CN116720174A - OA office system-based account generation authority intelligent classification supervision method - Google Patents
OA office system-based account generation authority intelligent classification supervision method Download PDFInfo
- Publication number
- CN116720174A CN116720174A CN202311006915.9A CN202311006915A CN116720174A CN 116720174 A CN116720174 A CN 116720174A CN 202311006915 A CN202311006915 A CN 202311006915A CN 116720174 A CN116720174 A CN 116720174A
- Authority
- CN
- China
- Prior art keywords
- authority
- account
- office
- department
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012795 verification Methods 0.000 claims abstract description 30
- 238000013145 classification model Methods 0.000 claims abstract description 28
- 238000012216 screening Methods 0.000 claims description 24
- 238000012937 correction Methods 0.000 claims description 8
- 230000001483 mobilizing effect Effects 0.000 claims description 5
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 abstract description 5
- 238000005457 optimization Methods 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 13
- 238000013475 authorization Methods 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Abstract
The invention relates to the technical field of account generation permission management, in particular to an intelligent classification and supervision method for account generation permission based on an OA office system. According to the method, the system and the device, the account authority generation classification model is constructed through designating the associated information of each office account in the enterprise, and the data optimization processing is carried out on the constructed account authority generation classification model, so that the limitation of enterprise office account authority distribution is eliminated, the accuracy, rationality and completeness of enterprise office account authority distribution are improved, intelligent classified management of enterprise office account generation authorities is realized, meanwhile, the change states of corresponding users of each office account are monitored, office accounts to be separated and office accounts to be moved are screened, corresponding verification processing is carried out, real-time supervision on enterprise office account generation authorities is realized, the problem that authorities of staff are not timely withdrawn or changed when the staff leaves or changes the job is effectively solved, and the enterprise authority management efficiency and the enterprise data safety are further improved.
Description
Technical Field
The invention relates to the technical field of account generation permission management, in particular to an intelligent classification and supervision method for account generation permission based on an OA office system.
Background
OA office systems play an important role in modern enterprise institutions, assisting business activities within the enterprise by providing convenient workflows and rights management functions. However, as enterprise size and complexity increases, the distribution of the generation rights for office accounts becomes more complex and critical. Conventional office account generation rights allocation management methods often have problems and challenges, such as complicated manual operations, inaccurate rights allocation, security risks, and the like.
To solve these problems, an office account generation right intelligent classification management method has been developed. The method combines a plurality of key technologies to improve the management efficiency and the security of office account generation permission distribution. However, the existing method still has certain defects: 1. the current method requires enterprise management personnel to set office account authority allocation rules in advance, so that the authority allocation of a new account is too dependent on the set authority allocation rules, once the set office account authority allocation rules are wrong, outdated or incomplete, the problem that the new account authority is not accurately, reasonably or inadequately allocated can be caused, and meanwhile, the set office account authority allocation rules can not timely track and manage the change and change of the authority, so that the management and maintenance of the enterprise account authority allocation are difficult, and the enterprise has the security problems of data leakage, data abuse and the like.
2. The current method lacks supervision of authority generation of enterprise office accounts, has the problem that the authority of the staff is not timely revoked or changed when the staff leaves the job or changes the job, so that the staff office accounts still maintain the access authority to the prior responsible field, thereby increasing potential security risks of data leakage and abuse, and different data access authorities may be required after the staff changes the job, if the authority is not timely changed, the authority of the staff office accounts is inconsistent with the authority of the actual work demands, and further inaccuracy and inconsistency of enterprise data access authority control are increased.
Disclosure of Invention
The invention aims to provide an account generation authority intelligent classification supervision method based on an OA office system, which solves the problems in the background technology.
The technical scheme adopted for solving the technical problems is as follows: the invention provides an OA office system-based account generation authority intelligent classification supervision method, which comprises the following steps: step one, acquiring enterprise office account association information: and extracting association information of each office account in the appointed enterprise, wherein the association information comprises basic information and authority information.
Step two, constructing an account authority generation classification model: analyzing and classifying the associated information of each office account to obtain a user basic authority group corresponding to each department, a related authority group of each post and a hierarchical authority group of each post corresponding to each department of the appointed enterprise, and further constructing an account authority generation classification model of the appointed enterprise.
Generating new account permission: substituting the generation request information of the new account into the account authority generation classification model to generate a new account corresponding authority group.
Step four, checking the new account authority: and sending the corresponding permission group of the new account to a corresponding department manager, and obtaining the verification permission group of the new account after verification.
Step five, new account authority supervision: analyzing the authorization authority group of the new account, analyzing the authority generation coincidence coefficient of the new account, if the authorization generation coincidence coefficient is smaller than the preset authorization generation coincidence coefficient, merging the new account into each office account, and repeating the step one.
Step six, enterprise office account supervision: and supervising the change state of the corresponding user of each office account in the appointed enterprise, and screening each office account to be separated and each office account to be mobilized.
Step seven, enterprise office account screening treatment: analyzing the authority matching degree of each transferring office account, screening each transferring office account with the authority matching degree not conforming to the authority matching degree, and recording the transferring office account as each target office account, so as to verify the authority of each target office account and each office account to be separated from the office account.
Further, the basic information comprises departments, posts and positions where the users are located, and the permission information comprises a current assigned permission group and a history permission assignment record, wherein the history permission assignment record comprises a pre-adjustment department, post and assignment permission group and a post-adjustment department, post and assignment permission group corresponding to each history assignment.
Further, the analyzing and classifying the associated information of each office account specifically includes: and screening each office account corresponding to each department in the appointed enterprise, each office account corresponding to each post in each department and each office account of each post in each department according to the associated information of each office account in the appointed enterprise.
And extracting authority information of each department corresponding to each office account in the appointed enterprise to obtain a current assigned authority group of each department corresponding to each office account, comparing the current assigned authority groups of each department corresponding to each office account with each other, screening each assigned authority corresponding to the same department, and forming a basic authority group of each department corresponding to a user.
The authority information of each office account corresponding to each position in each department in a designated enterprise is extracted, the same assigned authority corresponding to each position in each department is obtained through comparison, the same assigned authority groups corresponding to each position in each department are recorded, the historical authority assignment records of each office account in each department are extracted, the adjustment assigned authority groups corresponding to each position in each department are obtained through screening, and the same assigned authority groups corresponding to each position in each department are compared with the adjustment assigned authority groups to obtain the authority groups related to each position in each department.
The authority information of each office account of each position in each department in an appointed enterprise is extracted, the positions of which the corresponding levels are lower by one level in each position in each department are screened according to the levels of each position in each department, the positions are marked as reference positions of each position, the current assigned authority group of each office account of each position in each department is compared with the current assigned authority group of each office account of the corresponding reference position, and the hierarchical authority groups of each position in each department are screened.
Further, the screening mode of the hierarchical authority group of each position in each department is as follows: comparing the current assigned permission group of each office account of each position in each department with the current assigned permission group of each office account of the corresponding reference position, if the current assigned permission of a certain office account of a certain position in a certain department does not appear in the current assigned permission group of each office account of the corresponding reference position, taking the assigned permission in the current assigned permission group of the office account of the position in the department as a target assignment permission, counting the target assignment permissions of each office account of each position in each department, screening the target assignment permissions of each position in each department, and forming a grading permission group of each position in each department.
Further, the specific way of generating the new account corresponding permission group is as follows: substituting departments, positions and positions in the generation request information of the new account into an account authority generation classification model to obtain a user basic authority group of the corresponding department of the new account, a hierarchical authority group of the corresponding positions in the corresponding department of the new account and related authority groups of the corresponding positions in the corresponding position of the corresponding department of the new account, and collecting the hierarchical authority groups to obtain the corresponding authority groups of the new account.
Further, the authority of the new account is analyzed to generate a coincidence coefficient, and the specific content is as follows: extracting a basic authority group of a verification user, a verification post related authority group and a verification post grading authority group of a new account corresponding department from the verification authority group of the new account, comparing the basic authority group, the verification post related authority group and the verification post grading authority group with the corresponding authority group of the new account, analyzing the authority of the new account to generate a coincidence coefficientIn the formula->Corresponding coincidence of set user basic authority, post related authority and post grading authorityDuty ratio weight, and,/>the user basic authority group and the user basic authority group of the departments are respectively approved for the corresponding departments of the new account, and the user basic authority group of the departments is +.>The authority group is related to the verification positions of the corresponding departments of the new account, the authority group is related to the corresponding positions in the departments, and the authority group is->The authority group is classified for the corresponding positions of the corresponding departments of the new account, the authority group is classified for the corresponding positions in the departments, and the authority group is ∈>Correction-compliant influence factors of user basic authority, post-related authority and post-grading authority, respectively +.>Is a natural constant.
Further, the method for acquiring the correction influence factor conforming to the user basic authority comprises the following steps: comparing the basic authority group of the authorized user of the corresponding department of the new account with the basic authority group of the user of the department to obtain different basic authorities, marking the basic authorities as target basic authorities, and counting the number of target basic authoritiesMatching each target basic authority with the user basic authority groups corresponding to each other department in the account authority generation classification model to obtain other departments corresponding to each target basic authority, and counting the target basic authority number of each other department>,/>,/>For numbering of each other department, extracting the matching degree of the corresponding department of the new account and each other department from the appointed enterprise database, and analyzing the coincidence correction influence factor of the user basic authority>In the formula->Corresponding department and +.>Degree of coordination of other departments, and ∈>。
Further, the change state of the user is a waiting-for-job state, a job-adjusting state and a department-adjusting state.
Further, the authority matching degree analysis mode of each mobilizing office account is as follows: obtaining the associated information after corresponding change of each mobilization office account according to the change state of each mobilization office account, extracting the current allocated authority group after corresponding change of each mobilization office account, substituting the basic information after corresponding change of each mobilization office account into an account authority generation classification model according to the basic information after corresponding change of each mobilization office account to obtain the generation authority group corresponding to each mobilization office account, comparing the generation authority group with the current allocated authority group after corresponding change of each mobilization office account to obtain the same authority number corresponding to each mobilization office account, and recording the same authority number as the same authority number corresponding to each mobilization office account,/>,/>Office account for each mobilizationUser number, analyzing authority matching degree of each mobilization office account +.>In the formula->Respectively the firstAnd each mobilizing office account corresponds to the changed current assigned permission group and generates the corresponding permission number of the permission group.
Compared with the prior art, the invention has the following beneficial effects: (1) According to the method, basic information and authority information of each office account in the appointed enterprise are analyzed and classified, and an account authority generation classification model of the appointed enterprise is constructed, so that limitation of authority distribution of the enterprise office accounts is eliminated, accuracy, rationality and completeness of authority distribution of the enterprise office accounts are improved, and intelligent classification management of authority generation of the enterprise office accounts is realized.
(2) According to the method, the corresponding permission group of the new account is generated through the account permission generation classification model, and the verified verification permission group of the department manager is compared, the permission generation coincidence coefficient of the new account is analyzed, and then data optimization processing is carried out on the constructed account permission generation classification model, so that the account permission generation classification model can timely track and manage the change and change of the permission, the management and maintenance difficulty of enterprise account permission distribution is reduced, and the safety problems of data leakage, data abuse and the like of enterprises are further avoided.
(3) According to the method and the system for monitoring the office account generation permission, the change state of the office accounts corresponding to the users in the appointed enterprise is monitored, and the office accounts to be taken off and the office accounts to be mobilized are screened, so that the enterprise office account generation permission is monitored in real time, the problem that the permission of an employee is not timely revoked or changed when the employee leaves the office or changes the office is effectively solved, and the potential safety risks of data leakage and abuse are further reduced.
(4) According to the invention, each mobilization office account with the authority matching degree not conforming to the authority matching degree is recorded as each target office account, and the authorities of each target office account and each office account to be divorced from are verified, so that the enterprise office account generation authorities can be updated in time, the enterprise office account authorities are ensured to be consistent with the actual work demand authorities, the accuracy and consistency of enterprise data access authority control are further improved, and the enterprise authority management efficiency and the enterprise data security are further improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of the method of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, the invention provides an intelligent classification and supervision method for account generation permission based on an OA office system, which comprises the following steps: step one, acquiring enterprise office account association information: and extracting association information of each office account in the appointed enterprise, wherein the association information comprises basic information and authority information.
In a preferred embodiment, the basic information includes departments, posts and positions where the user is located, and the authority information includes a current assigned authority group and a history authority assignment record, where the history authority assignment record includes a pre-adjustment department, post and assignment authority group and a post-adjustment department, post and assignment authority group corresponding to each history assignment.
Step two, constructing an account authority generation classification model: analyzing and classifying the associated information of each office account to obtain a user basic authority group corresponding to each department, a related authority group of each post and a hierarchical authority group of each post corresponding to each department of the appointed enterprise, and further constructing an account authority generation classification model of the appointed enterprise.
In a preferred embodiment, the parsing and classifying the association information of each office account specifically includes: and screening each office account corresponding to each department in the appointed enterprise, each office account corresponding to each post in each department and each office account of each post in each department according to the associated information of each office account in the appointed enterprise.
And extracting authority information of each department corresponding to each office account in the appointed enterprise to obtain a current assigned authority group of each department corresponding to each office account, comparing the current assigned authority groups of each department corresponding to each office account with each other, screening each assigned authority corresponding to the same department, and forming a basic authority group of each department corresponding to a user.
The authority information of each office account corresponding to each position in each department in a designated enterprise is extracted, the same assigned authority corresponding to each position in each department is obtained through comparison, the same assigned authority groups corresponding to each position in each department are recorded, the historical authority assignment records of each office account in each department are extracted, the adjustment assigned authority groups corresponding to each position in each department are obtained through screening, and the same assigned authority groups corresponding to each position in each department are compared with the adjustment assigned authority groups to obtain the authority groups related to each position in each department.
The authority information of each office account of each position in each department in an appointed enterprise is extracted, the positions of which the corresponding levels are lower by one level in each position in each department are screened according to the levels of each position in each department, the positions are marked as reference positions of each position, the current assigned authority group of each office account of each position in each department is compared with the current assigned authority group of each office account of the corresponding reference position, and the hierarchical authority groups of each position in each department are screened.
It should be explained that the acquisition mode of the permission group related to each post in each department is as follows: extracting a pre-adjustment department, a post and an allocation permission group corresponding to each time of history allocation in a history permission allocation record of each office account in each department, and a post-adjustment department, a post and an allocation permission group, taking each time of history allocation of the same pre-adjustment department and post-adjustment department as each time of appointed history allocation, and counting the pre-adjustment post and the allocation permission group and the post-adjustment post and the allocation permission group of each time of appointed history allocation of each office account in each department.
The office accounts in the departments are obtained through comparison, the office accounts in the departments are assigned with different assignment authorities corresponding to post-adjustment and post-adjustment assignment authorities, the office accounts in the departments are assigned with adjustment assignment authorities corresponding to post-adjustment by the assigned histories, the adjustment assignment authorities of the posts in the departments are counted, the adjustment assignment authorities of the posts in the departments in the office account history authorities are compared with each other, the adjustment assignment authorities of the posts in the departments in the office account history authorities are screened, the posts in the departments correspond to the same adjustment assignment authorities, and the adjustment assignment authorities corresponding to the posts in the departments are formed.
Comparing the same allocation authority group corresponding to each position in each department with the adjustment allocation authority group, if the allocation authority range of the same allocation authority group corresponding to a position in a certain department is smaller than the allocation authority range of the corresponding adjustment allocation authority group, the related authority group of the position in the department is the corresponding same allocation authority group, otherwise, the related authority group of the position in the department is the corresponding adjustment allocation authority group.
It should be explained that the screening mode of the hierarchical authority group of each position in each department is as follows: comparing the current assigned permission group of each office account of each position in each department with the current assigned permission group of each office account of the corresponding reference position, if the current assigned permission of a certain office account of a certain position in a certain department does not appear in the current assigned permission group of each office account of the corresponding reference position, taking the assigned permission in the current assigned permission group of the office account of the position in the department as a target assignment permission, counting the target assignment permissions of each office account of each position in each department, screening the target assignment permissions of each position in each department, and forming a grading permission group of each position in each department.
The invention analyzes and classifies the basic information and the authority information of each office account in the appointed enterprise, and constructs the account authority generation classification model of the appointed enterprise, thereby eliminating the limitation of authority distribution of the enterprise office account, improving the accuracy, rationality and integrity of authority distribution of the enterprise office account, and further realizing intelligent classification management of the authority generation authority of the enterprise office account.
Generating new account permission: substituting the generation request information of the new account into the account authority generation classification model to generate a new account corresponding authority group.
In a preferred embodiment, the specific way of generating the new account corresponding permission group is as follows: substituting departments, positions and positions in the generation request information of the new account into an account authority generation classification model to obtain a user basic authority group of the corresponding department of the new account, a hierarchical authority group of the corresponding positions in the corresponding department of the new account and related authority groups of the corresponding positions in the corresponding position of the corresponding department of the new account, and collecting the hierarchical authority groups to obtain the corresponding authority groups of the new account.
Step four, checking the new account authority: and sending the corresponding permission group of the new account to a corresponding department manager, and obtaining the verification permission group of the new account after verification.
Step five, new account authority supervision: analyzing the authorization authority group of the new account, analyzing the authority generation coincidence coefficient of the new account, if the authorization generation coincidence coefficient is smaller than the preset authorization generation coincidence coefficient, merging the new account into each office account, and repeating the step one.
In a preferred embodiment, the authority of the new account is analyzed to generate the coincidence coefficient, and the specific contents are as follows: verification users of corresponding departments of new accounts are extracted from verification authority groups of the new accountsThe basic authority group and the verification post relate to the authority group and the verification post grading authority group, the basic authority group and the verification post grading authority group are compared with the corresponding authority group of the new account, and the authority of the new account is analyzed to generate a coincidence coefficientIn the formula->The set user basic authority, post related authority and post grading authority are respectively corresponding to the corresponding duty ratio weight, and,/>the user basic authority group and the user basic authority group of the departments are respectively approved for the corresponding departments of the new account, and the user basic authority group of the departments is +.>The authority group is related to the verification positions of the corresponding departments of the new account, the authority group is related to the corresponding positions in the departments, and the authority group is->The authority group is classified for the corresponding positions of the corresponding departments of the new account, the authority group is classified for the corresponding positions in the departments, and the authority group is ∈>Correction-compliant influence factors of user basic authority, post-related authority and post-grading authority, respectively +.>Is a natural constant.
It should be explained that, the method for acquiring the correction influence factor conforming to the user basic authority is as follows: comparing the basic authority group of the authorized user of the corresponding department of the new account with the basic authority group of the user of the department to obtain different basic authorities, marking the basic authorities as target basic authorities, and counting the number of target basic authoritiesMatching each target basic authority with the user basic authority groups corresponding to each other department in the account authority generation classification model to obtain other departments corresponding to each target basic authority, and counting the target basic authority number of each other department>,/>,/>For numbering of each other department, extracting the matching degree of the corresponding department of the new account and each other department from the appointed enterprise database, and analyzing the coincidence correction influence factor of the user basic authority>In the formula->Corresponding department and +.>Degree of coordination of other departments, and ∈>。
Further, according to the method for acquiring the coincidence correction influence factors of the user basic authorities, coincidence correction influence factors of authority related to the positions of the user and position grading authorities are acquired.
The method and the system can be used for comparing the corresponding permission group of the new account with the verification permission group verified by the department manager through the account permission generation classification model, analyzing the permission generation coincidence coefficient of the new account, and further carrying out data optimization processing on the constructed account permission generation classification model, so that the account permission generation classification model can timely track and manage the change and change of the permission, the management and maintenance difficulty of enterprise account permission distribution is reduced, and the safety problems of data leakage, data abuse and the like of enterprises are further avoided.
Step six, enterprise office account supervision: and supervising the change state of the corresponding user of each office account in the appointed enterprise, and screening each office account to be separated and each office account to be mobilized.
In a preferred embodiment, the user's change status is an off-job status, a post-job status, and a department-job status.
It should be noted that, the invention monitors the change state of the corresponding user of each office account in the appointed enterprise, screens each office account to be moved away and each office account to be mobilized, thereby realizing real-time monitoring of the generation authority of the office account of the enterprise, effectively solving the problem that the authority of the staff is not timely revoked or changed when the staff leaves the office or changes the office, and further reducing the potential security risks of data leakage and abuse.
Step seven, enterprise office account screening treatment: analyzing the authority matching degree of each transferring office account, screening each transferring office account with the authority matching degree not conforming to the authority matching degree, and recording the transferring office account as each target office account, so as to verify the authority of each target office account and each office account to be separated from the office account.
In a preferred embodiment, the authority matching degree analysis manner of each mobilization office account is as follows: obtaining the associated information after corresponding change of each mobilization office account according to the change state of each mobilization office account, extracting the current allocated authority group after corresponding change of each mobilization office account, substituting the basic information after corresponding change of each mobilization office account into an account authority generation classification model according to the basic information after corresponding change of each mobilization office account to obtain the generation authority group corresponding to each mobilization office account, comparing the generation authority group with the current allocated authority group after corresponding change of each mobilization office account to obtain the same authority number corresponding to each mobilization office account, and recording the same authority number as the same authority number corresponding to each mobilization office account,/>,/>For the number of each mobilization office account, analyzing the authority matching degree of each mobilization office account +.>In the followingRespectively +.>And each mobilizing office account corresponds to the changed current assigned permission group and generates the corresponding permission number of the permission group.
Further, the verifying the authority of each target office account and each office account to be left specifically includes: comparing the authority matching degree of each transferring office account with a set authority matching degree threshold, if the authority matching degree of a certain transferring office account is smaller than the set authority matching degree threshold, the transferring office account is a transferring office account with the authority matching degree not conforming, screening each transferring office account with the authority matching degree not conforming, recording the transferring office account as each target office account, further verifying and correcting the authority of each target office account, and carrying out withdrawal and recovery processing on the authority of the office account according to the departure time of the user corresponding to each office account to be departed.
In the invention, each mobilization office account with the authority matching degree not conforming to the authority matching degree is recorded as each target office account, and the authorities of each target office account and each office account to be divorced are verified, so that the enterprise office account generation authorities can be updated in time, the enterprise office account authorities are ensured to be consistent with the actual work demand authorities, the accuracy and consistency of enterprise data access authority control are further improved, and the enterprise authority management efficiency and the enterprise data security are further improved.
The foregoing is merely illustrative and explanatory of the principles of this invention, as various modifications and additions may be made to the specific embodiments described, or similar arrangements may be substituted by those skilled in the art, without departing from the principles of this invention or beyond the scope of this invention as defined in the claims.
Claims (9)
1. An intelligent classification and supervision method for account generation permission based on an OA office system is characterized by comprising the following steps:
step one, acquiring enterprise office account association information: extracting association information of each office account in a designated enterprise, wherein the association information comprises basic information and authority information;
step two, constructing an account authority generation classification model: analyzing and classifying the associated information of each office account to obtain a user basic authority group corresponding to each department, a related authority group of each post and a hierarchical authority group of each post corresponding to each department of a designated enterprise, and further constructing an account authority generation classification model of the designated enterprise;
generating new account permission: substituting the generation request information of the new account into an account authority generation classification model to generate a new account corresponding authority group;
step four, checking the new account authority: the corresponding authority group of the new account is sent to corresponding department management personnel, and the verification is carried out to obtain a verification authority group of the new account;
step five, new account authority supervision: analyzing the verification authority group of the new account, analyzing the authority generation coincidence coefficient of the new account, if the authority generation coincidence coefficient is smaller than the preset authority generation coincidence coefficient, merging the new account into each office account, and repeating the first step;
step six, enterprise office account supervision: supervision is carried out on the change state of the corresponding user of each office account in the appointed enterprise, and each office account to be separated and each mobilized office account are screened;
step seven, enterprise office account screening treatment: analyzing the authority matching degree of each transferring office account, screening each transferring office account with the authority matching degree not conforming to the authority matching degree, and recording the transferring office account as each target office account, so as to verify the authority of each target office account and each office account to be separated from the office account.
2. The OA office system-based account generation rights intelligent classification and supervision method of claim 1, wherein: the basic information comprises departments, posts and positions where users are located, and the permission information comprises a current assigned permission group and a history permission assignment record, wherein the history permission assignment record comprises a pre-adjustment department, post and assignment permission group and a post-adjustment department, post and assignment permission group corresponding to each history assignment.
3. The OA-office-system-based account generation rights intelligent classification and supervision method of claim 2, wherein: the analyzing and classifying the associated information of each office account specifically comprises the following steps:
screening each office account corresponding to each department in the appointed enterprise, each office account corresponding to each post in each department and each office account of each post in each department according to the associated information of each office account in the appointed enterprise;
extracting authority information of each department corresponding to each office account in a designated enterprise to obtain a current assigned authority group of each department corresponding to each office account, comparing the current assigned authority groups of each department corresponding to each office account with each other, screening each assigned authority corresponding to the same department, and forming a user basic authority group corresponding to each department;
extracting authority information of office accounts corresponding to all positions in all departments in a designated enterprise, comparing to obtain all allocated authorities corresponding to the same positions in all departments, recording as the same allocation authority groups corresponding to all positions in all departments, extracting historical authority allocation records of office accounts in all departments, screening to obtain adjustment allocation authority groups corresponding to all positions in all departments, and comparing the same allocation authority groups corresponding to all positions in all departments with the adjustment allocation authority groups to obtain related authority groups of all positions in all departments;
the authority information of each office account of each position in each department in an appointed enterprise is extracted, the positions of which the corresponding levels are lower by one level in each position in each department are screened according to the levels of each position in each department, the positions are marked as reference positions of each position, the current assigned authority group of each office account of each position in each department is compared with the current assigned authority group of each office account of the corresponding reference position, and the hierarchical authority groups of each position in each department are screened.
4. An OA office system based account generation rights intelligent classification and supervision method according to claim 3 wherein: the hierarchical authority group screening mode of each position in each department is as follows: comparing the current assigned permission group of each office account of each position in each department with the current assigned permission group of each office account of the corresponding reference position, if the current assigned permission of a certain office account of a certain position in a certain department does not appear in the current assigned permission group of each office account of the corresponding reference position, taking the assigned permission in the current assigned permission group of the office account of the position in the department as a target assignment permission, counting the target assignment permissions of each office account of each position in each department, screening the target assignment permissions of each position in each department, and forming a grading permission group of each position in each department.
5. The OA office system-based account generation rights intelligent classification and supervision method of claim 1, wherein: the specific mode for generating the new account corresponding permission group is as follows:
substituting departments, positions and positions in the generation request information of the new account into an account authority generation classification model to obtain a user basic authority group of the corresponding department of the new account, a hierarchical authority group of the corresponding positions in the corresponding department of the new account and related authority groups of the corresponding positions in the corresponding position of the corresponding department of the new account, and collecting the hierarchical authority groups to obtain the corresponding authority groups of the new account.
6. The OA office system-based account generation rights intelligent classification and supervision method of claim 5, wherein: the authority generation coincidence coefficient of the new account is analyzed, and the specific contents are as follows:
extracting a basic authority group of a verification user, a verification post related authority group and a verification post grading authority group of a new account corresponding department from the verification authority group of the new account, comparing the basic authority group, the verification post related authority group and the verification post grading authority group with the corresponding authority group of the new account, analyzing the authority of the new account to generate a coincidence coefficientIn the formula->The corresponding weight of the set user basic authority, post related authority and post grading authority are respectively in accordance with the duty ratio weight, and +.>,/>The user basic authority group and the user basic authority group of the departments are respectively approved for the corresponding departments of the new account, and the user basic authority group of the departments is +.>The authority group is related to the verification positions of the corresponding departments of the new account, the authority group is related to the corresponding positions in the departments, and the authority group is->The authority group is classified for the corresponding positions of the corresponding departments of the new account, the authority group is classified for the corresponding positions in the departments, and the authority group is ∈>Correction-compliant influence factors of user basic authority, post-related authority and post-grading authority, respectively +.>Is a natural constant.
7. The OA office system-based account generation rights intelligent classification and supervision method of claim 6 wherein: the method for acquiring the correction influence factor according with the user basic authority comprises the following steps:
comparing the basic authority group of the authorized user of the corresponding department of the new account with the basic authority group of the user of the department to obtain different basic authorities, marking the basic authorities as target basic authorities, and counting the number of target basic authoritiesMatching each target basic authority with the user basic authority groups corresponding to each other department in the account authority generation classification model to obtain other departments corresponding to each target basic authority, and counting the target basic authority number of each other department>,/>,/>For numbering of each other department, extracting the matching degree of the corresponding department of the new account and each other department from the appointed enterprise database, and analyzing the coincidence correction influence factor of the user basic authority>In the formula->Corresponding department and +.>Degree of coordination of other departments, and ∈>。
8. The OA office system-based account generation rights intelligent classification and supervision method of claim 1, wherein: the change states of the user are a waiting job state, a job adjustment state and a department adjustment state.
9. The OA office system-based account generation rights intelligent classification and supervision method of claim 8, wherein: the authority matching degree analysis mode of each mobilizing office account is as follows:
obtaining the associated information after corresponding change of each mobilization office account according to the change state of each mobilization office account, extracting the current allocated authority group after corresponding change of each mobilization office account, substituting the basic information after corresponding change of each mobilization office account into an account authority generation classification model according to the basic information after corresponding change of each mobilization office account to obtain the generation authority group corresponding to each mobilization office account, comparing the generation authority group with the current allocated authority group after corresponding change of each mobilization office account to obtain the same authority number corresponding to each mobilization office account, and recording the same authority number as the same authority number corresponding to each mobilization office account,/>,/>For the number of each mobilization office account, analyzing the authority matching degree of each mobilization office account +.>In the followingRespectively +.>And each mobilizing office account corresponds to the changed current assigned permission group and generates the corresponding permission number of the permission group.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311006915.9A CN116720174B (en) | 2023-08-11 | 2023-08-11 | OA office system-based account generation authority intelligent classification supervision method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311006915.9A CN116720174B (en) | 2023-08-11 | 2023-08-11 | OA office system-based account generation authority intelligent classification supervision method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116720174A true CN116720174A (en) | 2023-09-08 |
| CN116720174B CN116720174B (en) | 2023-10-24 |
Family
ID=87868398
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311006915.9A Active CN116720174B (en) | 2023-08-11 | 2023-08-11 | OA office system-based account generation authority intelligent classification supervision method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116720174B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117273663A (en) * | 2023-11-13 | 2023-12-22 | 杭银消费金融股份有限公司 | Automatic processing method and system for worker mobilization flow |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004015495A (en) * | 2002-06-07 | 2004-01-15 | Sony Corp | Authority management system, information processing apparatus and method therefor, as well as computer program |
| CN104125219A (en) * | 2014-07-07 | 2014-10-29 | 四川中电启明星信息技术有限公司 | Centralized identity and management method aiming at electric power information system |
| CN105303119A (en) * | 2015-09-14 | 2016-02-03 | 浪潮集团有限公司 | Multi-data center privilege management method and system |
| CN105912924A (en) * | 2016-04-01 | 2016-08-31 | 北京元心科技有限公司 | Method for sending permissions to users' accounts in enterprise information management system |
| CN106485388A (en) * | 2015-09-01 | 2017-03-08 | 北京奇虎科技有限公司 | The right management method of business approval system and device |
| CN110895605A (en) * | 2019-11-14 | 2020-03-20 | 上海易点时空网络有限公司 | Internal system management method and device suitable for account mobilization and storage medium |
| CN116502210A (en) * | 2023-04-28 | 2023-07-28 | 中国银行股份有限公司 | Account authority distribution method, device and equipment and readable storage medium |
-
2023
- 2023-08-11 CN CN202311006915.9A patent/CN116720174B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004015495A (en) * | 2002-06-07 | 2004-01-15 | Sony Corp | Authority management system, information processing apparatus and method therefor, as well as computer program |
| CN104125219A (en) * | 2014-07-07 | 2014-10-29 | 四川中电启明星信息技术有限公司 | Centralized identity and management method aiming at electric power information system |
| CN106485388A (en) * | 2015-09-01 | 2017-03-08 | 北京奇虎科技有限公司 | The right management method of business approval system and device |
| CN105303119A (en) * | 2015-09-14 | 2016-02-03 | 浪潮集团有限公司 | Multi-data center privilege management method and system |
| CN105912924A (en) * | 2016-04-01 | 2016-08-31 | 北京元心科技有限公司 | Method for sending permissions to users' accounts in enterprise information management system |
| CN110895605A (en) * | 2019-11-14 | 2020-03-20 | 上海易点时空网络有限公司 | Internal system management method and device suitable for account mobilization and storage medium |
| CN116502210A (en) * | 2023-04-28 | 2023-07-28 | 中国银行股份有限公司 | Account authority distribution method, device and equipment and readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 左刚;胡昌平;卞德志;单文金;闫四洋;: "企业管理应用的安全授权设计", 计算机时代, no. 07 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117273663A (en) * | 2023-11-13 | 2023-12-22 | 杭银消费金融股份有限公司 | Automatic processing method and system for worker mobilization flow |
| CN117273663B (en) * | 2023-11-13 | 2024-02-27 | 杭银消费金融股份有限公司 | Automatic processing method and system for worker mobilization flow |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116720174B (en) | 2023-10-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116720174B (en) | OA office system-based account generation authority intelligent classification supervision method | |
| CN111767247A (en) | File specification and synchronous forming control platform for real-time supervision of engineering data | |
| Redman | Measuring data accuracy: A framework and review | |
| CN105118005B (en) | Communities ' Integrated management system | |
| CN110677430B (en) | User risk degree evaluation method and system based on log data of network security equipment | |
| CN106528828A (en) | Multi-dimensional checking rule-based data quality detection method | |
| CN109658050A (en) | A kind of management method and equipment of wage report | |
| CN110399363B (en) | Problem data full life cycle data quality management method and system | |
| CN111222955A (en) | Supplier supervision method and system based on block chain | |
| CN110765087A (en) | User account abuse auditing method and system based on network security device log data | |
| CN113592680A (en) | Service platform based on regional education big data | |
| CN112445844B (en) | Financial data management control system of big data platform | |
| CN113722301A (en) | Big data processing method, device and system based on education information and storage medium | |
| CN115080546B (en) | Enterprise data diagnosis system based on big data | |
| Ishankhodjayev et al. | Optimization of information processes of multilevel intelligent systems | |
| CN114911908A (en) | Method and device for pipe network data security management | |
| CN114091944A (en) | Cloud-end-coordinated distribution network engineering field operation analysis decision system | |
| CN109413218A (en) | Integrated information obtains system, method and son and obtains node system | |
| CN111667243A (en) | Business audit system based on ERP system | |
| CN115577983B (en) | Enterprise task matching method based on block chain, server and storage medium | |
| CN116629677A (en) | Data statistics system for human resource work analysis | |
| CN111475542A (en) | Quadruple linkage violation information interaction platform and monitoring method | |
| CN106295920A (en) | KXG for quality control | |
| CN110298585A (en) | A kind of substation equipment monitoring information hierarchical layered automatic auditing method | |
| CN117633766B (en) | Service data authority granting method based on tree structure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |