CN117521039A

CN117521039A - Resource and authority management method and device

Info

Publication number: CN117521039A
Application number: CN202311494064.7A
Authority: CN
Inventors: 单连斌; 曾杰; 胡麒翼; 吴迪
Original assignee: Shanghai Ruide Huizhi Technology Co ltd Beijing Branch
Current assignee: Shanghai Ruide Huizhi Technology Co ltd Beijing Branch
Priority date: 2023-11-10
Filing date: 2023-11-10
Publication date: 2024-02-06

Abstract

The embodiment of the specification relates to the technical field of Internet, and provides a resource and authority management method and device. The method comprises the following steps: the method comprises the steps that a service tree of an organization is built in advance according to an organization framework of the organization, when a user login is detected, rights owned by the user are inquired through obtaining user information, and a rights list of the user is determined; based on the authority list, displaying an information list of the authority owned by the user in a tree structure; receiving an operation application request sent by a user according to the service tree, and determining a target operation identifier corresponding to the operation application request according to the operation application request; sending a permission application request to a permission management server according to the target operation identifier and the user identifier; and receiving an approval result sent by the authority management server, and opening the operation authority of the target operation if the approval result is passed. Through the embodiment of the specification, unified management of rights, resources, users, services and the like can be realized, and the rights management efficiency is improved.

Description

Resource and authority management method and device

Technical Field

The embodiment of the specification relates to the technical field of Internet, in particular to a resource and authority management method and device.

Background

With the development of internet technology, people tend to manage the operation rights of their organizations including resources, services and businesses by means of rights management systems. The configuration management database CMDB is a common operation and maintenance management system in the prior art, which can provide data and management interfaces for other management platforms and drive the automation and the intellectualization of operation and maintenance management. However, the traditional CMDB is a flattened table structure, only the basic physical device resource information can be managed, and the association and unified management of information such as business, personnel, resources, services and the like cannot be completed, and the unified management of the information rights cannot be completed, so that the efficiency of resource management and rights management is lower. Therefore, a resource and rights management method is needed to uniformly manage the above information, thereby improving the rights management efficiency.

Disclosure of Invention

In view of the foregoing problems in the prior art, an object of an embodiment of the present disclosure is to provide a method and an apparatus for managing resources and rights, so as to solve the problem that in the prior art, unified management of information rights cannot be completed, thereby resulting in lower efficiency of resource management and rights management.

In order to solve the above technical problems, the specific technical solutions of the embodiments of the present specification are as follows:

on the one hand, the embodiment of the specification provides a resource and authority management method, and a service tree of an organization is pre-established, wherein the service tree comprises all levels of organization nodes and subordinate organization nodes contained in all levels of organization nodes, subordinate service nodes contained in end organization nodes and subordinate service nodes contained in service nodes and configuration information of all nodes, the configuration information of non-service nodes at least comprises personnel authority information, and the configuration information of service nodes at least comprises personnel authority information, service attributes and resource information; the method comprises the following steps:

when the user login is detected, acquiring user information, inquiring the authority owned by the user according to the user information, and determining an authority list of the user;

based on the authority list, displaying an information list of the authority owned by the user in a tree structure;

receiving an operation application request sent by a user according to the service tree, and determining a target operation identifier corresponding to the operation application request according to the operation application request;

sending a permission application request to a permission management server according to the target operation identifier and the user identifier;

and receiving an approval result sent by the authority management server, and opening the operation authority of the target operation if the approval result is passed.

Preferably, the personnel authority information of each node in the service tree includes: the operation authority of the node and the authority for adjusting the configuration information in the subordinate node owned by the node.

Preferably, the method further comprises:

when the service tree node is changed, acquiring node information of the changed node;

and automatically collecting the business, service and resource contained in the change node into the previous level node corresponding to the change node according to the node information of the change node.

Preferably, the operation application request includes: service tree node management requests, service tree user management requests and service tree resource management requests.

Preferably, the sending, according to the target operation identifier and the user identifier, a request for applying for rights to a rights management server includes:

determining an approver identifier corresponding to the target operation identifier;

sending approval notification to a terminal corresponding to the approver identifier;

if approval passing notification sent by a terminal corresponding to each approver identifier is received, judging that the approval passes;

if the approval rejection notification sent by the terminal corresponding to one of the approver identifiers is received, judging that the approval is not passed, and sending the rejection notification to the terminal corresponding to the user identifier.

Preferably, if the approval result is passing, the method further comprises:

storing the user identification, the target operation identification and the association relation between the user identification and the target operation identification into a database to obtain an updated database;

and calling a pre-designed service tree data writing interface, writing the data in the updated database into the service tree, and finishing the structural update of the service tree.

On the other hand, the embodiment of the specification provides a resource and authority management device, and a service tree of an organization is pre-established, wherein the service tree comprises all levels of organization nodes and subordinate organization nodes contained in all levels of organization nodes, subordinate service nodes contained in tail end organization nodes and subordinate service nodes contained in service nodes and configuration information of all nodes, the configuration information of non-service nodes at least comprises personnel authority information, and the configuration information of service nodes at least comprises personnel authority information, service attributes and resource information; the device comprises:

the acquisition module is used for acquiring user information when the user login is detected, inquiring the authority owned by the user according to the user information and determining an authority list of the user;

the display module is used for displaying an information list with the authority of the user in a tree structure based on the authority list;

the receiving module is used for receiving an operation application request sent by a user according to the service tree, and determining a target operation identifier corresponding to the operation application request according to the operation application request;

the sending module is used for sending an authority application request to the authority management server according to the target operation identifier and the user identifier;

and the approval module is used for receiving the approval result sent by the authority management server, and opening the operation authority of the target operation if the approval result is passed.

In yet another aspect, embodiments of the present disclosure further provide a computer device including a memory, a processor, and a computer program stored on the memory, which when executed by the processor, performs instructions of any one of the methods described above.

In yet another aspect, embodiments of the present disclosure also provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor of a computer device, performs instructions of any of the methods described above.

In yet another aspect, the present description embodiment also provides a computer program product, which when executed by a processor of a computer device, performs the instructions of any of the methods described above.

One or more technical solutions provided in some embodiments of the present disclosure at least have the following technical effects:

the embodiment of the specification establishes an organization service tree in advance according to a business architecture of an organization, binds personnel, resources, business and service contained in the organization to the tree, acquires user information when a user login is detected, inquires authority owned by the user according to the user information, determines an authority list of the user based on the authority list, and displays an information list of the authority owned by the user in a tree structure; receiving an operation application request sent by a user according to the service tree, and determining a target operation identifier corresponding to the operation application request according to the operation application request of the user; sending a permission application request to a permission management server according to the target operation identifier and the user identifier; and receiving an approval result sent by the authority management server, and opening the operation authority of the target operation if the approval result is passed. The method of the embodiment of the specification can realize the automatic inheritance of the authorities, the resources, the services and the services in the authority resource and the authority management by utilizing the inheritance relationship between the father node and the child node of the service tree, when an organization architecture or a service adjustment condition occurs, the attribution relationship between the father node and the child node of the service tree can be automatically changed through the service tree, and the corresponding inheritance relationship is synchronously changed, so that the unified management of personnel, resources, authorities and services is realized, and the authority management efficiency is improved.

The foregoing description is merely an overview of some embodiments of the present disclosure, which may be practiced in accordance with the disclosure of the present disclosure, for the purpose of making the foregoing and other objects, features, and advantages of some embodiments of the present disclosure more readily apparent, and for the purpose of providing a more complete understanding of the present disclosure's technical means.

Drawings

In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present description, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flow chart of a resource and rights management method in some embodiments of the present disclosure;

FIG. 2 illustrates a tree structure diagram in some embodiments of the present description;

FIG. 3 is a schematic diagram showing steps for sending a request for applying rights to a rights management server according to the target operation identifier and the user identifier in some embodiments of the present disclosure;

FIG. 4 is a schematic diagram showing steps after approval results are passed in some embodiments of the present disclosure;

FIG. 5 illustrates another flow diagram of a resource and rights management method provided in some embodiments of the present disclosure;

FIG. 6 is a schematic diagram illustrating the structure of a resource and rights management unit in some embodiments of the present disclosure;

fig. 7 illustrates a schematic diagram of a computer device provided in some embodiments of the present description.

Description of the drawings:

601. an acquisition module;

602. a display module;

603. a receiving module;

604. a transmitting module;

605. an approval module;

702. a computer device;

704. a processor;

706. a memory;

708. a driving mechanism;

710. an input/output module;

712. an input device;

714. an output device;

716. a presentation device;

718. a graphical user interface;

720. a network interface;

722. a communication link;

724. a communication bus.

Detailed Description

In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.

It should be noted that the terms "first," "second," and the like in the description and the claims, and in the foregoing figures, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the present description described herein may be capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, apparatus, article, or device that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or device.

In the prior art, with the development of internet technology, people tend to manage the operation rights of their organizations including resources, services and businesses by means of a rights management system. The configuration management database CMDB is a common operation and maintenance management system in the prior art, which can provide data and management interfaces for other management platforms and drive the automation and the intellectualization of operation and maintenance management. However, the traditional CMDB is a flattened table structure, only the basic physical device resource information can be managed, and the association and unified management of information such as business, personnel, resources, services and the like cannot be completed, and the unified management of the information rights cannot be completed, so that the efficiency of resource management and rights management is lower.

In order to solve the above problems, the embodiments of the present disclosure provide a resource and rights management method, which can uniformly manage the above information, thereby improving the efficiency of rights management. FIG. 1 is a schematic diagram of the steps of a resource and rights management method provided by an embodiment of the present disclosure, which provides the method operational steps as described in the examples or flowcharts, but may include more or fewer operational steps based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. When a system or apparatus product in practice is executed, it may be executed sequentially or in parallel according to the method shown in the embodiments or the drawings.

Referring to fig. 1, an embodiment of the present disclosure provides a resource and authority management method, and a service tree of an organization is pre-established, where the service tree includes organization nodes at each level and subordinate organization nodes included in the organization nodes at each level, subordinate service nodes included in terminal organization nodes and subordinate service nodes included in service nodes, and configuration information of each node, where configuration information of a non-service node includes at least personnel authority information, and configuration information of a service node includes at least personnel authority information, service attribute and resource information; the method comprises the following steps:

s101: when the user login is detected, acquiring user information, inquiring the authority owned by the user according to the user information, and determining an authority list of the user;

s102: based on the authority list, displaying an information list of the authority owned by the user in a tree structure;

s103: receiving an operation application request sent by a user according to the service tree, and determining a target operation identifier corresponding to the operation application request according to the operation application request;

s104: sending a permission application request to a permission management server according to the target operation identifier and the user identifier;

s105: and receiving an approval result sent by the authority management server, and opening the operation authority of the target operation if the approval result is passed.

According to the embodiment of the specification, an organization service tree is pre-established according to an organization architecture of an organization, personnel, resources, services and services contained in the organization are bound to the organization service tree, and the inheritance relationship between father nodes and child nodes in the service tree is utilized, so that the automatic inheritance of the rights, the resources, the services and the services can be realized in the organization resource and the rights management.

The conventional CMDB system mainly focuses on the attribute and state of the resource itself, which makes it difficult to establish association information between the resource and the service in the CMDB system, increasing the complexity of resource management. The service tree is a model that maps services to a tree structure and then corresponds to resources, and in a popular and narrow sense, the service tree maintains resources such as which machines and network devices exist under which service line. Unlike conventional CMDB systems, service trees focus on solving the mapping relationship of traffic to resources. For example, there are N business groups under a company, N departments under each business group, N services in each department, N modules in each service, and N clusters in each module, and through the relationship information between the layers, the tree structure diagram corresponding to the company can be obtained. Each tree node in the tree structure diagram is a separate space for storing resources such as machines and network devices. When all resources are placed on different nodes of the tree, respectively, according to the usage situation, a service tree is formed. The inheritance relationship between the nodes of the tree, namely the father node and the child node, is exactly corresponding to the organization architecture of the service.

In some embodiments, the resources are various types of technology resources, including, but not limited to: servers, containers, domain names, certificates, network devices, databases, message queues, etc., require distinct definition of various attributes of various resources for interfacing with various automation tools prior to building a service tree. The manager of the resource defines the corresponding resource identification for various resources, distributes various technical resources to the affiliated service according to the actual attribution through the service tree, and confirms the attribution of the resources. Meanwhile, the system can count general attribute information of some resources and is used for cross-platform unified scheduling. The service is a minimum unit set for service management, all resources should be related to the service, a responsible person of the service needs to define a unique identifier of the service through a service tree as a globally unique ID, the identifier will be used as a unit of all operations, some necessary attributes of the service such as information of creation time, description and the like need to be defined, and the system needs to support automatic supplement of some default information. As shown in fig. 2, the service tree established based on the organization architecture of the organization includes organization nodes at each level and subordinate organization nodes included in the organization nodes at each level, subordinate service nodes included in terminal organization nodes and subordinate service nodes included in the service nodes, and configuration information of each node, wherein the configuration information of non-service nodes at least includes personnel authority information, and the configuration information of service nodes at least includes personnel authority information, service attributes and resource information.

In some embodiments, the personnel authority information of each node in the service tree includes: the operation authority of the node and the authority for adjusting the configuration information in the subordinate node owned by the node.

Specifically, in a typical internet technology company service tree, a root node is a primary node of a company name, a node responsible person is generally a technology master or CTO, a subordinate secondary node is generally a Business Unit (BU) node, and the responsible person is a business unit technology responsible person. The third-level node is important on-line service, and can be formulated by referring to organization architecture responsibility division, such as a service module of a front end, a middle platform, a rear end and the like of a certain service line. The fourth-level node is a specific service function, such as flow access, web front end, mobile end, etc. The five-level node, namely the leaf node, is used for mounting all services or APP, generally corresponds to code warehouse projects, a service association resource list is the minimum unit of each product research and development flow, and other enterprise efficiency platforms or systems, such as a monitoring system, a release and delivery system and the like, are all executed by taking the services as granularity.

In some embodiments, when a user login is detected, user information is acquired, rights owned by the user are queried according to the user information, and a rights list of the user is determined, wherein the user information at least comprises: and (5) user identification. Based on the authority list, displaying an information list of the authority owned by the user in a tree structure, wherein the information list at least comprises: business list, service list and resource list. The tree structures visible by different users are displayed differently according to the authority and responsibility ranges, so that the user can operate on the resources, services and businesses, and therefore, the authority owned by the user needs to be inquired according to the information of the user, and different contents are displayed. The user can search and inquire the service information in the displayed information list according to the keywords such as the service identifier, the resource identifier, the service identifier, the user identifier and the like.

In some embodiments, the operation application request issued by the user to the service tree includes: service tree node management requests, service tree user management requests and service tree resource management requests. The node management can realize operations such as node creation, node migration, node deletion and the like. The user management can realize operations such as user information synchronization, user authority setting, user and service association, and the upper user in the service tree can perform operations such as adding, deleting, changing, searching and the like on the lower user due to inheritance relationship between the father node and the child node in the service tree. The resource management can realize the operations of binding the resource with the service, unbinding the personnel and the resource, off-line of the resource and the like. The resource manager can allocate various resources to the service through the association relation between the resource identifier and the service identifier, so that the attribution of the resources is clarified.

In some embodiments, referring to fig. 3, sending a rights application request to a rights management server according to the target operation identifier and the user identifier includes:

s301: determining an approver identifier corresponding to the target operation identifier;

s302: sending approval notification to a terminal corresponding to the approver identifier;

s303: if approval passing notification sent by a terminal corresponding to each approver identifier is received, judging that the approval passes;

s304: if the approval rejection notification sent by the terminal corresponding to one of the approver identifiers is received, judging that the approval is not passed, and sending the rejection notification to the terminal corresponding to the user identifier.

Any operation aiming at resources, services and businesses needs to pass the authority verification of the authority management server, and the user operation application request can only pass when the authority management server returns a notification of approval passing, so that the operation authority of the target operation is opened. For any operation application request, a plurality of approvers are set at the same approval node, for example, three A, B, C people can receive approval notification at the same time, after all approval is required, the next approval node can be reached by the approval, if any one of the approvers refuses, the application request is regarded as refused, and the later approvers can not see the application request. Wherein the approval nodes can be arranged into a plurality of or a single approval nodes according to actual situations.

In some embodiments, if the approval result is passed, referring to fig. 4, the method further includes:

s401: storing the user identification, the target operation identification and the association relation between the user identification and the target operation identification into a database to obtain an updated database;

s402: and calling a pre-designed service tree data writing interface, writing the data in the updated database into the service tree, and finishing the structural update of the service tree.

When the operation application request initiated by the user passes, at this time, an association relationship is automatically established between the user identifier and the target operation identifier, the association relationship between the user identifier and the target operation identifier is stored in the database, if the original database does not have the association relationship, an updated database is obtained, and if the original database already has the association relationship, repeated data in the database are deleted. After the database is updated, the data in the updated database is synchronized back to the service tree by calling a pre-designed service tree information writing interface, and the structural update of the service tree is automatically completed. Wherein the service tree information writing interface may be implemented through an API.

In some embodiments, referring to fig. 5, the method further comprises:

s501: when the service tree node is changed, acquiring node information of the changed node;

s502: and automatically collecting the business, service and resource contained in the change node into the previous level node corresponding to the change node according to the node information of the change node.

When the change of the node is detected, the node information of the changed node, such as the path or position of the node, is acquired, and the business, service, resource and the like contained in the changed node are automatically collected into the previous node corresponding to the changed node. For example, in an internet company, a certain node corresponds to a service group, when the service group is broken up, the corresponding node should be deleted, meanwhile, the services, services and resources contained in the service group should be automatically collected to the last level department of the service group, and when the last level department receives the incorporated services, services and resources, the incorporated services, services and resources are reassigned to the new next level service group according to the manpower conditions, service conditions and the like of the departments.

It should be noted that, user information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party. In addition, the technical scheme described in the embodiment of the application accords with relevant regulations on data acquisition, storage, use, processing and the like.

Based on the above-mentioned resource and rights management method, the embodiment of the present disclosure further provides a resource and rights management device correspondingly. The apparatus may include a system (including a distributed system), software (applications), modules, components, servers, clients, etc. that employ the methods described in the embodiments of the present specification in combination with the necessary apparatus to implement the hardware. Based on the same innovative concepts, the embodiments of the present description provide means in one or more embodiments as described in the following embodiments. Because the implementation scheme and the method for solving the problem by the device are similar, the implementation of the device in the embodiment of the present disclosure may refer to the implementation of the foregoing method, and the repetition is not repeated. As used below, the term "unit" or "module" may be a combination of software and/or hardware that implements the intended function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.

Specifically, fig. 6 is a schematic block diagram of an embodiment of a resource and rights management device provided in the embodiment of the present disclosure, and referring to fig. 6, in the embodiment of the present disclosure, a service tree of an organization is pre-established, where the service tree includes organization nodes at each level and subordinate organization nodes included in the organization nodes at each level, subordinate service nodes included in the end organization nodes and subordinate service nodes included in the service nodes, and configuration information of each node, and configuration information of non-service nodes at least includes personnel rights information, and configuration information of service nodes at least includes personnel rights information, service attributes and resource information; the device comprises:

the acquiring module 601 is configured to acquire user information when a user login is detected, query rights owned by the user according to the user information, and determine a rights list of the user;

the display module 602 is configured to display, in a tree structure, an information list that the user has rights based on the rights list;

a receiving module 603, configured to receive an operation application request sent by a user according to the service tree, and determine a target operation identifier corresponding to the operation application request according to the operation application request;

a sending module 604, configured to send a rights application request to a rights management server according to the target operation identifier and the user identifier;

and the approval module 605 is configured to receive an approval result sent by the rights management server, and if the approval result is passed, open the operation rights of the target operation.

The beneficial effects obtained by the device provided by the embodiment of the present disclosure are consistent with those obtained by the above method, and will not be described herein.

Referring to fig. 7, a computer device 702 is further provided in an embodiment of the present disclosure based on a resource and rights management method described above, where the method is executed on the computer device 702. The computer device 702 may include one or more processors 704, such as one or more Central Processing Units (CPUs), each of which may implement one or more hardware threads. The computer device 702 may also include any memory 706 for storing any kind of information, such as code, settings, data, etc. For example, and without limitation, the memory 706 may include any one or more of the following combinations: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any memory may store information using any technique. Further, any memory may provide volatile or non-volatile retention of information. Further, any memory may represent fixed or removable components of computer device 702. In one case, the computer device 702 can perform any of the operations of the associated instructions when the processor 704 executes the associated instructions stored in any memory or combination of memories. The computer device 702 also includes one or more drive mechanisms 708, such as a hard disk drive mechanism, an optical disk drive mechanism, and the like, for interacting with any memory.

The computer device 702 may also include an input/output module 710 (I/O) for receiving various inputs (via an input device 712) and for providing various outputs (via an output device 714). One particular output mechanism may include a presentation device 716 and an associated Graphical User Interface (GUI) 718. In other embodiments, input/output module 710 (I/O), input device 712, and output device 714 may not be included as just one computer device in a network. The computer device 702 can also include one or more network interfaces 720 for exchanging data with other devices via one or more communication links 722. One or more communication buses 724 couple the above-described components together.

Communication link 722 may be implemented in any manner, for example, through a local area network, a wide area network (e.g., the internet), a point-to-point connection, etc., or any combination thereof. Communication link 722 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc., governed by any protocol or combination of protocols.

Corresponding to the method as shown in fig. 1 to 5, the present embodiment also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the above method.

The present description also provides computer-readable instructions, wherein the program therein causes the processor to perform the method as shown in fig. 1 to 5 when the processor executes the instructions.

The present description also provides a computer program product comprising at least one instruction or at least one program loaded into and executed by a processor to implement the method as shown in fig. 1-5.

It should be understood that, in various embodiments of the present disclosure, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation of the embodiments of the present disclosure.

It should also be understood that, in the embodiments of the present specification, the term "and/or" is merely one association relationship describing the association object, meaning that three relationships may exist. For example, a and/or B may represent: a exists alone, A and B exist together, and B exists alone. In the present specification, the character "/" generally indicates that the front and rear related objects are an or relationship.

Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the various example components and steps have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present specification.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.

In the several embodiments provided in this specification, it should be understood that the disclosed systems, apparatuses, and methods may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices, or elements, or may be an electrical, mechanical, or other form of connection.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purposes of the embodiments of the present description.

In addition, each functional unit in each embodiment of the present specification may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present specification is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present specification. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The principles and embodiments of the present specification are explained in this specification using specific examples, the above examples being provided only to assist in understanding the method of the present specification and its core ideas; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope based on the ideas of the present specification, the present description should not be construed as limiting the present specification in view of the above.

Claims

1. The resource and authority management method is characterized by comprising the steps of pre-establishing a service tree of an organization, wherein the service tree comprises all levels of organization nodes and subordinate organization nodes contained in all levels of organization nodes, subordinate service nodes contained in end organization nodes and subordinate service nodes contained in service nodes and configuration information of all nodes, the configuration information of non-service nodes at least comprises personnel authority information, and the configuration information of service nodes at least comprises personnel authority information, service attributes and resource information; the method comprises the following steps:

2. The method of claim 1, wherein the personnel rights information for each node in the service tree comprises: the operation authority of the node and the authority for adjusting the configuration information in the subordinate node owned by the node.

3. The method according to claim 1, wherein the method further comprises:

4. The method of claim 1, wherein the operation application request comprises: service tree node management requests, service tree user management requests and service tree resource management requests.

5. The method according to claim 1, wherein the sending the rights application request to the rights management server according to the target operation identifier and the user identifier includes:

6. The method of claim 1, wherein if the approval result is passed, the method further comprises:

7. The resource and authority management device is characterized by pre-establishing a service tree of an organization, wherein the service tree comprises all levels of organization nodes and subordinate organization nodes contained in all levels of organization nodes, subordinate service nodes contained in end organization nodes and subordinate service nodes contained in service nodes and configuration information of all nodes, the configuration information of non-service nodes at least comprises personnel authority information, and the configuration information of service nodes at least comprises personnel authority information, service attributes and resource information; the device comprises:

8. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 6 when executing the computer program.

9. A computer storage medium having stored thereon a computer program, which when executed by a processor of a computer device implements the method of any of claims 1 to 6.

10. A computer program product, characterized in that the computer program product comprises a computer program which, when executed by a processor of a computer device, implements the method of any one of claims 1 to 6.