CN110062020B - Identity management method and system - Google Patents

Identity management method and system Download PDF

Info

Publication number
CN110062020B
CN110062020B CN201810066044.2A CN201810066044A CN110062020B CN 110062020 B CN110062020 B CN 110062020B CN 201810066044 A CN201810066044 A CN 201810066044A CN 110062020 B CN110062020 B CN 110062020B
Authority
CN
China
Prior art keywords
organization
data
tree
personnel
trees
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810066044.2A
Other languages
Chinese (zh)
Other versions
CN110062020A (en
Inventor
周靓宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Zhuyun Technology Co ltd
Original Assignee
Shenzhen Bamboocloud Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Bamboocloud Technology Co ltd filed Critical Shenzhen Bamboocloud Technology Co ltd
Priority to CN201810066044.2A priority Critical patent/CN110062020B/en
Publication of CN110062020A publication Critical patent/CN110062020A/en
Application granted granted Critical
Publication of CN110062020B publication Critical patent/CN110062020B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/105Human resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention discloses a unified identity management method and a system, wherein the method comprises the following steps: receiving an adding instruction, and adding a target group organization tree in an IDM system of a unified identity management platform; acquiring data of the target group weaving tree, and writing the data of the target group weaving tree into the target group weaving tree; updating the relation data of the organization structure tree and the personnel in the IDM system of the unified identity management platform; and synchronizing the relation data of the group-weaving structure tree and the personnel to a business system of the group-weaving structure tree. By the embodiment of the invention, the organization structure tree can be defined in the IDM system of the unified identity management platform, the relationship between personnel and the organization structure tree in the identity system can be managed in a unified manner, and the organization data and the relationship data between the personnel and the organization can be synchronized to the downstream business system, so that the management of the relationship between the personnel and the organization can be effectively improved, and the centralized and unified organization data and the relationship data between the personnel and the organization can be provided for enterprises.

Description

Identity management method and system
Technical Field
The invention relates to the technical field of computers, in particular to an identity management method and system.
Background
With the gradual deepening of enterprise information construction, the environment for enterprise information management is more and more complex. In order to meet the requirements of different business departments and different function management in the departments, various management systems are established, in the management systems, the personnel identity information is stored in a local directory and a database, and the databases of the management systems are different from each other, so that a large amount of isolated and dispersed identity information and access management modes can be generated, and the burden and high cost of enterprise information management are increased. Because the systems are independently and hermetically operated, the information in each information management system of the enterprise is often inconsistent, and the unified management of the enterprise information cannot be realized.
Disclosure of Invention
The embodiment of the invention provides an Identity management method, which defines a plurality of groups of organization structure trees in an Identity management platform (IDM) system, uniformly manages the relationship between personnel and the organization structure trees in the Identity system, and synchronizes the relationship between the personnel and the organization structure trees to a downstream business system, so that the management of the relationship between the personnel and the organization structure trees can be effectively improved, and the business risk is reduced.
In a first aspect, an embodiment of the present invention provides an identity management method, where the method includes:
receiving an adding instruction, and adding a target group organization tree in an IDM system of a unified identity management platform;
acquiring data of the target group weaving mechanism tree, and writing the data of the target group weaving mechanism tree into the target group weaving mechanism tree, wherein the data of the group weaving mechanism tree comprises mechanism data;
updating relationship data of organization structure trees and persons in the IDM system, wherein the organization structure trees comprise the target organization structure tree and an original organization structure tree in the IDM system;
and synchronizing the relation data of the group of the organizational structure trees and the personnel to a business system of the group of the organizational structure trees.
Optionally, before the acquiring the data of the target set of fabric trees, the method further includes:
determining a business system of a data source of the set of fabric trees;
the acquiring the data of the organization mechanism and writing the data of the organization mechanism tree into the target organization mechanism tree comprises:
acquiring the data of the organization from the service system through a synchronous interface;
determining the corresponding relation between the mechanism data in the business system and the mechanism data in the organization mechanism tree;
and writing the data of the set of organization structure trees into the target set of organization structure trees according to the corresponding relation.
Optionally, the obtaining data of the set of organizational structure trees and writing the data of the set of organizational structure trees into the target set of organizational structure trees includes:
receiving data of the organization structure tree input by a system administrator through an input device;
and writing the data of the set of weaving structure trees into the target set of weaving structure trees.
Optionally, the updating the relationship data of the group organization tree and the personnel in the IDM system includes:
and associating the personnel with the organizational structure tree in the IDM system according to the organizational structure tree attribute of the personnel to obtain relationship data of the personnel and the organizational structure tree.
Optionally, before the updating the relationship data of the organization tree and the personnel in the group in the IDM system, the method further comprises:
and receiving a management instruction of the personnel attribute, and modifying the personnel attribute.
Optionally, before the updating the relationship data of the group organization tree and the person in the IDM system, the method further includes:
and reading personnel identity information data from an identity information database, wherein the personnel identity information data comprises mechanism attributes of personnel.
In a second aspect, an embodiment of the present invention provides a terminal device, where the terminal device includes:
the adding module is used for receiving an adding instruction and adding a target group-forming framework tree in the IDM system of the unified identity management platform;
the acquisition module is used for acquiring data of the target group of mechanism trees, wherein the data of the group of mechanism trees comprises mechanism data;
the writing module is used for writing the data of the target organization tree into the target organization tree;
an updating module for updating relationship data of organization structure trees and persons in the IDM system, wherein the organization structure trees comprise the target organization structure tree and an original organization structure tree in the IDM system;
and the synchronization module is used for synchronizing the relation data of the organization tree and the personnel to a business system of the organization tree.
Optionally, the system further includes:
the first determining module is used for determining a business system of a data source of the set of the organizational structure trees;
the acquisition module includes:
the second determining module is used for determining the corresponding relation between the mechanism data in the business system and the mechanism data in the group of mechanism trees;
and the writing module is used for writing the data of the organizing paper mulberry into the target organizing paper mulberry according to the corresponding relation.
Optionally, the system further includes:
the receiving module is used for receiving data of the organization structure tree input by a system administrator through an input device;
and the writing module is used for writing the data of the set of organization structure trees into the target set of organization structure trees.
Optionally, the system further includes:
and the association module is used for associating the personnel with the organization structure tree in the IDM system according to the attribute of the organization tree of the personnel to obtain the relation data of the personnel and the organization structure tree.
Optionally, the system further includes:
and the modification module is used for receiving a management instruction of the personnel attribute and modifying the personnel attribute.
Optionally, the system further includes:
and the reading module is used for reading personnel identity information data from the identity information database, wherein the personnel identity information data comprises mechanism attributes of personnel.
In a third aspect, the present invention provides a computer-readable storage medium, in which a computer program is stored, the computer program including program instructions, which, when executed by a processor, cause the processor to perform the method of the first aspect.
According to the embodiment of the invention, a target group organization tree is added in an IDM system of a unified identity management platform by receiving an adding instruction; then acquiring data of the target group of weaving frames, and writing the data of the target group of weaving frames into the target group of weaving frames, wherein the data of the group of weaving frames comprises mechanism data; and then updating the relation data of the group-weaving mechanism tree and the personnel in the IDM system, and synchronizing the relation data of the group-weaving mechanism tree and the personnel to a business system of the group-weaving mechanism tree. In the embodiment of the invention, a plurality of groups of organization structure trees can be defined in the identity management system, the relationship between the personnel in the identity system and the organization structure trees can be managed uniformly, and the relationship between the personnel and the organization structure trees can be synchronized to the downstream business system, so that the management of the relationship between the personnel and the organization structure can be effectively improved, and centralized and uniform organization data and relationship data between the personnel and the organization can be provided for enterprises.
Drawings
In order to more clearly illustrate the technical solution of the embodiment of the present invention, the drawings used in the description of the embodiment will be briefly introduced below.
Fig. 1 is a schematic flow chart of an identity management method provided in an embodiment of the present invention;
fig. 2 is a schematic flow chart of another identity management method provided in the embodiment of the present invention;
fig. 3 is a schematic flow chart of another identity management method provided in the embodiment of the present invention;
FIG. 4 is a schematic block diagram of a lifetime identity management system provided by an embodiment of the present invention;
FIG. 5 is a schematic block diagram of another identity management system provided by an embodiment of the present invention;
fig. 6 is a schematic block diagram of another identity management system provided in the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
Referring to fig. 1, fig. 1 is a schematic flowchart of an identity management method according to an embodiment of the present invention, and as shown in the diagram, the method may include:
101: and receiving an adding instruction, and adding a target group organization tree in the IDM system of the unified identity management platform.
In the embodiment of the invention, in addition to the ability to store authoritative institution data and institution-to-person relationships in the unified identity management platform (IDM) system. And a new organization tree can be added in the IDM system of the unified identity management platform. And when an instruction of adding the organizing tree is received, the organizing tree can be newly added in the IDM system of the unified identity management platform.
For example, in a large enterprise, a new service is opened, and a new service system is established for the service, in order to reduce the management burden of the enterprise and ensure the consistency of information data of each organization in the enterprise, the organization data of the new service system needs to be uploaded to the IDM system of the unified identity management platform for unified management, but there is no organization structure tree suitable for the new service system in the IDM system. Therefore, a target group organization tree suitable for the new service system needs to be newly built in the unified identity management platform IDM system, at this time, group organization tree management can be selected in the unified identity management platform IDM system, and then a new group organization tree is selected, so that the target group organization tree can be added.
102: and acquiring data of the target group-weaving mechanism tree, and writing the data of the target group-weaving mechanism tree into the target group-weaving mechanism tree, wherein the data of the group-weaving mechanism tree comprises mechanism data.
In this embodiment of the present invention, after the target group of fabric trees are created in the IDM system, there is no data in the target group of fabric trees, so that data of the target group of fabric trees needs to be acquired, and then the acquired data of the target group of fabric trees is written into the target group of fabric trees. The data of the target organization tree includes organization data and organization tree data, wherein the organization tree data indicates why the organization tree is the organization tree (for example, an administrative tree, a manual tree, a sales tree, etc.).
The source of the data of the newly added target group organization structure tree may be created manually by a system administrator, or may be configured to read from other specified data sources, for example, from a specified business system or a specified database, which is not limited in the embodiment of the present invention.
103: updating relationship data between the organization structure tree and the person in the IDM system, wherein the organization structure tree comprises the target organization structure tree and an original organization structure tree in the IDM system.
In the embodiment of the present invention, in order to ensure the consistency of information in each service system, unified and centralized maintenance, management and update of data of the organization structure tree and relationship data of personnel and organization in the unified identity management platform IDM system are required, and it can be understood that the organization structure tree includes the newly created target organization structure tree and the original organization structure tree in the unified identity management platform IDM system.
104: and synchronizing the relation data of the group-weaving structure tree and the personnel to a business system of the group-weaving structure tree.
In the embodiment of the present invention, after the group organization tree and the relationship data of the personnel are maintained and updated in the unified identity management platform IDM system, the updated group organization tree and the relationship data of the personnel can be provided to each downstream business system through a synchronous interface, so as to provide centralized and unified organization data and relationship data of the personnel and the organization for the enterprise.
It can be seen that, in the embodiment of the present invention, a target group organization tree is added in the unified identity management platform IDM system by receiving an addition instruction; then, acquiring data of the target group weaving mechanism tree, and writing the data of the target group weaving mechanism tree into the target group weaving mechanism tree; and then uniformly updating the relation data of the group-weaving structure tree and the personnel in the IDM system, and synchronizing the relation data of the group-weaving structure tree and the personnel to the business system of the group-weaving structure tree. By the embodiment of the invention, the organization structure tree can be defined in the IDM system of the unified identity management platform, the relationship between personnel and the organization structure tree in the identity system can be managed in a unified manner, and the organization data and the relationship data between the personnel and the organization can be synchronized to the downstream business system, so that the management of the relationship between the personnel and the organization can be effectively improved, and the centralized and unified organization data and the relationship data between the personnel and the organization can be provided for enterprises.
Referring to fig. 2, fig. 2 is a schematic flow chart of another identity management method provided in the embodiment of the present invention, and as shown in the figure, the method may include:
201: and receiving an adding instruction, and adding a target group organization tree in the IDM system of the unified identity management platform.
In the embodiment of the invention, in addition to the ability to store authoritative institution data and institution-to-person relationships in the unified identity management platform (IDM) system. And a new organization tree can be added in the IDM system of the unified identity management platform. And when an instruction of adding the organizing tree is received, the organizing tree can be newly added in the IDM system of the unified identity management platform.
202: determining a service system for data source of the organization structure tree; determining the corresponding relation between the mechanism data in the business system and the mechanism data in the group-of-mechanisms structure tree; writing the data of the set of weaving frames into the target set of weaving frames according to the corresponding relation; and acquiring the data of the target group organization structure tree from the service system through a synchronous interface.
In this embodiment of the present invention, after a target group-based fabric tree is created in the IDM system, the target group-based fabric tree has no data yet, and therefore, data of the target group-based fabric tree needs to be acquired, and then the acquired data of the target group-based fabric tree is written into the target group-based fabric tree. The data of the target organization tree includes organization data and organization tree data, wherein the organization tree data indicates why the organization tree is the organization tree (for example, an administrative tree, a manual tree, a sales tree, etc.).
As an alternative, the data of the target group structural tree may be obtained from a designated service system. Therefore, before acquiring the data of the target set of the fabric tree, a business system needs to be determined as a source of the data of the set of the fabric tree. After the source of the data of the group-organization structure tree is determined, it is necessary to determine the correspondence between the organization data in the target group-organization structure tree and the organization data in the designated business system, read the data of the target group-organization structure tree from the designated business system through a synchronization interface, and write the data of the target group-organization structure tree into the target group-organization structure tree according to the correspondence between the organization data in the target group-organization structure tree and the organization data in the designated business system.
203: and associating the personnel with the organizational structure tree in the IDM system to obtain the relation data of the personnel and the organizational structure tree according to the organizational structure tree attribute of the personnel.
In the embodiment of the present invention, after a target group organization tree is newly added to the unified identity management platform IDM system, in order to ensure consistency of organization data information in each business system, unified and centralized maintenance management and update of data of the organization tree and relationship data between personnel and organizations need to be performed in the unified identity management platform IDM system.
In the embodiment of the invention, the addition, deletion, modification and query operations can be flexibly carried out on the attributes of the personnel. As an alternative implementation mode, the operations of adding, deleting, modifying and inquiring the attributes of the personnel in batches in the IDM system can be realized. For example, the person in one department of the enterprise may be selected at the same time, and then the person attribute of the department may be operated accordingly.
As an alternative embodiment, the uniformly centralized maintenance management updating of the data of the organization structure tree and the relationship data of the personnel and the organization may include: and associating the personnel with the organizational structure tree in the IDM system to obtain the relation data of the personnel and the organizational structure tree according to the organizational structure tree attribute of the personnel. Specifically, the attributes of the person in the IDM system include an organization attribute, which indicates to which organization the person belongs, so that the organization attribute of the person associates the person with the corresponding organization. And a mechanism tree attribute is included in the attributes of the mechanism, indicating to which mechanism tree the mechanism belongs. Therefore, the relationship data between the person and the organization structure tree can be managed by managing the organization attribute of the person.
204: and synchronizing the relation data of the group-weaving structure tree and the personnel to a business system of the group-weaving structure tree.
In the embodiment of the present invention, after the group organization tree and the relationship data of the personnel are maintained and updated in the unified identity management platform IDM system, the updated group organization tree and the relationship data of the personnel can be provided to each downstream business system through a synchronous interface, so as to provide centralized and unified organization data and relationship data of the personnel and the organization for the enterprise.
It can be seen that, through the embodiment of the present invention, the organization structure tree can be defined in the identity management system, the data source of the organization structure tree can be flexibly defined, the attributes of the personnel in the unified identity management platform IDM system can be flexibly defined, the relationship between the personnel and the organization structure tree is associated, and then the relationship between the personnel and the organization structure tree is synchronized to each business system, so that the management of the relationship between the personnel and the organization structure can be effectively improved, and centralized and unified organization data and relationship data between the personnel and the organization can be provided for enterprises.
Referring to fig. 3, fig. 3 is a schematic flowchart of another identity management method provided in an embodiment of the present invention, and as shown in the figure, the method may include:
301: and receiving an adding instruction, and adding a target group organization tree in the IDM system of the unified identity management platform.
In the embodiment of the invention, in addition to the ability to store authoritative institution data and institution-to-person relationships in the unified identity management platform (IDM) system. And a new organization tree can be added in the IDM system of the unified identity management platform. And when an instruction of adding the organizing tree is received, the organizing tree can be newly added in the IDM system of the unified identity management platform.
302: receiving data of the organization structure tree input by a system administrator through an input device; and writing the data of the set of weaving structure trees into the target set of weaving structure trees.
In this embodiment of the present invention, after a target group-based fabric tree is created in the IDM system, the target group-based fabric tree has no data yet, and therefore, data of the target group-based fabric tree needs to be acquired, and then the acquired data of the target group-based fabric tree is written into the target group-based fabric tree.
As an alternative embodiment, the data of the target organization structure tree may be manually input by a system administrator through an input device and then written into the organization structure tree. In practical situations, there may be no data source of the target group organization tree, and in this case, a system administrator may manually manage the target group organization tree in the unified identity management platform IDM system and write data of the target group organization tree into the target group organization tree through an input device.
303: and associating the personnel with the organizational structure tree in the IDM system to obtain the relation data of the personnel and the organizational structure tree according to the organizational structure tree attribute of the personnel.
In the embodiment of the present invention, after a target group organization tree is newly added to the unified identity management platform IDM system, in order to ensure consistency of organization data information in each business system, unified and centralized maintenance management and update of data of the organization tree and relationship data between personnel and organizations need to be performed in the unified identity management platform IDM system.
As an alternative embodiment, the uniformly centralized maintenance management updating of the data of the organization structure tree and the relationship data of the personnel and the organization may include: and associating the personnel with the organizational structure tree in the IDM system to obtain the relation data of the personnel and the organizational structure tree according to the organizational structure tree attribute of the personnel. Specifically, the attributes of the person in the IDM system include an organization attribute, which indicates to which organization the person belongs, so that the organization attribute of the person associates the person with the corresponding organization. And a mechanism tree attribute is included in the attributes of the mechanism, indicating to which mechanism tree the mechanism belongs. Therefore, the relationship data between the person and the organization structure tree can be managed by managing the organization attribute of the person.
Optionally, before the updating the relationship data between the organization tree and the person in the group in the IDM system, the method further includes: and receiving a management instruction of the personnel attribute, and modifying the personnel mechanism attribute.
Specifically, a system administrator may select personnel attribute management in the IDM system, then display a drop-down list of the personnel attributes, where the drop-down list of the personnel attributes includes addition, deletion, modification, and query options, and then perform corresponding operations on the specific attributes of the personnel, for example, modify the organization attributes of the personnel. As an optional implementation manner, in the person attribute management, the attribute of a single person may be selected to be modified, or the attributes of multiple persons may be selected to be modified simultaneously. For example, the drop-down list of the personnel attribute management comprises two options of single person and multiple persons respectively, and then the drop-down list of the single person or the multiple persons comprises the options of adding, deleting, modifying and inquiring.
Optionally, before the updating the relationship data between the organization tree and the person in the group in the IDM system, the method further includes: and reading the personnel identity information data from the identity information database. Specifically, before the relationship data between the organization tree and the personnel in the unified identity management platform IDM system is updated, the personnel identity information data may be obtained from an identity information database, where the personnel identity information data includes the organization attributes of the personnel.
304: and synchronizing the relation data of the group-weaving structure tree and the personnel to a business system of the group-weaving structure tree.
In the embodiment of the present invention, after the group organization tree and the relationship data of the personnel are maintained and updated in the unified identity management platform IDM system, the updated group organization tree and the relationship data of the personnel can be provided to each downstream business system through a synchronous interface, so as to provide centralized and unified organization data and relationship data of the personnel and the organization for the enterprise.
It can be seen that, through the embodiment of the present invention, the organization structure tree can be defined in the identity management system, the data source of the organization structure tree can be flexibly defined, the attributes of the personnel in the unified identity management platform IDM system can be flexibly defined, the relationship between the personnel and the organization structure tree is associated, and then the relationship between the personnel and the organization structure tree is synchronized to each business system, so that the management of the relationship between the personnel and the organization structure can be effectively improved, and centralized and unified organization data and relationship data between the personnel and the organization can be provided for enterprises.
An embodiment of the present invention further provides an identity management system, where the identity management system is configured to execute a module of any one of the foregoing methods. Specifically, referring to fig. 4, fig. 4 is a schematic block diagram of an identity management system according to an embodiment of the present invention. The terminal device of the embodiment includes: the device comprises an adding module, an obtaining module, an updating module and a synchronizing module.
The adding module is used for receiving an adding instruction and adding a target group-forming framework tree in the IDM system of the unified identity management platform;
the acquisition module is used for acquiring data of the target group of the mechanism trees, wherein the data of the group of the mechanism trees comprise mechanism data;
a writing module, configured to write data of the target organization tree into the target organization tree;
an updating module, configured to update relationship data between a group organization tree and a person in the IDM system, where the organization tree includes the target group organization tree and an original group organization tree in the IDM system;
and the synchronization module is used for synchronizing the relation data of the organization structure tree and the personnel to a business system of the organization structure tree.
It can be seen that, in the embodiment of the present invention, a target group organization tree is added in the unified identity management platform IDM system by receiving an addition instruction; then, acquiring data of the target group weaving mechanism tree, and writing the data of the target group weaving mechanism tree into the target group weaving mechanism tree; and then uniformly updating the relation data of the group-weaving structure tree and the personnel in the IDM system, and synchronizing the relation data of the group-weaving structure tree and the personnel to the business system of the group-weaving structure tree. By the embodiment of the invention, the organization structure tree can be defined in the IDM system of the unified identity management platform, the relationship between personnel and the organization structure tree in the identity system can be managed in a unified manner, and the organization data and the relationship data between the personnel and the organization can be synchronized to the downstream business system, so that the management of the relationship between the personnel and the organization can be effectively improved, and the centralized and unified organization data and the relationship data between the personnel and the organization can be provided for enterprises.
Referring to fig. 5, fig. 5 is a schematic block diagram of another identity management system provided in the embodiment of the present invention. The terminal device of the embodiment includes: the device comprises an adding module, an obtaining module, an updating module and a synchronizing module.
The adding module is used for receiving an adding instruction and adding a target group-forming framework tree in the IDM system of the unified identity management platform;
the acquisition module is used for acquiring data of the target group of the mechanism trees, wherein the data of the group of the mechanism trees comprise mechanism data;
a writing module, configured to write data of the target organization tree into the target organization tree;
an updating module, configured to update relationship data between a group organization tree and a person in the IDM system, where the organization tree includes the target group organization tree and an original group organization tree in the IDM system;
and the synchronization module is used for synchronizing the relation data of the organization structure tree and the personnel to a business system of the organization structure tree.
Optionally, the system further includes:
the first determining module is used for determining a service system of a data source of the set of the fabric trees;
the above-mentioned acquisition module includes:
a second determining module, configured to determine a correspondence between the organization data in the business system and the organization data in the organization structure tree;
and the writing module is used for writing the data of the set of weaving spanning trees into the target set of weaving spanning trees according to the corresponding relation.
Optionally, the system further includes:
and the association module is used for associating the personnel with the organization structure tree in the IDM system according to the attribute of the organization tree of the personnel to obtain the relation data of the personnel and the organization structure tree.
It can be seen that, through the embodiment of the present invention, the organization structure tree can be defined in the identity management system, the data source of the organization structure tree can be flexibly defined, the attributes of the personnel in the unified identity management platform IDM system can be flexibly defined, the relationship between the personnel and the organization structure tree is associated, and then the relationship between the personnel and the organization structure tree is synchronized to each business system, so that the management of the relationship between the personnel and the organization structure can be effectively improved, and centralized and unified organization data and relationship data between the personnel and the organization can be provided for enterprises.
Referring to fig. 6, fig. 6 is a schematic block diagram of another identity management system provided in the embodiment of the present invention. The terminal device of the embodiment includes: the device comprises an adding module, an obtaining module, an updating module and a synchronizing module.
The adding module is used for receiving an adding instruction and adding a target group-forming framework tree in the IDM system of the unified identity management platform;
the acquisition module is used for acquiring data of the target group of the mechanism trees, wherein the data of the group of the mechanism trees comprise mechanism data;
a writing module, configured to write data of the target organization tree into the target organization tree;
an updating module, configured to update relationship data between a group organization tree and a person in the IDM system, where the organization tree includes the target group organization tree and an original group organization tree in the IDM system;
and the synchronization module is used for synchronizing the relation data of the organization structure tree and the personnel to a business system of the organization structure tree.
Optionally, the system further includes:
the receiving module is used for receiving data of the organization structure tree input by a system administrator through an input device;
the writing module is configured to write the data of the set of fabric trees into the target set of fabric trees.
Optionally, the system further includes:
and the association module is used for associating the personnel with the organization structure tree in the IDM system according to the attribute of the organization tree of the personnel to obtain the relation data of the personnel and the organization structure tree.
Optionally, the system further includes:
and the modification module is used for receiving a management instruction of the personnel attribute and modifying the personnel mechanism attribute.
Optionally, the system further includes:
and the reading module is used for reading personnel identity information data from the identity information database, wherein the personnel identity information data comprises mechanism attributes of personnel.
It can be seen that, through the embodiment of the present invention, the organization structure tree can be defined in the identity management system, the data source of the organization structure tree can be flexibly defined, the attributes of the personnel in the unified identity management platform IDM system can be flexibly defined, the relationship between the personnel and the organization structure tree is associated, and then the relationship between the personnel and the organization structure tree is synchronized to each business system, so that the management of the relationship between the personnel and the organization structure can be effectively improved, and centralized and unified organization data and relationship data between the personnel and the organization can be provided for enterprises.
In another embodiment of the present invention, a computer-readable storage medium is provided, the computer-readable storage medium storing a computer program, the computer program comprising program instructions that when executed by a processor implement: receiving an adding instruction, and adding a target group organization tree in an IDM system of a unified identity management platform; acquiring data of the target group of weaving frames, and writing the data of the target group of weaving frames into the target group of weaving frames, wherein the data of the group of weaving frames comprises mechanism data; updating relation data of organization structure trees and personnel in the unified identity management platform IDM system, wherein the organization structure trees comprise the target organization structure trees and original organization structure trees in the unified identity management platform IDM system; and synchronizing the relation data of the group-weaving structure tree and the personnel to a business system of the group-weaving structure tree.
The computer readable storage medium may be an internal storage module of the device according to any of the foregoing embodiments, for example, a hard disk or a memory of a terminal. The computer readable storage medium may be an external storage device of the terminal, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the terminal. Further, the computer-readable storage medium may include both an internal storage module and an external storage device of the terminal. The computer-readable storage medium stores the computer program and other programs and data required by the terminal. The above-described computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
Those of ordinary skill in the art will appreciate that the various illustrative modules and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described devices and modules may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present application, it should be understood that the disclosed method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the above-described modules is merely a logical division, and an actual implementation may have another division, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may also be an electrical, mechanical or other form of connection.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
The integrated module may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the above method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (6)

1. An identity management method, comprising:
receiving an adding instruction, and adding a target group organization tree in an IDM system of a unified identity management platform;
determining a business system for organizing a data source of the fabric tree;
determining the corresponding relation between the mechanism data in the business system and the mechanism data in the organization mechanism tree;
acquiring data of the set of fabric trees from the service system through a synchronous interface;
writing the data of the organizing paper mulberry into the target organizing paper mulberry according to the corresponding relation;
or,
receiving data of the organization structure tree input by a system administrator through an input device;
writing data of the set of weaving spanning trees into the target set of weaving spanning trees;
updating relation data of organization structure trees and personnel in the unified identity management platform IDM system, wherein the organization structure trees comprise the target organization structure tree and the original organization structure tree in the unified identity management platform IDM system;
and synchronizing the relation data of the group of the organizational structure trees and the personnel to a business system of the group of the organizational structure trees.
2. The method of claim 1, wherein said updating relationship data of group organizational structure trees and people in the unified identity management platform (IDM) system comprises:
and associating the personnel with the organization structure tree in the IDM system to obtain the relation data of the personnel and the organization structure tree according to the organization tree attribute of the personnel.
3. The method of claim 2, wherein prior to said updating relationship data for group organizational structure trees and people in said unified identity management platform (IDM) system, said method further comprises:
and receiving a management instruction of personnel attributes, and modifying the organization attributes of the personnel.
4. The method of claim 2, wherein prior to said updating relationship data for group organizational structure trees and people in said unified identity management platform (IDM) system, said method further comprises:
and reading personnel identity information data from an identity information database, wherein the personnel identity information data comprises mechanism attributes of personnel.
5. An identity management system, comprising:
the adding module is used for receiving an adding instruction and adding a target group-forming framework tree in the IDM system of the unified identity management platform;
the system comprises a first determining module, a second determining module and a third determining module, wherein the first determining module is used for determining a business system for organizing a data source of a structure tree;
the second determining module is used for determining the corresponding relation between the mechanism data in the business system and the mechanism data in the group of mechanism trees;
the first writing module is used for writing the data of the set of weaving mechanism trees into the target set of weaving mechanism trees according to the corresponding relation;
or,
the receiving module is used for receiving data of the organization structure tree input by a system administrator through an input device;
the second writing module is used for writing the data of the set of organizational structure trees into the target set of organizational structure trees;
the updating module is used for updating the relation data of the organization mechanism tree and the personnel in the unified identity management platform IDM system, wherein the organization mechanism tree comprises the target organization mechanism tree and the original organization mechanism tree in the unified identity management platform IDM system;
and the synchronization module is used for synchronizing the relation data of the organization tree and the personnel to a business system of the organization tree.
6. The system of claim 5,
and the updating module is used for associating the personnel with the organization structure tree in the IDM system to obtain the relation data of the personnel and the organization structure tree according to the attribute of the organization tree of the personnel.
CN201810066044.2A 2018-01-19 2018-01-19 Identity management method and system Active CN110062020B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810066044.2A CN110062020B (en) 2018-01-19 2018-01-19 Identity management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810066044.2A CN110062020B (en) 2018-01-19 2018-01-19 Identity management method and system

Publications (2)

Publication Number Publication Date
CN110062020A CN110062020A (en) 2019-07-26
CN110062020B true CN110062020B (en) 2022-02-01

Family

ID=67315330

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810066044.2A Active CN110062020B (en) 2018-01-19 2018-01-19 Identity management method and system

Country Status (1)

Country Link
CN (1) CN110062020B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477530A (en) * 2008-12-08 2009-07-08 山东浪潮齐鲁软件产业股份有限公司 Method for history version management of organization structure
CN103929325A (en) * 2014-02-26 2014-07-16 浪潮软件股份有限公司 Organization mechanism and user right uniform control method in information system integration
CN104869056A (en) * 2014-02-20 2015-08-26 明博教育科技有限公司 Institution personnel data synchronization method based on relational data separation
CN106548298A (en) * 2016-11-27 2017-03-29 合肥汉腾信息技术有限公司 Management information system is multiplexed, isolation is independent is cooperateed with fusion

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160255139A1 (en) * 2016-03-12 2016-09-01 Yogesh Chunilal Rathod Structured updated status, requests, user data & programming based presenting & accessing of connections or connectable users or entities and/or link(s)
CN103632237A (en) * 2013-12-06 2014-03-12 北京中电普华信息技术有限公司 Method and device for implementing organization and authority management
CN106845175B (en) * 2015-12-04 2021-03-30 方正国际软件(北京)有限公司 Method and device for setting data permission

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477530A (en) * 2008-12-08 2009-07-08 山东浪潮齐鲁软件产业股份有限公司 Method for history version management of organization structure
CN104869056A (en) * 2014-02-20 2015-08-26 明博教育科技有限公司 Institution personnel data synchronization method based on relational data separation
CN103929325A (en) * 2014-02-26 2014-07-16 浪潮软件股份有限公司 Organization mechanism and user right uniform control method in information system integration
CN106548298A (en) * 2016-11-27 2017-03-29 合肥汉腾信息技术有限公司 Management information system is multiplexed, isolation is independent is cooperateed with fusion

Also Published As

Publication number Publication date
CN110062020A (en) 2019-07-26

Similar Documents

Publication Publication Date Title
CN107122364B (en) Data operation method and data management server
CN105677250B (en) The update method and updating device of object data in object storage system
EP2178033A1 (en) Populating a multi-relational enterprise social network with disparate source data
US20030037114A1 (en) System, method and apparatus for updating electronic mail recipient lists
JP2004528636A (en) Automatic data update
CN112417051A (en) Container arrangement engine resource management method and device, readable medium and electronic equipment
CN108156030B (en) Method and device for synchronizing configuration strategies
CN109144785A (en) Method and apparatus for Backup Data
CN105635311A (en) Method for synchronizing resource pool information in cloud management platform
CN109522332A (en) Customer profile data merging method, device, equipment and readable storage medium storing program for executing
CN112801607A (en) Management service platform and construction method
CN107203642A (en) A kind of method of data synchronization and device
CN112217656A (en) Method and device for synchronizing configuration information of network equipment in SD-WAN (secure digital-to-Wide area network) system
CN111090803A (en) Data processing method and device, electronic equipment and storage medium
CN106802928B (en) Power grid historical data management method and system
CN112785248B (en) Human resource data cross-organization interaction method, device, equipment and storage medium
US20090037484A1 (en) Programming system for occasionally-connected mobile business applications
CN110062020B (en) Identity management method and system
CN111753141B (en) Data management method and related equipment
CN111767267A (en) Metadata processing method and device and electronic equipment
CN107783870A (en) A kind of server-compatible test result management method and system
CN113434585B (en) Resource preservation method and equipment
US7844506B2 (en) Method, system, and program product for automatically populating a field of a record
JP2016148907A (en) Attribute information management device, attribute information management method and computer program
CN108664634B (en) Data management method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 518000 East, 3rd floor, incubation building, China Academy of science and technology, 009 Gaoxin South 1st Road, Nanshan District, Shenzhen City, Guangdong Province

Patentee after: Shenzhen Zhuyun Technology Co.,Ltd.

Address before: 518000 East, 3rd floor, incubation building, China Academy of science and technology, 009 Gaoxin South 1st Road, Nanshan District, Shenzhen City, Guangdong Province

Patentee before: SHENZHEN BAMBOOCLOUD TECHNOLOGY CO.,LTD.

CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 518000 4001, Block D, Building 1, Chuangzhi Yuncheng Lot 1, Liuxian Avenue, Xili Community, Xili Street, Nanshan District, Shenzhen, Guangdong

Patentee after: Shenzhen Zhuyun Technology Co.,Ltd.

Address before: 518000 East, 3rd floor, incubation building, China Academy of science and technology, 009 Gaoxin South 1st Road, Nanshan District, Shenzhen City, Guangdong Province

Patentee before: Shenzhen Zhuyun Technology Co.,Ltd.