking operation of the user on the target control button.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the method of rights management of any of claims 1-7.
10. A computer-readable storage medium storing computer instructions for causing a processor to perform the method of rights management of any of claims 1-7 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210441440.5A CN114978601A (en) | 2022-04-25 | 2022-04-25 | Authority management method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210441440.5A CN114978601A (en) | 2022-04-25 | 2022-04-25 | Authority management method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114978601A true CN114978601A (en) | 2022-08-30 |
Family
ID=82979537
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210441440.5A Pending CN114978601A (en) | 2022-04-25 | 2022-04-25 | Authority management method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978601A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342992A (en) * | 2017-06-27 | 2017-11-10 | 努比亚技术有限公司 | A kind of System right management method, apparatus and computer-readable recording medium |
| CN109670768A (en) * | 2018-09-27 | 2019-04-23 | 深圳壹账通智能科技有限公司 | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain |
| WO2020233039A1 (en) * | 2019-05-22 | 2020-11-26 | 深圳壹账通智能科技有限公司 | User operation permission control method and apparatus, device, and medium |
| CN113239344A (en) * | 2021-05-12 | 2021-08-10 | 建信金融科技有限责任公司 | Access right control method and device |
| CN114168982A (en) * | 2021-11-25 | 2022-03-11 | 浪潮软件股份有限公司 | Unified authorization method and system based on role coding |
-
2022
- 2022-04-25 CN CN202210441440.5A patent/CN114978601A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342992A (en) * | 2017-06-27 | 2017-11-10 | 努比亚技术有限公司 | A kind of System right management method, apparatus and computer-readable recording medium |
| CN109670768A (en) * | 2018-09-27 | 2019-04-23 | 深圳壹账通智能科技有限公司 | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain |
| WO2020233039A1 (en) * | 2019-05-22 | 2020-11-26 | 深圳壹账通智能科技有限公司 | User operation permission control method and apparatus, device, and medium |
| CN113239344A (en) * | 2021-05-12 | 2021-08-10 | 建信金融科技有限责任公司 | Access right control method and device |
| CN114168982A (en) * | 2021-11-25 | 2022-03-11 | 浪潮软件股份有限公司 | Unified authorization method and system based on role coding |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111444992B (en) | User information checking method and system based on information code | |
| CN113656179B (en) | Scheduling method and device of cloud computing resources, electronic equipment and storage medium | |
| US10002181B2 (en) | Real-time tagger | |
| CN111126948A (en) | Processing method and device for approval process | |
| US11093263B2 (en) | Resource management based on user interfaces | |
| US10521770B2 (en) | Dynamic problem statement with conflict resolution | |
| CN116940924A (en) | Application deployment in a computing environment | |
| US11289076B2 (en) | Assisting meeting participants via conversation loop detection and resolution using conversation visual representations and time-related topic usage | |
| CN113076186A (en) | Task processing method and device, electronic equipment and storage medium | |
| CN109840072B (en) | Information processing method and device | |
| US20170075895A1 (en) | Critical situation contribution and effectiveness tracker | |
| CN114978601A (en) | Authority management method, device, equipment and medium | |
| CN115618234A (en) | Model training method, device, equipment and storage medium | |
| CN115309558A (en) | Resource scheduling management system, method, computer equipment and storage medium | |
| US20170076245A1 (en) | Automatic profile generator and scorer | |
| CN112968876A (en) | Content sharing method and device, electronic equipment and storage medium | |
| US20150199625A1 (en) | Logical and physical organization management | |
| CN114730258A (en) | User interface techniques for infrastructure orchestration services | |
| US11561667B2 (en) | Semi-virtualized portable command center | |
| CN111143408B (en) | Event processing method and device based on business rule | |
| CN109460288B (en) | Transaction processing method, management server, transaction processing system and storage medium | |
| US20180137254A1 (en) | Minimizing errors in prescription medication dispensing | |
| US20180189802A1 (en) | System, method and computer program product for sensory simulation during product testing | |
| CN113360689B (en) | Image retrieval system, method, related device and computer program product | |
| US9378225B2 (en) | Core service build / deployment for hierarchical database |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |