CN116956246A - Role granularity-based step-by-step authority control method and device - Google Patents

Role granularity-based step-by-step authority control method and device Download PDF

Info

Publication number
CN116956246A
CN116956246A CN202310917932.1A CN202310917932A CN116956246A CN 116956246 A CN116956246 A CN 116956246A CN 202310917932 A CN202310917932 A CN 202310917932A CN 116956246 A CN116956246 A CN 116956246A
Authority
CN
China
Prior art keywords
role
authority
user account
gradient
menu
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310917932.1A
Other languages
Chinese (zh)
Inventor
黄国政
赵瑞锋
黎皓彬
易晋
詹一佳
关华深
李晓斌
黄思源
蔡子恒
李振宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Jiangmen Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Jiangmen Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Jiangmen Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN202310917932.1A priority Critical patent/CN116956246A/en
Publication of CN116956246A publication Critical patent/CN116956246A/en
Pending legal-status Critical Current

Links

Abstract

The invention provides a role granularity-based progressive right control method and device, wherein the method comprises the following steps: corresponding role grades and authority gradients are distributed for the user account; generating a multi-menu directory based on the same component; according to the role grade and the authority gradient, adjusting the display modes of the multi-menu catalogs, wherein the display modes comprise the number and the types of the menu catalogs and the display modes of the corresponding operable objects in the menu catalogs; and acquiring the role grade and the authority gradient of the current user account, and displaying the multi-menu directory in a corresponding display mode. The device is used for realizing the method. The invention ensures that the authority is divided more finely and efficiently. Meanwhile, the flexibility of the components is improved, and the operation usability of the power grid management system after the user account logs in is greatly simplified.

Description

Role granularity-based step-by-step authority control method and device
Technical Field
The invention belongs to the technical field of electric power, and particularly relates to a role granularity-based progressive authority control method and device.
Background
In the daily operation and maintenance process of the power grid, a power grid management system is often required to be used, and for authority management of users, an RBAC (Role-Based Access Control based access control) mode is the most effective method for unified resource access of enterprise management information, so that most of information management systems adopt an RBAC mode, the RBAC mode can realize the association of authorities with roles, and the users obtain the authorities of the roles by associating members of proper roles, so that the authority management is greatly simplified.
However, since the rights of the same role corresponding to the RBAC mode are the same, when the rights are managed with a plurality of rights with strong relevance and subtle differences, with the development of the era, in the actual management and maintenance of the power grid, a more subdivided and efficient user account weighting scheme is required to cope with the increasingly flexible rights allocation and management requirements, and the traditional RBAC is too simple to cope with more complex access strategies.
Disclosure of Invention
In view of the above, the present invention aims to provide a role granularity-based progressive rights control method and device for coping with the rights allocation and management requirements of a power grid management system which are increasingly flexible.
In order to solve the technical problems, the invention provides the following technical scheme:
in a first aspect, the present invention provides a role granularity-based progressive right control method for power grid ledger management, including:
corresponding role grades and authority gradients are distributed for the user account;
generating a multi-menu directory based on the same component;
according to the role grade and the authority gradient, the display modes of the multi-menu catalogs are adjusted, wherein the display modes comprise the number and the types of the menu catalogs and the display modes of the corresponding operable objects in the menu catalogs;
And acquiring the role grade and the authority gradient of the current user account, and displaying the multi-menu directory in a corresponding display mode.
Further, according to the role grade and the authority gradient, the display mode of the multi-menu directory is adjusted, wherein the display mode comprises the number and the type of the menu directories and the display mode of each operable object in the corresponding menu directory, and the method comprises the following steps:
adding a first subordinate in the menu directory and setting a role identifier, wherein the role identifier is used for determining the role grade of the user account;
adding a second subordinate in the menu directory and setting a permission identifier, wherein the permission identifier is used for determining the permission gradient of the user account;
and according to the determining operation of the character identification and the authority identification, adjusting the display mode of the multi-menu directory, and establishing the corresponding relation among the character grade, the authority gradient and the display mode.
Further, the authority gradient includes a first authority gradient and a second authority gradient, and the step of assigning corresponding role grades and authority gradients to the user account includes:
assigning role grades to the user account, wherein the role grades comprise a super role, a city office role, a county office role, a power supply office role and a personal maintenance role;
According to the data range of the account book field in charge of the user account, corresponding first authority gradients are allocated for the user account;
and according to the operation authority of the user account, distributing a corresponding second authority gradient for the user account, wherein the operation authority comprises adding, deleting, modifying and reading authorities.
Further, adding a second lower level in the menu directory and setting a permission identifier, wherein the permission identifier is used for determining a permission gradient of the user account, and the method comprises the following steps:
collecting selection operation of a second subordinate target field in a menu directory, and determining a first authority gradient of a user account;
and determining a second authority gradient of the user account according to the routing parameters.
Further, before the step of obtaining the role grade and the authority gradient of the current user account and displaying the multi-menu directory in the corresponding display mode, the method further comprises the following steps:
according to the type of the ledger, determining a core field of the corresponding ledger;
acquiring target data corresponding to core fields of each ledger in ledger data to be imported;
the method comprises the steps of obtaining the role grade and the authority gradient of the current user account and displaying the multi-menu catalogue in a corresponding display mode, wherein the steps are as follows:
acquiring the role grade and the authority gradient of the current user account, and displaying the multi-menu directory in a corresponding display mode, wherein the display mode comprises a display standard import button and a cross-authority import button;
After the step of obtaining the role grade and the authority gradient of the current user account and displaying the multi-menu directory in the corresponding display mode, the method further comprises the following steps:
and acquiring target data corresponding to the import confirming operation, the role grade and the authority gradient in the ledger to be imported as data objects according to the import confirming operation of the user account.
Further, according to the import confirming operation of the user account, determining target data corresponding to the import confirming operation, the role grade and the authority gradient in the ledger to be imported as a data object, including:
receiving standard import operation of a user account based on a standard import button, and determining a core field which is to be imported into the ledger and is primarily matched with the role grade;
screening the core fields which are primarily matched according to the first authority gradient and the second authority gradient of the user account, and determining the screened core fields as data objects;
receiving a selection operation based on at least one target core field of a ledger to be imported, wherein the target core field exceeds a first authority gradient corresponding to a user account;
receiving cross-authority import operation of a user account based on a cross-authority import button, and acquiring prior import information of a target core field in a system, wherein the prior import information comprises a role grade, prior import time and data anchoring strength of the prior import account;
Judging whether cross-authority import operation is legal or not according to the role grade of the user account, the second authority gradient, the role grade of the prior import account, the prior import time and the data anchoring strength;
if yes, at least determining target data corresponding to the target core field as a data object;
if not, pushing the cross-authority importing operation of the user account, the target core field of the account to be imported, the previous target data of the target core field and the target data to be imported to the prior importing account, and at least determining the target data corresponding to the target core field as a data object according to the authorizing operation of the prior importing account.
In a second aspect, the present invention provides a role granularity based progressive right control apparatus for power grid ledger management, including:
the configuration module is used for distributing corresponding role grades and authority gradients for the user account;
the generating module is used for generating a multi-menu catalog based on the same component;
the adjustment module is used for adjusting the display modes of the multi-menu catalogs according to the role grade and the authority gradient, wherein the display modes comprise the number and the types of the menu catalogs and the display modes of the operable objects in the corresponding menu catalogs;
The acquisition module is used for acquiring the role grade and the authority gradient of the current user account and displaying the multi-menu catalogue in a corresponding display mode.
Further, the adjustment module includes:
a first adding unit, configured to add a first subordinate to the menu directory and set a role identifier, where the role identifier is used to determine a role level of the user account;
the second adding unit is used for adding a second lower level in the menu directory and setting a permission identifier, and the role identifier is used for determining the permission gradient of the user account;
the adjusting unit is used for adjusting the display mode of the multi-menu directory according to the determining operation of the role identifier and the authority identifier, and establishing the corresponding relation among the role identifier, the authority identifier and the display mode.
In a third aspect, the present invention provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a role granularity based progressive right control method as in the first aspect when executing the computer program.
In a fourth aspect, the present invention provides a computer storage medium having stored thereon a computer program, characterized in that the program, when executed by a processor, implements a role granularity based progressive right control method as in the first aspect.
In summary, the invention provides a role granularity-based progressive right control method and device, which are characterized in that corresponding role grades and right gradients are allocated to user accounts in advance, a multi-menu directory is generated based on the same component, and the display modes of the multi-menu directory are adjusted according to the role grades and the right gradients, wherein the display modes comprise the number and the types of the menu directories and the display modes of all operable objects in the corresponding menu directory, the role grades and the right gradients of the current user account are obtained, and the multi-menu directory is displayed in the corresponding display modes. The embodiment of the invention can divide the identity and the authority of the user according to the role grade and the authority gradient, and is different from the traditional RBAC mode, the embodiment of the invention grades the role, and meanwhile, different authority gradients are corresponding to the role grade, so that the authority division is finer and more efficient. Meanwhile, the embodiment of the invention generates the multi-menu catalogue based on the same component, and then displays the multi-menu catalogue in a corresponding display mode according to the role grade and the authority gradient of the current user account, so that when the same component faces different authority users, the page menu has different display modes, the flexibility of the component is improved, and the operation usability of the user account to the power grid management system after logging in is greatly simplified.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a role granularity based progressive rights control method in accordance with a first embodiment of the invention;
fig. 2 is a detailed flowchart of S11 according to the first embodiment of the present invention;
fig. 3 is a detailed flowchart of S13 of the first embodiment of the present invention;
FIG. 4 is a detailed flowchart of S132 of the first embodiment of the present invention;
FIG. 5 is a flow chart of a hierarchical rights control method based on role granularity in accordance with a second embodiment of the present invention;
FIG. 6 is a detailed flowchart of S22 of the second embodiment of the present invention;
fig. 7 is a detailed flowchart of S23 of the second embodiment of the present invention;
fig. 8 is a detailed flowchart of S233 of the second embodiment of the invention;
fig. 9 is a detailed flowchart of the standard import operation scheme of S27 according to the second embodiment of the present invention;
FIG. 10 is a detailed flowchart of the cross-rights import operation scheme of S27 of the second embodiment of the present invention;
FIG. 11 is a block diagram illustrating a third embodiment of a role granularity based progressive right control apparatus according to the present invention;
fig. 12 is a schematic view showing the internal structure of a computer according to still another embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is apparent that the embodiments described below are only some embodiments of the present invention, not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
First embodiment:
referring to fig. 1 to 6, an embodiment of the present invention discloses a progressive right control method based on role granularity, which includes:
s11, corresponding role grades and authority gradients are allocated for the user account.
The execution main body of the embodiment is usually a power grid management system, and the step is to execute in advance, and allocate corresponding role grades and authority gradients for user accounts through software developers and accounts with high role grades or high authority gradients. It should be noted that, the order of occurrence of the step S11 is merely illustrated in this example, and in some other embodiments of the present invention, the step S11 may also occur after any other step before the step S14, and the present invention is not limited to the order of steps of the step S11.
In this embodiment, the authority gradient includes a first authority gradient and a second authority gradient, as shown in fig. 2, and step S11 includes S111-S113, where:
s111, assigning role grades to the user account, wherein the role grades comprise a super role, a city office role, a county office role, a power supply station role and a personal maintenance role.
In this embodiment, the role level is suitable for fine division of roles in power grid management, and the higher the role level is, the greater the data authority corresponding to the user account.
S112, corresponding first permission gradients are allocated for the user account according to the data range of the ledger core field in charge of the user account.
In this embodiment, the first permission gradient is used to determine a data scope permission based on a role corresponding to the user account, where the data scope permission includes permission of one or more accounts, and may further include permission of a specific core field in the one or more accounts.
S113, distributing a corresponding second authority gradient for the user account according to the operation authority of the user account, wherein the operation authority comprises adding, deleting, modifying and viewing authorities.
In this embodiment, the second permission gradient is used to determine the adding, deleting, modifying and browsing permissions of the corresponding core field based on the role corresponding to the user account and the range of data permissions, and weights of the adding, deleting, modifying and browsing permissions corresponding to different second permission gradients are different.
And S12, generating a multi-menu catalog based on the same component.
In this embodiment, the performance form of the power grid management system is a multi-menu directory, after a user logs in a user account, the user completes interactive operations including management and browsing under different menu directories, and the multi-menu directory is generated based on the same component, so that on one hand, the simplicity of the power grid management system is ensured, and on the other hand, the reading and storage of data can be more efficient and reliable.
S13, according to the role grade and the authority gradient, adjusting the display modes of the multi-menu catalogs, wherein the display modes comprise the number and the type of the menu catalogs and the display modes of the corresponding operable objects in the menu catalogs.
The step is executed in advance, and through the step S13, the multi-menu directory can have different display modes according to different role grades and authority gradients, in general, the multi-menu directory can be screened according to the role grades and the authority gradients, and the authority weights of the user accounts are obtained according to the authority gradients, so that typesetting of the multi-menu directory is optimized according to the authority weights, and when the role grades and the authority gradients of the user accounts are determined, the multi-menu directory generally only comprises menu directories and operable objects which are matched with the user accounts, and the menu directories and the operable objects which exceed the role grades and the authority gradients of the user accounts are hidden, so that the user accounts only need to be matched with related pages of the role grades and the authority gradients of the user accounts, the learning burden of the user is greatly reduced, the management flow is simplified, and the operation usability is improved. The operable objects of the present embodiment include, but are not limited to, forms, windows, buttons, editing/browsing tools, and the like.
Referring to fig. 3, step S13 includes steps S131-S133, wherein:
s131, adding a first subordinate in the menu directory and setting a role identifier, wherein the role identifier is used for determining the role grade of the user account.
S132, adding a second lower level in the menu catalog and setting a permission identification, wherein the permission identification is used for determining the permission gradient of the user account.
Referring to fig. 4, step S132 includes steps S1321-S1322, wherein:
s1321, collecting a selection operation of a second lower-level target field in the menu directory, and determining a first authority gradient of the user account.
The selecting operation includes, but is not limited to, selecting, dragging and framing, and the data range authority of the role corresponding to the user account is determined by selecting the target field, where the data range authority includes the authority of one or more ledgers, and may further include the authority of a specific core field in the one or more ledgers.
S1322, determining a second authority gradient of the user account according to the routing parameters.
The second gradient authority of the menu directory is determined by the routing parameters. Like XX ledger, component: info/a, routing: info/A/M1 (parameter M is a custom logo letter, M1 represents a primary management authority); XX ledger reading, component: info/a, routing: info/A/Q2 (the parameter Q is a self-defined sign letter, Q2 represents a secondary viewing authority), and the viewing authority only refers to the data in the page and cannot change the data. It should be noted that under some other embodiments of the present invention, the adaptive routing parameters may also change according to the subdivision of the management rights into adding, deleting and modifying rights. And the reliability and convenience of the second gradient authorization are improved by determining the second gradient authorization of the menu directory through the routing parameters.
S133, according to the determining operation of the role identification and the authority identification, the display mode of the multi-menu directory is adjusted, and the corresponding relation among the role grade, the authority gradient and the display mode is established.
After determining the role level of S131 and the permission identifier of S132, the display mode of the multi-menu directory may be manually adjusted, or may be automatically adjusted first and then manually adjusted, where the adjustment mode includes, but is not limited to, adding and deleting page menus, changing the display sequence of page menus, changing the layout of the operable objects under the same page menu, and displaying/hiding, and adaptively changing the data range that the corresponding user account can call.
S14, acquiring the role grade and the authority gradient of the current user account, and displaying the multi-menu directory in a corresponding display mode.
The step is executed after the user account logs in, and the multi-menu directory is displayed in a corresponding display mode for the user account to browse and manage by acquiring the corresponding relation among the role grade, the authority gradient and the display mode in the step S133.
According to the embodiment of the invention, the corresponding role grade and authority gradient are allocated to the user account in advance, the multi-menu directory is generated based on the same component, and the display modes of the multi-menu directory are adjusted according to the role grade and the authority gradient, wherein the display modes comprise the number and the types of the menu directories and the display modes of all the operable objects in the corresponding menu directory, the role grade and the authority gradient of the current user account are obtained, and the multi-menu directory is displayed in the corresponding display modes. The embodiment of the invention can divide the identity and the authority of the user according to the role grade and the authority gradient, and is different from the traditional RBAC mode, the embodiment of the invention grades the role, and meanwhile, different authority gradients are corresponding to the role grade, so that the authority division is finer and more efficient. Meanwhile, the embodiment of the invention generates the multi-menu catalogue based on the same component, and then displays the multi-menu catalogue in a corresponding display mode according to the role grade and the authority gradient of the current user account, so that when the same component faces different authority users, the page menu has different display modes, the flexibility of the component is improved, and the operation usability of the user account to the power grid management system after logging in is greatly simplified.
Second embodiment:
because the importing operation of the ledger data is often required to be completed in the daily operation and maintenance process of the power grid, however, when the ledger data corresponding to the functional module is imported, an operator cannot perform flexible data screening according to the requirement. In view of the above technical drawbacks, please refer to fig. 5 to 10, another role granularity-based step-by-step authority control method is disclosed in an embodiment of the present invention, for implementing a flexible importing operation of a ledger according to role grades and authority gradients, including:
s21, corresponding role grades and authority gradients are allocated for the user account.
This step is the same as the corresponding step of the first embodiment, and will not be described again here.
S22, determining a core field of the corresponding ledger according to the ledger type.
The step is executed in advance, the core fields are at least used for judging functional modules corresponding to the core fields to be imported into the ledger, and as a specific example but not limiting, the ledger type at least includes a platform area ledger, a switch ledger and a node ledger, please refer to fig. 6, step S22 includes S221-S223, wherein:
s221, determining that the core field of the station account of the station area comprises a power supply office/power supply station, a station area number and a station area name;
S222, determining that a core field of the switch ledger comprises a switch number, a switch name and a switch type;
s223, determining that the core field of the node ledger comprises a topology number.
The above steps are used for realizing the function module of classifying the core field of the area ledger into the area ledger, the function module of classifying the core field of the switch ledger into the switch ledger, and the function module of the node ledger into the function module of the node ledger, and the function module is not limited to the above-mentioned area ledger, switch ledger and node ledger, but is also set according to different core fields.
S23, acquiring target data corresponding to core fields of each ledger in the ledger data to be imported.
When the ledger data is imported, the target data corresponding to the core fields of the ledger of the district, the ledger of the switch and the ledger of the node are preferentially obtained, so as to pre-classify the target data, screen and generate the data required by various ledgers, ensure the accuracy of the data, please refer to fig. 7, and step S23 includes S231-S233, wherein:
s231, when the type of the ledger file is determined to be the universal table file, the core field is used as a header, and target data corresponding to the header where the core field is located is extracted.
In this embodiment, the universal table file includes xls, xlsx, et, ett, xlt, xlsm and xml suffix name files, and in the universal table file, the core field and the target data are generally text data that can be directly extracted, so when determining the core field, the target data corresponding to the core field can be easily determined and extracted.
S232, when the type of the ledger file is determined not to be the universal form file, converting the type of the ledger file into the universal form file.
The step can process the ledger file which needs to be imported into the power station server system through Java language, and by default, the step can convert the type of the ledger file into a universal form file in an xml format; xml is a universal data exchange format, has the characteristics of platform independence, language independence and system independence, and can provide great convenience in the process of data processing of the ledger.
S233, when the conversion operation fails, text extraction is performed on the ledger file based on the visual recognition model, a mapping relation between the core field and the target data is constructed, and numerical content matched with the mapping relation of the core field is extracted as the target data.
When the target data of the universal table file in S232 cannot be extracted, it is determined that the conversion operation fails, and the step S233 is executed, as shown in fig. 8, the visual recognition model in the step includes a visual recognition network, a text information positioning network and an associated information recognition network, wherein the workflow of the visual recognition model includes S2331-S2333, wherein:
And S2331, the visual recognition network is at least used for extracting text fields according to the text images.
The visual recognition network in step S1431 may extract the text field of the text image without matching with the core field, where the text field may be the power supply office, the power supply station, the station area number, the station area name, the switch number, the switch name, the switch type, and the topology number. The target data corresponding to the core field may be, for example, A1 (switch number), #a123 (switch name), knife switch (switch type), or K020000000000000000 (topology number).
And S2332, the text information positioning network is at least used for positioning and matching the text field and the core field in the text image.
The positioning matching in the step preferably performs matching on the contents of the text field and the core field, and when the accurate matching cannot be completed, a fuzzy matching mode can be adopted, namely, matching the non-unique text or symbol in the text field with the corresponding text of the core field to obtain the text field completely consistent with the core field. And then, carrying out two-dimensional coordinate accurate positioning on the text field in the text image.
S2333, the associated information identification network is at least used for matrixing the arrangement mode of the positioned matched text fields in the text image, determining the core fields and the corresponding non-positioned matched text fields as target data at least according to the matrixing arrangement mode, and constructing the mapping relation between the core fields and the target data.
As a preferred solution, but not limited to, this step S2333 completes the arrangement of all text fields in the text image, usually, the text field closely related to the core field and not aligned and matched is selected as the primary target data, further, the data format of the primary target data may be determined according to the core field, and when the primary target data meets the data format of the corresponding core field, the corresponding text field not aligned and matched is determined as the target data.
S24, generating a multi-menu catalog based on the same component.
This step is the same as the corresponding step of the first embodiment, and will not be described again here.
S25, according to the role grade and the authority gradient, adjusting the display modes of the multi-menu catalogs, wherein the display modes comprise the number and the type of the menu catalogs and the display modes of the corresponding operable objects in the menu catalogs.
This step is the same as the corresponding step of the first embodiment, and will not be described again here.
S26, acquiring the role grade and the authority gradient of the current user account, and displaying the multi-menu directory in a corresponding display mode, wherein the display mode comprises a display standard import button and a cross-authority import button.
As a specific implementation and improvement of the first embodiment, the presentation manner includes presenting a standard import button and a cross-authority import button. This step is substantially the same as the corresponding step of the first embodiment, and will not be described here again.
S27, according to the import confirming operation of the user account, acquiring target data corresponding to the import confirming operation, the role grade and the authority gradient in the ledger to be imported as data objects.
Referring to fig. 9, in step S27, a standard import operation is provided, which includes S271-S272, wherein:
s271, receiving standard import operation of a user account based on a standard import button, and determining a core field which is to be imported into the ledger and is primarily matched with the role grade;
s272, screening the core fields which are matched for the first time according to the first authority gradient and the second authority gradient of the user account, and determining the screened core fields as data objects;
the above scheme is used for determining the data object according to the role grade and the authority gradient of the user account so as to realize the conventional ledger importing operation, and in such a case, the data object can be a core field of one or more ledgers, and can also be a core field of a specific range in the one or more ledgers.
Referring to fig. 10, in step S27, there is further provided a quart right importing operation, further comprising S273-S277, wherein:
s273, receiving a selection operation based on at least one target core field of the ledger to be imported, wherein the target core field exceeds a first authority gradient corresponding to the user account.
In this embodiment, the page menu presents the core field and the corresponding target data thereof in a manner of preloading the ledger to be imported, and the user can select the target core field in at least one range on the loading interface according to the own needs, wherein the selection manner includes but is not limited to frame selection, click selection and dragging selection. When one or more core fields in the target core fields exceeds the first authority gradient corresponding to the user account, step S274 is performed.
S274, receiving cross-authority import operation of the user account based on the cross-authority import button, and obtaining the prior import information of the target core field in the system, wherein the prior import information comprises the role grade, the prior import time and the data anchoring strength of the prior import account.
The step is used for collecting the role grade, the prior import time and the data anchoring strength of the prior import account. The data anchoring strength is set according to the requirement when the account number is imported, and the role grade or authority gradient required for covering the target core field is higher when the anchoring strength is higher.
S275, judging whether the cross-authority import operation is legal or not according to the role grade of the user account, the second authority gradient, the role grade of the prior import account, the prior import time and the data anchoring strength.
When the difference between the role level of the user account and the role level of the account which is imported earlier, the data anchoring strength is smaller, the second authority gradient is larger, the cross-authority importing operation is easier to be identified as legal, otherwise, the cross-authority importing operation is identified as illegal, and the specific implementation mode of S275 can be adjusted according to the actual use requirement, so that the embodiment is not limited.
S276, if yes, at least determining target data corresponding to the target core field as a data object;
s277, if not, pushing the cross-authority importing operation of the user account, the target core field of the account to be imported, the previous target data of the target core field and the target data to be imported to the previous importing account, and determining at least the target data corresponding to the target core field as a data object according to the authorizing operation of the previous importing account.
The pushing process in step S277 may be performed by a mobile terminal, which includes, but is not limited to, a mobile phone, a tablet, a notebook computer, and an intelligent wearable device. After confirming the cross-authority importing operation of the user account on the mobile terminal by the pre-importing account, determining the target data corresponding to the target core field as the data object, wherein in the scheme of the cross-authority importing operation, the standard importing operation including the S271-S272 is defaulted
S28, the importing operation of the data objects corresponding to the ledgers is sequentially executed.
The step specifically executes the importing operation of the data objects of the district standing book, the switch standing book and the node standing book.
The embodiment of the invention distributes corresponding role grades and authority gradients for the user account in advance, and then acquires target data corresponding to core fields of the corresponding ledger in ledger data to be imported in the actual importing process; according to the import confirming operation of the user account, acquiring target data corresponding to the import confirming operation, the role grade and the authority gradient in the ledger to be imported as a data object; and executing the importing operation of the data object corresponding to the ledger. On the one hand, the data object of the user importing operation and the importing verification operation, the role grade and the authority gradient have high constraint, the user can import the ledger data corresponding to the role grade and the authority gradient, the situation that the flexibility is not high when the ledger data is imported in the traditional method is avoided, the situation of useless data interference exists, and the probability of importing failure is reduced. On the other hand, the core field of the corresponding ledger is extracted in advance, so that when the whole ledger data table is imported, the complete ledger data table can be split and corresponding to different functional modules, then the data object is imported into the different functional modules, and the updating operation of the data of the different functional modules is supported in one importing process, so that the importing efficiency and the operating convenience are greatly improved.
Third embodiment:
referring to fig. 11, the present invention further provides a role granularity-based progressive right control apparatus 100, which includes a configuration module 110, a generation module 120, an adjustment module 130, and an acquisition module 140, where:
the configuration module 110 is connected with the generation module 120 and is used for distributing corresponding role grades and authority gradients for the user account;
a generating module 120, connected to the adjusting module 130, for generating a multi-menu directory based on the same component;
the adjustment module 130 is connected with the acquisition module 140, and is used for adjusting the display modes of the multi-menu directories according to the role grade and the authority gradient, wherein the display modes comprise the number and the type of the menu directories and the display modes of the operable objects in the corresponding menu directories;
and the acquisition module 140 is used for acquiring the role grade and the authority gradient of the current user account and displaying the multi-menu directory in a corresponding display mode.
As a preferred solution, but not limited thereto, the adjustment module 130 of the present embodiment includes a first adding unit 131, a second adding unit 132, and an adjustment unit 133, wherein:
a first adding unit 131 connected to the adjusting unit 133 for adding a first lower level in the menu directory and setting a character identifier for determining a character level of the user account.
A second adding unit 132 connected to the adjusting unit 133 for adding a second lower level in the menu directory and setting a permission identification for determining a permission gradient of the user account.
And the adjusting unit 133 is configured to adjust a presentation mode of the multi-menu directory according to a determination operation of the role identifier and the authority identifier, and establish a correspondence relationship between the role identifier, the authority identifier and the presentation mode.
The modules of this embodiment are the same as the corresponding steps of the first embodiment, and are not described here again.
According to the embodiment of the invention, the corresponding role grade and authority gradient are allocated to the user account in advance, the multi-menu directory is generated based on the same component, and the display modes of the multi-menu directory are adjusted according to the role grade and the authority gradient, wherein the display modes comprise the number and the types of the menu directories and the display modes of all the operable objects in the corresponding menu directory, the role grade and the authority gradient of the current user account are obtained, and the multi-menu directory is displayed in the corresponding display modes. The embodiment of the invention can divide the identity and the authority of the user according to the role grade and the authority gradient, and is different from the traditional RBAC mode, the embodiment of the invention grades the role, and meanwhile, different authority gradients are corresponding to the role grade, so that the authority division is finer and more efficient. Meanwhile, the embodiment of the invention generates the multi-menu catalogue based on the same component, and then displays the multi-menu catalogue in a corresponding display mode according to the role grade and the authority gradient of the current user account, so that when the same component faces different authority users, the page menu has different display modes, the flexibility of the component is improved, and the operation usability of the user account to the power grid management system after logging in is greatly simplified.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above. The specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
The embodiment of the application also provides a computer storage medium, on which a computer program is stored, which when being executed by a processor, implements the role-granularity-based progressive right control method in the above embodiments.
Those skilled in the art will appreciate that implementing all or part of the above-described embodiments of the method may be accomplished by computer programs to instruct the associated hardware, and the computer programs may be stored in a non-volatile computer readable storage medium, where the computer programs, when executed, may include the steps of embodiments of the role granularity based progressive entitlement control method as described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
Alternatively, the above-described integrated units of the present invention may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present invention may be essentially or part contributing to the related art, and the computer software product may be stored in a storage medium, and include several instructions to cause a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the methods of the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program code, such as a removable storage device, RAM, ROM, magnetic or optical disk.
Corresponding to the above computer storage medium, in one embodiment, there is also provided a computer device, where the computer device includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the role granularity based progressive right control method in the above embodiments when the processor executes the program.
The computer device may be a terminal, and its internal structure may be as shown in fig. 12. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a progressive right control method based on role granularity. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
According to the embodiment of the invention, the corresponding role grade and authority gradient are allocated to the user account in advance, the multi-menu directory is generated based on the same component, and the display modes of the multi-menu directory are adjusted according to the role grade and the authority gradient, wherein the display modes comprise the number and the types of the menu directories and the display modes of all the operable objects in the corresponding menu directory, the role grade and the authority gradient of the current user account are obtained, and the multi-menu directory is displayed in the corresponding display modes. The embodiment of the invention can divide the identity and the authority of the user according to the role grade and the authority gradient, and is different from the traditional RBAC mode, the embodiment of the invention grades the role, and meanwhile, different authority gradients are corresponding to the role grade, so that the authority division is finer and more efficient. Meanwhile, the embodiment of the invention generates the multi-menu catalogue based on the same component, and then displays the multi-menu catalogue in a corresponding display mode according to the role grade and the authority gradient of the current user account, so that when the same component faces different authority users, the page menu has different display modes, the flexibility of the component is improved, and the operation usability of the user account to the power grid management system after logging in is greatly simplified.
The above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A role granularity-based step-by-step authority control method is used for electric network ledger management and is characterized by comprising the following steps:
corresponding role grades and authority gradients are distributed for the user account;
generating a multi-menu directory based on the same component;
according to the role grade and the authority gradient, adjusting the display modes of the multi-menu catalogs, wherein the display modes comprise the number and the types of the menu catalogs and the display modes of the corresponding operable objects in the menu catalogs;
and acquiring the role grade and the authority gradient of the current user account, and displaying the multi-menu directory in a corresponding display mode.
2. The progressive right control method based on role granularity according to claim 1, wherein the step of adjusting the presentation mode of the multi-menu directory according to the role grade and the right gradient, wherein the presentation mode includes the number and the kind of the menu directories and the presentation mode of each operable object in the corresponding menu directory includes:
Adding a first subordinate in the menu directory and setting a role identifier, wherein the role identifier is used for determining the role grade of the user account;
adding a second lower level in the menu directory and setting a permission identifier, wherein the permission identifier is used for determining the permission gradient of the user account;
and according to the determining operation of the character identification and the authority identification, adjusting the display mode of the multi-menu directory, and establishing the corresponding relation among the character grade, the authority gradient and the display mode.
3. The hierarchical rights control method based on role granularity as set forth in claim 2, wherein the rights gradient includes a first rights gradient and a second rights gradient, and the step of assigning the corresponding role grade and rights gradient to the user account includes:
assigning role grades to the user account, wherein the role grades comprise a super role, a city office role, a county office role, a power supply office role and a personal maintenance role;
according to the data range of the account book field in charge of the user account, corresponding first authority gradients are allocated for the user account;
and distributing a corresponding second authority gradient for the user account according to the operation authority of the user account, wherein the operation authority comprises adding, deleting, modifying and reading authorities.
4. A role granularity based progressive rights control method as claimed in claim 3, wherein the adding a second lower level in the menu directory and setting a rights identification for determining a rights gradient of the user account comprises:
collecting selection operation of a second subordinate target field in a menu directory, and determining a first authority gradient of a user account;
and determining a second authority gradient of the user account according to the routing parameters.
5. The progressive right control method based on role granularity according to claim 4, wherein before the step of obtaining the role grade and the right gradient of the current user account and displaying the multi-menu directory in a corresponding display manner, further comprising:
according to the type of the ledger, determining a core field of the corresponding ledger;
acquiring target data corresponding to core fields of each ledger in ledger data to be imported;
the step of acquiring the role grade and the authority gradient of the current user account and displaying the multi-menu directory in a corresponding display mode comprises the following specific steps:
acquiring the role grade and the authority gradient of the current user account, and displaying the multi-menu directory in a corresponding display mode, wherein the display mode comprises a display standard import button and a cross-authority import button;
After the step of obtaining the role grade and the authority gradient of the current user account and displaying the multi-menu directory in the corresponding display mode, the method further comprises the following steps:
and acquiring target data corresponding to the import confirming operation, the role grade and the authority gradient in the ledger to be imported as data objects according to the import confirming operation of the user account.
6. The hierarchical rights control method based on role granularity as set forth in claim 5, wherein the step of determining target data corresponding to the import validation operation, role level and rights gradient in the ledger to be imported as a data object according to the import validation operation of the user account includes:
receiving standard import operation of a user account based on a standard import button, and determining a core field which is to be imported into the ledger and is primarily matched with the role grade;
screening the primary matched core fields according to the first authority gradient and the second authority gradient of the user account, and determining the screened core fields as data objects;
receiving a selection operation based on at least one target core field of a ledger to be imported, wherein the target core field exceeds a first authority gradient corresponding to a user account;
Receiving cross-authority import operation of a user account based on a cross-authority import button, and acquiring pre-import information of a target core field in a system, wherein the pre-import information comprises role grade, pre-import time and data anchoring strength of the pre-import account;
judging whether the cross-authority import operation is legal or not according to the role grade of the user account, the second authority gradient, the role grade of the prior import account, the prior import time and the data anchoring strength;
if yes, at least determining target data corresponding to the target core field as a data object;
if not, pushing the cross-authority importing operation of the user account, the target core field of the account to be imported, the previous target data of the target core field and the target data to be imported to the prior importing account, and determining at least the target data corresponding to the target core field as a data object according to the authorizing operation of the prior importing account.
7. A role granularity-based progressive right control device for electric network ledger management, comprising:
the configuration module is used for distributing corresponding role grades and authority gradients for the user account;
The generating module is used for generating a multi-menu catalog based on the same component;
the adjustment module is used for adjusting the display modes of the multi-menu catalogs according to the role grade and the authority gradient, wherein the display modes comprise the number and the type of the menu catalogs and the display modes of the operable objects in the corresponding menu catalogs;
the acquisition module is used for acquiring the role grade and the authority gradient of the current user account and displaying the multi-menu directory in a corresponding display mode.
8. The role granularity-based progressive right control apparatus of claim 7, wherein the adjustment module comprises:
a first adding unit, configured to add a first subordinate to the menu directory and set a role identifier, where the role identifier is used to determine a role level of the user account;
the second adding unit is used for adding a second lower level in the menu catalog and setting a permission identifier, wherein the role identifier is used for determining the permission gradient of the user account;
the adjustment unit is used for adjusting the display mode of the multi-menu directory according to the determination operation of the role identifier and the authority identifier, and establishing the corresponding relation among the role identifier, the authority identifier and the display mode.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the role-granularity based progressive right control method as claimed in any one of claims 1 to 6 when executing the computer program.
10. A computer storage medium having stored thereon a computer program which when executed by a processor implements a role granularity based progressive right control method as claimed in any one of claims 1 to 6.
CN202310917932.1A 2023-07-25 2023-07-25 Role granularity-based step-by-step authority control method and device Pending CN116956246A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310917932.1A CN116956246A (en) 2023-07-25 2023-07-25 Role granularity-based step-by-step authority control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310917932.1A CN116956246A (en) 2023-07-25 2023-07-25 Role granularity-based step-by-step authority control method and device

Publications (1)

Publication Number Publication Date
CN116956246A true CN116956246A (en) 2023-10-27

Family

ID=88456156

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310917932.1A Pending CN116956246A (en) 2023-07-25 2023-07-25 Role granularity-based step-by-step authority control method and device

Country Status (1)

Country Link
CN (1) CN116956246A (en)

Similar Documents

Publication Publication Date Title
CN108292231B (en) Method and system for generating applications from data
CN108509400B (en) Document template generation method and device, computer equipment and storage medium
US20190340212A1 (en) Dynamic content modifications
US11553035B2 (en) Cross-platform module for loading across a plurality of device types
CN111767704B (en) Excel form template generation method and device
CN104765715A (en) Cloud font service system
TW201610713A (en) Identifying and surfacing relevant report artifacts in documents
CN116956246A (en) Role granularity-based step-by-step authority control method and device
CN111339098A (en) Authority management method, data query method and device
CN108763393B (en) Workbook management method and device, computer equipment and storage medium
CN112015429B (en) Code generation method, device and equipment
CN113110835A (en) Layout management method, device, medium and equipment for medical operating system interface
JP2005352980A (en) Document difference display system, document difference display server and document difference display method and its program
CN114297552A (en) Form expansion method and device, computer equipment and storage medium
US11243867B1 (en) System for federated generation of user interfaces from a set of rules
CN114201157A (en) Method and system for customizing target service module by low code
JP2011233104A (en) Information processing system, information processor, information processing method, program, and recording medium
CN112015416A (en) Verification method and device for developing webpage, electronic equipment and computer readable medium
US11755824B2 (en) System and method for predicting and moderating signature locations within electronic documents
JP2007122598A (en) Information processor, and information processing system and program
CN113377367B (en) Data collection method, device, computer equipment and storage medium
CN114581033B (en) Method, device and equipment for rapidly developing government affair approval business
US20220309188A1 (en) System and method for predicting signature locations within electronic documents
CN101989197A (en) System for multiplexing web program permission and method for generating and accessing program
CN116957501A (en) Method and device for quickly importing low-voltage ledger data of power grid master station system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination