CN116881876A - Rights management method, device, equipment and storage medium - Google Patents
Rights management method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN116881876A CN116881876A CN202310849191.8A CN202310849191A CN116881876A CN 116881876 A CN116881876 A CN 116881876A CN 202310849191 A CN202310849191 A CN 202310849191A CN 116881876 A CN116881876 A CN 116881876A
- Authority
- CN
- China
- Prior art keywords
- authority
- permission
- rights
- user
- configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 41
- 238000013528 artificial neural network Methods 0.000 claims abstract description 52
- 238000012549 training Methods 0.000 claims abstract description 47
- 238000000034 method Methods 0.000 claims abstract description 35
- 238000012545 processing Methods 0.000 claims abstract description 16
- 239000013598 vector Substances 0.000 claims description 30
- 238000006243 chemical reaction Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 230000011218 segmentation Effects 0.000 claims description 6
- 230000008569 process Effects 0.000 description 11
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000009471 action Effects 0.000 description 3
- 238000013527 convolutional neural network Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000000605 extraction Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000000306 recurrent effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000007476 Maximum Likelihood Methods 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001427 coherent effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a rights management method, a device, equipment and a storage medium. The method comprises the following steps: acquiring authority configuration requirements input by an administrator and described through natural language; the permission configuration requirement is used for indicating permission configuration of the first user; converting the permission configuration requirement into permission interface calling information through a pre-training neural network; and configuring the authority data of the first user according to the authority interface calling information. According to the method, only the administrator describes the authority configuration requirement to be realized through natural language, the authority platform can automatically generate the authority interface calling information meeting the authority configuration requirement of the administrator, and the authority configuration of the first user is automatically realized based on the authority interface calling information, so that the time and the workload of the administrator for manually processing the authority application are reduced, the authority configuration efficiency is improved, the error rate caused by manually processing the authority application is reduced, and the risks and the potential safety hazards caused by manual operation are avoided.
Description
Technical Field
The present application relates to the field of rights management technologies, and in particular, to a rights management method, device, apparatus, and storage medium.
Background
With the deep development of enterprise informatization, the requirements on information management and security inside enterprises are higher. The rights management is an important component of enterprise informatization management, and its implementation is also continuously developed and perfected.
Traditional rights management approaches are designed based on role-based rights control (Role Base Access Control, RBAC) policies, i.e., comprising three dimensions of role, user, rights. When an administrator needs to complete the authority allocation of a user, a plurality of complicated steps and processes are often needed, a plurality of modules such as user management, role management, authority management and the like are needed to be converted, the whole authority allocation process needs to take a great deal of time, the administrator needs to have deeper understanding on the authority management system of the system, and configuration errors or omission easily occur.
Disclosure of Invention
In order to overcome the technical problems in the related art, the application provides a rights management method, a device, equipment and a storage medium, which can realize the automatic configuration of user rights data, improve the rights configuration efficiency and avoid the situation of configuration errors or omission.
In a first aspect, an embodiment of the present application provides a rights management method, applied to a rights platform, where the method includes:
acquiring authority configuration requirements input by an administrator and described through natural language; the permission configuration requirement is used for indicating permission configuration of the first user;
converting the permission configuration requirement into permission interface calling information through a pre-training neural network;
and configuring the authority data of the first user according to the authority interface calling information.
In a second aspect, an embodiment of the present application provides a rights management apparatus integrated with a rights platform, where the apparatus includes:
the acquisition module is used for acquiring authority configuration requirements which are input by an administrator and described through natural language; the permission configuration requirement is used for indicating permission configuration of the first user;
the conversion module is used for converting the permission configuration requirement into permission interface calling information through a pre-training neural network;
and the configuration module is used for configuring the authority data of the first user according to the authority interface calling information.
In a third aspect, an embodiment of the present application provides a rights platform, including: the system comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the rights management method provided by the first aspect of the embodiment of the application when executing the computer program.
In a fourth aspect, an embodiment of the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the rights management method provided in the first aspect of the embodiment of the present application.
According to the technical scheme provided by the embodiment of the application, the authority configuration requirement which is input by an administrator and described by natural language is acquired, the authority configuration requirement is converted into the authority interface calling information through the pre-training neural network, and the authority data of the first user is configured according to the authority interface calling information. The authority platform can automatically generate the authority interface calling information meeting the authority configuration requirement of the administrator only by describing the authority configuration requirement of the administrator through natural language, and automatically realize the authority configuration of the first user based on the authority interface calling information, so that the time and the workload of the administrator for manually processing the authority application are reduced, the authority configuration efficiency is improved, the error rate caused by manually processing the authority application is reduced, and the risks and the potential safety hazards caused by manual operation are avoided.
Drawings
FIG. 1 is a schematic diagram of an RBAC model according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of a rights management method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of man-machine interaction of a rights management method according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a processing procedure for configuring a request for authority according to an embodiment of the present application;
fig. 5 is a schematic flow chart of a feature vector extraction process according to an embodiment of the present application;
FIG. 6 is a schematic flow chart of another method for rights management according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a rights management unit according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a rights platform according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be further described in detail by the following examples with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
Currently, most rights platforms are implemented based on RBAC model designs. The key idea is to distribute users to different roles, each role has a certain authority, and the users can only obtain the corresponding authority by binding the roles. In the RBAC model, as shown in fig. 1, roles play a role in a bridge, and connect a relationship between users and rights, each role may have multiple rights, and each user may allocate multiple roles, so that the user has multiple rights of multiple roles. Meanwhile, because roles are used as media, the intricate and complex interaction relationship is greatly reduced. For example, a company with tens of thousands of people, because the rights required by many users are the same, the users can be assigned the same roles, so that only hundreds of roles may be set in the rights platform to realize rights management of the whole company.
In the conventional technology, when an administrator performs authority configuration, the administrator may undergo the following procedures:
1) Determining roles: according to business requirements of enterprises, determining which roles are needed. Such as an administrator, an average user, an approver, etc.
2) Determining permission: each role is assigned a corresponding right. Rights can be divided into functional rights and data rights. The function authority refers to operations that a user can perform, such as adding a user, deleting a user, and the like; the data authority refers to data that a user can access, such as only access to own data or only access to data of a certain department.
3) User management: users are assigned to corresponding roles. The same user may have multiple roles, and different roles may have the same rights. For example, an administrator may have the authority to add users and delete users at the same time.
It can be seen that in the above procedure, the administrator must configure in different management modules when performing the rights configuration. Taking an employee job-entering scene as an example, after a new employee is job-entering, an administrator needs to allocate a general role of an enterprise for the employee so as to ensure that the employee has the browsing rights of enterprise basic data and a basic system; the authority of the staff at the position is also required to be distributed so as to ensure that the staff can normally perform daily work. In the whole flow, configuration work of more than ten roles can be involved, so that the operation is complicated, and the authority configuration efficiency is reduced; and may also miss the rights configuration, resulting in the employee not having enough rights to perform daily work.
Therefore, according to the technical scheme provided by the embodiment of the application, an administrator only needs to describe the authority configuration requirement required to be realized through natural language, the authority platform can generate the authority interface calling information meeting the authority configuration requirement of the administrator through the pre-training neural network, and corresponding authority data is automatically generated based on the authority interface calling information, so that the automatic configuration of the authorities is realized, the authority configuration efficiency is improved, and the condition of missed authority configuration is avoided.
It should be noted that, the execution body of the method embodiment described below may be a rights management device, and the device may be implemented as part or all of a rights platform by software, hardware, or a combination of software and hardware. Alternatively, the rights platform may be a personal computer, a server, or the like. The following method embodiments are described taking the execution subject as an example of a rights platform.
Fig. 2 is a schematic flow chart of a rights management method according to an embodiment of the present application. As shown in fig. 2, the method may include:
s201, acquiring authority configuration requirements which are input by an administrator and described through natural language.
The permission configuration requirement is used for indicating permission configuration to a first user, and the first user refers to a user to be configured with permission.
The front-end page of the permission platform can be provided with a corresponding data input control, and an administrator can input the permission configuration requirement described in natural language through the data input control, namely, the administrator can directly describe the permission configuration requirement which the administrator wants to realize in a text or voice mode and input the permission configuration requirement into the permission platform. The authority platform acquires the authority configuration requirement input by the manager, analyzes and processes the authority configuration requirement, and automatically completes the authority configuration of the first user.
Illustratively, as shown in fig. 3, taking an employee's "Zhang Sanu" job entry scenario as an example, when assigning rights to Zhang Sanu, an administrator may click on the data input control "Intelligent generate", configure the requirements "assign rights to Zhang Sanu employees" using natural language input rights in a pop-up dialog box, and click on the "generate" control. Accordingly, the authority platform acquires the authority configuration requirement which is input by an administrator and is described by using natural language, analyzes and understands the meaning of the authority configuration requirement, and then pulls all roles and corresponding authorities owned by the personnel in the operation department, and automatically performs authority configuration on Zhang three according to the authority data configured by the personnel in the operation department.
S202, converting the permission configuration requirement into permission interface calling information through a pre-training neural network.
The pre-training neural network is used for carrying out semantic understanding and reasoning on the permission configuration requirements and generating permission interface calling information which accords with the administrator permission configuration requirements. Optionally, the permission interface call information may include a permission interface to be called, input parameters required by the permission interface, and a call order of each permission interface. For example, the rights interface to be invoked is a role assignment interface, and the required input parameters include the specific role to be assigned (such as roles of operation, data manager, etc.), identity information of the first user, and the like.
Optionally, the pre-training neural network may be implemented by a recurrent neural network (Recurrent Neural Network, RNN), or may be implemented by a conversion network (transducer), or may add a greedy search or a bundle search method, so as to generate the most correct permission interface call information. The switching network may include a multi-layered multi-headed self-attention module, which may also include a linear layer, a softmax layer, and the like, among others.
The pre-training neural network can be obtained through training a large number of sample data sets, wherein the sample data sets comprise a plurality of sample authority configuration requirements and sample authority interface calling information corresponding to each sample authority configuration requirement. Specifically, the training process of the pre-training neural network may be: and taking the sample authority configuration requirement as input of the pre-training neural network, taking the sample authority interface calling information as expected output of the pre-training neural network, and training the pre-training neural network based on a preset loss function so as to enable the pre-training neural network to learn the mapping relation between the sample authority configuration requirement and the sample authority interface calling information. Alternatively, the loss function may be a maximum likelihood estimation function, a cross entropy loss function, or the like.
In practical application, considering that the sample data in the authority field is relatively deficient, in order to improve the prediction performance of the pre-training neural network, the pre-training neural network can be primarily trained by using universal machine translation parallel data, then the primarily trained network is trained again by using the sample data in the authority field, the convergence speed of the pre-training neural network is accelerated, and the prediction performance of the pre-training neural network is improved.
After the pre-training neural network is obtained, the authority management requirements input by the administrator can be input into the pre-training neural network, and authority interface calling information meeting the requirements of the administrator is generated through the pre-training neural network. By way of example, continuing the above-mentioned rights configuration requirement "assign rights of operator personnel to Zhang san", assuming that the operator personnel has an operation role, a data manager role, and a user management platform role, after processing the rights configuration requirement through the pre-training neural network, the generated rights interface call information may be as follows:
{
"workflow Id": "20230612001",// workflow ID
"operator": "zhangjian",// operator user name
"PermissionTasks" [// rights requirement
{
"taskId": "001"// task 1
"userId":"101123",
"name": "Zhang san",
"action":
{
"api": "/api/v 3/assignment-role",// assignment role interface
"role": "operation",// role identifier: operation of
}
},
{
"taskId":"002",
"userId":"101123",
"name": "Zhang san",
"action":
{
"api": "/api/v 3/assignment-role",// assignment role interface
"role": "dataAdministrator",// role identifier: data manager
}
}
{
"taskId":"003",
"userId":"101123",
"name": "Zhang san",
"action":
{
"api": "/api/v 3/assignment-role",// assignment role interface
"role": "userManagement",// role identifier: user administrator
}
}
]
}
S203, configuring the authority data of the first user according to the authority interface calling information.
After the permission interface calling information is obtained, the permission platform can call the corresponding permission interface based on the permission interface calling information, and the permission data of the first user is configured through the called permission interface. For example, an operation role, a data manager role, a user manager role, and the like are assigned to the first user by calling an assignment role interface.
Alternatively, the process of S203 may be: generating a rights assignment workflow based on the rights interface call information, and executing the rights assignment workflow to realize configuration of the first user rights data.
The method comprises the steps that a permission arrangement engine in a permission platform can execute the steps, after permission interface calling information is received, the permission arrangement engine calls a permission interface according to the permission interface calling information, namely, the permission interface calling information is assembled to form a permission distribution workflow, the permission distribution workflow is executed, and after the execution is finished, the configuration of first user permission data can be completed.
According to the rights management method provided by the embodiment of the application, the rights configuration requirement which is input by an administrator and described by natural language is acquired, the rights configuration requirement is converted into rights interface calling information through the pre-training neural network, and the rights data of the first user are configured according to the rights interface calling information. The authority platform can automatically generate the authority interface calling information meeting the authority configuration requirement of the administrator only by describing the authority configuration requirement of the administrator through natural language, and automatically realize the authority configuration of the first user based on the authority interface calling information, so that the time and the workload of the administrator for manually processing the authority application are reduced, the authority configuration efficiency is improved, the error rate caused by manually processing the authority application is reduced, and the risks and the potential safety hazards caused by manual operation are avoided.
In one embodiment, the pre-trained neural network may include an encoder and a decoder. The encoder and decoder may be in a variety of different network configurations depending on the actual needs, and as an example, one RNN may be used as the encoder and another RNN as the decoder. Of course, the encoder and decoder may also be other forms of network structures, such as convolutional neural networks (Convolutional Neural Networks, CNN). Alternatively, the encoder may include a self-attention layer and a feed-forward network, and the decoder may include a self-attention layer, a multi-head attention layer, and a feed-forward network. A multi-headed attention layer is added to the decoder, which can help the decoder focus on relevant parts of the input sentence (i.e., the entitlement configuration requirements), improving the accuracy of decoding.
Alternatively, as shown in fig. 4, the process of S202 may be: encoding the permission configuration requirement through an encoder of the pre-training neural network to obtain an encoding vector; and decoding corresponding permission interface calling information from the coded vector by a decoder of the pre-training neural network.
Specifically, after acquiring the authority configuration requirement input by the administrator, inputting the authority configuration requirement into an encoder of the pre-training neural network, wherein the input of the encoder flows into a self-attention layer firstly, and the layer can enable the encoder to use information of other words in an input sentence when encoding a specific word; the output from the attention layer then flows into a feed-forward network through which the expressive power of the pre-trained neural network is enhanced. The input to the encoder is a sequence (i.e., the privilege configuration requirements), each element is embedded in a high-dimensional vector space and processed by multiple attention mechanisms to obtain a vector representation containing context information for all elements, i.e., the privilege configuration requirements are encoded by the encoder to obtain the encoded vector.
In the decoder, the input for each time step is the word generated in the last time step, and the complete sentence is generated by generating the word step by step. The output of the decoder is subjected to probability normalization through a softmax layer to obtain probability distribution of each word, and the word with the highest probability is selected as the input of the next time step. In the process of generating sentences, the decoder can also adjust the generated words to ensure that the grammar and the semantics of the sentences are correct. That is, the encoded vector output by the encoder is input to a decoder of the pre-training neural network, and the decoder decodes the encoded vector according to the context information to obtain the corresponding permission interface call information.
In practical applications, to facilitate the pre-training of neural networks to understand context and generate coherent output, it is necessary to translate the rights configuration requirements described by an administrator in a rights platform using natural language into a language that a computer can understand, i.e., feature vectors. For this purpose, on the basis of the above embodiment, optionally, the process of encoding the rights configuration requirement by the encoder of the pre-trained neural network to obtain the encoded vector may be: word segmentation processing is carried out on authority configuration requirements to obtain a series of words; determining word frequency of each word in authority configuration requirements; converting the permission configuration requirement into a feature vector with the length matched with the dimension of the pre-training neural network based on a pre-constructed word bag model and word frequency; and encoding the feature vector by an encoder of the pre-training neural network to obtain an encoded vector.
Referring to fig. 5, the process of converting the rights configuration requirement into the feature vector mainly includes the steps of word segmentation, stop word removal, stem extraction, word frequency calculation, word bag model construction, feature selection, vectorization and the like.
Specifically, word segmentation: and cutting the authority demand information according to the vocabulary units to obtain a series of words.
Removing stop words: stop words refer to words that have no meaning to text analysis, such as "and", "yes", etc. After word segmentation, these inactive stop words can be removed from the word list, reducing noise interference.
Extracting word stems: the process of converting words into their original form, such as "running" into "run".
Calculating word frequency: counting the occurrence times of each word in the authority configuration requirement to obtain the word frequency of each word.
Constructing a word bag model: the bag of words model is a way to convert text into vectors, which can be built based on rights domain data.
Feature selection: and performing feature selection on the constructed bag-of-words model, and removing some words which do not contribute to classification tasks.
Vectorization: performing vectorization representation on authority configuration requirements based on the word bag model and word frequency of each word to obtain corresponding feature vectors; wherein each dimension of the feature vector corresponds to a word frequency of a word in the bag of words model.
In this embodiment, the encoder of the pre-training neural network encodes the permission configuration requirement to obtain the encoded vector, and the decoder of the pre-training neural network decodes the corresponding permission interface call information from the encoded vector, that is, the semantic understanding and reasoning are performed on the natural language input by the administrator by using the generating artificial intelligence technology, so as to generate the permission interface call information meeting the administrator requirement, thereby improving the accuracy of the conversion of the input language and further improving the accuracy of the permission configuration.
In one embodiment, optionally, as shown in fig. 6, the method further comprises:
s601, acquiring authority data of a second user corresponding to the first user according to a preset rule.
In the corporate organization architecture, the second user may be a user with the same level, same group and/or same department as the first user, i.e. one or more users with the highest similarity with the first user are found out from the authority platform as the second user according to the job level, the department and/or the group of the first user, and the authority data of the second user are acquired. If the number of the second users is plural, the rights data commonly owned by the plural second users may be acquired to participate in the difference comparison in the following steps.
S602, determining whether a difference exists between the authority data of the first user and the authority data of the second user.
S603, if the difference exists, generating a permission checking suggestion according to the difference data, and displaying the permission checking suggestion.
Comparing the authority data automatically configured for the first user with the authority data of the second user, if the authority data of the first user and the authority data of the second user are different, outputting the difference data, and distinguishing the difference data in the authority data of the first user (such as highlighting and flashing display), so that an administrator checks the authority data of the first user automatically configured based on the difference data.
Furthermore, the permission verification suggestion can be automatically generated based on the difference data, and the permission verification suggestion is displayed so as to assist an administrator in verifying the permission data of the first user which is automatically configured, so that the efficiency and the accuracy of permission configuration are improved.
In the embodiment, the authority data of the first user can be checked by using the authority data of the second user similar to the first user, so that the error rate of the authority application is reduced, and the accuracy of the authority data configuration is improved; and when the difference data exists, the permission checking suggestion can be automatically generated based on the difference data, so that an administrator is assisted in checking, and the permission configuration checking efficiency is improved.
Fig. 7 is a schematic structural diagram of a rights management unit according to an embodiment of the present application. The apparatus may be integrated in a rights platform, as shown in fig. 7, and may include: an acquisition module 701, a conversion module 702 and a configuration module 703.
Specifically, the obtaining module 701 is configured to obtain a rights configuration requirement input by an administrator and described by a natural language; the permission configuration requirement is used for indicating permission configuration of the first user;
the conversion module 702 is configured to convert the rights configuration requirement into rights interface calling information through a pre-training neural network;
the configuration module 703 is configured to configure rights data of the first user according to the rights interface call information.
According to the rights management device provided by the embodiment of the application, the rights configuration requirements which are input by an administrator and described through natural language are acquired, the rights configuration requirements are converted into rights interface calling information through the pre-training neural network, and the rights data of the first user are configured according to the rights interface calling information. The authority platform can automatically generate the authority interface calling information meeting the authority configuration requirement of the administrator only by describing the authority configuration requirement of the administrator through natural language, and automatically realize the authority configuration of the first user based on the authority interface calling information, so that the time and the workload of the administrator for manually processing the authority application are reduced, the authority configuration efficiency is improved, the error rate caused by manually processing the authority application is reduced, and the risks and the potential safety hazards caused by manual operation are avoided.
On the basis of the above embodiment, optionally, the permission interface calling information includes a permission interface to be called, input parameters required by the permission interface, and a calling sequence of each permission interface.
On the basis of the above embodiment, optionally, the conversion module 702 is specifically configured to encode the permission configuration requirement by using an encoder of the pre-trained neural network to obtain an encoded vector; and decoding corresponding permission interface calling information from the coding vector through a decoder of the pre-training neural network.
On the basis of the above embodiment, optionally, the conversion module 702 is further specifically configured to perform word segmentation processing on the permission configuration requirement to obtain a series of words; determining word frequency of each word appearing in the permission configuration requirement; converting the permission configuration requirement into a feature vector with the length matched with the dimension of the pre-training neural network based on a pre-constructed word bag model and the word frequency; and encoding the feature vector through an encoder of the pre-training neural network to obtain an encoded vector.
Optionally, on the basis of the above embodiment, the encoder comprises a self-attention layer and a feed-forward network; the decoder includes a self-attention layer, a multi-head attention layer, and a feed forward network.
On the basis of the above embodiment, optionally, the configuration module 703 is specifically configured to generate a rights allocation workflow based on the rights interface call information, and execute the rights allocation workflow to implement configuration of the first user rights data.
On the basis of the above embodiment, optionally, the apparatus further includes: and a processing module.
Specifically, the acquiring module 701 is further configured to acquire rights data of a second user corresponding to the first user according to a preset rule;
the processing module is used for determining whether a difference exists between the authority data of the first user and the authority data of the second user; if the difference exists, generating a permission checking suggestion according to the difference data, and displaying the permission checking suggestion.
Fig. 8 is a schematic structural diagram of a rights platform according to an embodiment of the present application, and as shown in fig. 8, the rights platform includes a processor 80, a memory 81, an input device 82 and an output device 83; the number of processors 80 in the rights platform may be one or more, one processor 80 being taken as an example in fig. 8; the processor 80, memory 81, input device 82 and output device 83 in the rights platform may be connected by a bus or other means, for example by a bus connection in fig. 8.
The memory 81 is a computer-readable storage medium that can be used to store a software program, a computer-executable program, and modules, such as program instructions/modules (e.g., the acquisition module 701, the conversion module 702, and the configuration module 703 in the rights management device) corresponding to the rights management method in the embodiment of the present application. The processor 80 executes various functional applications of the device and data processing, namely, implements the above-described rights management method by running software programs, instructions and modules stored in the memory 81.
The memory 81 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for functions; the storage data area may store data created in the rights management process, etc. In addition, memory 81 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some examples, memory 81 may further include memory located remotely from processor 80, which may be connected to the device/terminal/server via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 82 may be used to receive entered numeric or character information and to generate key signal inputs related to user settings and function control of the rights platform. The output means 83 may comprise a display device such as a display screen.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring authority configuration requirements input by an administrator and described through natural language; the permission configuration requirement is used for indicating permission configuration of the first user;
converting the permission configuration requirement into permission interface calling information through a pre-training neural network;
and configuring the authority data of the first user according to the authority interface calling information.
The rights management device, the rights platform and the storage medium provided in the above embodiments can execute the rights management method provided in any of the above embodiments, and have the corresponding functional modules and beneficial effects of executing the method. Technical details not described in detail in the above embodiments may be found in the rights management method provided in any of the above embodiments.
From the above description of embodiments, it will be clear to a person skilled in the art that the present application may be implemented by means of software and necessary general purpose hardware, but of course also by means of hardware, although in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, etc., and include several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments of the present application.
It should be noted that, in the above-mentioned embodiments of the search apparatus, each unit and module included are only divided according to the functional logic, but not limited to the above-mentioned division, as long as the corresponding functions can be implemented; in addition, the specific names of the functional units are also only for distinguishing from each other, and are not used to limit the protection scope of the present application.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (10)
1. A rights management method, applied to a rights platform, the method comprising:
acquiring authority configuration requirements input by an administrator and described through natural language; the permission configuration requirement is used for indicating permission configuration of the first user;
converting the permission configuration requirement into permission interface calling information through a pre-training neural network;
and configuring the authority data of the first user according to the authority interface calling information.
2. The method of claim 1, wherein the rights interface call information includes a rights interface to be called, input parameters required for the rights interface, and a call order of the rights interfaces.
3. The method of claim 1, wherein the converting the permission configuration requirements into permission interface invocation information via a pre-trained neural network comprises:
encoding the permission configuration requirement through an encoder of a pre-training neural network to obtain an encoding vector;
and decoding corresponding permission interface calling information from the coding vector through a decoder of the pre-training neural network.
4. A method according to claim 3, wherein said encoding of said rights configuration requirements by an encoder of a pre-trained neural network results in an encoded vector, comprising:
word segmentation processing is carried out on the authority configuration requirements to obtain a series of words;
determining word frequency of each word appearing in the permission configuration requirement;
converting the permission configuration requirement into a feature vector with the length matched with the dimension of the pre-training neural network based on a pre-constructed word bag model and the word frequency;
and encoding the feature vector through an encoder of the pre-training neural network to obtain an encoded vector.
5. A method according to claim 3, wherein the encoder comprises a self-attention layer and a feed-forward network; the decoder includes a self-attention layer, a multi-head attention layer, and a feed forward network.
6. The method of claim 1, wherein configuring the rights data for the first user based on the rights interface invocation information comprises:
generating a permission distribution workflow based on the permission interface calling information, and executing the permission distribution workflow to realize the configuration of the first user permission data.
7. The method as recited in claim 1, further comprising:
acquiring authority data of a second user corresponding to the first user according to a preset rule;
determining whether there is a difference between the rights data of the first user and the rights data of the second user;
if the difference exists, generating a permission checking suggestion according to the difference data, and displaying the permission checking suggestion.
8. A rights management unit integrated into a rights platform, the unit comprising:
the acquisition module is used for acquiring authority configuration requirements which are input by an administrator and described through natural language; the permission configuration requirement is used for indicating permission configuration of the first user;
the conversion module is used for converting the permission configuration requirement into permission interface calling information through a pre-training neural network;
and the configuration module is used for configuring the authority data of the first user according to the authority interface calling information.
9. A rights platform, comprising: a memory storing a computer program and a processor implementing the steps of the method of any one of claims 1 to 7 when the computer program is executed by the processor.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310849191.8A CN116881876A (en) | 2023-07-11 | 2023-07-11 | Rights management method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310849191.8A CN116881876A (en) | 2023-07-11 | 2023-07-11 | Rights management method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116881876A true CN116881876A (en) | 2023-10-13 |
Family
ID=88263870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310849191.8A Pending CN116881876A (en) | 2023-07-11 | 2023-07-11 | Rights management method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116881876A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117455429A (en) * | 2023-12-21 | 2024-01-26 | 北京帮邦通达医疗器械有限公司 | Authority management method, device, equipment and storage medium |
-
2023
- 2023-07-11 CN CN202310849191.8A patent/CN116881876A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117455429A (en) * | 2023-12-21 | 2024-01-26 | 北京帮邦通达医疗器械有限公司 | Authority management method, device, equipment and storage medium |
| CN117455429B (en) * | 2023-12-21 | 2024-04-02 | 北京帮邦通达医疗器械有限公司 | Authority management method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11080304B2 (en) | Feature vector profile generation for interviews | |
| CN113591902B (en) | Cross-modal understanding and generating method and device based on multi-modal pre-training model | |
| Zhang et al. | Shaped: Shared-private encoder-decoder for text style adaptation | |
| CN111552799B (en) | Information processing method, information processing device, electronic equipment and storage medium | |
| US11966389B2 (en) | Natural language to structured query generation via paraphrasing | |
| CN110222194B (en) | Data chart generation method based on natural language processing and related device | |
| US11481442B2 (en) | Leveraging intent resolvers to determine multiple intents | |
| JP6526470B2 (en) | Pre-construction method of vocabulary semantic patterns for text analysis and response system | |
| CN111435362B (en) | Antagonistic training data enhancement for generating a correlation response | |
| WO2021143206A1 (en) | Single-statement natural language processing method and apparatus, computer device, and readable storage medium | |
| CN116881876A (en) | Rights management method, device, equipment and storage medium | |
| CN115062003B (en) | Cloud ERP community generation type question-answering method based on GPT2 | |
| CN111552798B (en) | Name information processing method and device based on name prediction model and electronic equipment | |
| CN112528654A (en) | Natural language processing method and device and electronic equipment | |
| US10540440B2 (en) | Relation extraction using Q and A | |
| US10674952B1 (en) | Detection and management of memory impairment | |
| CN115099233A (en) | Semantic analysis model construction method and device, electronic equipment and storage medium | |
| Revina et al. | An approach for analyzing business process execution complexity based on textual data and event log | |
| CN117573834B (en) | Multi-robot dialogue method and system for software-oriented instant service platform | |
| CN112784024B (en) | Man-machine conversation method, device, equipment and storage medium | |
| US20210141815A1 (en) | Methods and systems for ensuring quality of unstructured user input content | |
| CN108920715B (en) | Intelligent auxiliary method, device, server and storage medium for customer service | |
| CN113672522B (en) | Test resource compression method and related equipment | |
| CN113051385B (en) | Method, medium, device and computing equipment for intention recognition | |
| US11526509B2 (en) | Increasing pertinence of search results within a complex knowledge base |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |