CN117688592B - Fine authority management and control method and system based on data production node - Google Patents
Fine authority management and control method and system based on data production node Download PDFInfo
- Publication number
- CN117688592B CN117688592B CN202410138031.7A CN202410138031A CN117688592B CN 117688592 B CN117688592 B CN 117688592B CN 202410138031 A CN202410138031 A CN 202410138031A CN 117688592 B CN117688592 B CN 117688592B
- Authority
- CN
- China
- Prior art keywords
- production
- user identity
- task
- idle
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004519 manufacturing process Methods 0.000 title claims abstract description 260
- 238000000034 method Methods 0.000 title claims abstract description 37
- 239000002245 particle Substances 0.000 claims abstract description 32
- 238000010586 diagram Methods 0.000 claims abstract description 12
- 239000008187 granular material Substances 0.000 claims abstract description 9
- 230000004913 activation Effects 0.000 claims description 49
- 238000012795 verification Methods 0.000 claims description 40
- 238000012163 sequencing technique Methods 0.000 claims description 19
- 238000007726 management method Methods 0.000 claims description 14
- 230000008030 elimination Effects 0.000 claims description 12
- 238000003379 elimination reaction Methods 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 7
- 230000002452 interceptive effect Effects 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 7
- 239000000284 extract Substances 0.000 claims description 3
- 238000012545 processing Methods 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 5
- 230000001174 ascending effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method and a system for managing and controlling fine authority based on a data production node, which relate to the technical field of data processing and comprise the following steps: receiving a first product production node sequence diagram, and extracting an ith node production task set; matching the production role type set with the production data type set; extracting a z-th role type of a k-th production task role type set and a z-th production data type set of a k-th production task production data type set; generating recommended user identity information; configuring a z character type of a kth production task of an ith node and authority particles of a z production data type set; obtaining the production progress of the product; the rights granule is activated if and only if the product production schedule belongs to the kth production task of the ith node. The invention solves the technical problem that the conventional access right control is configured based on roles and identity information, so that an authorized user can manage and control any data in the authorized range, and the authorized data has the risk of being changed.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a method and a system for managing and controlling fine authority based on data production nodes.
Background
In the production process, authority control is often required to be performed so as to ensure the safety, stability and compliance of data, but the conventional authority management method also has problems, in particular, the conventional access authority control is configured based on role and identity information, so that a user who grants authority can control data in any state at any time within the range of authority, and the verified data is at risk of being changed.
Therefore, there is a need for finer, real-time, secure and compliance-enhanced rights management methods that can address these technical issues and promote the management level and data security of production systems.
Disclosure of Invention
The application provides a refined authority management and control method based on data production nodes, which aims to solve the technical problem that a user who grants authority is configured based on role and identity information, can manage and control data in any state at any time within the authority-granted range, and causes the risk of changing approved data.
In view of the above problems, the application provides a method and a system for managing and controlling fine rights based on data production nodes.
According to a first aspect of the present disclosure, a method for controlling a refinement authority based on a data production node is provided, the method comprising: the interactive user terminal receives the first product production node sequence diagram, extracts an ith node production task set, wherein i is an integer and is more than or equal to 1; traversing the ith node production task set, and matching a production role type set and a production data type set, wherein the production role type set corresponds to the production data type set one by one; extracting a z-th role type of a k-th production task role type set and a z-th output data type set of a k-th production task output data type set from the production role type set and the output data type set, wherein the z-th role type and the z-th output data type set are in one-to-one correspondence, k is an integer, k is more than or equal to 1, z is an integer, and z is more than or equal to 1; according to the z-th role type, user scheduling is carried out in combination with a user task allocation state, and recommended user identity information is generated; configuring authority particles of the z character type and the z output data type set of the kth production task of the ith node for the recommended user identity information; the production end is interacted to obtain the production progress of the product; the permission particles allow activation if and only if the product production schedule belongs to the kth production task of the ith node.
In another aspect of the disclosure, a system for managing and controlling fine rights based on a data production node is provided, the system being used in the above method, the system comprising: the production task set acquisition module is used for receiving the first product production node sequence diagram by the interactive user side, extracting an ith node production task set, wherein i is an integer and is more than or equal to 1; the production task set traversing module is used for traversing the ith node production task set, matching a production role type set and a production data type set, wherein the production role type set corresponds to the production data type set one by one; the output data type acquisition module is used for extracting a z-th role type of a k-th production task role type set and a z-th output data type set of a k-th production task output data type set from the production role type set and the output data type set, wherein the z-th role type and the z-th output data type set are in one-to-one correspondence, k is an integer, k is more than or equal to 1, z is an integer, and z is more than or equal to 1; the user scheduling module is used for performing user scheduling according to the z-th role type and combining a user task allocation state to generate recommended user identity information; the authority particle configuration module is used for configuring the authority particles of the z-th role type and the z-th output data type set of the kth production task of the ith node for the recommended user identity information; the production progress acquisition module is used for interacting production ends to acquire the production progress of the product; and the authority particle activation module is used for allowing activation if and only if the product production progress belongs to the kth production task of the ith node.
One or more technical schemes provided by the application have at least the following technical effects or advantages:
The character type and the output data type of the specific production task are extracted by matching the production character type and the output data type, and then user scheduling is performed according to the user task allocation state, so that recommended user identity information is generated, and the dynamic adaptability of the authority is ensured; through information interaction with the production end, real-time monitoring of the production progress of the product is carried out, and corresponding permission is allowed to be activated only when the production progress of the product belongs to a designated production task, so that the real-time performance and the effectiveness of the permission are ensured; by carrying out fine authority configuration based on the role type of the production task, the output data type and the user task allocation state, the authorized data is ensured to be allowed to be activated under the specific production task and the production progress, so that even if a user has certain authorities, the data can only be operated under the specific conditions, and the stability and consistency of the data are ensured. In summary, according to the refined authority control method based on the data production nodes, the authority is configured based on the production state, granularity of authority management is finer, stability and instantaneity of data are guaranteed, and safety and compliance of a system are improved.
The foregoing description is only an overview of the present application, and is intended to be implemented in accordance with the teachings of the present application in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present application more readily apparent.
Drawings
FIG. 1 is a schematic flow diagram of a method for managing and controlling refined rights based on data production nodes according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a refined authority management and control system based on a data production node according to an embodiment of the present application.
Reference numerals illustrate: the system comprises a production task set acquisition module 10, a production task set traversing module 20, a production data type acquisition module 30, a user scheduling module 40, a permission particle configuration module 50, a production progress acquisition module 60 and a permission particle activation module 70.
Detailed Description
The embodiment of the application solves the technical problem that the conventional access authority control is configured based on role and identity information, so that a user granting authority can manage and control data in any state at any time within the authority-obtaining range, and the verified data is at risk of being changed.
Having described the basic principles of the present application, various non-limiting embodiments of the present application will now be described in detail with reference to the accompanying drawings.
Example 1
As shown in fig. 1, an embodiment of the present application provides a method for managing and controlling a fine authority based on a data production node, where the method includes:
The interactive user terminal receives the first product production node sequence diagram, extracts an ith node production task set, wherein i is an integer and is more than or equal to 1;
And establishing communication with the user side through a corresponding interface or communication channel, and receiving the first product production node sequence diagram, wherein the first product production node sequence diagram can be manually uploaded by a user, automatically acquired by a system or completed through other data transmission modes.
And analyzing the received production node sequence diagram, including analyzing the graphic file and reading the data structure to obtain the node information therein. And further extracting a production task set corresponding to the node from the node information obtained by analysis by identifying the position of the ith node, which can be realized according to the serial number of the node, the label of the node or other identification information, wherein one node corresponds to a plurality of production tasks to form the ith node production task set, i is an integer, i is more than or equal to 1, i represents any one of all nodes, and the traversal from the first node to the last node is performed without referring to a specific node.
Traversing the ith node production task set, and matching a production role type set and a production data type set, wherein the production role type set corresponds to the production data type set one by one;
traversing each production task one by one according to the order aiming at the production task set of the ith node, for each production task, a corresponding production role type set and a production data type for identifying the production state after production are provided, and the production role type set corresponds to the production data type set one by one, which means that if N role types exist in the production role type set, N corresponding data types exist in the production data type set, and the fact that each role type has corresponding production data is ensured.
A map is created associating each production role type with its corresponding production data type so that the corresponding production data for each role can be easily found in subsequent processing, which provides a correct data basis for subsequent user scheduling and entitlement control.
Extracting a z-th role type of a k-th production task role type set and a z-th output data type set of a k-th production task output data type set from the production role type set and the output data type set, wherein the z-th role type and the z-th output data type set are in one-to-one correspondence, k is an integer, k is more than or equal to 1, z is an integer, and z is more than or equal to 1;
And in the ith node production task set, extracting a kth production task, acquiring a kth production task role type set and a kth production task output data type set of the kth production task according to the mapping relation, extracting a z-th role type in the kth production task role type set, and extracting a z-th output data type set in the kth production task output data type set, wherein k and z both represent one of all elements in the set and do not refer to specific elements, and the z-th role type corresponds to the z-th output data type set one by one.
According to the z-th role type, user scheduling is carried out in combination with a user task allocation state, and recommended user identity information is generated;
acquiring task allocation states of a current user, including information of an idle state of the user, task completion conditions and the like, carrying out user scheduling according to a z-th role type in combination with the task allocation states of the user, specifically, finding out idle users conforming to the z-th role type according to the idle state of the user, including information of a task state, a working period and the like of the query user, and if a plurality of idle users conforming to conditions exist, carrying out job classification on the users according to the z-th role type so as to ensure that the users have proper skills or qualification, and finally, generating recommended user identity information including unique identifications, names and the like of the users according to scheduling results.
Configuring authority particles of the z character type and the z output data type set of the kth production task of the ith node for the recommended user identity information;
And mapping the z character type and the z yield data type set to corresponding authority particles by using the generated recommended user identity information and utilizing the extracted z character type and z yield data type set, wherein the authority control rules, the character allocation strategies and the like are defined in the system. The configured rights granule is assigned to the recommending user, which means that the recommending user now has and only has the relevant rights for the specific role type and yield data type required for performing the kth production task of the ith node. And returning the configured authority information to the system or directly applying the configured authority information to the system so as to ensure that a recommended user can operate according to the specified authority when executing the kth production task of the ith node.
In this way, it is ensured that the recommending user has corresponding rights in performing a specific production task in order to complete the task and ensure the security and compliance of the data.
The production end is interacted to obtain the production progress of the product;
The method comprises the steps of establishing connection with a production end, sending a request, requesting to obtain production progress information of a current product, wherein the request comprises a product identifier, a production task identifier or other necessary information so as to ensure that the correct production progress is obtained, after the production end receives the request, inquiring corresponding production progress data according to the requested information, returning a result as a response to a system, and receiving the production progress information returned from the production end by the system, wherein the production progress information comprises data of a current production stage, the number of completed tasks, the number of remaining tasks, the expected completion time and the like, and the current production stage comprises a production node identifier and a production task identifier.
The permission particles allow activation if and only if the product production schedule belongs to the kth production task of the ith node.
Comparing the production node identification, the production task identification and the identification of the kth production task of the ith node in the product production progress information to determine whether the current product is in the kth production task stage of the ith node.
If the comparison is passed, i.e. if and only if the production progress belongs to the kth production task of the ith node, the corresponding authority granule is allowed to be activated, which involves opening the authority information related to the task, ensuring that the corresponding role type and the output data type are both within the allowed authority range, at which time the corresponding operation is allowed to be performed, including starting a specific production flow, recording a production log, or performing other operations related to the production task.
If the comparison is not passed, i.e. the production progress does not belong to the kth production task of the ith node, the corresponding authority granule is not allowed to activate, at this time, the corresponding operation is prevented, and an error log may be recorded or other security measures may be taken.
In general, this step ensures that during the production of the product, the corresponding particles of rights can be activated only at the correct production stage, so as to ensure the safety and compliance of the production.
Further, according to the z-th role type, user scheduling is performed in combination with a user task allocation state, and recommended user identity information is generated, including:
Obtaining a pre-scheduling time zone of the kth production task of the ith node, and obtaining a first idle user identity set based on the user task allocation state;
According to the z-th role type, performing job classification on the first idle user identity set to generate a second idle user identity set;
and when the number of the second idle user identity sets is equal to 1, outputting the second idle user identity sets as the recommended user identity information.
The pre-scheduling production time zone of the kth production task of the ith node is acquired through a task scheduling or planning system, which refers to the time period for which the production task is expected to produce. Inquiring a user task allocation state in a system, matching with a pre-scheduling time zone according to the working time zone and the task completion state of the user, finding out users with idle time periods corresponding to the pre-scheduling time zone, taking the users as a first group of idle users, which are users without other task allocation in the pre-scheduling time zone, integrating the information of the first group of idle users, including names, numbers, task allocation states and the like, and acquiring a first idle user identity set.
And traversing the first idle user identity set by using the extracted z-th character type and the obtained first idle user identity set, screening users meeting the requirements of the z-th character type according to the work types or skill information of the first idle user identity set, wherein the steps comprise checking and comparing skill labels, qualification information and the like of the users, checking whether the work types of each user are matched with the z-th character type, and if so, adding the user to the second idle user identity set, which is a set formed by the users meeting the requirements of the z-th character type.
And counting the number of users in the second idle user identity set by using the generated second idle user identity set, and if the number is equal to 1, indicating that only one user meets the requirement, directly outputting the identity information of the user as recommended user identity information.
Further, the method further comprises the following steps:
When the number of the second idle user identity sets is greater than 1, traversing the second idle user identity sets, and loading a kth production task fault count set and a kth production task delay count set;
configuring a first weight for fault counts, configuring a second weight for delay counts, and counting a first task repulsive force coefficient set by combining the k-th production task fault count set and the k-th production task delay count set;
And extracting user identity information of the minimum value of the first task repulsive force coefficient set from the second idle user identity set, and setting the user identity information as the recommended user identity information.
If the number is greater than 1, indicating that a plurality of users meet the requirements, sorting the users, traversing the second idle user identity set, and loading, for each user, a fault count set and a delay count set of the associated kth production task, wherein the count sets comprise information of fault conditions and delay conditions of the current user for executing the kth production task. This is to select the most suitable user to perform the production task in consideration of the failure condition and the delay condition in the subsequent user selection.
According to design rules or business requirements, configuring a first weight for fault counts, which is a percentage, and representing the influence weight of faults on task repulsive force; the second weight is configured for the delay count, which is also a percentage, representing the impact weight of the delay on the task repulsion, and the sum of the first weight and the second weight is 1.
For each user, calculating a first task repulsion coefficient according to the fault count, the delay count and the corresponding weights, specifically, multiplying the fault count by the first weight, multiplying the delay count by the second weight, summing the products of the fault count and the delay count, and obtaining a calculation result, namely the first task repulsion coefficient of the user, wherein the higher the first task repulsion coefficient is, the lower the priority of executing the task of the corresponding user is selected, namely the user with the smallest repulsive force is selected to execute the production task in the user selection process. And traversing the second idle user identity set, and analyzing each user to obtain a first task repulsive force coefficient set.
Sorting from low to high from all first task repulsive force coefficients in the first task repulsive force coefficient set, finding a user corresponding to the minimum value according to the sorting result, recording corresponding user identity information, and setting the extracted user identity information as recommended user identity information. This is to optimize the user selection, selecting a user with a lower repulsive force in case of malfunction, delay, etc. to perform the production task.
Further, the method further comprises the following steps:
When the number of the second idle user identity sets is equal to 0, according to the z-th role type, a third idle user identity set is obtained based on the user task allocation state, wherein the third idle user identity set is provided with an idle time zone tag set;
Determining a pre-scheduling constraint time length according to the pre-scheduling time zone, and sorting the third idle user identity set based on the idle time zone label set to generate a fourth idle user identity set, wherein the fourth idle user identity set has an optimal scheduling time label set;
sequencing the fourth idle user identity set according to the optimal scheduling time tag set and the time sequence to generate a first sequencing result of the fourth idle user identity set;
Traversing the fourth idle user identity set, and counting a second task repulsive force coefficient set;
Sorting the fourth idle user identity set according to the second task repulsive force coefficient set from small to large, and generating a second sorting result of the fourth idle user identity set;
sorting the fourth idle user identity set according to the first sorting result and the second sorting result to generate the recommended user identity information, and updating the pre-scheduling time zone according to the optimal scheduling time label of the recommended user identity information.
And when the number of users in the second group of idle user identity sets is 0, indicating that the users do not meet the requirements. Inquiring a user task allocation state in the system, finding out a currently idle user, screening out users meeting the requirements according to the z-th role type, and forming a third idle user identity set, wherein for each user in the third idle user identity set, the third idle user identity set is ensured to have an idle time zone tag set, which indicates in which specific time period the user is idle.
And determining a pre-production constraint time length according to the pre-production time zone by using the obtained pre-production time zone of the kth production task of the ith node, namely traversing a third idle user identity set for processing each user in the executable time length of the task in the pre-production time zone, checking an idle time zone label set of each user, and adding the corresponding user into a fourth idle user identity set when the continuous time length of the idle time zone label is greater than or equal to the pre-production constraint time length.
For each user in the fourth set of idle user identities, an optimal set of scheduling time tags is generated, which involves ordering or other scheduling strategies for the available time periods, in order to more intelligently select the user for performing production tasks appropriate to the working period in subsequent user selections.
And ordering the users in the fourth idle user identity set according to the time sequence according to the optimal scheduling time tag set, for example, arranging the time sequence in an ascending order, and generating a first ordering result.
Traversing each user in the fourth group of idle user identity sets, and for each user, calculating to obtain a second task repulsion coefficient similar to the first task repulsion coefficient according to the fault counts and the delay counts, the first weight and the second weight of the user so as to more comprehensively consider the performances of the user on different tasks, thereby selecting the most suitable user to execute the production task.
And according to the magnitude of the second task repulsive force coefficient in the second task repulsive force coefficient set, the repulsive force coefficients are arranged in an ascending order, so that the users in the fourth idle user identity set are correspondingly ordered from small to large, and a second ordering result is generated. This is to preferentially select a user having a smaller repulsive force to perform a production task in the subsequent user selection.
And comprehensively considering the first sorting result and the second sorting result, for example, selecting the finally recommended user identity information according to the rules such as weights, elimination coefficients and the like. And updating the pre-scheduling time zone by using the optimal scheduling time tag of the recommended user identity information, namely adjusting the pre-scheduling time zone to be suitable for the optimal working period of the recommended user.
The process ensures that various factors are comprehensively considered according to the first sorting result and the second sorting result, the finally recommended user identity information is selected, and meanwhile, the pre-scheduling time zone is updated according to the optimal scheduling time label of the recommended user identity information, so that the proper user can be more intelligently selected to execute the task in the subsequent production task.
Further, sorting the fourth idle user identity set according to the first sorting result and the second sorting result, to generate the recommended user identity information, including:
Traversing the fourth idle user identity set, and extracting a first sequence number set of the first sequencing result;
traversing the fourth idle user identity set, and extracting a second sequence number set of the second sequencing result, wherein the first sequence number set corresponds to the second sequence number set one by one;
Adding the first sequence number set and the second sequence number set which are in one-to-one correspondence to generate a user elimination coefficient set;
and extracting the minimum value of the user elimination coefficient set, and setting the minimum value as the recommended user identity information.
Traversing each user in the fourth idle user identity set, extracting a first sequence number of each user in the first sequencing result, sequencing the obtained first sequence numbers according to the sequencing sequence of the users in the fourth idle user identity set, and constructing a first sequence number set.
Traversing each user in the fourth idle user identity set, extracting a second sequence number of each user in the second sequencing result, sequencing the obtained second sequence numbers according to the user sequencing order in the fourth idle user identity set, and obtaining a second sequence number set.
The first sequence number set corresponds to the second sequence number set one by one, that is, the users in the fourth idle user identity set are listed in an exemplary manner, and the first sequence number set corresponds to the second sequence number set and is listed in an exemplary manner, so that any row corresponds to the first sequence number and the second sequence number of one user.
And using a first sequence number set and a second sequence number set which are in one-to-one correspondence, wherein each position corresponding to the first sequence number set and the second sequence number set represents a user, adding the values of the corresponding positions of the first sequence number set and the second sequence number set to obtain the value of the corresponding position in the elimination coefficient set, and the value of each position represents the sum of the sequence numbers of the user in the two sequencing results. The smaller the value in the set of elimination coefficients, the smaller the sum of the sequence numbers representing the user in the two sorting results, the more likely it is to be selected.
And sorting the user elimination coefficient sets from low to high, finding the minimum value from the user elimination coefficient sets according to the sorting result, and finding the position corresponding to the minimum value, wherein the position corresponds to one user identity information in the fourth idle user identity set and is used as recommended user identity information. This user is considered to be most suitable for performing the current production task, taking into account a number of factors.
Further, the method further comprises the following steps:
When the product production progress does not belong to the kth production task of the ith node, the authority particles receive an activation check code, and the activation check code is checked by an authority verification component based on the authority particles to generate check instruction information;
and when the verification instruction information passes, the authority particles allow activation, and meanwhile, the activation verification code of the authority verification component is reset.
If the product production progress does not belong to the kth production task of the ith node, the permission particles receive an activation check code, the activation check code can be generated by a user or other systems, the permission verification component checks the received activation check code to ensure the validity of the activation check code, and according to a check result, the permission verification component generates check instruction information, wherein the information comprises passing or failing of check.
Judging whether the verification instruction information passes or not, namely whether the verification of the activation verification code is successful or not, if the verification instruction information passes, allowing the activation by the permission particles, namely executing corresponding operation or task, resetting the activation verification code by the permission verification component, and generating a new activation verification code so as to ensure that verification is required for each non-special time access, and ensuring that each modification is strictly managed, wherein the verification is a safety mechanism which is beneficial to ensuring the validity and reliability of the activation; if the verification instruction information is not passed, other processing is performed, such as access rejection, or the flow is directly ended.
Further, the permission verification component based on the permission particles verifies the activation verification code to generate verification instruction information, and before the verification instruction information, the method further includes:
monitoring temporary authorized user identity information of the authority particles;
Based on a check code element library and a check code constraint bit interval, randomly generating a plurality of check codes, wherein the check codes are provided with a plurality of groups of element sequences;
Traversing the element sequences of the groups, collecting element selection frequencies of the groups in a preset time zone, and summing the element selection frequencies of the groups to generate a plurality of check code fitness;
minimum value sorting is carried out on the adaptability of the check codes, the activation check codes are generated, and the activation check codes are sent to the communication end of the temporary authorized user identity information through short messages;
And initializing the rights verification component based on the activation check code.
The method comprises the steps of obtaining current temporary authorized user identity information, monitoring the temporary authorized user identity information in real time, and ensuring the effectiveness and safety of the temporary authorized user identity information, wherein monitoring operation comprises checking the timeliness, authority range, whether abnormality exists or not and the like of the user identity information. If an anomaly or an inconsistent condition is found, a corresponding anomaly handling mechanism, such as revocation of authorization or raising an alarm, is triggered.
Using a predefined check code element library, wherein elements for generating check codes are contained; and determining the bit range of the check code, namely that the length of the check code is in a certain interval, and establishing a check code constraint bit interval. And randomly selecting elements with corresponding digits from a check code element library in a check code constraint digit interval, constructing an element sequence of the check code, generating a plurality of check codes, and determining the generated quantity according to service requirements. This process ensures that the required check code can be randomly generated according to the predefined element library and constraint conditions, and the generated check code is used for the subsequent activation check process.
For a plurality of generated check codes, traversing element sequences of the check codes, and collecting the selected frequency of each element in a preset time zone, wherein the selected frequency is frequency information collected in real time. For each element sequence of the check code, traversing the elements in the element sequence, adding according to the selected frequency of the element in the preset time zone, generating an adaptability value of the check code according to the adding result of the selected frequency of the element, wherein the higher the adaptability value is, the higher the selected frequency of the check code in the preset time zone is, and the lower the safety is. And traversing the element sequence of each check code to generate a plurality of check code fitness.
And sorting the generated check code fitness values from low to high, finding the check code with the minimum fitness value, and taking the check code corresponding to the minimum fitness value as an activated check code, wherein the lower the fitness value is, the lower the frequency of each element is selected, and the higher the security of the check code is.
And sending the generated activation check code to a communication end of the temporary authorized user identity information in a communication mode such as a short message. The process ensures that the check code with the minimum adaptability can be selected as the activation check code and sent to the temporary authorized user in a short message mode and the like, and the minimum value sorting ensures that the optimal one of a plurality of candidate check codes is selected.
And initializing the permission verification component by using the acquired activation verification code, wherein the activation verification code is loaded into a corresponding field or data structure in the verification component, and the initialized state is returned for subsequent use. After initialization, the permission verification component can use the activation verification code in subsequent verification to ensure the security and legitimacy of the system.
In summary, the method and system for managing and controlling the refined authority based on the data production node provided by the embodiment of the application have the following technical effects:
1. The character type and the output data type of the specific production task are extracted by matching the production character type and the output data type, and then user scheduling is performed according to the user task allocation state, so that recommended user identity information is generated, and the dynamic adaptability of the authority is ensured;
2. through information interaction with the production end, real-time monitoring of the production progress of the product is carried out, and corresponding permission is allowed to be activated only when the production progress of the product belongs to a designated production task, so that the real-time performance and the effectiveness of the permission are ensured;
3. By carrying out fine authority configuration based on the role type of the production task, the output data type and the user task allocation state, the authorized data is ensured to be allowed to be activated under the specific production task and the production progress, so that even if a user has certain authorities, the data can only be operated under the specific conditions, and the stability and consistency of the data are ensured.
In summary, according to the refined authority control method based on the data production nodes, the authority is configured based on the production state, granularity of authority management is finer, stability and instantaneity of data are guaranteed, and safety and compliance of a system are improved.
Example two
Based on the same inventive concept as the data production node-based refinement right management and control method in the foregoing embodiment, as shown in fig. 2, the present application provides a data production node-based refinement right management and control system, which includes:
The production task set acquisition module 10 is used for receiving a first product production node sequence diagram at the interactive user end, extracting an ith node production task set, wherein i is an integer, and i is more than or equal to 1;
The production task set traversing module 20 is configured to traverse the ith node production task set, and match a production role type set with a yield data type set, where the production role type set corresponds to the yield data type set one to one;
The output data type obtaining module 30 is configured to extract a z-th output data type set of a kth production task role type set and a z-th output data type set of a kth production task output data type set from the production role type set and the output data type set, where the z-th role type and the z-th output data type set are in one-to-one correspondence, k is an integer, k is greater than or equal to 1, z is an integer, and z is greater than or equal to 1;
The user scheduling module 40 is configured to perform user scheduling according to the z-th role type in combination with a user task allocation status, and generate recommended user identity information;
The authority granule configuration module 50 is configured to configure authority granules of the z-th role type and the z-th output data type set of the kth production task of the ith node for the recommended user identity information;
the production progress obtaining module 60, wherein the production progress obtaining module 60 is used for obtaining the production progress of the product by the interactive production end;
A rights granule activation module 70, the rights granule activation module 70 being for allowing activation if and only if the product production schedule belongs to the kth production task of the ith node.
Further, the system also comprises a recommended user identity information acquisition module for executing the following operation steps:
Obtaining a pre-scheduling time zone of the kth production task of the ith node, and obtaining a first idle user identity set based on the user task allocation state;
According to the z-th role type, performing job classification on the first idle user identity set to generate a second idle user identity set;
and when the number of the second idle user identity sets is equal to 1, outputting the second idle user identity sets as the recommended user identity information.
Further, the system also comprises a recommended user identity information acquisition module for executing the following operation steps:
When the number of the second idle user identity sets is greater than 1, traversing the second idle user identity sets, and loading a kth production task fault count set and a kth production task delay count set;
configuring a first weight for fault counts, configuring a second weight for delay counts, and counting a first task repulsive force coefficient set by combining the k-th production task fault count set and the k-th production task delay count set;
And extracting user identity information of the minimum value of the first task repulsive force coefficient set from the second idle user identity set, and setting the user identity information as the recommended user identity information.
Further, the system also comprises a pre-scheduling time zone updating module for executing the following operation steps:
When the number of the second idle user identity sets is equal to 0, according to the z-th role type, a third idle user identity set is obtained based on the user task allocation state, wherein the third idle user identity set is provided with an idle time zone tag set;
Determining a pre-scheduling constraint time length according to the pre-scheduling time zone, and sorting the third idle user identity set based on the idle time zone label set to generate a fourth idle user identity set, wherein the fourth idle user identity set has an optimal scheduling time label set;
sequencing the fourth idle user identity set according to the optimal scheduling time tag set and the time sequence to generate a first sequencing result of the fourth idle user identity set;
Traversing the fourth idle user identity set, and counting a second task repulsive force coefficient set;
Sorting the fourth idle user identity set according to the second task repulsive force coefficient set from small to large, and generating a second sorting result of the fourth idle user identity set;
sorting the fourth idle user identity set according to the first sorting result and the second sorting result to generate the recommended user identity information, and updating the pre-scheduling time zone according to the optimal scheduling time label of the recommended user identity information.
Further, the system further comprises a user elimination coefficient set generation module for executing the following operation steps:
Traversing the fourth idle user identity set, and extracting a first sequence number set of the first sequencing result;
traversing the fourth idle user identity set, and extracting a second sequence number set of the second sequencing result, wherein the first sequence number set corresponds to the second sequence number set one by one;
Adding the first sequence number set and the second sequence number set which are in one-to-one correspondence to generate a user elimination coefficient set;
and extracting the minimum value of the user elimination coefficient set, and setting the minimum value as the recommended user identity information.
Further, the system also comprises an activated check code resetting module for executing the following operation steps:
When the product production progress does not belong to the kth production task of the ith node, the authority particles receive an activation check code, and the activation check code is checked by an authority verification component based on the authority particles to generate check instruction information;
and when the verification instruction information passes, the authority particles allow activation, and meanwhile, the activation verification code of the authority verification component is reset.
Further, the system also comprises a right verification component generating module for executing the following operation steps:
monitoring temporary authorized user identity information of the authority particles;
Based on a check code element library and a check code constraint bit interval, randomly generating a plurality of check codes, wherein the check codes are provided with a plurality of groups of element sequences;
Traversing the element sequences of the groups, collecting element selection frequencies of the groups in a preset time zone, and summing the element selection frequencies of the groups to generate a plurality of check code fitness;
minimum value sorting is carried out on the adaptability of the check codes, the activation check codes are generated, and the activation check codes are sent to the communication end of the temporary authorized user identity information through short messages;
And initializing the rights verification component based on the activation check code.
The foregoing detailed description of the data production node-based refinement rights management and control method will be clear to those skilled in the art, and the detailed description of the data production node-based refinement rights management and control system in this embodiment is relatively simple, and relevant points refer to the method part for description, since the device disclosed in the embodiment corresponds to the method disclosed in the embodiment.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (7)
1. The method for managing and controlling the fine authority based on the data production node is characterized by comprising the following steps of:
The interactive user terminal receives the first product production node sequence diagram, extracts an ith node production task set, wherein i is an integer and is more than or equal to 1;
Traversing the ith node production task set, and matching a production role type set and a production data type set, wherein the production role type set corresponds to the production data type set one by one;
Extracting a z-th role type of a k-th production task role type set and a z-th output data type of a k-th production task output data type set from the production role type set and the output data type set, wherein the z-th role type and the z-th output data type correspond to each other, k is an integer, k is more than or equal to 1, z is an integer, and z is more than or equal to 1;
and according to the z-th role type, carrying out user scheduling in combination with a user task allocation state to generate recommended user identity information, wherein the method comprises the following steps:
Obtaining a pre-scheduling time zone of the kth production task of the ith node, and obtaining a first idle user identity set based on the user task allocation state;
According to the z-th role type, performing job classification on the first idle user identity set to generate a second idle user identity set;
when the number of users in the second idle user identity set is equal to 1, outputting the user identity information as recommended user identity information;
Configuring authority particles of the z character type and the z output data type of the kth production task of the ith node for the recommended user identity information;
The production end is interacted to obtain the production progress of the product;
The permission particles allow activation if and only if the product production schedule belongs to the kth production task of the ith node.
2. The method as recited in claim 1, further comprising:
When the number of users in the second idle user identity set is greater than 1, traversing the second idle user identity set, and loading a kth production task fault count set and a kth production task delay count set;
Configuring a first weight for fault counts, configuring a second weight for delay counts, and combining the k-th production task fault count set and the k-th production task delay count set to count a first task repulsive force coefficient set, wherein the fault count is multiplied by the first weight, the delay count is multiplied by the second weight, the products of the fault count and the delay count are added, and the calculated result is the task repulsive force coefficient of the user;
And extracting user identity information of the minimum value of the first task repulsive force coefficient set from the second idle user identity set, and setting the user identity information as the recommended user identity information.
3. The method as recited in claim 1, further comprising:
When the number of users in the second idle user identity set is equal to 0, according to the z-th role type, a third idle user identity set is obtained based on the user task allocation state, wherein the third idle user identity set is provided with an idle time zone tag set;
Determining a pre-scheduling constraint time length according to the pre-scheduling time zone, and sorting the third idle user identity set based on the idle time zone label set to generate a fourth idle user identity set, wherein the fourth idle user identity set has an optimal scheduling time label set;
sequencing the fourth idle user identity set according to the optimal scheduling time tag set and the time sequence to generate a first sequencing result of the fourth idle user identity set;
Traversing the fourth idle user identity set, and counting a second task repulsive force coefficient set;
Sorting the fourth idle user identity set according to the second task repulsive force coefficient set from small to large, and generating a second sorting result of the fourth idle user identity set;
sorting the fourth idle user identity set according to the first sorting result and the second sorting result to generate the recommended user identity information, and updating the pre-scheduling time zone according to the optimal scheduling time label of the recommended user identity information.
4. The method of claim 3, wherein sorting the fourth set of idle user identities according to the first ranking result and the second ranking result, generating the recommended user identity information, comprises:
Traversing the fourth idle user identity set, and extracting a first sequence number set of the first sequencing result;
traversing the fourth idle user identity set, and extracting a second sequence number set of the second sequencing result, wherein the first sequence number set corresponds to the second sequence number set one by one;
Adding the first sequence number set and the second sequence number set which are in one-to-one correspondence to generate a user elimination coefficient set;
and extracting the minimum value of the user elimination coefficient set, and setting the minimum value as the recommended user identity information.
5. The method as recited in claim 1, further comprising:
When the product production progress does not belong to the kth production task of the ith node, the authority particles receive an activation check code, and the activation check code is checked by an authority verification component based on the authority particles to generate check instruction information;
and when the verification instruction information passes, the authority particles allow activation, and meanwhile, the activation verification code of the authority verification component is reset.
6. The method of claim 5, wherein verifying the activation check code based on the authority verification component of the authority granule generates check instruction information, further comprising:
monitoring temporary authorized user identity information of the authority particles;
Based on a check code element library and a check code constraint bit interval, randomly generating a plurality of check codes, wherein the check codes are provided with a plurality of groups of element sequences;
Traversing the element sequences of the groups, collecting element selection frequencies of the groups in a preset time zone, and summing the element selection frequencies of the groups to generate a plurality of check code fitness;
minimum value sorting is carried out on the adaptability of the check codes, the activation check codes are generated, and the activation check codes are sent to the communication end of the temporary authorized user identity information through short messages;
And initializing the rights verification component based on the activation check code.
7. A data production node based refinement rights management system for implementing the data production node based refinement rights management method of any one of claims 1-6, comprising:
The production task set acquisition module is used for receiving the first product production node sequence diagram by the interactive user side, extracting an ith node production task set, wherein i is an integer and is more than or equal to 1;
The production task set traversing module is used for traversing the ith node production task set, matching a production role type set and a production data type set, wherein the production role type set corresponds to the production data type set one by one;
The output data type acquisition module is used for extracting a z-th role type of a k-th production task role type set and a z-th output data type of a k-th production task output data type set from the production role type set and the output data type set, wherein the z-th role type and the z-th output data type correspond to each other, k is an integer, k is more than or equal to 1, z is an integer, and z is more than or equal to 1;
The user scheduling module is used for performing user scheduling according to the z-th role type and combining with a user task allocation state to generate recommended user identity information, and comprises the following steps:
Obtaining a pre-scheduling time zone of the kth production task of the ith node, and obtaining a first idle user identity set based on the user task allocation state;
According to the z-th role type, performing job classification on the first idle user identity set to generate a second idle user identity set;
when the number of users in the second idle user identity set is equal to 1, outputting the user identity information as recommended user identity information;
the authority particle configuration module is used for configuring the authority particles of the z character type and the z output data type of the kth production task of the ith node for the recommended user identity information;
The production progress acquisition module is used for interacting production ends to acquire the production progress of the product;
And the authority particle activation module is used for allowing activation if and only if the product production progress belongs to the kth production task of the ith node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410138031.7A CN117688592B (en) | 2024-02-01 | 2024-02-01 | Fine authority management and control method and system based on data production node |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410138031.7A CN117688592B (en) | 2024-02-01 | 2024-02-01 | Fine authority management and control method and system based on data production node |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117688592A CN117688592A (en) | 2024-03-12 |
| CN117688592B true CN117688592B (en) | 2024-04-26 |
Family
ID=90139315
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410138031.7A Active CN117688592B (en) | 2024-02-01 | 2024-02-01 | Fine authority management and control method and system based on data production node |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117688592B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104477776A (en) * | 2014-10-20 | 2015-04-01 | 新乡市起重机厂有限公司 | A role-based crane remote graded monitoring system |
| CN104506630A (en) * | 2014-12-25 | 2015-04-08 | 深圳市华宝电子科技有限公司 | Method, server and system for generating authority data on basis of user roles |
| CN111125674A (en) * | 2019-12-20 | 2020-05-08 | 中国银联股份有限公司 | Open type data processing system, open type data system and data processing method |
| CN111475841A (en) * | 2020-04-07 | 2020-07-31 | 腾讯科技(深圳)有限公司 | Access control method, related device, equipment, system and storage medium |
| US10986080B1 (en) * | 2020-08-12 | 2021-04-20 | Peking University | Permission management method and system for trustworthiness mechanism of big-data blockchain |
| CN114398603A (en) * | 2022-01-14 | 2022-04-26 | 河北华北柴油机有限责任公司 | Product data document management system and authority control method thereof |
| CN115022020A (en) * | 2022-05-31 | 2022-09-06 | 上海申石软件有限公司 | Access control method and system based on multidimensional set calculation |
| CN116089970A (en) * | 2022-11-22 | 2023-05-09 | 国网上海能源互联网研究院有限公司 | Power distribution operation and maintenance user dynamic access control system and method based on identity management |
| CN116186640A (en) * | 2023-02-23 | 2023-05-30 | 山东中翰软件有限公司 | Iterative optimization method and system for enterprise data management |
| CN116205378A (en) * | 2023-04-28 | 2023-06-02 | 浙江中之杰智能系统有限公司 | Product scheduling management method and system based on block chain |
| CN116628681A (en) * | 2023-03-23 | 2023-08-22 | 浙江中控研究院有限公司 | Authority management method and system based on upper computer monitoring control software |
| CN117436112A (en) * | 2023-12-21 | 2024-01-23 | 江苏中天科技股份有限公司 | User permission data processing method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11329820B2 (en) * | 2020-06-27 | 2022-05-10 | Vouch.Io L.L.C. | System and method for secure authentication and authorization |
-
2024
- 2024-02-01 CN CN202410138031.7A patent/CN117688592B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104477776A (en) * | 2014-10-20 | 2015-04-01 | 新乡市起重机厂有限公司 | A role-based crane remote graded monitoring system |
| CN104506630A (en) * | 2014-12-25 | 2015-04-08 | 深圳市华宝电子科技有限公司 | Method, server and system for generating authority data on basis of user roles |
| CN111125674A (en) * | 2019-12-20 | 2020-05-08 | 中国银联股份有限公司 | Open type data processing system, open type data system and data processing method |
| CN111475841A (en) * | 2020-04-07 | 2020-07-31 | 腾讯科技(深圳)有限公司 | Access control method, related device, equipment, system and storage medium |
| US10986080B1 (en) * | 2020-08-12 | 2021-04-20 | Peking University | Permission management method and system for trustworthiness mechanism of big-data blockchain |
| CN114398603A (en) * | 2022-01-14 | 2022-04-26 | 河北华北柴油机有限责任公司 | Product data document management system and authority control method thereof |
| CN115022020A (en) * | 2022-05-31 | 2022-09-06 | 上海申石软件有限公司 | Access control method and system based on multidimensional set calculation |
| CN116089970A (en) * | 2022-11-22 | 2023-05-09 | 国网上海能源互联网研究院有限公司 | Power distribution operation and maintenance user dynamic access control system and method based on identity management |
| CN116186640A (en) * | 2023-02-23 | 2023-05-30 | 山东中翰软件有限公司 | Iterative optimization method and system for enterprise data management |
| CN116628681A (en) * | 2023-03-23 | 2023-08-22 | 浙江中控研究院有限公司 | Authority management method and system based on upper computer monitoring control software |
| CN116205378A (en) * | 2023-04-28 | 2023-06-02 | 浙江中之杰智能系统有限公司 | Product scheduling management method and system based on block chain |
| CN117436112A (en) * | 2023-12-21 | 2024-01-23 | 江苏中天科技股份有限公司 | User permission data processing method and device |
Non-Patent Citations (3)
| Title |
|---|
| Proceedings of the 6th International Conference on Emerging Technologies;Rashid Z Basita 等;TRDBAC:Temporal reflective database access control;20101231;全文 * |
| 一种基于任务角色的云计算访问控制模型;王小威;赵一鸣;;计算机工程;20121220(第24期);全文 * |
| 基于任务和角色的多粒度动态访问控制模型;彭佳玮;孙国强;杨少友;;计算机工程与设计;20160216(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117688592A (en) | 2024-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106371918A (en) | Task cluster scheduling management method and apparatus | |
| CN110597531B (en) | Distributed module upgrading method and device and storage medium | |
| US8478788B1 (en) | Centralized information technology resources analysis system | |
| CN102307114A (en) | Management method of network | |
| CN102404136A (en) | Methods and apparatus associated with dynamic access control based on a task/trouble ticket | |
| CN104767756B (en) | Facility information processing method, client terminal device and service terminal device | |
| CN110752969B (en) | Performance detection method, device, equipment and medium | |
| CN109683930B (en) | Air conditioning equipment program upgrading method, device and system and household electrical appliance | |
| CN101778004A (en) | Be used to carry out terminal and method based on the equipment control of threshold value scheduling | |
| CN102859505B (en) | The management method of management system and computer system | |
| US9934477B1 (en) | Protected domain workflow access control system | |
| CN104484620A (en) | Method for avoiding false declaration of sales volume and inventory in fast-selling sales management cloud system | |
| CN108305134B (en) | Safety detection method, equipment and system for air ticket order | |
| CN117688592B (en) | Fine authority management and control method and system based on data production node | |
| CN105991610A (en) | Method and device for logging into application server | |
| CN101090336A (en) | Command line interface authority hierarchical method for network equipment | |
| CA2243599C (en) | Processor system | |
| CN105893209A (en) | Monitoring method, device and system | |
| US11711428B2 (en) | IoT licensing platform and architecture | |
| CN116226138A (en) | Block chain-based information vulnerability processing method and device | |
| CN115983991A (en) | Flow adjusting method, device, equipment and medium | |
| CN111488625B (en) | Data processing method and device | |
| CN114676411A (en) | Authentication mode identification method and equipment | |
| CN106354540A (en) | Terminal-spanning application program loading method and terminal-spanning application program loading system | |
| CN105224333A (en) | Large machine object code rapid generation and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |