CN116578957A - Account operation request response method and device and electronic equipment - Google Patents

Account operation request response method and device and electronic equipment Download PDF

Info

Publication number
CN116578957A
CN116578957A CN202310646616.5A CN202310646616A CN116578957A CN 116578957 A CN116578957 A CN 116578957A CN 202310646616 A CN202310646616 A CN 202310646616A CN 116578957 A CN116578957 A CN 116578957A
Authority
CN
China
Prior art keywords
target
information
authority
account
management operation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310646616.5A
Other languages
Chinese (zh)
Inventor
朱海识
于爽
丁子钰
邹晓鸥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202310646616.5A priority Critical patent/CN116578957A/en
Publication of CN116578957A publication Critical patent/CN116578957A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a response method and device for an account operation request and electronic equipment. The response method of the account operation request comprises the following steps of: receiving a target operation request sent by a target account; acquiring N authentication paths matched with the target management operation according to the target operation request; inquiring in an authorization operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths; and sending response information corresponding to the target operation request based on the query result. The application solves the problem that the user permission is overlarge because the user permission cannot be finely configured in the related technology.

Description

Account operation request response method and device and electronic equipment
Technical Field
The application relates to the field of information security, in particular to a response method and device for an account operation request and electronic equipment.
Background
When the current version continuously delivers the control right of the system, the current version is independently maintained according to the right of the application dimension. The git authority takes the archive as a minimum unit, the devots platform takes the application as a minimum unit, the vaim system takes the version package product as a minimum unit, the version continuous delivery system relates to the system, but the authority granularity is not uniform, the situation that the authority granularity of a configuration manager is overlarge can occur due to the inconsistency of the version continuous delivery system and the authority granularity of other systems, and the problems of misoperation or override making, version delivery and the like of the configuration manager are caused.
Aiming at the problem that the user permission is overlarge due to the fact that the user permission cannot be finely configured in the related technology, no effective solution is proposed at present.
Disclosure of Invention
The application mainly aims to provide a response method, a response device and electronic equipment for an account operation request, so as to solve the problem that user permission is overlarge because user permission cannot be finely configured in the related technology.
In order to achieve the above object, according to one aspect of the present application, there is provided a response method for an account operation request. The method comprises the following steps: receiving a target operation request sent by a target account, wherein the target operation request is used for requesting target management operation on a target application item; acquiring N authentication paths matched with the target management operation according to the target operation request, wherein the N authentication paths respectively correspond to N project control platforms, the N project control platforms are used for realizing the target management operation, the authentication paths are used for indicating an information item set of authentication information items required by the target management operation in the corresponding project management platform, and N is an integer greater than or equal to 1; inquiring in an authorization operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths, wherein the authorization operation set comprises authorized management operations of the target account in the N project control platforms; and sending response information corresponding to the target operation request based on the query result.
In order to achieve the above object, according to another aspect of the present application, there is provided a response device for an account operation request. The device comprises: the receiving unit is used for receiving a target operation request sent by a target account, wherein the target operation request is used for requesting target management operation on a target application item; an obtaining unit, configured to obtain N authentication paths matched with the target management operation according to the target operation request, where the N authentication paths respectively correspond to N project control platforms, where the N project control platforms are each configured to implement the target management operation, and the authentication paths are configured to indicate an information item set of authentication information items required for the target management operation in the corresponding project control platform, and N is an integer greater than or equal to 1; the inquiring unit is used for inquiring in the authorizing operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths, wherein the authorizing operation set comprises authorized management operations of the target account in the N project control platforms; and the sending unit is used for sending response information corresponding to the target operation request based on the query result.
Optionally, the query unit includes: a first obtaining unit, configured to obtain a permission tree corresponding to the target account, where the permission tree is used to indicate a set of management operations authorized by the target account, and each node in the permission tree corresponds to one authentication information item; the second acquisition unit is used for acquiring N authority tree branches which are respectively matched with the N project control platforms in the authority tree, and the first inquiry subunit is used for sequentially acquiring an authentication path from the N authentication paths as a current path and inquiring in the current authority tree branch corresponding to the current path based on the information item set included in the current path to obtain an authorization operation subset corresponding to the current authority tree branch; a first determination unit: and determining the query result according to the inclusion relation between the authorization operation subset corresponding to each of the N authority tree branches and the target management operation.
Optionally, the first determining unit includes: a first determining subunit, configured to determine that the target management operation is an executable operation when the target management operation is included in the authorized operation subsets corresponding to the N authority tree branches, and a second determining subunit, configured to determine that the target management operation is an non-executable operation when the target management operation is not included in the authorized operation subsets.
Optionally, the transmitting unit includes at least one of: a first sending unit, configured to send a display instruction associated with the target management operation when it is determined that the target account is configured with the operation authority of the target management operation based on the query result, where the display instruction is used to display an operation option associated with the target management operation, and the response information includes the display instruction; and a second transmitting unit configured to transmit, when it is determined to execute the target management operation based on the query result, first execution hint information corresponding to an execution result of the target management operation, where the response information includes the execution hint information.
Optionally, the transmitting unit includes at least one of: a third sending unit, configured to send a disabling instruction associated with the target management operation, where the disabling instruction is used to hide an operation option associated with the target management operation, and the response information includes the disabling instruction, where the determining unit is configured to determine, based on the query result, that the target account is not configured with an operation authority of the target management operation; and a fourth sending unit, configured to send second execution prompting information when it is determined, based on the query result, that the target account is not configured with the operation authority of the target management operation, where the second execution prompting information is used to indicate that the target account is not configured with the operation authority of the target management operation, and the second execution prompting information includes execution failure prompting information.
Optionally, the response device is further configured to obtain rights information matched with the reference management operation, where the rights information includes M authentication information items, where M is an integer greater than or equal to 1, and the authentication information items include at least one of the following: item control platform identification information, application type information, account type information and group information; and creating at least one reference authentication path for the reference management operation according to the authority information.
Optionally, the response device is further configured to obtain an authorization operation set configured for the target account; and establishing a right tree corresponding to the target account according to the authorization condition information corresponding to each authorization operation in the authorization operation set, wherein each node in the right tree corresponds to an authentication information item in the authorization condition information.
Optionally, the response device is further configured to update the N authentication paths that match the target management operation when the permission condition of the target management operation changes; and under the condition that the authority of the reference authorization operation of the target account number is changed, updating the authorization operation set corresponding to the target account number.
In order to achieve the above object, according to still another aspect of the present application, there is provided a computer-readable storage medium having a computer program stored therein, wherein the computer program is configured to execute the response method of the account operation request described above when running.
To achieve the above object, according to yet another aspect of the present application, there is provided a computer program product or a computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions so that the computer device performs the response method of the account operation request.
In order to achieve the above object, according to still another aspect of the present application, there is provided a processor for running a program, wherein the program runs while executing the response method of the account operation request.
In order to achieve the above object, according to still another aspect of the present application, there is provided an electronic device including one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform a response method of the account operation request.
According to the application, the following steps are adopted: receiving a target operation request sent by a target account, wherein the target operation request is used for requesting target management operation on a target application item; acquiring N authentication paths matched with the target management operation according to the target operation request, wherein the N authentication paths respectively correspond to N project control platforms, the N project control platforms are used for realizing the target management operation, the authentication paths are used for indicating an information item set of authentication information items required by the target management operation in the corresponding project management platform, and N is an integer greater than or equal to 1; inquiring in an authorization operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths, wherein the authorization operation set comprises authorized management operations of the target account in the N project control platforms; based on the query result, response information corresponding to the target operation request is sent, and the problem that the user permission is overlarge due to the fact that the user permission cannot be finely configured in the related technology is solved. And further, the user authority is finely managed, so that the authority is reduced to the minimum necessary range, and the configuration manager is prevented from misoperation, and the wrong version is produced or delivered.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application. In the drawings:
fig. 1 is a schematic diagram of a hardware environment of a response method of an account operation request according to an embodiment of the present application;
fig. 2 is a flowchart of a response method of an account operation request according to an embodiment of the present application;
fig. 3 is a schematic diagram of a response method of an account operation request according to an embodiment of the present application;
fig. 4 is a schematic diagram of another response method of an account operation request according to an embodiment of the present application;
fig. 5 is a schematic diagram of a response method of an account operation request according to another embodiment of the present application;
fig. 6 is a schematic structural diagram of a response device for an account operation request according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the application herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of description, the following will describe some terms or terminology involved in the embodiments of the present application:
the git management platform: the git version library management platform can control applications, archives, personnel rights and the like;
the devots platform: the application discloses an automatic software making and delivering platform which has the functions of developing edition, creating branches, controlling access, combining branches, delivering branches and the like;
vaim platform: a version automatic compiling, packing and installing platform;
version duration delivery system: and the version continuous delivery pipeline and the handover deployment pipeline version automatic release are realized.
It should be noted that, related information (including, but not limited to, user equipment information, user personal information, etc.) and data (including, but not limited to, data for presentation, analyzed data, etc.) related to the present disclosure are information and data authorized by a user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or institution, before acquiring the relevant information, the system needs to send an acquisition request to the user or institution through the interface, and acquire the relevant information after receiving the consent information fed back by the user or institution.
According to an aspect of the embodiment of the present invention, a response method of an account operation request is provided, and as an optional implementation manner, the response method of an account operation request may be, but is not limited to, applied to a response system of an account operation request formed by a terminal device 102, a server 104 and a network 110 as shown in fig. 1. As shown in fig. 1, terminal device 102 communicates with a connection to server 104 via a network 110, which may include, but is not limited to: a wired network, a wireless network, wherein the wired network comprises: local area networks, metropolitan area networks, and wide area networks, the wireless network comprising: bluetooth, WIFI, and other networks that enable wireless communications. The terminal device may include, but is not limited to, at least one of: a mobile phone (e.g., an Android mobile phone, iOS mobile phone, etc.), a notebook computer, a tablet computer, a palm computer, a MID (Mobile Internet Devices, mobile internet device), a PAD, a desktop computer, a smart television, a vehicle-mounted device, etc. The terminal device 102 may include, but is not limited to, a display, a processor, and a memory, and the server 104 may be a single server, a server cluster including a plurality of servers, or a cloud server. The server includes a database and a processing engine.
The specific process comprises the following steps:
step S102, the terminal device 102 sends a target operation request to the server 104; the manner of triggering the terminal device to send the target operation request may be triggered by clicking a function button by the user, or may be triggered by other manners, which is not limited herein.
Step S104 to step S110, the server 104 receives a target operation request sent by a target account; acquiring N authentication paths matched with the target management operation according to the target operation request; inquiring in an authorization operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths; transmitting response information corresponding to the target operation request based on the query result;
in step S112, the terminal device 102 receives the response information sent by the server 104.
In addition to the example shown in fig. 1, the above steps may be performed by the client or the server independently, or by the client and the server cooperatively, such as by the terminal device 102 performing the above steps S104 to S110, thereby relieving the processing pressure of the server 104. The terminal device 102 includes, but is not limited to, a handheld device (e.g., a mobile phone), a notebook computer, a desktop computer, a vehicle-mounted device, etc., and the application is not limited to a specific implementation of the terminal device 102.
The present application will be described with reference to preferred implementation steps, and fig. 2 is a flowchart of a response method for an account operation request according to an embodiment of the present application, and as shown in fig. 2, the method includes the following steps:
step S202, receiving a target operation request sent by a target account, wherein the target operation request is used for requesting target management operation on a target application item;
it should be noted that, the target account is an account used when the target user logs in the target application, and the target account is associated with a target user identifier and related privacy data (such as a user mobile phone number, an identity card number, etc.) of the target user, so that the associated storage of the target account, the target user identifier and the related privacy data adopts an encryption mode, so that the problem of user information leakage caused by querying the related privacy data of the target user through the target account is avoided, and the specific storage and encryption modes are not limited in the application;
optionally, the target application item is a functional module in the target application, and the target management operation performed on the target application item may be addition, modification, deletion, delivery, and the like, which is not specifically limited herein.
Step S204, acquiring N authentication paths matched with the target management operation according to the target operation request, wherein the N authentication paths respectively correspond to N project control platforms, the N project control platforms are used for realizing the target management operation, the authentication paths are used for indicating an information item set of authentication information items required by the target management operation in the corresponding project control platforms, and N is an integer greater than or equal to 1;
it should be noted that, the N authentication paths matched with the target management operation are paths for searching the user rights, and the N project consoles specifically may include at least one of the following: git management platform, devops platform, vaim platform, etc., for example, one authentication path is vaim platform— > personal internet banking application— group 2, then the authentication information item is: vaim platform, personal online banking application, group 2, the collection of information items is [ vaim platform, personal online banking application, group 2].
Step S206, inquiring in an authorization operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths, wherein the authorization operation set comprises authorized management operations of the target account in the N project control platforms;
it should be noted that, the authentication path indicates an information item set, N authentication paths may indicate N information item sets, and the authorization operation set corresponding to the target account is a set formed by a plurality of operations that may be executed by the target account.
Step S208, response information corresponding to the target operation request is sent based on the query result.
Currently version administrators make versions through a version persistence delivery system. The version manager creates a version construction pipeline in the version persistence delivery system: and configuring an application and a version library to which the version source code belongs, selecting compiling, packaging and installing strategies, configuring a corresponding delivery access control level, and configuring smoke test, code scanning and the like. After the creation is completed, a version manager and a developer trigger a pipeline to make a process version, at the moment, a version continuous delivery system calls a vaim platform to build the version, and the vaim platform calls a git platform to download source codes, compile and package the source codes, and then distribute and deploy the source codes. By the time of delivery, the version package is delivered to the version artifact center by the version administrator.
When the current version continuously delivers the control right of the system, the current version is independently maintained according to the right of the application dimension. The git authority takes the archive as a minimum unit, the devots platform takes the application as a minimum unit, the vaim system takes the version package product as a minimum unit, and the version continuous delivery system relates to the system, but the authority granularity is not uniform, the condition that the authority of a configuration manager is overlarge can occur, and the problems of misoperation or override making, version delivery and the like of the configuration manager can be caused.
According to the response method of the account operation request, which is provided by the embodiment of the application, the target operation request sent by the target account is received, wherein the target operation request is used for requesting target management operation on the target application item; acquiring N authentication paths matched with the target management operation according to the target operation request, wherein the N authentication paths respectively correspond to N project control platforms, the N project control platforms are used for realizing the target management operation, the authentication paths are used for indicating an information item set of authentication information items required by the target management operation in the corresponding project management platform, and N is an integer greater than or equal to 1; inquiring in an authorization operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths, wherein the authorization operation set comprises authorized management operations of the target account in the N project control platforms; based on the query result, response information corresponding to the target operation request is sent, and the problem that the user permission is overlarge due to the fact that the user permission cannot be finely configured in the related technology is solved. And further, the user authority is finely managed, so that the authority is reduced to the minimum necessary range, and the configuration manager is prevented from misoperation, and the wrong version is produced or delivered.
As an optional scheme, according to the information item sets respectively indicated by the N authentication paths, querying in the authorization operation set corresponding to the target account includes:
s1, acquiring a permission tree corresponding to a target account, wherein the permission tree is used for indicating a management operation set authorized by the target account, and each node in the permission tree corresponds to an authentication information item;
it should be noted that, the authority tree includes multiple levels, each level includes multiple authentication information items, for example, the target account includes a git platform, a devops platform, a vaim platform, etc., the git platform includes a personal internet banking application, a mobile phone banking application, an enterprise internet banking application, and the personal internet banking application may include a group 1, a group 2, etc., and an initial node of the authority tree may be data that uniquely identifies the user, such as the target account or a target account identifier, etc., which is not limited in this disclosure.
S2, acquiring N authority tree branches which are matched with N project control platforms respectively in the authority tree;
it should be noted that, the above-mentioned obtaining N rights tree branches that are respectively matched with N project control platforms in the rights tree may be, but not limited to, that each project control platform corresponds to one rights tree branch, the multiple platforms correspond to multiple rights tree branches, and initial nodes of the multiple rights tree branches are the same target account number or the same target account number identifier, thereby forming a rights tree corresponding to the target account number.
S3, sequentially acquiring an authentication path from the N authentication paths as a current path, and inquiring in a current authority tree branch corresponding to the current path based on an information item set included in the current path to obtain an authorization operation subset corresponding to the current authority tree branch;
s4, determining the query result according to the inclusion relation between the authorization operation subset corresponding to each of the N authority tree branches and the target management operation;
it should be noted that, based on the information item set included in the current path, before the query is performed in the current authority branch corresponding to the current path, the current authority branch corresponding to the current path needs to be determined according to the information item set included in the current path, and a specific determining manner may be to confirm whether the information item set has the same element as the element of the project control platform included in the authorization operation subset corresponding to the authority tree branch, or may be other determining manners besides that, and the application is not limited specifically herein.
Acquiring a permission tree corresponding to the target account, wherein the permission tree is used for indicating a management operation set authorized by the target account, and each node in the permission tree corresponds to one authentication information item; acquiring N authority tree branches which are respectively matched with N project control platforms in the authority tree; sequentially acquiring an authentication path from the N authentication paths as a current path, and inquiring in a current authority tree branch corresponding to the current path based on an information item set included in the current path to obtain an authorization operation subset corresponding to the current authority tree branch; and determining a query result according to the inclusion relation between the authorization operation subset corresponding to each of the N authority tree branches and the target management operation. By the method, whether the operation to be performed by the target account is authorized or not can be quickly confirmed, namely, whether the target account can execute the requested target management operation or not can be confirmed, and therefore the problem that when the target management operation needs authorization of a plurality of platforms, the granularity of the plurality of platforms is inconsistent (for example, the git authority takes an archive as a minimum unit, the devops platform takes an application as a minimum unit, and the vaim system takes a version package as a minimum unit) is solved, and the problem that the authority set for the target account is overlarge. The technical effect of finely configuring the target account rights is achieved.
As an alternative, determining the query result according to the inclusion relationship between the subset of authorized operations and the target management operation corresponding to each of the N rights tree branches includes:
s1, determining the target management operation as an executable operation under the condition that the corresponding authorized operation subsets of the N authority tree branches respectively comprise the target management operation;
s2, determining the target management operation as an inexecutable operation under the condition that the target management operation is not included in the authorized operation subset.
It should be noted that, the specific matching method adopted in the matching may be that each element in the subset of the target management operation and the authorized operation is matched, if the target management operation is successfully matched with any element in the subset of the authorized operation, the target operation is determined to be an executable operation, otherwise, the target operation is not executable operation, and the specific matching method may also be other matching methods besides the above-mentioned one, which is not limited herein.
Determining the target management operation as an executable operation under the condition that the corresponding authorized operation subsets of the N authority tree branches respectively comprise the target management operation; under the condition that the target management operation is not included in the authorized operation subset, the target management operation is determined to be an inexecutable operation, so that whether the operation to be executed by the user is the authorized operation or not is accurately determined, the user is prevented from executing unauthorized operation or delivering wrong versions, and the technical effect of accurately authorizing different users is achieved.
As an alternative, response information corresponding to the target operation request is transmitted based on the query result, including at least one of:
s1, under the condition that the fact that the target account is configured with the operation authority of the target management operation is determined based on the query result, sending a display instruction associated with the target management operation, wherein the display instruction is used for displaying operation options associated with the target management operation, and the response information comprises the display instruction;
s2, under the condition that the execution of the target management operation is determined based on the query result, sending first execution prompt information corresponding to the execution result of the target management operation, wherein the response information comprises the execution prompt information.
Transmitting a display instruction associated with the target management operation under the condition that the target account is determined to be configured with the operation authority of the target management operation based on the query result, wherein the display instruction is used for displaying operation options associated with the target management operation, and the response information comprises the display instruction; under the condition that the target management operation is determined to be executed based on the query result, first execution prompt information corresponding to the execution result of the target management operation is sent, wherein the response information comprises the execution prompt information, so that whether the operation to be executed by a user is visible to the user only or the user is allowed to execute the selected operation is confirmed, the problem that the user does not operate the self-authorized function to cause final submission of an error version is avoided, the related information is displayed to the authorized user or the corresponding operation is allowed to be carried out by the authorized user is avoided, and the technical effect that the processing of the corresponding function by the authorized user is not influenced or the authorized user can see the related content in the authority is achieved.
As an alternative, response information corresponding to the target operation request is transmitted based on the query result, including at least one of:
s1, when the fact that the target account is not configured with the operation authority of the target management operation is determined based on the query result, a disabling instruction associated with the target management operation is sent, wherein the disabling instruction is used for hiding operation options associated with the target management operation, and the response information comprises the disabling instruction;
s2, when the fact that the target account is not configured with the operation authority of the target management operation is determined based on the query result, sending second execution prompt information, wherein the second execution prompt information is used for indicating the operation authority of the target account, which is not configured with the target management operation, and comprises execution failure prompt information.
It should be noted that, the second execution prompting information may be prompting the user to fail in execution, or may be prompting the user to have no operation authority of the corresponding function, suggesting to contact the related personnel to perform the operation after authorization, and the specific content included in the prompting information is not specifically limited in the present application.
Transmitting a disabling instruction associated with the target management operation in a case that the target account is determined not to be configured with the operation authority of the target management operation based on the query result, wherein the disabling instruction is used for hiding operation options associated with the target management operation, and the response information comprises the disabling instruction; and sending second execution prompt information when the operation authority of the target management operation is not configured in the target account based on the query result, wherein the second execution prompt information is used for indicating the operation authority of the target account, which is not configured in the target management operation, and the second execution prompt information comprises execution failure prompt information. The method solves the problem that the information in the authority of the authorized user is easy to be revealed, and achieves the technical effect of effectively protecting the information in the authority of the authorized user.
As an optional solution, before receiving the target operation request sent by the target account, the method further includes:
s1, acquiring authority information matched with reference management operation, wherein the authority information comprises M authentication information items, M is an integer greater than or equal to 1, and the authentication information items comprise at least one of the following: item control platform identification information, application type information, account type information and group information;
it should be noted that the authentication information item further includes: function name information, presentation type information, operation type information, button number, archive information, node information, and the like.
S2, at least one reference authentication path is created for the reference management operation according to the authority information.
It should be noted that, before the target account sends the target operation request, the reference authentication path creates an authentication path corresponding to the reference management operation for the reference management operation according to the authorization information item required by each reference management operation.
By acquiring authority information matched with the reference management operation, wherein the authority information comprises M authentication information items, M is an integer greater than or equal to 1, and the authentication information items comprise at least one of the following: item control platform identification information, application type information, account type information and group information; at least one reference authentication path is created for the reference management operation according to the rights information. The method solves the problem that the permission tree needs to be searched and confirmed in the subsequent generation, can be compatible with the permission information of the newly developed management operation, can obtain the permission tree corresponding to the target account number and the authorization operation set of the newly increased management operation without manually adding the permission information matched with the management operation when the newly increased management operation is achieved, and improves the confirmation efficiency when a user requests to execute the operation and confirms whether the requested operation is authorized or not.
As an optional solution, before receiving the target operation request sent by the target account, the method further includes:
s1, acquiring an authorization operation set configured for a target account;
s2, establishing a permission tree corresponding to the target account according to the authorization condition information corresponding to each authorization operation in the authorization operation set, wherein each node in the permission tree corresponds to an authentication information item in the authorization condition information.
Acquiring an authorization operation set configured for a target account; and establishing a permission tree corresponding to the target account according to the authorization condition information corresponding to each authorization operation in the authorization operation set, wherein each node in the permission tree corresponds to an authentication information item in the authorization condition information. The method and the device solve the problem that the background does not know the authorization operation which is not authorized by the target account before the target account sends the target operation request, achieve the technical effect of quickly confirming whether the operation to be performed by the target account is authorized or not after the target account sends the target account request, improve the confirmation efficiency of confirming whether the operation selected by the target account is authorized or not, reduce the waiting time of the target account and improve the user experience.
As an alternative, after sending the response information corresponding to the target operation request based on the query result, it further includes:
s1, under the condition that the authority conditions of target management operation are changed, updating N authentication paths matched with the target management operation;
s2, under the condition that the authority of the reference authorization operation of the target account is changed, updating the authorization operation set corresponding to the target account.
Updating N authentication paths matched with the target management operation under the condition that the authority conditions of the target management operation are changed; under the condition that the authority of the reference authorization operation of the target account is changed, the authorization operation set corresponding to the target account is updated, so that the technical problem that the authorization operation set corresponding to the target account is not changed in time under the condition that the authority condition of the target management operation is changed is solved, and the technical effect that the authority condition of the target management operation and the authorization operation set are kept uniform is achieved.
By way of further illustration, the present invention generates a version persistent delivery system permission map according to the systems such as the git management platform, the devops platform, the vaim platform, etc., the version persistent delivery system performs permission division on each module according to the service function, searches according to the permission map, and only allows the users with permission to perform corresponding operations, and specifically, the present invention is illustrated by taking the git management platform and the vaim platform as examples, as shown in fig. 3-5, and specifically includes the following steps:
S1, dividing authorities of all modules of a version continuous delivery system, and combing service personnel of the version continuous delivery system according to scenes such as version making, adjustment access control, version delivery and the like, confirming necessary authorities of all platforms required by operation of all functional modules of the version continuous delivery system, generating a service authority map (namely a path for searching user authorities), such as an authentication path 301 (a path shown by a dotted line in FIG. 3) which is sequentially formed by a vaim platform, a personal internet banking application and a group 2, and an authentication path 401 (a path shown by a dotted line in FIG. 4) which is sequentially formed by a git management platform, a personal internet banking application, a group 2 and a version manager, wherein the service authority map can comprise a plurality of levels, such as information of function names, display types, operation types, button numbers, authority platform types, roles, applications, archives, groups, nodes and the like, and recording related information into a database table A.
For example, the version construction pipeline button needs the authority of a corresponding group of the vaim system and the authority of a version manager of a corresponding archive of the git management platform, the recording function name is "creating version construction pipeline", the recording authority platform type 1 is "vaim platform", the recording application is "yes", the recording group is "yes", the recording authority platform type 2 is "git management platform", the recording application is "yes", the recording group is "yes", the recording application is "yes", and the recording role is "version manager"; adjusting the authority of a configuration manager of the entrance guard needing devops; version delivery requires "version manager" rights for the group rights for the vaim system and for the archive for the git management platform (which can avoid delivery errors by different configuration administrators for different groups of applications).
In the above embodiment, the record application is "yes", which may be used to indicate that in the process of performing the operation authority query, the query and the judgment of the data item "application type" are required.
S2, invoking each platform by the version continuous delivery system, generating a user id corresponding to a user authority tree (as shown in FIG. 5, the specific storage mode of the user in a database can be user id), including information such as user id, authority platform type, application, role, group, node and the like, recording related information into a database table B, and establishing a proper index according to an authority map, such as recording 'Zhang San', 'git management platform', 'personal internet banking application', 'version manager', 'group 2', 'blank'; "Zhang San", "vaim platform", "personal web-banking application", "null", "group 2", "null". Synchronously notifying the version continuous delivery system to change when the rights are added or deleted by each platform;
it should be noted that, the above record of "null" may be understood as that all the functions related to the hierarchy of the nodes recorded as "null" in the authority tree are authorized to the user; in another embodiment, the data item recorded as "null" may be understood that the user is not authorized to the related function of the level to which the node belongs, and in this embodiment, the data meaning of the default item may be configured according to actual needs.
S3, judging the display type according to the function of each column and the authority map of the button after the user logs in, and matching the display type with the user authority tree according to the information of the current user id, the authority platform type, the role, the application, the archive, the group, the node and the like;
s3-a, for users without authority, the users are not revealed. For example, after Zhang San enters a 'create version and build the pipeline' function, the system generates a permission search path through a database table A generated by a permission map, searches in a database table B generated by a user permission tree, for example, reads a data permission type platform 2 'git management platform' in the table A, records that the application is 'yes', records that the group is 'yes', records that the role is a 'version manager', matches the table B according to the permission management platform, the application, the group and the role, inquires about the permission of the version manager of a group 2 of three personal internet banking applications, searches the table B, searches for the permission of a personal internet banking group 2 of three personal internet banking systems, and displays only 'personal internet banking application' in a front-end application drop-down frame, and links the drop-down group to display only 'group 2', does not display other applications and other groups of personal internet banking;
S3-b: judging the operation type, matching the operation type with the user authority map according to the information of the current user id, the authority platform type, the role, the application, the archive, the group, the node and the like, and disabling buttons such as new addition, modification, deletion, delivery and the like by a foreground for users without authorities and refusing to execute after further judgment by a background so as to prevent front end tampering, wherein the process is similar to S3-b. Such as: when a user enters version continuous delivery system version production, only the application and group content with authority of the user in vaim can be selected in the function of the newly added version package, the version package of other non-authority groups can not be produced, and meanwhile, the authority of the git archive of source codes configured in the version package is checked, so that only the version package with related authority is allowed to be produced.
According to the application, through executing the specific operation process, the authority of the version continuous delivery system is subjected to refined management through the git authority and the vaim authority, so that the authority is reduced to the minimum necessary range, and through generating the service map of the version continuous delivery system and the authority maps of all platforms of users, the authority refined management of the version continuous delivery system is realized, and the override operation risk and misoperation risk caused by overlarge system authority in the version continuous delivery system are avoided. And meanwhile, the quasi-real-time synchronous permission is carried out through the permission platform related to the version continuous delivery system, so that the accuracy of the version continuous delivery system permission is improved, and the timeliness of adjusting the user permission to the minimum necessary range is improved.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
The embodiment of the application also provides a response device for the account operation request, and it is to be noted that the response device for the account operation request of the embodiment of the application can be used for executing the response method for the account operation request provided by the embodiment of the application. The following describes a response device for an account operation request provided by the embodiment of the present application.
Fig. 6 is a schematic diagram of a response device for an account operation request according to an embodiment of the present application. As shown in fig. 6, the apparatus includes:
the receiving unit 602 is configured to receive a target operation request sent by a target account, where the target operation request is used to request a target management operation on a target application item;
an obtaining unit 604, configured to obtain N authentication paths matched with the target management operation according to the target operation request, where the N authentication paths respectively correspond to N project control platforms, where the N project control platforms are all used to implement the target management operation, and the authentication paths are used to indicate an information item set of authentication information items required by the target management operation in the corresponding project control platforms, and N is an integer greater than or equal to 1;
The query unit 606 is configured to query in an authorization operation set corresponding to the target account according to information item sets respectively indicated by the N authentication paths, where the authorization operation set includes authorized management operations of the target account in the N project control platforms;
a transmitting unit 608 for transmitting response information corresponding to the target operation request based on the query result
Optionally, the query unit includes: a first obtaining unit, configured to obtain a permission tree corresponding to the target account, where the permission tree is used to indicate a set of management operations authorized by the target account, and each node in the permission tree corresponds to one authentication information item; the second acquisition unit is used for acquiring N authority tree branches which are respectively matched with the N project control platforms in the authority tree, and the first inquiry subunit is used for sequentially acquiring an authentication path from the N authentication paths as a current path and inquiring in the current authority tree branch corresponding to the current path based on the information item set included in the current path to obtain an authorization operation subset corresponding to the current authority tree branch; a first determination unit: and determining the query result according to the inclusion relation between the authorization operation subset corresponding to each of the N authority tree branches and the target management operation.
Optionally, the first determining unit includes: a first determining subunit, configured to determine that the target management operation is an executable operation when the target management operation is included in the authorized operation subsets corresponding to the N authority tree branches, and a second determining subunit, configured to determine that the target management operation is an non-executable operation when the target management operation is not included in the authorized operation subsets.
Optionally, the transmitting unit includes at least one of: a first sending unit, configured to send a display instruction associated with the target management operation when it is determined that the target account is configured with the operation authority of the target management operation based on the query result, where the display instruction is used to display an operation option associated with the target management operation, and the response information includes the display instruction; and a second transmitting unit configured to transmit, when it is determined to execute the target management operation based on the query result, first execution hint information corresponding to an execution result of the target management operation, where the response information includes the execution hint information.
Optionally, the transmitting unit includes at least one of: a third sending unit, configured to send a disabling instruction associated with the target management operation, where the disabling instruction is used to hide an operation option associated with the target management operation, and the response information includes the disabling instruction, where the determining unit is configured to determine, based on the query result, that the target account is not configured with an operation authority of the target management operation; and a fourth sending unit, configured to send second execution prompting information when it is determined, based on the query result, that the target account is not configured with the operation authority of the target management operation, where the second execution prompting information is used to indicate that the target account is not configured with the operation authority of the target management operation, and the second execution prompting information includes execution failure prompting information.
Optionally, the response device is further configured to obtain rights information matched with the reference management operation, where the rights information includes M authentication information items, where M is an integer greater than or equal to 1, and the authentication information items include at least one of the following: item control platform identification information, application type information, account type information and group information; and creating at least one reference authentication path for the reference management operation according to the authority information.
Optionally, the response device is further configured to obtain an authorization operation set configured for the target account; and establishing a right tree corresponding to the target account according to the authorization condition information corresponding to each authorization operation in the authorization operation set, wherein each node in the right tree corresponds to an authentication information item in the authorization condition information.
Optionally, the response device is further configured to update the N authentication paths that match the target management operation when the permission condition of the target management operation changes; and under the condition that the authority of the reference authorization operation of the target account number is changed, updating the authorization operation set corresponding to the target account number.
Alternatively, in this embodiment, the embodiments to be implemented by each unit module may refer to the embodiments of each method described above, which are not described herein again.
The response device of the account operation request provided by the embodiment of the application is used for receiving the target operation request sent by the target account through the receiving unit, wherein the target operation request is used for requesting target management operation on the target application item; an obtaining unit, configured to obtain N authentication paths matched with the target management operation according to the target operation request, where the N authentication paths respectively correspond to N project control platforms, where the N project control platforms are each configured to implement the target management operation, and the authentication paths are configured to indicate an information item set of authentication information items required for the target management operation in the corresponding project control platform, and N is an integer greater than or equal to 1; the inquiring unit is used for inquiring in the authorizing operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths, wherein the authorizing operation set comprises authorized management operations of the target account in the N project control platforms; and the sending unit is used for sending response information corresponding to the target operation request based on the query result, so that the problem that the user permission is overlarge due to the fact that the user permission cannot be finely configured in the related technology is solved. And further, the user authority is finely managed, so that the authority is reduced to the minimum necessary range, and the configuration manager is prevented from misoperation, and the wrong version is produced or delivered.
The response device of the account number operation request comprises a processor and a memory, wherein the receiving unit, the obtaining unit, the inquiring unit, the sending unit and the like are all stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one kernel, and the kernel parameters are adjusted to carry out fine management on the authority of the version continuous delivery system, so that the authority is reduced to the minimum necessary range.
The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.
The embodiment of the invention provides a computer readable storage medium, wherein a program is stored on the computer readable storage medium, and the program is executed by a processor to realize a response method of an account operation request.
The embodiment of the invention provides a processor, which is used for running a program, wherein the response method of an account operation request is executed when the program runs.
As shown in fig. 7, an embodiment of the present invention provides an electronic device, where the device includes a memory 702, a processor 704, a transmission device 706, a display 708, a connection bus 710, and a program stored on the memory and executable on the processor, and when the processor executes the program, the following steps are implemented:
receiving a target operation request sent by a target account, and acquiring N authentication paths matched with target management operation according to the target operation request; inquiring in an authorization operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths; transmitting response information corresponding to the target operation request based on the query result;
according to the information item sets respectively indicated by the N authentication paths, querying in the authorization operation set corresponding to the target account comprises the following steps: acquiring a permission tree corresponding to a target account; acquiring N authority tree branches which are respectively matched with N project control platforms in the authority tree; sequentially acquiring an authentication path from the N authentication paths as a current path, and inquiring in a current authority tree branch corresponding to the current path based on an information item set included in the current path to obtain an authorization operation subset corresponding to the current authority tree branch; determining a query result according to the inclusion relation between the authorization operation subset corresponding to each of the N authority tree branches and the target management operation;
Determining a query result according to the inclusion relation between the authorization operation subset corresponding to each of the N rights tree branches and the target management operation comprises: under the condition that the authorization operation subsets corresponding to the N authority tree branches respectively comprise target management operations, determining the target management operations as executable operations; in the event that the target management operation is not included in the subset of authorized operations, determining that the target management operation is an unexecutable operation;
transmitting response information corresponding to the target operation request based on the query result, wherein the response information comprises at least one of the following components: transmitting a display instruction associated with the target management operation under the condition that the target account is determined to be configured with the operation authority of the target management operation based on the query result; under the condition that the execution of the target management operation is determined based on the query result, sending first execution prompt information corresponding to the execution result of the target management operation;
transmitting response information corresponding to the target operation request based on the query result, wherein the response information comprises at least one of the following components: transmitting a disabling instruction associated with the target management operation under the condition that the target account is determined not to be configured with the operation authority of the target management operation based on the query result; sending second execution prompt information under the condition that the target account is determined not to be configured with the operation authority of the target management operation based on the query result;
Before receiving the target operation request sent by the target account, the method further comprises the following steps: acquiring authority information matched with a reference management operation; creating at least one reference authentication path for reference management operation according to the authority information;
before receiving the target operation request sent by the target account, the method further comprises the following steps: acquiring an authorization operation set configured for a target account; establishing a permission tree corresponding to the target account according to the authorization condition information corresponding to each authorization operation in the authorization operation set;
after sending the response information corresponding to the target operation request based on the query result, the method further comprises the following steps: under the condition that the authority conditions of the target management operation are changed, updating N authentication paths matched with the target management operation; and under the condition that the authority of the reference authorization operation of the target account is changed, updating the authorization operation set corresponding to the target account.
It should be noted that the device herein may be a server, a PC, a PAD, a mobile phone, or the like.
The application also provides a computer program product adapted to perform, when executed on a data processing device, a program initialized with the method steps of:
receiving a target operation request sent by a target account, and acquiring N authentication paths matched with target management operation according to the target operation request; inquiring in an authorization operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths; transmitting response information corresponding to the target operation request based on the query result;
According to the information item sets respectively indicated by the N authentication paths, querying in the authorization operation set corresponding to the target account comprises the following steps: acquiring a permission tree corresponding to a target account; acquiring N authority tree branches which are respectively matched with N project control platforms in the authority tree; sequentially acquiring an authentication path from the N authentication paths as a current path, and inquiring in a current authority tree branch corresponding to the current path based on an information item set included in the current path to obtain an authorization operation subset corresponding to the current authority tree branch; determining a query result according to the inclusion relation between the authorization operation subset corresponding to each of the N authority tree branches and the target management operation;
determining a query result according to the inclusion relation between the authorization operation subset corresponding to each of the N rights tree branches and the target management operation comprises: under the condition that the authorization operation subsets corresponding to the N authority tree branches respectively comprise target management operations, determining the target management operations as executable operations; in the event that the target management operation is not included in the subset of authorized operations, determining that the target management operation is an unexecutable operation;
transmitting response information corresponding to the target operation request based on the query result, wherein the response information comprises at least one of the following components: transmitting a display instruction associated with the target management operation under the condition that the target account is determined to be configured with the operation authority of the target management operation based on the query result; under the condition that the execution of the target management operation is determined based on the query result, sending first execution prompt information corresponding to the execution result of the target management operation;
Transmitting response information corresponding to the target operation request based on the query result, wherein the response information comprises at least one of the following components: transmitting a disabling instruction associated with the target management operation under the condition that the target account is determined not to be configured with the operation authority of the target management operation based on the query result; sending second execution prompt information under the condition that the target account is determined not to be configured with the operation authority of the target management operation based on the query result;
before receiving the target operation request sent by the target account, the method further comprises the following steps: acquiring authority information matched with a reference management operation; creating at least one reference authentication path for reference management operation according to the authority information;
before receiving the target operation request sent by the target account, the method further comprises the following steps: acquiring an authorization operation set configured for a target account; establishing a permission tree corresponding to the target account according to the authorization condition information corresponding to each authorization operation in the authorization operation set;
after sending the response information corresponding to the target operation request based on the query result, the method further comprises the following steps: under the condition that the authority conditions of the target management operation are changed, updating N authentication paths matched with the target management operation; under the condition that the authority of the reference authorization operation of the target account is changed, updating an authorization operation set corresponding to the target account;
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The application is described with reference to methods, apparatus, flowcharts and schematic diagrams of electronic devices according to embodiments of the application. It will be understood that each flowchart and block of the flowchart and schematic diagrams, and combinations of flowcharts and blocks in the flowchart and schematic diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and schematic diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and diagrams.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and schematic diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by the computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims (11)

1. A method for responding to an account operation request, comprising:
receiving a target operation request sent by a target account, wherein the target operation request is used for requesting target management operation on a target application item;
acquiring N authentication paths matched with the target management operation according to the target operation request, wherein the N authentication paths respectively correspond to N project control platforms, the N project control platforms are all used for realizing the target management operation, the authentication paths are used for indicating an information item set of authentication information items required by the target management operation in the corresponding project control platforms, and N is an integer greater than or equal to 1;
Inquiring in an authorization operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths, wherein the authorization operation set comprises authorized management operations of the target account in the N project control platforms;
and sending response information corresponding to the target operation request based on the query result.
2. The method according to claim 1, wherein the querying in the set of authorization operations corresponding to the target account number according to the sets of information items respectively indicated by the N authentication paths includes:
acquiring a permission tree corresponding to the target account, wherein the permission tree is used for indicating an authorized operation set authorized by the target account, and each node in the permission tree corresponds to one authentication information item respectively;
acquiring N authority tree branches which are matched with the N project control platforms respectively in the authority tree;
sequentially acquiring an authentication path from the N authentication paths as a current path, and inquiring in a current authority tree branch corresponding to the current path based on the information item set included in the current path to obtain an authorization operation subset corresponding to the current authority tree branch;
And determining the query result according to the inclusion relation between the authorization operation subset corresponding to each of the N authority tree branches and the target management operation.
3. The method of claim 2, wherein the determining the query result according to the inclusion relationship between the subset of authorized-operations and the target management operation corresponding to each of the N rights tree branches comprises:
determining that the target management operation is an executable operation under the condition that the authorization operation subsets corresponding to the N authority tree branches respectively comprise the target management operation;
in the event that the target management operation is not included in the subset of authorized operations, the target management operation is determined to be an unexecutable operation.
4. The method of claim 1, wherein the sending response information corresponding to the target operation request based on the query result comprises at least one of:
transmitting a display instruction associated with the target management operation under the condition that the target account is configured with the operation authority of the target management operation based on the query result, wherein the display instruction is used for displaying operation options associated with the target management operation, and the response information comprises the display instruction;
And under the condition that the target management operation is determined to be executed based on the query result, sending first execution prompt information corresponding to the execution result of the target management operation, wherein the response information comprises the execution prompt information.
5. The method of claim 2, wherein the sending response information corresponding to the target operation request based on the query result comprises at least one of:
transmitting a disabling instruction associated with the target management operation under the condition that the target account is not configured with the operation authority of the target management operation based on the query result, wherein the disabling instruction is used for hiding operation options associated with the target management operation, and the response information comprises the disabling instruction;
and sending second execution prompt information under the condition that the operation permission of the target management operation is not configured in the target account based on the query result, wherein the second execution prompt information is used for indicating the operation permission of the target account, which is not configured in the target management operation, and the second execution prompt information comprises execution failure prompt information.
6. The method according to claim 1, further comprising, prior to receiving the target operation request sent by the target account number:
Obtaining authority information matched with a reference management operation, wherein the authority information comprises M authentication information items, M is an integer greater than or equal to 1, and the authentication information items comprise at least one of the following: item control platform identification information, application type information, account type information and group information;
and creating at least one reference authentication path for the reference management operation according to the authority information.
7. The method according to claim 1, further comprising, prior to receiving the target operation request sent by the target account number:
acquiring an authorization operation set configured for a target account;
and establishing a right tree corresponding to the target account according to the authorization condition information corresponding to each authorization operation in the authorization operation set, wherein each node in the right tree corresponds to an authentication information item in the authorization condition information.
8. The method of claim 1, wherein after sending the response information corresponding to the target operation request based on the query result, further comprising:
under the condition that the authority conditions of the target management operation are changed, updating the N authentication paths matched with the target management operation;
And under the condition that the authority of the reference authorization operation of the target account is changed, updating the authorization operation set corresponding to the target account.
9. A response device for an account operation request, comprising:
the receiving unit is used for receiving a target operation request sent by a target account, wherein the target operation request is used for requesting target management operation on a target application item;
the acquisition unit is used for acquiring N authentication paths matched with the target management operation according to the target operation request, wherein the N authentication paths respectively correspond to N project control platforms, the N project control platforms are all used for realizing the target management operation, the authentication paths are used for indicating an information item set of authentication information items required by the target management operation in the corresponding project control platforms, and N is an integer greater than or equal to 1;
the inquiring unit is used for inquiring in an authorized operation set corresponding to the target account according to the information item sets respectively indicated by the N authentication paths, wherein the authorized operation set comprises authorized management operations of the target account in the N project control platforms;
And the sending unit is used for sending response information corresponding to the target operation request based on the query result.
10. A processor for running a program, wherein the program when run performs the method of any one of claims 1 to 8.
11. An electronic device comprising one or more processors and memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-8.
CN202310646616.5A 2023-06-01 2023-06-01 Account operation request response method and device and electronic equipment Pending CN116578957A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310646616.5A CN116578957A (en) 2023-06-01 2023-06-01 Account operation request response method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310646616.5A CN116578957A (en) 2023-06-01 2023-06-01 Account operation request response method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN116578957A true CN116578957A (en) 2023-08-11

Family

ID=87539601

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310646616.5A Pending CN116578957A (en) 2023-06-01 2023-06-01 Account operation request response method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN116578957A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116992419A (en) * 2023-09-28 2023-11-03 江西省信息中心(江西省电子政务网络管理中心、江西省信用中心、江西省大数据中心) Map service sharing authority control method, system, electronic equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116992419A (en) * 2023-09-28 2023-11-03 江西省信息中心(江西省电子政务网络管理中心、江西省信用中心、江西省大数据中心) Map service sharing authority control method, system, electronic equipment and storage medium
CN116992419B (en) * 2023-09-28 2024-01-02 江西省信息中心(江西省电子政务网络管理中心、江西省信用中心、江西省大数据中心) Map service sharing authority control method, system, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
JP7222036B2 (en) Model training system and method and storage medium
JP2022000757A5 (en)
CN107026832B (en) Account login method, device and server
CN103282911A (en) Method for interworking trust between a trusted region and an untrusted region, method, server, and terminal for controlling the downloading of trusted applications, and control system applying same
CN110704863B (en) Configuration information processing method and device, computer equipment and storage medium
CN110909373B (en) Access control method, equipment, system and storage medium
US11995453B2 (en) Method and apparatus for generating image file and computer-readable storage medium
CN111143814B (en) Single sign-on method, micro-service access platform and storage medium
CN116578957A (en) Account operation request response method and device and electronic equipment
CN111177703B (en) Method and device for determining data integrity of operating system
CN106936907B (en) File processing method, logic server, access server and system
US10798119B2 (en) Command interception
US20230205849A1 (en) Digital and physical asset tracking and authentication via non-fungible tokens on a distributed ledger
US10454764B2 (en) System and method for managing machine images on a plurality of distributed servers
US20140143311A1 (en) Authority management system, server system, non-transitory computer- readable storage medium having stored therein authority management program, and authority management method
CN110175038B (en) Soft lock permission updating method and device
KR101548606B1 (en) A system and a computer-readable storage medium for remotely controlling an user equipment by an administrator's terminal
CN116232655B (en) Configuration application permission management method and system based on Internet of things cloud platform
CN117828663A (en) Log desensitization method, device, readable storage medium and computing equipment
CN118018557A (en) Application processing method, device, system and storage medium
CN115794773A (en) Model management method, model management device, storage medium, and electronic apparatus
CN118075014A (en) Encryption device configuration method and device and electronic device
CN114697396A (en) Request processing method and device, electronic equipment and readable storage medium
CN116232655A (en) Configuration application permission management method and system based on Internet of things cloud platform
CN116909660A (en) Function calling method and device of application program, processor and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination