CN116561716A - Rights management method, device, equipment and storage medium - Google Patents
Rights management method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN116561716A CN116561716A CN202310554413.3A CN202310554413A CN116561716A CN 116561716 A CN116561716 A CN 116561716A CN 202310554413 A CN202310554413 A CN 202310554413A CN 116561716 A CN116561716 A CN 116561716A
- Authority
- CN
- China
- Prior art keywords
- target
- application
- organization
- target application
- rights
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003860 storage Methods 0.000 title claims abstract description 14
- 238000007726 management method Methods 0.000 title description 47
- 230000008520 organization Effects 0.000 claims abstract description 88
- 238000000034 method Methods 0.000 claims abstract description 38
- 238000011282 treatment Methods 0.000 claims abstract description 16
- 238000012545 processing Methods 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 6
- 238000009434 installation Methods 0.000 claims description 6
- 230000001747 exhibiting effect Effects 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 3
- 238000011269 treatment regimen Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000013475 authorization Methods 0.000 description 6
- 238000001914 filtration Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
Abstract
Embodiments of the present disclosure relate to a method, apparatus, device, and storage medium for rights management. The method proposed herein comprises: determining a target application to be configured in a permission configuration interface for managing users and/or devices in a target organization; acquiring a permission policy to be applied to the target application by utilizing a permission configuration interface, wherein the permission policy at least indicates a target range authorized to use the target application in a target organization and a treatment policy for using the target application outside the target range, and the target range comprises a group of target users and/or a group of target devices; and managing the execution of the target application in the target organization based on the permission policy. In this way, the embodiments of the present disclosure may uniformly manage the usage rights of applications in an organization, improving the efficiency of rights management.
Description
Technical Field
Example embodiments of the present disclosure relate generally to the field of computers and, more particularly, relate to a method, apparatus, device, and computer-readable storage medium for rights management.
Background
The management of the use of software or applications is an important task within an enterprise or organization. An enterprise or organization may have acquired a predetermined number of installations or usage rights for some applications, which may result in usage or installations beyond the predetermined number constituting unauthorized activities, which may pose a potential risk to the enterprise or organization.
Disclosure of Invention
In a first aspect of the present disclosure, a method of rights management is provided. The method comprises the following steps: determining a target application to be configured in a permission configuration interface for managing users and/or devices in a target organization; acquiring a permission policy to be applied to the target application by utilizing a permission configuration interface, wherein the permission policy at least indicates a target range authorized to use the target application in a target organization and a treatment policy for using the target application outside the target range, and the target range comprises a group of target users and/or a group of target devices; and managing the execution of the target application in the target organization based on the permission policy.
In a second aspect of the present disclosure, an apparatus for rights management is provided. The device comprises: the determining module is configured in a permission configuration interface for managing users and/or devices in the target organization and is used for determining target applications to be configured; an acquisition module configured to acquire a permission policy to be applied to a target application using a permission configuration interface, the permission policy indicating at least a target scope in a target organization authorized to use the target application and a treatment policy to use the target application outside the target scope, the target scope including a set of target users and/or a set of target devices; and a management module configured to manage execution of the target application at the target organization based on the permission policy.
In a third aspect of the present disclosure, an electronic device is provided. The apparatus comprises at least one processing unit; and at least one memory coupled to the at least one processing unit and storing instructions for execution by the at least one processing unit. The instructions, when executed by at least one processing unit, cause the apparatus to perform the method of the first aspect.
In a fourth aspect of the present disclosure, a computer-readable storage medium is provided. The computer readable storage medium has stored thereon a computer program executable by a processor to implement the method of the first aspect.
It should be understood that what is described in this section of the disclosure is not intended to limit key features or essential features of the embodiments of the disclosure, nor is it intended to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, wherein like or similar reference numerals denote like or similar elements, in which:
FIG. 1 illustrates a schematic diagram of an example environment in which embodiments in accordance with the present disclosure may be implemented;
FIG. 2 illustrates a flowchart of an example process of rights management, according to some embodiments of the present disclosure;
3A-3F illustrate example rights configuration interfaces in accordance with some embodiments of the present disclosure;
FIG. 4 illustrates a schematic block diagram of an apparatus for rights management in accordance with some embodiments of the present disclosure; and
fig. 5 illustrates a block diagram of an electronic device capable of implementing various embodiments of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure have been illustrated in the accompanying drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather, these embodiments are provided so that this disclosure will be more thorough and complete. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.
It should be noted that any section/subsection headings provided herein are not limiting. Various embodiments are described throughout this document, and any type of embodiment may be included under any section/subsection. Furthermore, the embodiments described in any section/subsection may be combined in any manner with any other embodiment described in the same section/subsection and/or in a different section/subsection.
In describing embodiments of the present disclosure, the term "comprising" and its like should be taken to be open-ended, i.e., including, but not limited to. The term "based on" should be understood as "based at least in part on". The term "one embodiment" or "the embodiment" should be understood as "at least one embodiment". The term "some embodiments" should be understood as "at least some embodiments". Other explicit and implicit definitions are also possible below. The terms "first," "second," and the like, may refer to different or the same object. Other explicit and implicit definitions are also possible below.
Embodiments of the present disclosure may relate to user data, the acquisition and/or use of data, and the like. These aspects all follow corresponding legal and related regulations. In embodiments of the present disclosure, all data collection, acquisition, processing, forwarding, use, etc. is performed with knowledge and confirmation by the user. Accordingly, in implementing the embodiments of the present disclosure, the user should be informed of the type of data or information, the range of use, the use scenario, etc. that may be involved and obtain the authorization of the user in an appropriate manner according to the relevant laws and regulations. The particular manner of notification and/or authorization may vary depending on the actual situation and application scenario, and the scope of the present disclosure is not limited in this respect.
In the present description and embodiments, if the personal information processing is concerned, the processing is performed on the premise of having a validity base (for example, obtaining agreement of the personal information body, or being necessary for executing a contract, etc.), and the processing is performed only within a prescribed or contracted range. The user refuses to process the personal information except the necessary information of the basic function, and the basic function is not influenced by the user.
As mentioned briefly above, managing the compliance use of applications within an organization is an important task for an enterprise or other type of organization. The organization needs to manage the use of the members in the organization in the authorized range, which brings great management difficulty to the organization.
Embodiments of the present disclosure propose a scheme for rights management. According to the scheme, the target application to be configured can be determined in a permission configuration interface for managing users and/or devices in the target organization. Further, a permission policy to be applied to the target application may be obtained using the permission configuration interface, the permission policy indicating at least a target scope in the target organization authorized to use the target application and a treatment policy outside the target scope using the target application, the target scope including a set of target users and/or a set of target devices. Accordingly, execution of the target application at the target organization may be managed based on the rights policy.
In this way, embodiments of the present disclosure may support unified standardized management of usage rights for applications in an organization, which may increase the efficiency of application rights management and reduce the risk associated with unauthorized use.
Various example implementations of the scheme are described in further detail below in conjunction with the accompanying drawings.
Example Environment
FIG. 1 illustrates a schematic diagram of an example environment 100 in which embodiments of the present disclosure may be implemented. As shown in fig. 1, environment 100 may include a management device 110.
As will be described in detail below, the management device 110 may be configured to manage usage rights of applications 130 within an organization, for example. An "organization" may include a community of multiple users, such as a company, division, organization, etc. An "application" may comprise any suitable program product that may be installed and used by a terminal device, and in some scenarios may also be software.
For example, the management device 110 may utilize a rights configuration interface 160 provided by the terminal device 120 to enable rights management for the application 130. Such a terminal device 120 may correspond to, for example, an electronic device used by an administrator within an organization. It should be appreciated that although in fig. 1, the management device 110 and the terminal device 120 are shown as separate blocks, they may also be implemented in the same electronic device.
Illustratively, the management device 110 may utilize the rights configuration interface 160 to determine a target scope of the authorized scope, e.g., a set of devices 140 of the authorized scope and/or a set of users 150 of the authorized scope. Such a rights configuration interface 160 may be used to manage users and/or devices in a target organization.
Additionally, the management device 110 may also manage handling measures regarding the use of the application 130 outside the target scope. For example, the management device 110 may configure the configuration information obtained by the interface 160 according to the permissions such that users and/or devices in the organization that are not within the target range will disable the application 130.
A specific procedure regarding the rights configuration will be described in detail below with reference to fig. 2.
In some embodiments, the terminal device 120 may be any type of mobile terminal, fixed terminal, or portable terminal, including a mobile handset, desktop computer, laptop computer, notebook computer, netbook computer, tablet computer, media computer, multimedia tablet, personal Communication System (PCS) device, personal navigation device, personal Digital Assistant (PDA), audio/video player, digital camera/video camera, positioning device, television receiver, radio broadcast receiver, electronic book device, gaming device, or any combination of the preceding, including accessories and peripherals for these devices, or any combination thereof. Management device 110 may be, for example, various types of computing systems/servers capable of providing computing capabilities, including, but not limited to, mainframes, edge computing nodes, computing devices in a cloud environment, and so forth.
It should be understood that the structure and function of the various elements in environment 100 are described for illustrative purposes only and are not meant to suggest any limitation as to the scope of the disclosure.
Some example embodiments of the present disclosure will be described below with continued reference to the accompanying drawings.
Example procedure
Fig. 2 illustrates a flowchart of an example process 200 for rights management, according to some embodiments of the present disclosure. The process 200 may be implemented at the terminal device 120 (or in combination with the management device 120). Process 200 is described below with reference to fig. 1.
As shown in fig. 2, at block 210, the terminal device 120 determines the target application 130 to be configured using the rights configuration interface 160 for managing users and/or devices in the target organization.
As shown in fig. 3A, the terminal device 120 may, for example, provide a rights configuration interface 300A as shown in fig. 3A for administrative users within an organization.
Taking fig. 3A as an example, the terminal device 120 may, for example, present a set of candidate applications (e.g., candidate application 310-1 through candidate application 310-4, individually or collectively, as candidate application 310) in the rights configuration interface 300A and determine the target application to be configured according to a selection operation of the set of candidate applications by the administrative user.
Illustratively, such a set of candidate applications 310 may include a set of preset candidate applications. For example, terminal device 120 and/or management device 110 may configure a set of preset applications commonly used in an organization as candidate applications that can be used for management according to usage needs in the organization.
Alternatively, such a set of candidate applications 310 may also be determined based on the organization's procurement information and include a set of applications that the organization has procured.
In some embodiments, if the application that the administrative user desires to configure is not in the list, the administrative user may also trigger selection of other applications, for example, by operating add control 305.
Illustratively, upon receiving a selection of add control 305, terminal device 120 can present interface 300B, for example. As shown in fig. 3B, in interface 300B, terminal device 120 may present a set of candidate applications 315 determined from application installation information within an organization. Such application installation information may be, for example, reported by a user within the organization or determined from uploaded information of user devices within the organization if known and licensed by the user. The administrative user may, for example, add such candidate applications 315 to the list of administrative applications as shown in fig. 3A.
In some embodiments, the terminal device 120 may also provide the administrative user with a set of candidate applications determined by the detection, for example. As shown in fig. 3C, the terminal device 120 may also provide an interface 300C as shown in fig. 3C, for example.
In interface 300C, terminal device 120 may, for example, provide a set of candidate applications 320 determined based on real-time reference detection within an organization. Accordingly, the management device 120 may also add such candidate applications to the management application list as shown in fig. 3A.
Additionally, in the case that none of the above candidate applications includes a target application of a desired configuration, the terminal device 120 may also support, for example, managing the target application of a user input desired configuration. Illustratively, upon receiving a selection of the add portal 325 as shown in FIG. 3C, the terminal device 120 may, for example, present an interface 300D as shown in FIG. 3D.
As shown in fig. 3D, the interface 300D may, for example, allow application description information entered by a user at the interface 300D. Such application description information may include, for example, a name of the application, an operating system of the application, a BUNDLE ID (binding identifier) of the application, a version number of the application, and the like.
After completing such application description information, the terminal device 120 may support adding the target application determined based on the input application description information to the management application list as shown in fig. 3A.
In this way, the embodiment of the disclosure can support the addition of configuration applications of multiple channels, thereby being capable of facilitating unified management of applications in an organization and improving the efficiency of application management.
With continued reference to fig. 2, at block 220, terminal device 120 obtains, using the permission configuration interface 160, a permission policy to be applied to the target application 130, wherein the permission policy indicates at least a target scope in a target organization authorized to use the target application and a disposition policy outside the target scope using the target application, the target scope including a set of target users and/or a set of target devices.
With continued reference to the example shown in FIG. 3A, an application 310-1 in the application list is managed as an example of a selected target application. The management user may select this target application 310-1 as the target application to be managed by clicking on "open license", for example.
Further, the terminal device 120 may allow the administrative user to complete the configuration of the rights for the target application in accordance with the "per device authorization" and "per user authorization" approaches.
Further, the terminal device 120 can present a configuration component 300E as shown in fig. 3E. As shown in fig. 3E, the terminal device 120 may present a set of candidate devices 335 in the configuration component 300E. Such a set of candidate devices may include, for example, a set of candidate devices preset within an organization, e.g., a set of devices that currently manage the rights management of the user.
Alternatively or additionally, the configuration component 300E may also include a search entry 330, for example, through which the administrative user may enter search terms to enable filtering or filtering of candidate devices. For example, such search terms may be associated with device description information of the device, such as an identification of the device, a type of the device, a user to which the device corresponds, and so forth.
Further, the configuration component 300E can allow a management user to add one or more devices from the candidate devices 335 as target devices within an organization to authorize use of the target application.
In some examples, as shown in fig. 3E, the configuration component 300E can also be used to configure an upper bound for devices within an organization that are allowed to use the target application, for example. Such an upper limit may be determined, for example, from application procurement information of the organization, which may be less than or equal to the total number of procurement.
In still other embodiments, where the administrative user selects "per user authorization" for rights configuration, the terminal device 120 may, for example, provide a configuration component 300F as shown in fig. 3F.
As shown in fig. 3F, terminal device 120 may present a set of candidate users in configuration component 300F. Such a set of candidate users may include, for example, a set of candidate users 345 preset within an organization, e.g., a set of users for which the currently managed user has authority to manage.
Alternatively or additionally, the configuration component 300E may also include a search entry 340, for example, through which the administrative user may enter search terms to enable filtering or filtering of candidate users. For example, such search terms may be associated with user descriptive information of the user, such as the user's identity, the user's role, the department in which the user is located, and so forth.
Further, the configuration component 300E can allow the administrative user to add one or more devices from the candidate users 345 as target users within the organization to authorize use of the target application.
In the manner discussed above, embodiments of the present disclosure can further provide flexibility in application rights management, and more closely match different license modes of applications per device license and per user license, thereby increasing the scope of applicability of the solution.
In still other embodiments, the terminal device 120 may also support managing user input regarding the treatment policy for using the target application outside the target scope. Continuing with the example of target application 310-1 in FIG. 3A.
In some embodiments, the terminal device 120 may employ a default handling policy, for example, without receiving a specific input from the user. Such default processing policies may be appropriately configured, for example, according to organization needs, e.g., unauthorized users or devices may be prohibited from using the target application.
In some embodiments, as shown in FIG. 3A, the administrative user may also implement the configuration of rights for the target application 310-1 by, for example, clicking on the entry "disable software". For example, upon receiving a selection of "disable software," terminal device 110 may determine that the treatment policy selected by the administrative user indicates that the target application is disabled outside the target scope. In this case, an unauthorized user and/or device cannot launch the target application 310-1 even if it is installed.
In some embodiments, the administrative user may also configure reminders regarding unauthorized use or unauthorized attempted use, for example. For example, the administrative user may be configured such that when an unauthorized user attempts to launch the target application or attempts to launch the target application in an unauthorized device, the target application will not be launched and the device may be controlled to provide a reminder that the current device and/or the current user is not authorized to use the application.
As another example, the administrative user may also be configured to cause reminders to be generated during first unauthorized use of the user and/or device. That is, when an unauthorized user attempts to launch a target application or attempts to launch a target application in an unauthorized device, the target application may for the first time launch normally, for example, and the device may provide a reminder during use that the current device and/or the current user is not authorized to use the application and that authorization should be obtained as soon as possible.
In some embodiments, alerts may also be generated for administrative users for unauthorized use and/or attempted use of the target application that is outside of the target scope. For example, alerts regarding unauthorized use or attempted use within an organization may be provided to a administrative user in an appropriate manner, such as mail, office system messages, instant messaging messages, and the like.
In still other embodiments, as discussed above, the terminal device 120 may also receive a designation of an upper limit for the authorized device and/or the authorized user. In some embodiments, the terminal device 120 may also receive a configuration that manages the user to manage the excess number and/or excess ratio.
For example, such excess numbers and/or excess proportions may be appropriately configured according to application procurement information of the organization, e.g., to reduce the risk of use beyond procurement. As one example, a management user may configure, for example, a device upper limit within an organization to authorize use of a target application to be 100, and may configure an excess proportion to be 15% (e.g., an organization purchase number to be 120). Thus, when the total number of devices authorized and unauthorized use within the organization exceeds 115, a reminder about the excess quota may be sent to the administrative user of the target organization in an appropriate manner, such as mail, office system messages, instant messaging messages, etc., so that the terminal device of the administrative user presents the reminder. In some examples, such overage alerts may occur, for example, where the administrative user does not disable use outside of the target range.
In this way, embodiments of the present disclosure can support detailed configuration of the rights policy for the target application to specify users and/or devices authorized for use within the organization, and may specify a treatment policy for unauthorized use. Based on the mode, the embodiment of the disclosure can greatly reduce the difficulty of management of the application in the organization by the management party and improve the management efficiency.
With continued reference to fig. 2, at block 230, the terminal device 120 manages execution of the target application at the target organization based on the permission policy.
For example, the terminal device 120 may determine a user or device within the organization authorized to use the target application according to the permission policy and enable the devices within the organization to respond according to the permission policy. For example, a device within an organization may allow a user to install or use a target application if it is determined that the device belongs to an authorized device or that a logged-in user belongs to an authorized user.
Conversely, the device within the organization may determine whether to prohibit the user from launching or using the target application based on the permission policy if it is determined that the device does not belong to an authorized device and that the logged-in user does not belong to an authorized user. For example, the device may not respond when the user double clicks on launching the application, and may, for example, generate a reminder that the current device and/or the current user is not authorized to use the application. Alternatively, the device may generate a reminder that needs to be authorized as soon as possible after the application is normally started.
Through the above process, the embodiments of the present disclosure can provide a unified configuration interface for application rights management within an organization, can allow for adding target applications to be managed from multiple sources, and can manage the use of the target applications within an organization through multiple rights policies. Therefore, the embodiment of the disclosure can improve the uniformity of application management and reduce the time cost of application authority management.
In still other embodiments, with continued reference to FIG. 3A, the rights configuration interface 300A may also provide, for example, application statistics indicating a comparison of authorized usage and all usage of at least one application within the target organization.
Taking application 310-2 in fig. 3A, which has been opened for administration, as an example, the information in the column "licensed/all" may indicate, for example, a comparison of the number of devices or users (e.g., number C) that the administrator has authorized to the number of all devices or users (e.g., number B) that have installed or used the application within the organization. In some examples, the rights configuration interface 300A may also provide the ratio information of number C to number B directly, for example, rather than providing specific values of both.
In some embodiments, terminal device 120 may provide risk description information generated based on the comparison results, which may indicate whether there is a risk of exceeding a license or an unlicensed use case for a particular application within the target organization. For example, in case the number B is larger than the number C, the application may be determined to be at risk of unauthorized use. Accordingly, the rights configuration interface 300A may prompt that the application is currently potentially at risk, for example, through the column "software risk".
In still other embodiments, terminal device 120 may also provide purchase suggestions for application 310-2, for example, based on the comparison. For example, in the event that number B is greater than number C, terminal device 120 may generate a purchase suggestion regarding additional purchase application 310-2.
Based on such a manner, embodiments of the present disclosure may also enable information aggregation for applications to be managed within an organization, thereby further providing efficiency of application management within an organization.
Example apparatus and apparatus
Embodiments of the present disclosure also provide corresponding apparatus for implementing the above-described methods or processes.
Fig. 4 illustrates a schematic block diagram of an apparatus 400 for rights management, in accordance with certain embodiments of the present disclosure. The apparatus 400 may be implemented as or included in the terminal device 120. The various modules/components in apparatus 400 may be implemented in hardware, software, firmware, or any combination thereof.
As shown in fig. 4, the apparatus 400 includes a determining module 410 configured to determine a target application to be configured in a rights configuration interface for managing users and/or devices in a target organization; an obtaining module 420 configured to obtain, using the rights configuration interface, a rights policy to be applied to the target application, the rights policy indicating at least a target scope in the target organization authorized to use the target application and a treatment policy to use the target application outside the target scope, the target scope including a set of target users and/or a set of target devices; and a management module 430 configured to manage execution of the target application at the target organization based on the permission policy.
In some embodiments, the determination module 410 is further configured to: displaying a set of candidate applications in a rights configuration interface; and receiving a selection of a target application for a set of candidate applications.
In some embodiments, the set of candidate applications includes at least one of: the method comprises the steps of presetting a first group of applications, determining a second group of applications based on application installation information, and detecting a third group of applications based on real-time applications.
In some embodiments, the determination module 410 is further configured to: acquiring input application description information in a permission configuration interface; and determining the target application based on the application description information.
In some embodiments, the acquisition module 420 is further configured to: providing a first configuration component corresponding to the device configuration in the rights configuration interface, the first configuration component exhibiting a set of candidate devices; and determining a target range in the target organization authorized to use the target application based on the selection for at least one device in the set of candidate devices.
In some embodiments, a set of candidate devices includes: and the first group of candidate devices is preset in the target organization, the second group of candidate devices is matched with the first search term, and the first search term is associated with the device description information of the device.
In some embodiments, the acquisition module 420 is further configured to: providing a second configuration component corresponding to the user configuration in the rights configuration interface, the first configuration component exhibiting a set of candidate users; and determining a target scope in the target organization authorized to use the target application based on the selection for at least one user of the set of candidate users.
In some embodiments, a set of candidate users includes: and the first group of candidate users is preset in the target organization, the second group of candidate users is matched with the second search word, and the second search word is associated with the user description information of the user.
In some embodiments, the acquisition module 420 is further configured to: using the rights configuration interface, receiving input regarding a treatment policy for using the target application outside of the target scope, wherein the treatment policy includes at least one of: a first treatment policy indicating that the target application is disabled outside of the target scope; a second disposition policy indicating that a first reminder of unauthorized use and/or attempted use is generated for the target application outside of the target scope such that a first device associated with the unauthorized use and/or attempted use presents the first reminder; and/or a third disposition policy indicating that a second reminder for more than a predetermined number of unauthorized uses is generated to cause a terminal device associated with a management user of the target organization to present the second reminder, wherein the predetermined number is configured using the rights configuration interface.
In some embodiments, the apparatus 400 further comprises a presentation module configured to: and displaying application statistical information in the authority configuration interface, wherein the application statistical information indicates the comparison result of the authorized use condition and all use conditions of at least one application in the target organization.
In some embodiments, the presentation module is further configured to: risk description information for at least one application is provided, the risk description information being generated based on the comparison result.
Fig. 5 illustrates a block diagram of an electronic device 500 in which one or more embodiments of the disclosure may be implemented. It should be understood that the electronic device 500 shown in fig. 5 is merely exemplary and should not be construed as limiting the functionality and scope of the embodiments described herein. The electronic device 500 shown in fig. 5 may be used to implement the terminal device 120 and/or the management device 110 of fig. 1.
As shown in fig. 5, the electronic device 500 is in the form of a general-purpose electronic device. The components of electronic device 500 may include, but are not limited to, one or more processors or processing units 510, memory 520, storage 530, one or more communication units 540, one or more input devices 550, and one or more output devices 560. The processing unit 510 may be a real or virtual processor and is capable of performing various processes according to programs stored in the memory 520. In a multiprocessor system, multiple processing units execute computer-executable instructions in parallel to improve the parallel processing capabilities of electronic device 500.
Electronic device 500 typically includes multiple computer storage media. Such a medium may be any available media that is accessible by electronic device 500, including, but not limited to, volatile and non-volatile media, removable and non-removable media. The memory 520 may be volatile memory (e.g., registers, cache, random Access Memory (RAM)), non-volatile memory (e.g., read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory), or some combination thereof. Storage device 530 may be a removable or non-removable media and may include machine-readable media such as flash drives, magnetic disks, or any other media that may be capable of storing information and/or data (e.g., training data for training) and may be accessed within electronic device 500.
The electronic device 500 may further include additional removable/non-removable, volatile/nonvolatile storage media. Although not shown in fig. 5, a magnetic disk drive for reading from or writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk may be provided. In these cases, each drive may be connected to a bus (not shown) by one or more data medium interfaces. Memory 520 may include a computer program product 525 having one or more program modules configured to perform the various methods or acts of the various embodiments of the present disclosure.
The communication unit 540 enables communication with other electronic devices through a communication medium. Additionally, the functionality of the components of electronic device 500 may be implemented in a single computing cluster or in multiple computing machines capable of communicating over a communication connection. Thus, the electronic device 500 may operate in a networked environment using logical connections to one or more other servers, a network Personal Computer (PC), or another network node.
The input device 550 may be one or more input devices such as a mouse, keyboard, trackball, etc. The output device 560 may be one or more output devices such as a display, speakers, printer, etc. The electronic device 500 may also communicate with one or more external devices (not shown), such as storage devices, display devices, etc., with one or more devices that enable a user to interact with the electronic device 500, or with any device (e.g., network card, modem, etc.) that enables the electronic device 500 to communicate with one or more other electronic devices, as desired, via the communication unit 540. Such communication may be performed via an input/output (I/O) interface (not shown).
According to an exemplary implementation of the present disclosure, a computer-readable storage medium having stored thereon computer-executable instructions, wherein the computer-executable instructions are executed by a processor to implement the method described above is provided. According to an exemplary implementation of the present disclosure, there is also provided a computer program product tangibly stored on a non-transitory computer-readable medium and comprising computer-executable instructions that are executed by a processor to implement the method described above.
Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus, devices, and computer program products implemented according to the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer readable program instructions may be provided to a processing unit of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable medium having the instructions stored therein includes an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various implementations of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The foregoing description of implementations of the present disclosure has been provided for illustrative purposes, is not exhaustive, and is not limited to the implementations disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various implementations described. The terminology used herein was chosen in order to best explain the principles of each implementation, the practical application, or the improvement of technology in the marketplace, or to enable others of ordinary skill in the art to understand each implementation disclosed herein.
Claims (14)
1. A method of rights management, comprising:
determining a target application to be configured in a permission configuration interface for managing users and/or devices in a target organization;
obtaining a permission policy to be applied to the target application by utilizing the permission configuration interface, wherein the permission policy at least indicates a target scope authorized to use the target application in the target organization and a treatment policy for using the target application outside the target scope, and the target scope comprises a group of target users and/or a group of target devices; and
and managing the execution of the target application in the target organization based on the authority policy.
2. The method of claim 1, wherein determining a target application to be configured comprises:
displaying a set of candidate applications in the rights configuration interface; and
a selection of the target application for the set of candidate applications is received.
3. The method of claim 2, wherein the set of candidate applications includes at least one of:
a first set of applications that are preset,
a second set of applications determined based on the application installation information,
a third set of applications determined based on the real-time application detection.
4. The method of claim 1, wherein determining a target application to be configured comprises:
acquiring input application description information in the permission configuration interface; and
and determining the target application based on the application description information.
5. The method of claim 1, wherein obtaining, with the rights configuration interface, a rights policy to be applied to the target application comprises:
providing a first configuration component corresponding to device configuration in the rights configuration interface, the first configuration component exhibiting a set of candidate devices; and
the target scope in the target organization that is authorized to use the target application is determined based on a selection of at least one device in the set of candidate devices.
6. The method of claim 5, wherein the set of candidate devices comprises:
a first set of candidate devices preset in the target organization,
a second set of candidate devices that match a first term associated with device descriptive information for the device.
7. The method of claim 1, wherein obtaining, with the rights configuration interface, a rights policy to be applied to the target application comprises:
providing a second configuration component corresponding to user configuration in the rights configuration interface, the first configuration component exhibiting a set of candidate users; and
the target scope in the target organization that is authorized to use the target application is determined based on a selection for at least one user of the set of candidate users.
8. The method of claim 7, wherein the set of candidate users comprises:
a first set of candidate users preset in the target organization,
a second set of candidate users matching a second term associated with user descriptive information of the user.
9. The method of claim 1, wherein obtaining, with the rights configuration interface, a rights policy to be applied to the target application comprises:
receiving, with the rights configuration interface, input regarding the treatment policy for using the target application outside the target scope,
wherein the treatment strategy comprises at least one of:
a first treatment policy indicating that the target application is disabled outside the target scope;
a second treatment policy indicating that a first reminder of unauthorized use and/or attempted use is generated for the target application outside the target scope such that a first device associated with the unauthorized use and/or attempted use presents the first reminder;
a third disposition policy indicating that a second reminder for unauthorized use is generated beyond a predetermined number, wherein the predetermined number is configured with the rights configuration interface, to cause a terminal device associated with a administrative user of the target organization to expose the second reminder.
10. The method of claim 1, further comprising:
and displaying application statistical information in the authority configuration interface, wherein the application statistical information indicates a comparison result of the authorized use condition and all use conditions of at least one application in the target organization.
11. The method of claim 10, further comprising:
providing risk description information for the at least one application, the risk description information being generated based on the comparison result.
12. An apparatus for rights management, comprising:
a determining module configured to determine a target application to be configured in a rights configuration interface for managing users and/or devices in a target organization;
an acquisition module configured to acquire, with the permission configuration interface, a permission policy to be applied to the target application, the permission policy indicating at least a target scope in a target organization authorized to use the target application and a treatment policy outside the target scope to use the target application, the target scope including a set of target users and/or a set of target devices; and
and the management module is configured to manage the execution of the target application in the target organization based on the authority policy.
13. An electronic device, comprising:
at least one processing unit; and
at least one memory coupled to the at least one processing unit and storing instructions for execution by the at least one processing unit, which when executed by the at least one processing unit, cause the electronic device to perform the method of any one of claims 1 to 11.
14. A computer readable storage medium having stored thereon a computer program executable by a processor to implement the method of any of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310554413.3A CN116561716A (en) | 2023-05-16 | 2023-05-16 | Rights management method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310554413.3A CN116561716A (en) | 2023-05-16 | 2023-05-16 | Rights management method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116561716A true CN116561716A (en) | 2023-08-08 |
Family
ID=87503204
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310554413.3A Pending CN116561716A (en) | 2023-05-16 | 2023-05-16 | Rights management method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116561716A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1510562A (en) * | 2002-12-20 | 2004-07-07 | 挹光科技股份有限公司 | Method and system for controlling usage of software |
| US20080134348A1 (en) * | 2006-12-05 | 2008-06-05 | Microsoft Corporation | Conditional policies in software licenses |
| US7627902B1 (en) * | 2003-02-20 | 2009-12-01 | Dell Marketing Usa, L.P. | Method of managing a software item on a managed computer system |
| CN103400066A (en) * | 2013-07-29 | 2013-11-20 | 王克 | System and method for managing software |
| CN111124472A (en) * | 2019-12-30 | 2020-05-08 | 宁波视睿迪光电有限公司 | Terminal software management platform |
-
2023
- 2023-05-16 CN CN202310554413.3A patent/CN116561716A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1510562A (en) * | 2002-12-20 | 2004-07-07 | 挹光科技股份有限公司 | Method and system for controlling usage of software |
| US7627902B1 (en) * | 2003-02-20 | 2009-12-01 | Dell Marketing Usa, L.P. | Method of managing a software item on a managed computer system |
| US20080134348A1 (en) * | 2006-12-05 | 2008-06-05 | Microsoft Corporation | Conditional policies in software licenses |
| CN103400066A (en) * | 2013-07-29 | 2013-11-20 | 王克 | System and method for managing software |
| CN111124472A (en) * | 2019-12-30 | 2020-05-08 | 宁波视睿迪光电有限公司 | Terminal software management platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109510849B (en) | Cloud-storage account authentication method and device | |
| US8850041B2 (en) | Role based delegated administration model | |
| JP6013594B2 (en) | Locally assisted cloud-based storage | |
| RU2598324C2 (en) | Means of controlling access to online service using conventional catalogue features | |
| CN107506620B (en) | Application market manages control | |
| US8843648B2 (en) | External access and partner delegation | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| US20110167479A1 (en) | Enforcement of policies on context-based authorization | |
| US20120144454A1 (en) | Apparatus for managing authorization in software-as-a-service platform and method for the same | |
| US10110665B2 (en) | Network based application management | |
| US11089002B2 (en) | Two-factor authentication for a file system | |
| CN110138767B (en) | Transaction request processing method, device, equipment and storage medium | |
| US9208332B2 (en) | Scoped resource authorization policies | |
| CN115552441A (en) | Low trust privilege access management | |
| US20100185451A1 (en) | Business-responsibility-centric identity management | |
| CN114239009A (en) | Authority control method and device and terminal equipment | |
| EP2725511B1 (en) | Managing application execution and data access on a device | |
| US11405381B2 (en) | Tag-based access permissions for cloud computing resources | |
| US11204984B2 (en) | Systems and methods for managing access to application data on computing devices | |
| CN116561716A (en) | Rights management method, device, equipment and storage medium | |
| US10862831B2 (en) | System, method, and computer program product providing end-to-end security of centrally accessible group membership information | |
| US11063950B2 (en) | Secure remote desktop session | |
| CN108989418A (en) | A kind of resource amount method of mixed cloud object storage common authentication | |
| CN111310166A (en) | Authority management method, device, equipment and storage medium | |
| CN109818731B (en) | Method for reinforcing DSoD strategy by stream protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |