CN112233294B - Method and system for automatically identifying authority - Google Patents

Method and system for automatically identifying authority Download PDF

Info

Publication number
CN112233294B
CN112233294B CN202011511557.3A CN202011511557A CN112233294B CN 112233294 B CN112233294 B CN 112233294B CN 202011511557 A CN202011511557 A CN 202011511557A CN 112233294 B CN112233294 B CN 112233294B
Authority
CN
China
Prior art keywords
user
authority
group
permission
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011511557.3A
Other languages
Chinese (zh)
Other versions
CN112233294A (en
Inventor
陈双顺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yalianxun Network Technology Co ltd
Original Assignee
Shenzhen Yalianxun Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Yalianxun Network Technology Co ltd filed Critical Shenzhen Yalianxun Network Technology Co ltd
Priority to CN202011511557.3A priority Critical patent/CN112233294B/en
Publication of CN112233294A publication Critical patent/CN112233294A/en
Application granted granted Critical
Publication of CN112233294B publication Critical patent/CN112233294B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application is suitable for the technical field of property big data, and provides an automatic authority identification method and system, wherein the method comprises the following steps: receiving authority application information submitted by a first user, wherein the authority application information comprises an authority to be applied; dividing the permission to be applied into at least one permission group, wherein each permission group comprises at least one permission to be applied; respectively determining user groups corresponding to the authority groups, wherein each user group comprises a plurality of second users; and identifying whether the first user meets the application condition of the permission to be applied or not based on the second user in each user group. By adopting the method, the authority applied by the user can be automatically identified based on the property big data, the waiting time of manual processing is reduced, and the efficiency of authority verification is improved.

Description

Method and system for automatically identifying authority
Technical Field
The embodiment of the application belongs to the technical field of property big data, and particularly relates to an automatic authority identification method and system.
Background
The access control equipment is used as novel and modern safety management equipment, so that the condition that irrelevant personnel enter a specific place or area is effectively reduced, and the safety of owners and residents is improved.
Taking an access control device used in a residential community as an example, residents in the community need to obtain authorization of a property service center before using the access control device. The resident can conveniently come in and go out of the residential area or the building only after the resident is distributed with the use authority of the access control equipment. For example, the property service center staff confirms the authority of the resident, and allocates the entrance guard card to the resident after confirmation. The resident needs to be verified by swiping a card when entering or exiting a community or a building.
Because the resident is troublesome to personally go to the property service center to confirm the authority and handle the access control card, part of the property service centers provide the function of independently handling the access control card on line, the resident is allowed to automatically submit application information through the network, the authority of the resident is confirmed after the worker of the property service center checks the application information, and then the entity access control card or the electronic access control card is distributed to the resident. However, this method still requires the property service center staff to check the application information submitted by each resident one by one, and the whole process is time-consuming.
Disclosure of Invention
In view of this, the embodiment of the present application provides an automatic authority identification method and system, which can automatically identify a user authority based on property big data, solve the problem that manual identification of the user authority consumes a long time, and improve the efficiency of authority verification.
A first aspect of an embodiment of the present application provides an automatic permission identification method, which is applied to a server, and the method includes:
receiving authority application information submitted by a first user, wherein the authority application information comprises an authority to be applied;
dividing the permission to be applied into at least one permission group, wherein each permission group comprises at least one permission to be applied;
respectively determining user groups corresponding to the authority groups, wherein each user group comprises a plurality of second users;
and identifying whether the first user meets the application condition of the permission to be applied or not based on the second user in each user group.
A second aspect of the embodiments of the present application provides an apparatus for automatically identifying a right, which is applied to a server, and the apparatus includes:
the receiving module is used for receiving authority application information submitted by a first user, and the authority application information comprises an authority to be applied;
the division module is used for dividing the permission to be applied into at least one permission group, and each permission group comprises at least one permission to be applied;
the determining module is used for respectively determining the user groups corresponding to the authority groups, and each user group comprises a plurality of second users;
and the identification module is used for identifying whether the first user meets the application condition of the permission to be applied or not based on the second user in each user group.
A third aspect of the embodiments of the present application provides an automatic right identification system, where the system includes a terminal device, multiple right devices, and a server for managing the multiple right devices, and the server includes:
the receiving module is used for receiving authority application information submitted by a first user, and the authority application information comprises an authority to be applied;
the division module is used for dividing the permission to be applied into at least one permission group, and each permission group comprises at least one permission to be applied;
the determining module is used for respectively determining the user groups corresponding to the authority groups, and each user group comprises a plurality of second users;
and the identification module is used for identifying whether the first user meets the application condition of the permission to be applied or not based on the second user in each user group.
A fourth aspect of the embodiments of the present application provides a server, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor, when executing the computer program, implements the method for automatically identifying a right according to the first aspect.
A fifth aspect of embodiments of the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the method for automatically identifying a right according to the first aspect is implemented.
A sixth aspect of the embodiments of the present application provides a computer program product, which when running on a server, causes the server to execute the method for automatically identifying a right according to the first aspect.
Compared with the prior art, the embodiment of the application has the following advantages:
according to the method and the device, when the permission application information submitted by the first user is received, the to-be-applied permission included in the permission application information is divided into different permission groups, and then the user group corresponding to each permission group can be determined respectively. Since each user group is composed of a plurality of second users having all permissions to be applied in the corresponding permission group, the permission applied by the first user can be identified based on the criterion whether the first user is similar to the second user in each user group. If the first user meets the application condition of the applied authority, the authorities can be automatically distributed to the first user by the server. The embodiment of the application can find out the second users with all authorities based on big data analysis, can automatically finish the identification of the authority applied by the first user by comparing the first user with the second users, reduces the waiting time for manually checking authority application information, and improves the efficiency of authority identification. In addition, the to-be-applied authorities are divided into different authority groups, and each to-be-applied authority is identified through a plurality of corresponding user groups, so that the accuracy of automatic identification is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the embodiments or the description of the prior art will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
FIG. 1 is a flow chart illustrating steps of a method for automatically identifying permissions according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating steps of another method for automatically identifying permissions according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating an implementation of S208 according to an embodiment of the present application;
fig. 4 is a schematic diagram of an automatic right recognition apparatus according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a server according to one embodiment of the present application;
fig. 6 is a schematic diagram of an automatic right recognition system according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. However, it will be apparent to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
The technical solution of the present application will be described below by way of specific examples.
Referring to fig. 1, a schematic flow chart illustrating steps of an automatic authority identification method according to an embodiment of the present application is shown, which may specifically include the following steps:
s101, authority application information submitted by a first user is received, and the authority application information comprises an authority to be applied.
It should be noted that the method may be applied to a server, that is, the execution subject of the method is the server.
In this embodiment of the present application, the first user may refer to a user who submits permission application information. The authority application information may be provided by the first user for applying a certain authority, and the authority application information may include personal information of the first user and the authority to be applied. The personal information of the first user may include a face image of the first user and other basic information, such as name, age, gender, home address, office address, and the like; the pending application may include one or more, that is, the first user may submit an application for permission for applying for a permission once, or may simultaneously apply for multiple permissions by submitting an application for permission once, which is not limited in this embodiment of the application.
In the embodiment of the application, the first user can submit the permission application information through the terminal device. For example, the first user may execute the application process through a mobile phone, a tablet computer, or the like.
In a specific implementation, an Application (APP) capable of communicating with the server and implementing data interaction therebetween may be installed in the terminal device. The first user can perform operations on the APP, such as filling in personal information of the first user, uploading a face image, selecting the right required to be applied, then clicking an application button or a submission button or other similar buttons on a page to trigger the APP to generate right application information, and sending the right application information to the server through the APP.
It should be noted that the server and the APP are a server and an APP accessing the same system. For example, in a certain system, a plurality of rights devices are included, which can communicate with a server and receive management of the server; meanwhile, the system can provide an APP, and the user can manage the authority equipment through the APP.
S102, dividing the to-be-applied authority into at least one authority group, wherein each authority group comprises at least one to-be-applied authority.
In the embodiment of the application, in order to realize automatic identification of the authority applied by the first user, after receiving the authority application information including the authority to be applied, the server may first group the authority to be applied, so that identification of all the authorities to be applied is completed by automatically identifying each authority to be applied in each authority group.
It should be noted that the rights to be applied included in the plurality of divided rights groups should not be completely the same, but the same rights to be applied may be divided into a plurality of rights groups. The number of the rights to be applied included in each rights group may be equal or unequal. The embodiment of the present application is not limited in this respect.
When there is only one pending application right, the pending application right can be regarded as a right group.
S103, respectively determining user groups corresponding to the authority groups, wherein each user group comprises a plurality of second users.
In the embodiment of the present application, the user group corresponding to each permission group may be composed of second users having all permissions to be applied in the permission group. That is, each user group includes a plurality of second users, and each user has all of the pending permissions in the permission group.
It should be noted that, in the embodiments of the present application, the first user, the second user, and the like are only described to distinguish different users, and there is no chronological order or other meaning for "first" and "second" in the embodiments.
In a specific implementation, for users to which various rights have been assigned, the server may record which rights each user has. When a corresponding user group needs to be determined according to the permission group, the server may first find all users having the permission from a permission to be applied, and then judge whether each user has a next permission to be applied one by one from all the found users. If a certain user does not have the current permission to be applied, the user is deleted from the user group, and if the user has the current permission to be applied, the user is reserved until each permission to be applied and each user in the permission group are traversed. Finally, the reserved user may be the second user, and the second users constitute the user group corresponding to the permission group. Of course, a person skilled in the art may also select other ways to determine the user group corresponding to each permission group according to actual needs, which is not limited in the embodiment of the present application.
S104, based on the second user in each user group, identifying whether the first user meets the application condition of the permission to be applied.
In the embodiment of the application, since the second user in each user group has all the permissions to be applied in the corresponding permission group, whether the first user meets the condition of applying all the permissions to be applied in the corresponding permission group can be judged by comparing the first user with each second user.
In specific implementation, different judgment criteria can be determined according to actual needs to compare the first user with the second users in each user group, so as to identify whether the first user meets the application conditions of the permission to be applied.
For example, it may be set that a first user needs to have similarity with a certain number of second users, and when the first user is similar to the second users with the above set number, the first user may be considered to satisfy all application conditions of permissions to be applied in an permission group corresponding to a user group formed by these second users, and the above set number may be determined according to actual needs, which is not limited in this embodiment of the application.
Of course, according to the specific situation of the authority applied by the first user, when the server determines whether the first user is similar to the second user, the criteria may also be different, and the application condition for identifying whether the first user satisfies the authority to be applied based on what criteria is not limited in the embodiment of the present application.
In the embodiment of the application, when the permission application information submitted by the first user is received, the to-be-applied permission included in the permission application information is divided into different permission groups, and then the user group corresponding to each permission group can be respectively determined. Since each user group is composed of a plurality of second users having all permissions to be applied in the corresponding permission group, the permission applied by the first user can be identified based on the criterion whether the first user is similar to the second user in each user group. If the first user meets the application condition of the applied authority, the authorities can be automatically distributed to the first user by the server. The embodiment of the application can find out the second users with all authorities based on big data analysis, can automatically finish the identification of the authority applied by the first user by comparing the first user with the second users, reduces the waiting time for manually checking authority application information, and improves the efficiency of authority identification. In addition, the to-be-applied authorities are divided into different authority groups, and each to-be-applied authority is identified through a plurality of corresponding user groups, so that the accuracy of automatic identification is improved.
Referring to fig. 2, a schematic flow chart illustrating steps of another method for automatically identifying a right according to an embodiment of the present application is shown, which may specifically include the following steps:
s201, permission application information submitted by a first user is received, and the permission application information comprises a permission to be applied.
The execution subject of the method is a server, and the server can be a server used for managing a plurality of authority devices accessed to the system in the automatic authority identification system. The automatic authority identification system can be an independent system used for managing the accessed authority equipment and identifying whether an applicant has one or more authorities; or, the automatic authority identification system may also be a subsystem in other systems, and the authority of each device or object in the main system is managed through the subsystem, so as to realize the overall function of the main system. For example, the host system may be a property management system, and the property management system may include a plurality of entrance guard devices installed at different locations. As a subsystem in the property management system, the automatic authority identification system can identify different authorities, so that only authorized users can be allowed to use the access control equipment at the corresponding position, thereby ensuring the normal operation of the property management system and the safety in a specific area range.
For convenience of understanding, the following description of the embodiments of the present application will be given by taking the automatic right identification system as an example of a subsystem in a property management system configured in a residential community.
Typically, a plurality of access control devices are installed at different locations within a residential community. For example, a door access device installed at an entrance of a community, a door access device installed at an entrance of each residential building, a door access device installed at each floor of each residential building, and the like. The automatic permission identification system can automatically identify the permission of each access control device applied by the user so as to determine whether the permission of the corresponding access control device is distributed to the user. The user may refer to a home owner, resident, working staff working in the residential community, and other people who need to enter and exit the residential community for other reasons.
In the embodiment of the application, a first user can use a terminal device to submit permission application information including at least one permission to be applied in a network mode. For example, in the above example, a certain resident in a cell may submit the authority of the entrance guard device at five positions, i.e., the entrance and exit of the cell, the cell activity center, the a-number residential building, and the 7 th floor and the 8 th floor of the a-number residential building, to the authority automatic identification system or the property management system using the terminal device.
S202, respectively obtaining attribute characteristics of a plurality of authorities to be applied.
In the embodiment of the present application, the attribute feature of the right to be applied may refer to a feature of a right device corresponding to the right to be applied, or may refer to a feature of a work area covered by the corresponding right device.
Taking the right to be applied as the right of the entrance guard equipment at the entrance and exit of the community as an example, the attribute characteristic of the right to be applied may refer to the attribute characteristic of the entrance guard equipment at the entrance and exit of the community, or may refer to the attribute characteristic of a working area covered by the entrance guard equipment at the entrance and exit of the community. Wherein, the attribute feature of the working area covered by the device is the attribute feature of the whole cell.
In this application embodiment, the attribute feature of the right to be applied may be any type of information such as a working time, an installation location, and an applicable object, which is not limited in this application embodiment.
S203, determining the logic relationship among the authorities to be applied according to the attribute characteristics of the plurality of authorities to be applied.
In the embodiment of the application, the logical relationship between the rights to be applied can be used for representing the relation between the rights to be applied. The logical relationship determined according to different attribute characteristics may be different.
Taking the attribute characteristics as the installation location of the corresponding authority device as an example, the determined logical relationship between the authorities to be applied may be an inclusion relationship between the authority devices, and the inclusion relationship may represent the relationship between the authority control ranges of the authority devices.
For example, for access control devices at five positions, namely a cell entrance, a cell activity center, a residential building A, and the 7 th floor and the 8 th floor of the residential building A, the access control device authority of the cell entrance, the cell activity center, the residential building A, and the 7 th floor and the 8 th floor of the residential building A should contain the access control device authority of the cell entrance; the access control equipment authorities of the 7 th floor and the 8 th floor of the A residential building also comprise the access control equipment authorities of the A residential building; the access control equipment authority of the community entrance and exit has no mutual inclusion relation with the access control equipment authorities of the A-family building, the 7 th floor and the 8 th floor of the A-family building; the 7 th floor access control device authority and the 8 th floor access control device authority of the A-piece residential building have no mutual inclusion relationship.
S204, dividing the plurality of permissions to be applied into at least one permission group based on the logical relationship.
In the embodiment of the application, different logical relations among the authorities to be applied can be determined according to different attribute characteristics. Based on different logic relations, a plurality of authorities to be applied can be divided into different authority groups. Wherein each authority group comprises at least one authority to be applied. For example, a plurality of pending application authorities having an inclusion relationship may be divided into the same authority group based on the inclusion relationship between the respective pending application authorities in the above example.
As an example of the embodiment of the present application, if the permissions to be applied are permissions of access control devices applied to five positions, such as a cell entrance, a cell activity center, a residential building a, and a residential building a on the 7 th floor and the 8 th floor, the five permissions can be divided into the following five permission groups based on the inclusion relationship between the permissions of the access control devices:
permission group 1: { cell entrance & exit }
Permission group 2: { cell entrance/exit, cell activity center }
Permission group 3: { residential building A with entrance and exit of residential area }
Permission group 4: { residential district entrance/exit, residential building A, and residential building A at 7 th floor }
Permission group 5: { residential district entrance/exit, residential building A, and residential building A on the 8 th floor }
S205, aiming at a target authority group, searching a plurality of second users with all to-be-applied authorities in the target authority group from the users with the distributed authorities, wherein the target authority group is any one of the at least one authority group.
The target permission group in the embodiment of the application may be any permission group to be currently identified. For example, if the current processing procedure is to identify the to-be-applied authority in the authority group 1, the target authority group is the authority group 1; if the current processing procedure is to identify the authority to be applied in the authority group 3, the target authority group is the authority group 3, and the specific sequence for identifying each authority group is not limited in the embodiment of the application.
In the embodiment of the present application, in order to identify whether a first user who submits permission application information has an application condition for applying for a permission to be applied in each permission group, a plurality of users having all permissions to be applied in the permission group at the same time may be found out from users assigned with permissions.
For example, taking the target authority group as the authority group 1 as an example, a plurality of users having the to-be-applied authority in the authority group 1, that is, the authority of the entrance guard device at the entrance and exit of the cell, can be found from all the users. If the target authority group is the authority group 3, a plurality of users having the authority to be applied in the authority group 3, namely the authority of the entrance guard equipment at the entrance and exit of the community and the authority of the entrance guard equipment at the building of the A family can be found out from all the users.
S206, taking the user group formed by the plurality of second users as a target user group corresponding to the target permission group.
For the target permission group, after the users having all permissions to be applied in the target permission group are found, the users can be used as second users to form a user group corresponding to the target permission group.
For example, in the above example, the user groups corresponding to the respective permission groups may be as follows:
permission group 1: { cell entrance/exit }: user group 1
Permission group 2: { cell entrance/exit, cell activity center }: user group 2
Permission group 3: { entrance and exit of a cell, a residential building }: user group 3
Permission group 4: { residential district entrance/exit, residential building a, and residential building a, floor 7 }: user group 4
Permission group 5: { residential district entrance/exit, residential building a, floor 8 }: user group 5
S207, respectively acquiring the personal information of the first user and the personal information of the second user in each user group.
In the embodiment of the present application, in order to compare the second user in each user group with the first user who submits the authority application information, the personal information of the first user and the second user may be obtained first.
In a specific implementation, the personal information of the first user and the second user may be already stored in a database of the server, and the server may verify the identity of the first user who submits the authority application information after receiving the authority application information of the first user, and extract the personal information of the first user from the database after the verification is passed. For the second user, the server may obtain the personal information of each second user in a certain permission group or user group from the database when processing the certain permission group or user group.
S208, identifying whether the first user meets the application condition of the permission to be applied in the permission group corresponding to each user group or not based on the personal information of the first user and the personal information of the second user.
In the embodiment of the application, since the second user in each user group has all the permissions to be applied in the corresponding permission group, whether the first user meets the condition of applying all the permissions to be applied in the corresponding permission group can be determined by comparing the personal information of the first user with the personal information of each second user.
In a possible implementation manner of the embodiment of the present application, as shown in fig. 3, the step S208 may include the following sub-steps S2081 to S2084:
s2081, aiming at the target authority group, extracting the target authority to be applied with the highest authority level in the target authority group.
In the embodiment of the present application, each to-be-applied authority may have a corresponding authority level, and the authority level of each to-be-applied authority may be predetermined according to actual needs, which is not limited in this embodiment.
As an example of the embodiment of the present application, if the right to be applied is the right to apply for the access control device at five positions of the exit, the center of the community activity, the a-number residential building, and the a-number residential building, such as the 7 th floor and the 8 th floor, in the above example, the five rights can be applied as follows
The first permission level: the access control equipment authority of the entrance and exit of the community;
the second permission level: access control equipment permission of a community activity center;
the third permission level: a, entrance guard equipment authority of a residential building;
the fourth permission level: the access control system comprises a 7 th floor access control device authority of the A residential building and an 8 th floor access control device authority of the A residential building.
In the embodiment of the application, for the target authority group, the to-be-applied authority with the highest authority level in the target authority group can be used as the to-be-applied target authority. And comparing the personal information of the first user and the second user based on the target authority to be applied.
Therefore, for the five permission groups in the above example, the target permissions to be applied with the highest permission level are:
permission group 1: the access control equipment authority of the entrance and exit of the community;
permission group 2: access control equipment permission of a community activity center;
permission group 3: a, entrance guard equipment authority of a residential building;
permission group 4: a, the 7 th floor access control equipment authority of the residential building;
permission group 5: and A, the 8 th floor of the residential building has access equipment authority.
S2082, determining the target personal information corresponding to the target authority to be applied.
Generally, different rights to be applied differ in their associated personal information. And for the determined target authority to be applied with the highest authority level, determining target personal information corresponding to the target authority to be applied.
For example, the right of the access device at the 7 th floor of the A-family building should be generally assigned to the users living at the 7 th floor of the A-family building. And the home address of the user living at the 7 th floor of the A residential building should include key information of living at the 7 th floor of the A residential building. Therefore, the home address can be the target personal information of the authority of the access device at the 7 th floor of the A-family building.
S2083, based on the target personal information, calculating the similarity between the first user and the target user group corresponding to the target authority group.
In the embodiment of the application, according to the determined target personal information, the similarity between the first user and the target user group corresponding to the target authority group can be calculated.
In this particular implementation, the target personal information of each second user in the target user group may be first subjected to data cleansing. The purpose of data cleansing is to reduce errors in calculation and make the data structure of the calculated target personal information more normative.
For example, for "home address: a floor 7 room "and" home address: two pieces of target personal information, namely 7-floor 3 rooms of the A residential building, can obtain information with the same data structure after data cleaning: "home address: a residential building, floor 7, room 702 "and" home address: a residential building floor 7 703 room ".
Then, intersection information between the cleaned target personal information of the respective second users may be determined. For example, the intersection information between the two pieces of target personal information in the above example may be "home address: a residential building 7 th floor ".
By calculating the similarity between the target personal information of the first user and the intersection information, whether the first user meets the application condition of the permission to be applied in the target permission group can be judged.
Illustratively, the target personal information of the first user may be expressed as: "home address: a 7 th building 705 ″, the target individual information may be represented as: "home address: a residential building floor 7 705 room ". Therefore, the target personal information "home address: room 705 at floor 7 of a residential building "and intersection information" home address: similarity between the 7 th floor of the A residential building.
S2084, if the similarity is larger than a preset threshold value, determining that the first user meets the application condition of the to-be-applied authority in the target authority group.
In the embodiment of the application, if the calculated similarity is greater than the preset threshold, it can be determined that the first user meets the application condition of the to-be-applied right in the target right group.
For example, after identifying each authority group in the above example, if the similarity corresponding to the authority group 2, the authority group 3, and the authority group 4 is greater than the preset threshold, and the similarity corresponding to the authority group 1 and the authority group 5 is less than the preset threshold, it may be considered that the first access control device has a condition for applying for each authority in the authority group 2, the authority group 3, and the authority group 4, so that the access control device authorities at four positions of the exit of the cell, the activity center of the cell, the residential building a, the 7 th floor of the residential building a in the authority group 2, the authority group 3, and the authority group 4 may be allocated to the first user.
It should be noted that, the preset threshold may be set according to the highest permission level in the permission group. For example, the right to be applied with the highest right level in the right group 2 is a right of a cell activity center access control device, the right level thereof is a second level, and the preset threshold set for the right group can be relatively low; for the authority group 4, the authority to be applied with the highest authority level in the group is the 7 th-floor entrance guard equipment authority of the A-number residential building, the authority level is the fourth level, and the preset threshold set for the authority group can be relatively higher.
It should be noted that, the sequence numbers of the steps in the foregoing embodiments do not mean the execution sequence, and the execution sequence of each process should be determined by the function and the inherent logic of the process, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Referring to fig. 4, a schematic diagram of an automatic permission identification apparatus according to an embodiment of the present application is shown, and specifically may include a receiving module 401, a dividing module 402, a determining module 403, and an identifying module 404, where:
the receiving module is used for receiving authority application information submitted by a first user, and the authority application information comprises an authority to be applied;
the division module is used for dividing the permission to be applied into at least one permission group, and each permission group comprises at least one permission to be applied;
the determining module is used for respectively determining the user groups corresponding to the authority groups, and each user group comprises a plurality of second users;
and the identification module is used for identifying whether the first user meets the application condition of the permission to be applied or not based on the second user in each user group.
In the embodiment of the present application, the permission to be applied includes a plurality of permissions, and the dividing module may specifically include the following sub-modules:
the attribute characteristic acquisition submodule is used for respectively acquiring attribute characteristics of a plurality of permissions to be applied;
the logic relationship determination submodule is used for determining the logic relationship among the authorities to be applied according to the attribute characteristics of the plurality of authorities to be applied;
and the permission group division submodule is used for dividing the plurality of permissions to be applied into at least one permission group based on the logical relationship.
In this embodiment of the present application, the logical relationship is an inclusion relationship between the rights to be applied, and the rights group partitioning submodule may specifically include the following units:
and the permission group dividing unit is used for dividing the plurality of permissions to be applied with the inclusion relationship into the same permission group to obtain the at least one permission group.
In this embodiment of the present application, the determining module may specifically include the following sub-modules:
the second user searching sub-module is used for searching a plurality of second users with all permissions to be applied in the target permission group from the users with the distributed permissions aiming at the target permission group, wherein the target permission group is any one of the at least one permission group;
and the target user group determining submodule is used for taking a user group formed by the plurality of second users as a target user group corresponding to the target permission group.
In this embodiment, the identification module may specifically include the following sub-modules:
the personal information acquisition sub-module is used for respectively acquiring the personal information of the first user and the personal information of the second user in each user group;
and the to-be-applied authority identification submodule is used for identifying whether the first user meets the application conditions of the to-be-applied authority in the authority group corresponding to each user group or not based on the personal information of the first user and the personal information of the second user.
In this embodiment of the present application, the to-be-applied permission has a corresponding permission level, and the to-be-applied permission identification submodule may specifically include the following units:
the target authority extraction unit to be applied is used for extracting the target authority to be applied with the highest authority level in the target authority group aiming at the target authority group;
the target personal information determining unit is used for determining target personal information corresponding to the target authority to be applied;
the similarity calculation unit is used for calculating the similarity between the first user and a target user group corresponding to the target authority group based on the target personal information; and if the similarity is greater than a preset threshold value, judging that the first user meets the application condition of the to-be-applied authority in the target authority group.
In this embodiment, the similarity calculation unit may specifically include the following sub-units:
the data cleaning subunit is used for cleaning the target personal information of each second user in the target user group;
the intersection information determining subunit is used for determining intersection information among the target personal information of the cleaned second users;
and the similarity calculation operator unit is used for calculating the similarity between the target personal information of the first user and the intersection information.
For the apparatus embodiment, since it is substantially similar to the method embodiment, it is described relatively simply, and reference may be made to the description of the method embodiment section for relevant points.
Referring to fig. 5, a schematic diagram of a server of one embodiment of the present application is shown. As shown in fig. 5, the server 500 of the present embodiment includes: a processor 510, a memory 520, and a computer program 521 stored in the memory 520 and executable on the processor 510. The processor 510, when executing the computer program 521, implements the steps in the embodiments of the automatic right identification method, such as the steps S101 to S104 shown in fig. 1. Alternatively, the processor 510, when executing the computer program 521, implements the functions of each module/unit in the above-described device embodiments, for example, the functions of the modules 401 to 404 shown in fig. 4.
Illustratively, the computer program 521 may be partitioned into one or more modules/units that are stored in the memory 520 and executed by the processor 510 to accomplish the present application. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which may be used to describe the execution of the computer program 521 in the server 500. For example, the computer program 521 may be divided into a receiving module, a dividing module, a determining module and an identifying module, and each module has the following specific functions:
the receiving module is used for receiving authority application information submitted by a first user, and the authority application information comprises an authority to be applied;
the division module is used for dividing the permission to be applied into at least one permission group, and each permission group comprises at least one permission to be applied;
the determining module is used for respectively determining the user groups corresponding to the authority groups, and each user group comprises a plurality of second users;
and the identification module is used for identifying whether the first user meets the application condition of the permission to be applied or not based on the second user in each user group.
The server 500 may be the server in the foregoing embodiments, and the property server may be a desktop computer, a cloud server, or other computing devices. The server 500 may include, but is not limited to, a processor 510, a memory 520. Those skilled in the art will appreciate that fig. 5 is merely an example of a server 500 and is not intended to limit server 500 and may include more or fewer components than those shown, or some components may be combined, or different components, e.g., server 500 may also include input-output devices, network access devices, buses, etc.
The Processor 510 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 520 may be an internal storage unit of the server 500, such as a hard disk or a memory of the server 500. The memory 520 may also be an external storage device of the server 500, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and so on, which are provided on the server 500. Further, the memory 520 may also include both an internal storage unit and an external storage device of the server 500. The memory 520 is used for storing the computer program 521 and other programs and data required by the server 500. The memory 520 may also be used to temporarily store data that has been output or is to be output.
Fig. 6 is a schematic diagram of an automatic right recognition system according to an embodiment of the present application. The automatic authority identification system in fig. 6 includes a terminal device, a plurality of authority devices, and a server for managing the plurality of authority devices, where the terminal device may be connected to the plurality of authority devices and the server in a communication manner, and the server may include the following modules:
the receiving module is used for receiving authority application information submitted by a first user, and the authority application information comprises an authority to be applied;
the division module is used for dividing the permission to be applied into at least one permission group, and each permission group comprises at least one permission to be applied;
the determining module is used for respectively determining the user groups corresponding to the authority groups, and each user group comprises a plurality of second users;
and the identification module is used for identifying whether the first user meets the application condition of the permission to be applied or not based on the second user in each user group.
The embodiment of the application also discloses a server, which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the computer program to realize the automatic permission identification method according to the foregoing embodiments.
The embodiment of the application also discloses a computer readable storage medium, which stores a computer program, and the computer program is executed by a processor to implement the automatic authority identification method according to the foregoing embodiments.
The embodiment of the application also discloses a computer program product, and when the computer program product runs on a server, the server is enabled to execute the automatic permission identification method in each embodiment.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same. Although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (6)

1. An automatic authority identification method is applied to a server, and comprises the following steps:
receiving authority application information submitted by a first user, wherein the authority application information comprises a plurality of authorities to be applied, the authorities to be applied are authorities for access control equipment, and the authorities to be applied have corresponding authority levels;
respectively acquiring attribute characteristics of the plurality of permissions to be applied;
determining a logical relationship among the authorities to be applied according to the attribute characteristics of the plurality of authorities to be applied, wherein the logical relationship is an inclusion relationship among the authorities to be applied;
dividing the to-be-applied authorities with the inclusion relationship into the same authority group to obtain at least one authority group, wherein each authority group comprises at least one to-be-applied authority, and the to-be-applied authorities contained in the plurality of authority groups are not completely the same;
respectively determining user groups corresponding to the authority groups, wherein each user group comprises a plurality of second users;
respectively acquiring personal information of the first user and the second user in each user group;
identifying whether the first user meets the application condition of the permission to be applied in the permission group corresponding to each user group or not based on the personal information of the first user and the personal information of the second user;
the identifying whether the first user meets the application condition of the permission to be applied in the permission group corresponding to each user group based on the personal information of the first user and the personal information of the second user comprises:
aiming at a target authority group, extracting a target authority to be applied with the highest authority level in the target authority group, wherein the target authority group is any one of the at least one authority group;
determining target personal information corresponding to the target authority to be applied;
calculating the similarity between the first user and a target user group corresponding to the target authority group based on the target personal information;
and if the similarity is greater than a preset threshold value, judging that the first user meets the application condition of the to-be-applied authority in the target authority group.
2. The method of claim 1, wherein the separately determining the user group corresponding to each of the permission groups comprises:
aiming at a target authority group, searching a plurality of second users with all to-be-applied authorities in the target authority group from users with distributed authorities;
and taking the user group formed by the plurality of second users as a target user group corresponding to the target permission group.
3. The method of claim 1, wherein the calculating a similarity between the first user and a target user group corresponding to the target permission group based on the target personal information comprises:
carrying out data cleaning on target personal information of each second user in the target user group;
determining intersection information among the target personal information of the cleaned second users;
and calculating the similarity between the target personal information of the first user and the intersection information.
4. An automatic authority identification system, characterized in that the system comprises a terminal device, a plurality of authority devices and a server for managing the plurality of authority devices, the server comprises:
the access control device comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving authority application information submitted by a first user, the authority application information comprises a plurality of authorities to be applied, the authorities to be applied are authorities for the access control device, and the authorities to be applied have corresponding authority levels;
the division module is used for dividing the permission to be applied into at least one permission group, each permission group comprises at least one permission to be applied, and the permissions to be applied contained in the plurality of permission groups are not completely the same;
the determining module is used for respectively determining the user groups corresponding to the authority groups, and each user group comprises a plurality of second users;
the identification module is used for respectively acquiring the personal information of the first user and the personal information of the second user in each user group; identifying whether the first user meets the application condition of the permission to be applied in the permission group corresponding to each user group or not based on the personal information of the first user and the personal information of the second user;
wherein the dividing module comprises:
the attribute characteristic acquisition submodule is used for respectively acquiring attribute characteristics of a plurality of permissions to be applied;
the logic relationship determination submodule is used for determining the logic relationship among the authorities to be applied according to the attribute characteristics of the plurality of authorities to be applied, and the logic relationship is the inclusion relationship among the authorities to be applied;
the right group division submodule is used for dividing the to-be-applied right with the inclusion relationship into the same right group to obtain at least one right group;
the identification module comprises:
a target permission to be applied extracting unit, configured to extract, for a target permission group, a target permission to be applied with a highest permission level in the target permission group, where the target permission group is any one of the at least one permission group;
the target personal information determining unit is used for determining target personal information corresponding to the target authority to be applied;
the similarity calculation unit is used for calculating the similarity between the first user and a target user group corresponding to the target authority group based on the target personal information; and if the similarity is greater than a preset threshold value, judging that the first user meets the application condition of the to-be-applied authority in the target authority group.
5. A server comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the automatic right identification method according to any one of claims 1 to 3 when executing the computer program.
6. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements an automatic right identification method according to any one of claims 1 to 3.
CN202011511557.3A 2020-12-18 2020-12-18 Method and system for automatically identifying authority Active CN112233294B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011511557.3A CN112233294B (en) 2020-12-18 2020-12-18 Method and system for automatically identifying authority

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011511557.3A CN112233294B (en) 2020-12-18 2020-12-18 Method and system for automatically identifying authority

Publications (2)

Publication Number Publication Date
CN112233294A CN112233294A (en) 2021-01-15
CN112233294B true CN112233294B (en) 2021-04-13

Family

ID=74124166

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011511557.3A Active CN112233294B (en) 2020-12-18 2020-12-18 Method and system for automatically identifying authority

Country Status (1)

Country Link
CN (1) CN112233294B (en)

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103020746A (en) * 2011-09-22 2013-04-03 苏州中格软件有限公司 Method and system for online automatic checking of network user identity of enterprise
CN105991310B (en) * 2015-02-02 2019-05-24 ***通信集团河北有限公司 Account permission method of adjustment and device based on user behavior
CN105897704B (en) * 2016-03-31 2019-02-01 腾讯科技(深圳)有限公司 The methods, devices and systems of permission addition, permission addition request
CN110223082A (en) * 2019-05-20 2019-09-10 深圳壹账通智能科技有限公司 A kind of data checking method and relevant device
CN110648243A (en) * 2019-08-20 2020-01-03 中国平安财产保险股份有限公司 Data processing method and device, computer equipment and storage medium
CN111126848B (en) * 2019-12-25 2022-07-26 好活(昆山)网络科技有限公司 Service processing method and device based on big data, storage medium and electronic equipment
CN111694818A (en) * 2020-04-23 2020-09-22 姜金龙 Fund performance data checking algorithm
CN112070451A (en) * 2020-07-15 2020-12-11 速聚(福建)科技有限公司 Intelligent approval method and platform

Also Published As

Publication number Publication date
CN112233294A (en) 2021-01-15

Similar Documents

Publication Publication Date Title
CN110912938A (en) Access verification method and device for network access terminal, storage medium and electronic equipment
CN112737825B (en) Log-based network device association method, system, device and storage medium
CN109523659B (en) Guest room check-in method, device, server and storage medium
US8839247B2 (en) Managing requests to initiate tasks within an organization
CN105447927A (en) A control method for opening access control electric locks, access controllers and an access control system
KR102490529B1 (en) Total periodic non-identification management apparatus and method
CN113254969B (en) Business data processing method and device, electronic equipment and storage medium
AU2011252761B2 (en) Automatic identity enrolment
AU2011252761A1 (en) Automatic identity enrolment
US20130207775A1 (en) Bootstrapping access models in the absence of training data
CN112233294B (en) Method and system for automatically identifying authority
CN110442466B (en) Method, device, computer equipment and storage medium for preventing repeated access request
CN109905407B (en) Management method, system, equipment and medium for accessing intranet based on VPN server
CN109697595B (en) Method and device for identifying attendance data, storage medium and computer equipment
JP2019508760A (en) Form information input method, apparatus, server, and storage medium
CN111814181A (en) System authority authorization method and device, electronic equipment and storage medium
CN111914591A (en) Duration determination method and device
CN115577983A (en) Enterprise task matching method based on block chain, server and storage medium
CN112751976B (en) Agent association method, system, equipment and storage medium based on authentication log
CN115913726A (en) Enterprise network data security management method and system
CN114757534A (en) Intelligent attendance scheduling and evaluation method, attendance scheduling device and system
CN114882974A (en) Psychological diagnosis database access artificial intelligence verification system and method
CN114386025A (en) Abnormality detection method, abnormality detection device, electronic apparatus, and storage medium
CN112822676A (en) Method and device for accessing application
CN114180421B (en) Ladder calling method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant