CN118153010A - System operation permission method, device, terminal equipment and storage medium - Google Patents

System operation permission method, device, terminal equipment and storage medium Download PDF

Info

Publication number
CN118153010A
CN118153010A CN202211550441.XA CN202211550441A CN118153010A CN 118153010 A CN118153010 A CN 118153010A CN 202211550441 A CN202211550441 A CN 202211550441A CN 118153010 A CN118153010 A CN 118153010A
Authority
CN
China
Prior art keywords
permission
operator
information
user
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211550441.XA
Other languages
Chinese (zh)
Inventor
陈泉富
吴冬
陈凯浩
滕睿
黄旭
黄桢雄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SF Technology Co Ltd
Original Assignee
SF Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SF Technology Co Ltd filed Critical SF Technology Co Ltd
Priority to CN202211550441.XA priority Critical patent/CN118153010A/en
Priority to PCT/CN2023/135936 priority patent/WO2024120316A1/en
Publication of CN118153010A publication Critical patent/CN118153010A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a system operation permission method, a device, a terminal device and a storage medium, wherein the system operation permission method specifically comprises the following steps: acquiring login end information of an operator logging in the system; determining the permission of the operator according to the identity information and login end information of the operator; and acquiring all operation instructions of an operator, and licensing the operation instructions corresponding to the operator by combining the licensing rights. The system operation permission method provided by the application can combine the user identity information and the user login end information simultaneously to flexibly permit the permissions of the user at different login ends when the permission of the user is carried out, can avoid the system risk problem caused by the lack of permission control, and improves the flexibility and the safety of the system.

Description

System operation permission method, device, terminal equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, and a device for system operation permission.
Background
At present, the access modes of people to information systems become diversified, the past information processing mostly depends on a computer client, and along with the popularization of smart phones, the information processing modes of people are also transferred from the computer end to the mobile phone end. However, most authority identification methods do not consider the authority identification of the mobile phone terminal during design, and partial authentication methods consider the condition of multi-terminal access, but do not well flexibly permit the authority of the user at different login terminals.
Disclosure of Invention
The embodiment of the application provides a system operation permission method, device and equipment, which can solve the problem that a general authentication method is not combined with a login end to flexibly permit permission.
In a first aspect, an embodiment of the present application provides a system operation permission method, including:
Acquiring login end information of an operator logging in the system;
determining the permission of the operator according to the identity information of the operator and the login end information;
And acquiring all operation instructions of the operators, and permitting the operation instructions corresponding to the operators by combining the permission rights.
In an alternative embodiment, the system operation permission method further includes:
Acquiring account information and login verification information input by an operator on a login interface of the system, and verifying login operation of the operator according to the account information and the login verification information;
and if the verification is passed, searching the identity information of the operator according to the account information.
In an optional embodiment, the determining the permission of the operator according to the identity information of the operator and the login end information includes:
Determining the role type corresponding to the operator according to the identity information of the operator;
and searching a preset corresponding relation between the character type, the login end information and the permission according to the character type and the login end information, and determining the permission owned by the character type at the current login end.
In an alternative embodiment, the system operation permission method further includes:
Determining the role type corresponding to the operator according to the identity information of the operator;
Searching a preset corresponding relation between the character type, login end information and authority levels according to the character type and the login end information, and determining the authority level corresponding to the character type at the current login end;
and selecting all rights under the rights level according to the determined rights level.
In an optional embodiment, the permission rights include a function usage right and a data access right, and the determining the permission rights of the operator according to the identity information of the operator and the login end information includes:
and determining the function use permission and the data access permission of the operator according to the identity information of the operator and the login end information.
In an optional embodiment, the determining the permission of the operator according to the identity information of the operator and the login end information includes:
Determining the role type corresponding to the operator according to the identity information of the operator;
Searching the corresponding permitted function codes and data fields in the corresponding relation table according to the role type and the login end information;
and determining the function use permission and the data access permission of the operator according to the function codes and the data fields.
In an optional embodiment, obtaining all operation instructions of the operator, and licensing the operation instructions corresponding to the operator in combination with the licensing authority, includes:
acquiring a function code corresponding to the operation instruction input by the operator, inquiring a role and authority relation table according to the function code, and determining the function use authority of the user;
After the function use permission of the user is determined, a data field requested by the user is obtained, a data resource permission table is queried according to the field, and the data access permission of the user under the current function use permission is determined.
In a second aspect, an embodiment of the present application provides a system operation permission apparatus, including:
the login end information acquisition module is used for acquiring login end information of an operator logging in the system;
The permission determining module is used for determining permission of the operator according to the identity information of the operator and the login end information;
and the permission module acquires all operation instructions of the operators and permits the operation instructions corresponding to the operators by combining the permission permissions.
In a third aspect, an embodiment of the present application provides a system operation permission terminal device, including: a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method as described above when executing the computer program.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium storing a computer program which, when executed by a processor, implements a method as described above.
The beneficial effects of the application are that
The application provides a system operation permission method, equipment, terminal equipment and storage medium. When the method is used for licensing the user permission, the user identity information and the user login end information can be combined at the same time to flexibly license the permissions of the user on different login ends, and if the user does not have the requested operation instruction permission, the corresponding operation cannot be performed. Therefore, the system operation permission method can flexibly permit the operation of users at different login ends, can also avoid the system risk problem caused by the lack of authority control, and improves the flexibility and the safety of the system.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments or the description of the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a system operation licensing method according to an embodiment of the present application;
FIG. 2 is a flowchart of acquiring login information according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating a method for determining permission according to identity information and login information according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a rights management page provided by an embodiment of the present application;
FIG. 5 is a schematic diagram of a system operation permission device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a system operation permission terminal device according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It should be understood that the term "comprises/comprising" when used in this specification and the appended claims is taken to specify the presence of stated features, integers, steps, operations, but does not preclude the presence or addition of one or more other features, integers, steps, operations, and/or groups thereof.
It should also be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As used in the present description and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
Furthermore, the terms "first," "second," "third," and the like in the description of the present specification and in the appended claims, are used for distinguishing between descriptions and not necessarily for indicating or implying a relative importance.
Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.
At present, the access modes of people to information systems become diversified, the past information processing mostly depends on a computer client, and along with the popularization of smart phones, the information processing modes of people are also transferred from a PC end to a mobile phone end. However, most systems do not consider flexible permission of the permissions of different login ends when permission is made. Therefore, the application provides a system operation permission method, which comprises the steps of obtaining login end information of an operator logging in a system, determining permission rights of the operator according to the identity information and the login end information of the operator, finally obtaining all operation instructions of the operator, and permitting the operation instructions corresponding to the operator by combining the permission rights. When the method is used for licensing the user permission, the user identity information and the user login end information can be combined at the same time to flexibly license the permissions of the user on different login ends, and if the user does not have the requested operation instruction permission on the current login end, the corresponding operation cannot be performed. Therefore, the system operation permission method can flexibly permit the operation of users at different login ends, can also avoid the system risk problem caused by the lack of authority control, and improves the flexibility and the safety of the system.
In order to illustrate the technical scheme of the application, the following description is given by specific examples.
Referring to the flow of one embodiment of a system operation licensing method shown in FIG. 1, by way of example and not limitation, the method comprises the steps of:
Step S1: acquiring login end information of an operator logging in the system;
Step S2: determining the permission of the operator according to the identity information of the operator and the login end information;
step S3: and acquiring all operation instructions of the operators, and permitting the operation instructions corresponding to the operators by combining the permission rights.
When the user permission is permitted by the method, the user identity information and the user login end information can be combined at the same time to flexibly permit the permissions of the user at different login ends, and if the user does not have the requested operation instruction permission, the corresponding operation cannot be performed. The login end information refers to the type of terminal used when an operator logs in, such as a mobile phone client and a computer client, and the obtaining of the login end information of the operator logging in the system refers to obtaining whether the operator logs in the computer client or the mobile phone client. Therefore, the system operation permission method can flexibly permit the operation of users at different login ends, can also avoid the system risk problem caused by the lack of authority control, and improves the flexibility and the safety of the system.
In an alternative embodiment, the system operation permission method provided by the application can be used for a client relationship management system based on role-based authority control. In order that the application may be better understood, a brief description will first be given of a customer relationship management system. Customer relationship management (Customer Relationship Management, abbreviated as CRM) system refers to an information system that utilizes software, hardware and network technology to build a customer information collection, management, analysis and utilization for an enterprise. The management of the client data is taken as a core, various interaction behaviors of enterprises and clients in the marketing and sales processes and various states of related activities are recorded, various data models are provided, and support is provided for later analysis and decision. A good customer relation management system has less flexible control of authority, and most of the current authority control methods are based on role authority control (Role Based Access Control, RBAC for short), the role-based authority control refers to indirectly giving the authority of a user through a mode of associating roles with the roles, and the user can obtain all the authority under a certain role after being given with the role. The relationship of multiple roles is provided, users with the same authority can be designated as the same role only after the authority is formulated for the roles, and the use is convenient; and when the user rights are required to be adjusted in batches, only the role rights associated with the users are required to be adjusted, and the rights of each user are not required to be adjusted, so that the rights adjustment efficiency is greatly improved, and the probability of missing the rights is reduced.
Referring to fig. 2, a flow of obtaining login information according to an embodiment of the present application is shown, by way of example and not limitation, including the following steps:
s11: acquiring account information and login verification information input by an operator on a login interface of a system, and verifying login operation of the operator according to the account information and the login verification information;
s12: and searching the identity information of the operator according to the account information.
Specifically, in one possible embodiment, the login operation of the operator may be verified according to account information and login verification information input by the operator on a login interface of the system, where the account information may be a user work number or a user mail box number, and the login verification information may be an account password, a dynamic mailbox verification code, a voice verification code, and the like; after verification, the system queries a background preset user identity information table according to account information input by an operator to determine the identity information of the user, wherein the user identity information table contains the mapping relation between user account information and user identity information, and the unique corresponding user identity can be determined according to the user account information. The method does not need operators to input sensitive personal identity information, such as an identity card number, when logging in, and can avoid the leakage of the personal information.
In other possible embodiments, the identity information may be directly input to check the system during login, for example, an id number may be input and checked by fingerprint or face recognition, and the login checking method is the prior art and is not essential to the present application, so that details are not described herein.
The following description will be made with reference to a specific usage scenario, taking a user inputting a mobile phone number for login as an example, when the user inputs the mobile phone number on the login interface, a password verification mode can be selected, or a dynamic mobile phone verification code verification mode is selected for login, the system obtains the mobile phone number and the password or verification code, and verifies the mobile phone number, if the verification passes, the user identity is determined according to the mobile phone number when the user logs in, that is, the currently logged in mobile phone number is queried in the user identity information table.
The user identity information table is shown in table 1, and includes: the method comprises the steps of USER ID (USER ID), USER CODE (EMP CODE), USER NAME (USER NAME), USER mailbox (EMAIL), USER telephone (PHONE), USER identity card NUMBER (ID NUMBER) and USER Organization (ORG), and only the USER ID (USER ID in a table) is required to be determined when the identity information of the current login account is queried in a USER identity information table according to the mobile PHONE NUMBER used when an operator logs in, wherein the one-to-one correspondence between the USER ID and the USER is required to be described.
For example, if the USER log in with his mobile phone number 134xxxx5678 when logging in the system, the system searches the USER ID corresponding to the mobile phone number 134xxxx5678 in the USER identity information table for 1.
The user identity of the current login system can be determined by a method of inquiring the user ID corresponding to the current login mobile phone number in the user identity information table according to the mobile phone number used when the user logs in the system.
TABLE 1
Referring to fig. 3, a flow of determining permission rights according to identity information and login information according to an embodiment of the present application is shown, by way of example and not limitation, and includes the following steps:
s21: determining the role type corresponding to the operator according to the identity information of the operator;
s22: and searching a preset corresponding relation between the character type, the login end information and the permission according to the character type and the login end information, and determining the permission owned by the character type at the current login end.
Specifically, in one possible embodiment, determining the role type corresponding to the operator according to the identity information of the operator in step S21 refers to searching the role type of the current operator in a table of identity-role correspondence according to the identity information of the operator, where the correspondence of identity and role includes the correspondence of user identity information and role type; the preset corresponding relation between the character type, the login end information and the permission authority can be stored in a database in the form of a corresponding relation table of the character, the login end and the permission authority, and the corresponding relation table of the character, the login end and the permission authority comprises the mapping relation among the character type, the login end and the permission authority.
In the above embodiment, the role is used as an intermediary, firstly, the role type of the USER is determined, and then the authority of the USER is determined according to the role type and the login end information, so that the RBAC authority model is built based on five basic tables in the database, namely (1) a USER table (USER) for storing USER identity information; (2) a ROLE table (ROLE) for storing ROLE information; (3) A rights table (PERMISSION) for storing rights information; (4) A permission and role association table (PERMISSION _association, PA for short) for storing the correspondence between roles and permissions; (5) And a USER-role association table (UA) for storing the correspondence between USERs and roles. The configuration has the advantages that the roles and the authorities are in a many-to-many relationship, namely, a certain role can have a plurality of authorities, the same authority can be given to a plurality of roles, the authority configuration process is simpler and more flexible, and the relationship of the roles is a layer of relationship, so that users with the same authority can be designated as the same role only after the authorities are formulated for the roles, and the configuration is convenient to use; and when the user rights are required to be adjusted in batches, only the role rights associated with the users are required to be adjusted, and the rights of each user are not required to be adjusted.
Because the backend configuration process is to configure the rights to the roles and the roles to the users, the roles are required to be relied on to establish the connection between the users and the rights in the process of licensing the rights. When the permission is permitted, a plurality of permissions corresponding to the role can be permitted at one time, each permission is not required to be permitted, and the operation is simpler and more convenient.
In other optional embodiments of the present application, the permission rights may be uniquely corresponding to the user through the unique identifier or the user identity, that is, the permission rights of each person may be the same or different, and the permission rights correspond to the unique identifier or the identity information, instead of the role type, so that the permission rights of each user may be uniquely customized.
Exemplary user role types include: system administrators, headquarter administrators, regional administrators, sales managers, customer managers, site operators, couriers, and the like.
In an alternative embodiment, the roles of the users may be configured in advance, or may be flexibly configured according to needs. By way of example, flexibly configuring user roles may include the following two ways: adding a role to a user and adding a user to a role. Adding roles to users is to click a certain user to grant roles on a user management page, so that multiple roles can be added for the users at one time; the user is added to the role, namely, a certain role is clicked on a role management page, and a plurality of users are selected, so that the purpose of granting the roles to batch users is realized.
For example, determining the ROLE type corresponding to the operator according to the identity information of the operator may be searching for the ROLE ID (role_id) of the current operator in the table of correspondence between identities and ROLEs according to the USER ID (USER ID) of the operator, and further searching for the USER ROLE information table according to the ROLE ID to determine the ROLE type of the USER.
In the following description in connection with a specific use scenario, taking a USER with a USER ID of 1 as an example, looking up a ROLE_ID in a USER ROLE information table according to the USER ID, wherein a USER identity and ROLE correspondence table is shown in table 2, the table contains a mapping relation between the USER ID and the ROLE_ID, and the ROLE_ID corresponding to the USER with the USER ID of 1 can be known to be 1 after looking up the table; further, the user ROLE information table is searched according to the ROLE_ID, the ROLE type of the user is determined, the user ROLE information table is shown in table 3, and according to the previously determined ROLE_ID, the ROLE type with the ROLE_ID of 1 is known to be a regional manager. Through the above process, it can be determined that the role type corresponding to the USER with the USER ID of 1 is the regional manager.
The role type of the user of the current login system can be determined by inquiring the role ID corresponding to the user ID of the current login personnel in a corresponding relationship table of the user ID and the role according to the user ID and determining the role type in a role information table according to the role ID.
USER_ID ROLE_ID
1 1
2 1
3 2
4 2
5 3
6 3
TABLE 2
TABLE 3 Table 3
In a possible embodiment, the corresponding relation between the preset role type, the login end information and the permission in step S22 may be stored in the database in the form of a corresponding relation table between roles and permissions, and the system searches the corresponding relation table between roles and permissions according to the role type and the login end information of the user, so as to determine the permission owned by the role type at the current login end.
The table of ROLE-rights correspondence is shown in table 4, and includes the mapping relationship between the role_id (ROLE ID), the module_id (rights ID), and the CHANNEL (login), and the above procedure is exemplified by taking the role_id as 1.
According to the determined ROLE_ID, the table of correspondence between the ROLE and the rights is searched, so that the ROLE has the rights of MODULE_ID of 1 at the App end (does not have the rights of MODULE_ID of 1 at the PC end), and has the rights of MODULE_ID of 2 at both the PC and the App end. Further, as can be seen from the module_id query permission information table, a module_id of 1 indicates permission to view the menu of client profile management, and a module_id of 2 indicates permission to view the client list. Through the above process, the authority owned by the ROLE with the ROLE_ID of 1 can be determined to include: and using the authority of the client archive management menu and the authority of the client list viewing at the App end, and only having the authority of the client list viewing at the Pc end.
ROLE_ID MODULE_ID CHANNEL
1 1 App
1 2 PC,App
2 3 PC
3 1 App
TABLE 4 Table 4
TABLE 5
In an implementation manner of the present application, the system operation permission method further includes: searching a preset corresponding relation between the character type, login end information and authority levels according to the character type and login end information, and determining the authority levels corresponding to the character type at the current login end; and selecting all rights under the right hierarchy according to the determined right hierarchy.
In an alternative embodiment, each authority level contains at least one authority, and the authority levels are contained in relation, namely, a first authority level contains all the authorities in a second authority level, and a second authority level contains all the authorities in a third authority level, and so on; the role type and login end information are utilized to determine the user authority level, the authority of the user is not required to be determined one by one, all the authorities of the user are determined as long as the authority level is determined, and the method is efficient and quick.
In alternative embodiments, the rights tiers may be set as desired, with only two levels of rights tier relationships being illustrated here as exemplary.
Specifically, the two-level hierarchy relationship comprises a first-level authority hierarchy and a second-level authority hierarchy, and if the authority hierarchy of the operator at the current login end is the second-level authority hierarchy, all the authorities under the hierarchy are provided; when the authority level owned by the operator at the current login end is the first-level authority level, the operator has all the authorities under the second-level authority level in addition to all the authorities under the first-level authority level.
Illustratively, the rights under the secondary rights tier include rights to view the customer information, and the rights under the primary rights tier include creating, modifying, and deleting the customer information;
if the user A has a secondary authority level at the computer client, the user A is authorized to check the client information after logging in the system at the computer client;
If the user B has a first-level authority level at the computer client, after the user B logs in the system at the computer client, the user B is authorized to check the client information and is authorized to create, modify and delete the client information;
If the user C has the second-level authority level of the mobile phone client and the first-level authority level of the computer client, the user C can only check the client information after logging in the system of the mobile phone client, but cannot create, modify and delete the user information, but can right check the client information after logging in the system of the computer client, and can right create, modify and delete the client information.
In an implementation manner of the present application, the permission rights include function usage rights and data access rights, and determining the permission rights of the operator according to the identity information of the operator and the login end information includes: and determining the function use permission and the data access permission of the operator according to the identity information and the login end information of the operator.
Specifically, in an alternative embodiment, the function use authority includes authority for viewing the function menu, and after the user logs in the system, the system returns to the function menu under the corresponding authority of the user according to the identity information and login end information of the operator.
For example, if the role type of the user is a customer manager, the customer management menu is displayed after logging in the system, if the role type of the user is an courier, the order management menu is displayed after logging in the system, and if the role type of the user is a sales manager, the provider management menu is displayed after logging in the system.
Further, in an alternative embodiment, the function usage rights also include rights to use the function buttons.
Illustratively, the button includes: checking, adding, modifying, deleting and auditing, when in use, if a user clicks a delete button, the background checks whether the function use permission of the character at the current login end contains permission to use the delete button, if so, the next operation can be performed, otherwise, no permission is prompted.
In the above embodiment, although the user may see some buttons, the user may not have rights, and we may optimize this, i.e. in another possible implementation we may hide buttons that the user does not have rights to implement "visible and operable", meaning that if the user can see the button on the page, the user can operate, and to implement this requirement, a front end is required to cooperate, the front end development caches the rights information of the user, determines if the user contains the rights on the page, if so, displays the button, and if not, hides the button.
In an alternative embodiment, the data access rights include data types and data ranges.
Exemplary data types include: customer data, business opportunity data, and contract data, the data range includes: i created, i collaborative, i subordinate, i authorized area, and i authorized industry.
In alternative embodiments, the data access rights for the different roles are different, so even the data seen on the same page may be different.
For example, when the courier, the regional manager and the headquarter manager request to view the client list, the data displayed by the system is different, the courier can see the client list under his own name, the regional manager can see the client list in the authorized area, and the headquarter manager can see the client list in all areas.
By the method, the rights are divided into the function use rights and the data access rights, the system can flexibly and respectively permit the function use rights and the data access rights, and different role types can be realized to have different function use rights and data access rights at different login ends, so that permission of the rights becomes more flexible.
In other possible implementations, only the function usage rights may be included, and when the user is permitted to use a certain function, all data related to the function is permitted to be operated by the user.
In a possible implementation manner, the authority corresponding to each role can be configured in advance, or can be flexibly configured according to the requirement. The flexible configuration of the corresponding relation between the user roles and the authorities specifically comprises the following steps: and configuring different authorities for different roles in a front-end authority management page, and configuring corresponding effective ends for the authorities.
In the authority management page, the role of the regional manager is selected firstly, the function use authority of checking the client list is checked, the effective end is selected as the mobile phone end and the computer end, the data range which can be checked by the role of the regional manager is selected as the client information of the region, and the effective end is selected as the mobile phone end and the computer end.
Through the authority configuration process, the user with the role of the regional manager can have the following authorities: the client list can be checked at the computer end and the mobile phone end, and the checked client list range is all client information of the region.
In the rights management page, the data rights can be flexibly configured, as shown in fig. 4, in the data rights management page, a role of a client manager is selected, checking, modifying and deleting functions are checked for client data, checking, modifying and deleting functions are checked for upper data, and any functions are not checked for contract data. By the configuration, the user who is perceived to have the role of the client manager can be provided with the following rights: and viewing, modifying and deleting the client data, viewing, modifying and deleting the business machine data, wherein the role does not have any operation authority on the same data.
In an implementation manner of the present application, determining permission of an operator according to identity information and login end information of the operator includes: determining the role type corresponding to the operator according to the identity information of the operator; searching the corresponding permitted function codes and data fields in the corresponding relation table according to the role type and the login end information; and determining the function use permission and the data access permission of the operator according to the function codes and the data fields.
Specifically, inquiring a role and authority corresponding relation table through a function code, checking whether the role of the user has the function code authority, if so, indicating that the user has the authority to operate the function, and if not, indicating that the user has no authority; for the data access authority, the system firstly needs to query the corresponding relation table of the roles and the authorities through the function codes to check whether the role of the user has the function code authority, namely whether the user has the authority to access the data, if so, the system indicates that the user has the data access authority; and further inquiring the data type and the data range which the user is allowed to access according to the relation between the data resource table and the fields.
In an implementation manner of the present application, obtaining all operation instructions of the operator, and licensing the operation instructions corresponding to the operator in combination with the licensing authority includes: acquiring a function code corresponding to the operation instruction input by the operator, inquiring a role and authority relation table according to the function code, and determining the function use authority of the user; after the function use permission of the user is determined, a data field requested by the user is obtained, a data resource permission table is queried according to the field, and the data access permission of the user under the current function use permission is determined.
Corresponding to the system operation permission method described in the above embodiments, the embodiments of the present application provide a system operation permission device, and for convenience of explanation, only the portions related to the embodiments of the present application are shown.
The system operation permission device provided by the embodiment of the application comprises:
A login end information acquisition module 301 for acquiring login end information of an operator logging in the system;
the permission determination module 302 determines permission of the operator according to the identity information of the operator and the login end information;
and the operation permission module 303 acquires all operation instructions of the operator and permits the operation instructions corresponding to the operator by combining the permission rights.
Through the collocation use of the three modules, when the permission of the user is permitted, the user identity information and the user login end information can be combined at the same time to flexibly permit the permission of the user at different login ends, and if the user does not have the requested operation instruction permission, the corresponding operation cannot be performed. Therefore, the system operation permission device can flexibly permit the operation of users at different login ends, can also avoid the system risk problem caused by the lack of authority control, and improves the flexibility and the safety of the system.
Fig. 4 is a schematic structural diagram of a system operation permission terminal device according to an embodiment of the present application. The terminal device 400 includes: at least one processor 401 (only one is shown in fig. 4), a memory 402, and a computer program 403 stored in the memory 402 and executable on the at least one processor 401, wherein the steps in the above-described embodiments of the method for assisting in the treatment of the water quality of river rainfall reaching the standard are implemented when the processor 401 executes the computer program 403.
The terminal device 400 may be a computing device such as a desktop computer, a notebook computer, a palm computer, and a cloud server. The terminal device may include, but is not limited to, a processor 401, a memory 402. It will be appreciated by those skilled in the art that fig. 4 is merely an example of a terminal device 400 and is not limiting of the terminal device 400, and may include more or fewer components than shown, or may combine certain components, or different components, such as may also include input-output devices, network access devices, etc.
The Processor 401 may be a central processing unit (Central Processing Unit, CPU), but the Processor 401 may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 402 may in some embodiments be an internal storage unit of the terminal device 400, such as a hard disk or a memory of the terminal device 400. The memory 402 may also be an external storage device of the terminal device 400 in other embodiments, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD) or the like, which are provided on the terminal device 400. Further, the memory 402 may also include both an internal storage unit and an external storage device of the terminal device 400. The memory 402 is used to store an operating system, application programs, boot loader (BootLoader), data, and other programs, such as program code for the computer program. The memory 402 may also be used to temporarily store data that has been output or is to be output.
Embodiments of the present application also provide a computer readable storage medium storing a computer program which, when executed by a processor, implements steps for implementing the various method embodiments described above.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and no nominal part is described or specified in a certain embodiment, and reference may be made to the related descriptions of other embodiments.
Embodiments of the present application also provide a computer readable storage medium storing a computer program which, when executed by a processor, performs the steps of the respective method embodiments described above.
Embodiments of the present application provide a computer program product which, when run on a mobile terminal, causes the mobile terminal to perform steps that enable the implementation of the method embodiments described above.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing device/terminal apparatus, recording medium, computer Memory, read-Only Memory (ROM), random access Memory (RAM, random Access Memory), electrical carrier signals, telecommunications signals, and software distribution media. Such as a U-disk, removable hard disk, magnetic or optical disk, etc. In some jurisdictions, computer readable media may not be electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/network device and method may be implemented in other manners. For example, the apparatus/network device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical functional division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.

Claims (10)

1. A system operation permission method, comprising:
Acquiring login end information of an operator logging in the system;
determining the permission of the operator according to the identity information of the operator and the login end information;
And acquiring all operation instructions of the operators, and permitting the operation instructions corresponding to the operators by combining the permission rights.
2. The system operation permission method according to claim 1, wherein the system operation permission method further comprises:
Acquiring account information and login verification information input by an operator on a login interface of the system, and verifying login operation of the operator according to the account information and the login verification information;
and if the verification is passed, searching the identity information of the operator according to the account information.
3. The system operation permission method according to claim 1, wherein the determining the permission authority of the operator according to the identity information of the operator and the login-side information includes:
Determining the role type corresponding to the operator according to the identity information of the operator;
and searching a preset corresponding relation between the character type, the login end information and the permission according to the character type and the login end information, and determining the permission owned by the character type at the current login end.
4. The system operation permission method according to claim 1, wherein the system operation permission method further comprises:
Determining the role type corresponding to the operator according to the identity information of the operator;
Searching a preset corresponding relation between the character type, login end information and authority levels according to the character type and the login end information, and determining the authority level corresponding to the character type at the current login end;
and selecting all rights under the rights level according to the determined rights level.
5. The system operation permission method according to claim 1, wherein the permission rights include function use rights and data access rights, and the determining the permission rights of the operator based on the identity information of the operator and the login-side information includes:
and determining the function use permission and the data access permission of the operator according to the identity information of the operator and the login end information.
6. The system operation permission method according to claim 5, wherein the determining the permission authority of the operator according to the identity information of the operator and the login-side information includes:
Determining the role type corresponding to the operator according to the identity information of the operator;
Searching the corresponding permitted function codes and data fields in the corresponding relation table according to the role type and the login end information;
and determining the function use permission and the data access permission of the operator according to the function codes and the data fields.
7. The system operation permission method according to claim 6, wherein obtaining all operation instructions of the operator and permitting the operation instructions corresponding to the operator in combination with the permission authority comprises:
acquiring a function code corresponding to the operation instruction input by the operator, inquiring a role and authority relation table according to the function code, and determining the function use authority of the user;
After the function use permission of the user is determined, a data field requested by the user is obtained, a data resource permission table is queried according to the field, and the data access permission of the user under the current function use permission is determined.
8. A system operation permission device, comprising:
the login end information acquisition module is used for acquiring login end information of an operator logging in the system;
The permission determining module is used for determining permission of the operator according to the identity information of the operator and the login end information;
and the permission module acquires all operation instructions of the operators and permits the operation instructions corresponding to the operators by combining the permission permissions.
9. A system operation permission terminal equipment comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method according to any one of claims 1 to 7 when executing the computer program.
10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the method according to any one of claims 1 to 7.
CN202211550441.XA 2022-12-05 2022-12-05 System operation permission method, device, terminal equipment and storage medium Pending CN118153010A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202211550441.XA CN118153010A (en) 2022-12-05 2022-12-05 System operation permission method, device, terminal equipment and storage medium
PCT/CN2023/135936 WO2024120316A1 (en) 2022-12-05 2023-12-01 System operation permission method and apparatus, and computer device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211550441.XA CN118153010A (en) 2022-12-05 2022-12-05 System operation permission method, device, terminal equipment and storage medium

Publications (1)

Publication Number Publication Date
CN118153010A true CN118153010A (en) 2024-06-07

Family

ID=91287490

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211550441.XA Pending CN118153010A (en) 2022-12-05 2022-12-05 System operation permission method, device, terminal equipment and storage medium

Country Status (2)

Country Link
CN (1) CN118153010A (en)
WO (1) WO2024120316A1 (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101909298B (en) * 2010-07-15 2012-12-26 优视科技有限公司 Secure access control method and device for wireless network
JP6018316B2 (en) * 2013-10-03 2016-11-02 Necソリューションイノベータ株式会社 Terminal authentication registration system, terminal authentication registration method and program
CN104462937B (en) * 2014-12-17 2017-05-17 中国人民解放军国防科学技术大学 Operating system peripheral access permission control method based on users
CN105429966B (en) * 2015-11-04 2019-12-13 浙江宇视科技有限公司 Method and system for acquiring control authority of client to peripheral front-end equipment
CN107689949B (en) * 2017-03-31 2020-03-17 平安科技(深圳)有限公司 Database authority management method and system
CN109409043B (en) * 2018-09-03 2024-05-17 中国平安人寿保险股份有限公司 Login method of application system, terminal equipment and medium

Also Published As

Publication number Publication date
WO2024120316A1 (en) 2024-06-13

Similar Documents

Publication Publication Date Title
JP7222036B2 (en) Model training system and method and storage medium
CN109510849B (en) Cloud-storage account authentication method and device
US7350226B2 (en) System and method for analyzing security policies in a distributed computer network
CN107423632B (en) Customizable sensitive data desensitization method and system
US7363650B2 (en) System and method for incrementally distributing a security policy in a computer network
US11386224B2 (en) Method and system for managing personal digital identifiers of a user in a plurality of data elements
CN108122109B (en) Electronic credential identity management method and device
US8204949B1 (en) Email enabled project management applications
US9477574B2 (en) Collection of intranet activity data
CN111680310B (en) Authority control method and device, electronic equipment and storage medium
CN110569658A (en) User information processing method and device based on block chain network, electronic equipment and storage medium
CN110287691A (en) Application program login method, device, equipment and storage medium
EP4283507A1 (en) Method and apparatus for data access control
KR20220088391A (en) Management computers for security management of things, security management systems and methods using them
CN111476640A (en) Authentication method, system, storage medium and big data authentication platform
CN114493901A (en) Data access application processing method and device, computer equipment and storage medium
CN111324799B (en) Search request processing method and device
WO2020233038A1 (en) Blacklist cloud sharing verification method based on homomorphic encryption, and related apparatus
CN118153010A (en) System operation permission method, device, terminal equipment and storage medium
CN112580065A (en) Data query method and device
US20100064358A1 (en) Apparatus and method for managing information
CN114024730B (en) Enterprise portal management system
CN112000727B (en) Desensitization display method for dynamically configured service data
CN111597577B (en) Function menu loading method, function menu loading device and terminal equipment
CN113468217A (en) Data query management method and device, computer equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination