CN117354009A - User-role-authority information acquisition method, platform and storage medium - Google Patents
User-role-authority information acquisition method, platform and storage medium Download PDFInfo
- Publication number
- CN117354009A CN117354009A CN202311304888.3A CN202311304888A CN117354009A CN 117354009 A CN117354009 A CN 117354009A CN 202311304888 A CN202311304888 A CN 202311304888A CN 117354009 A CN117354009 A CN 117354009A
- Authority
- CN
- China
- Prior art keywords
- role
- user
- information
- preferred
- service end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 230000004044 response Effects 0.000 claims abstract description 6
- 230000002159 abnormal effect Effects 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 10
- 238000012544 monitoring process Methods 0.000 claims description 5
- 230000008859 change Effects 0.000 claims description 4
- 230000036541 health Effects 0.000 claims description 3
- 238000011084 recovery Methods 0.000 abstract description 5
- 238000007726 management method Methods 0.000 description 31
- 230000015556 catabolic process Effects 0.000 description 3
- 238000006731 degradation reaction Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000007792 addition Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0663—Performing the actions predefined by failover planning, e.g. switching to standby network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Abstract
The invention relates to a user-role-authority information acquisition method, a platform and a storage medium, wherein the method comprises the following steps: judging whether the preferred service end is normal, if so, establishing connection with the preferred service end, otherwise, establishing connection with the alternative service end; sending a query request comprising user information or role information to a service end for establishing connection; and receiving response data, wherein the response data comprises a role query result corresponding to the user information or a right query result corresponding to the role information. Compared with the prior art, the invention has the advantages of strong disaster recovery capability and the like.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method, a platform, and a storage medium for obtaining user-role-permission information.
Background
The unified authority management platform provides a background management page, maintains functions of service system menu management, role management, association relation of roles and authorities and the like, and the unified authority can allocate an administrator role for each service system, accesses the background management page and carries out corresponding configuration. When a user accesses a service system, the user can call the unified authority through the real-time interface to acquire the role authority information of the user.
Because the background management of the local system at present comprises user management, role management, menu authority management, association relation between roles and menus and association relation between users and roles, each system can develop one set, the cost is high, and account safety management is not facilitated.
Chinese patent application publication No. CN110378098A discloses a rights control method, system, electronic device and storage medium, wherein the method comprises: acquiring roles corresponding to a user according to identity information of the user; determining a permission module corresponding to the role according to the role; determining a permission menu corresponding to the permission module according to the permission module; and acquiring the authority of the user according to the authority menu.
The application can correspond the user-role-authority, but cannot solve the problem of low risk resistance of unified authority management.
Thus, in view of the foregoing problems, there is currently a lack of a cross-system user-role-permission information acquisition method.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a user-role-authority information acquisition method, a platform and a storage medium so as to realize unified authority management and improve disaster recovery capability.
The aim of the invention can be achieved by the following technical scheme:
in one aspect of the present invention, there is provided a user-character-right information acquisition method including the steps of:
judging whether the preferred service end is normal, if so, establishing connection with the preferred service end, otherwise, establishing connection with the alternative service end;
sending a query request comprising user information or role information to a service end for establishing connection;
and receiving response data, wherein the response data comprises a role query result corresponding to the user information or a right query result corresponding to the role information.
As a preferable technical scheme, if the preferred server and the alternative server are abnormal, a query request is sent to a local emergency authority management terminal.
As a preferred technical scheme, the method further comprises:
and carrying out data synchronization among the preferred server, the alternative server and the emergency authority management end at intervals of preset time.
As a preferable technical scheme, the mapping relation between the role query results and the mapping relation between the role information and the authority query results are preset.
As a preferable technical scheme, the information acquisition method is applied to a service system.
As a preferable technical scheme, whether the preferred service end is normal or not is judged through a preset health check interface.
In another aspect of the present invention, there is provided a rights management platform comprising:
when the state of the preferred server is normal, the preferred server responds to the query request of the service system;
the alternative server responds to the query request of the service system when the state of the preferred server is abnormal;
the emergency authority management end is deployed on the local of the service system, and when the states of the first-choice service end and the alternative service end are abnormal, the emergency authority management end responds to the query request of the service system.
As a preferred technical scheme, the method further comprises:
the authority management module is used for adding, deleting or modifying the mapping relation between the user and the role and the mapping relation between the role and the authority;
and the auditing and monitoring module is used for storing the inquiry request information and the permission change record.
As a preferable technical scheme, the preferred service end and the alternative service end are arranged at different places.
In another aspect of the present invention, there is provided a method for obtaining user-role-rights information, comprising the steps of providing one or more programs for execution by one or more processors of an electronic device, the one or more programs comprising instructions for performing the user-role-rights information obtaining method described above.
Compared with the prior art, the invention has the following advantages:
(1) The disaster recovery capacity of unified authority management is improved: the method has the advantages that the two-end deployment mode of the first-choice service end and the second-choice service end is adopted, the influence on the user when the service in a certain place is abnormal is reduced, and the safety and smoothness of the service flow are ensured.
(2) In the extreme case the business system can be decoupled from the unified platform: in the extreme case that the preferred service end and the alternative service end are abnormal (such as network failure), local degradation can be performed through an emergency authority management end arranged locally in the service system, and local data is used for inquiring, so that disaster recovery capability is further improved.
Drawings
Fig. 1 is a schematic diagram of a user-role-authority information acquisition process in an embodiment.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
Example 1
Aiming at the problems in the prior art, the embodiment provides a user-role-authority information acquisition method, wherein unified authorities are deployed by adopting two-place two-center application services, so that the influence on users when a certain place service is abnormal is reduced, and the safety and smoothness of a business process are ensured.
Referring to fig. 1, the interaction process of the method is as follows:
s1, a business system determines whether to access application services of the Shanghai (i.e. the place where a preferred service end is located) or the application services of the syndication (i.e. the place where the selected service end is located) through a health check interface, and sends out a query request through an ESB (enterprise service bus);
s2, if the two-place service is abnormal, carrying out local degradation, and inquiring by using the data backup of the emergency authority management end of the local service system;
s3, the server side/the management side responds to the query request and returns the needed information.
The user role authority information is related to the requirement that the service system refreshes a local cache when a real-time interface is called, and the full-quantity file synchronization is periodically carried out, so that the service system can acquire the user related information from the local in an extreme case.
And constructing a server/management terminal based on Redis and a database, and adopting AD domain control separation. To achieve unified user management, it is necessary to first establish a unified user pool management and second involve data synchronization between multiple systems.
And (3) role authority design: first, a role in the system is designed. Roles should be divided according to the responsibilities and rights requirements of the user, each role applying a clear scope of rights.
Rights centralized management: a centralized authority module is established for managing all user roles and authorities.
User role allocation: each user is assigned to an appropriate role and each role is assigned a corresponding right.
Fine granularity rights control: fine granularity control of rights can be set, such as addition, deletion and modification of rights, rights of specific operations, and the like.
Authority audit and monitoring: and establishing a permission auditing and monitoring mechanism, and recording role permission change and access conditions of the user.
The schemes can help to realize centralized management of unified user role authority and ensure system security, maintainability and expandability.
Example 2
On the basis of embodiment 1, this embodiment provides a rights management platform, including:
the preferred server responds to the query request of the service system when the state of the preferred server is normal;
the alternative server responds to the query request of the service system when the state of the preferred server is abnormal;
the emergency authority management end is deployed locally on the service system, and responds to the query request of the service system when the states of the first-choice service end and the alternative service end are abnormal;
the authority management module is used for adding, deleting or modifying the mapping relation between the user and the role and the mapping relation between the role and the authority;
and the auditing and monitoring module is used for storing the inquiry request information and the permission change record.
Wherein the preferred server and the alternative server are located at different places.
Example 3
The present embodiment provides a computer-readable storage medium including one or more programs for execution by one or more processors of an electronic device, the one or more programs including instructions for performing the above-described user-role-permission information acquisition method.
The invention adopts the mode of double-end deployment of the first-choice service end and the alternative service end to reduce the influence on users when a certain local service is abnormal, ensures the safety and smoothness of the service flow, and can perform local degradation through an emergency authority management end arranged locally in the service system under the extreme condition that the first-choice service end and the alternative service end are abnormal, and further improves the disaster recovery capability by using local data for inquiry.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (10)
1. A method for obtaining user-role-rights information, comprising the steps of:
judging whether the preferred service end is normal, if so, establishing connection with the preferred service end, otherwise, establishing connection with the alternative service end;
sending a query request comprising user information or role information to a service end for establishing connection;
and receiving response data, wherein the response data comprises a role query result corresponding to the user information or a right query result corresponding to the role information.
2. The method for obtaining user-role-permission information according to claim 1, wherein if the preferred server and the alternative server are abnormal, a query request is sent to a local emergency permission management terminal.
3. The user-character-right information acquisition method according to claim 2, characterized by further comprising:
and carrying out data synchronization among the preferred server, the alternative server and the emergency authority management end at intervals of preset time.
4. The method for acquiring user-character-right information according to claim 1, wherein the mapping relationship between character query results and the mapping relationship between character information and right query results are preset.
5. The method for acquiring user-character-right information according to claim 1, wherein the information acquisition method is applied to a business system.
6. The method for obtaining user-character-permission information according to claim 1, wherein whether the preferred service terminal is normal is judged through a predetermined health check interface.
7. A rights management platform, comprising:
when the state of the preferred server is normal, the preferred server responds to the query request of the service system;
the alternative server responds to the query request of the service system when the state of the preferred server is abnormal;
the emergency authority management end is deployed on the local of the service system, and when the states of the first-choice service end and the alternative service end are abnormal, the emergency authority management end responds to the query request of the service system.
8. A rights management platform according to claim 7, further comprising:
the authority management module is used for adding, deleting or modifying the mapping relation between the user and the role and the mapping relation between the role and the authority;
and the auditing and monitoring module is used for storing the inquiry request information and the permission change record.
9. The rights management platform of claim 7, wherein the preferred server and the alternative server are located remotely.
10. A computer-readable storage medium comprising one or more programs for execution by one or more processors of an electronic device, the one or more programs comprising instructions for performing the user-role-rights information acquisition method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311304888.3A CN117354009A (en) | 2023-10-09 | 2023-10-09 | User-role-authority information acquisition method, platform and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311304888.3A CN117354009A (en) | 2023-10-09 | 2023-10-09 | User-role-authority information acquisition method, platform and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117354009A true CN117354009A (en) | 2024-01-05 |
Family
ID=89364440
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311304888.3A Pending CN117354009A (en) | 2023-10-09 | 2023-10-09 | User-role-authority information acquisition method, platform and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117354009A (en) |
-
2023
- 2023-10-09 CN CN202311304888.3A patent/CN117354009A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0831386B1 (en) | Disconnected write authorization in a client/server computing system | |
| EP1851632B1 (en) | Disaster recovery framework | |
| US8549327B2 (en) | Background service process for local collection of data in an electronic discovery system | |
| US8321860B2 (en) | Local collector | |
| US7856664B2 (en) | Method, system and computer program for a secure backup license server in a license management system | |
| CN111130835A (en) | Data center dual-active system, switching method, device, equipment and medium | |
| CN110990200B (en) | Flow switching method and device based on multiple active data centers | |
| US9813496B2 (en) | Method and apparatus for collaborating in a work environment | |
| US20020161615A1 (en) | Workflow system | |
| US7093163B2 (en) | Processing takeover method in multiple computer system | |
| US11784905B2 (en) | Method and apparatus for ensuring continued device operational reliability in cloud-degraded mode | |
| CN103209090A (en) | Remote network management system and business operation method thereof | |
| CN104753987B (en) | A kind of distributed conversation management method and system | |
| CN102291239B (en) | Remote authentication method, system, agent component and authentication servers | |
| EP2524320B1 (en) | Recovering data in a storage medium of an electronic device that has been tampered with | |
| CN117354009A (en) | User-role-authority information acquisition method, platform and storage medium | |
| JP4113354B2 (en) | Wide area distributed system | |
| CN109033877A (en) | A kind of distributed user permission processing method and system | |
| CN115426175A (en) | Instance incubation system and method based on user isolation | |
| CN114036164A (en) | High-concurrency transaction locking method and system combining optimistic lock and pessimistic lock | |
| US7240096B1 (en) | System and method for providing service technicians access to dispatch information | |
| CN113810366A (en) | Website uploaded file safety identification system and method | |
| JP2024059324A (en) | Security system and method for controlling security system | |
| WO2000055953A1 (en) | System and method of event management and early fault detection | |
| JP2885192B2 (en) | Computer system and its state restoration method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |