[go: up one dir, main page]

CN118521279A - Authority setting method, authority setting device, electronic device, storage medium and program product - Google Patents

Authority setting method, authority setting device, electronic device, storage medium and program product Download PDF

Info

Publication number
CN118521279A
CN118521279A CN202410969680.1A CN202410969680A CN118521279A CN 118521279 A CN118521279 A CN 118521279A CN 202410969680 A CN202410969680 A CN 202410969680A CN 118521279 A CN118521279 A CN 118521279A
Authority
CN
China
Prior art keywords
user
business
information
parameters
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410969680.1A
Other languages
Chinese (zh)
Inventor
张阁
梁毅
唐章迪
杨晋
赵湘萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ausnutria Dairy China Co ltd
Original Assignee
Ausnutria Dairy China Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ausnutria Dairy China Co ltd filed Critical Ausnutria Dairy China Co ltd
Priority to CN202410969680.1A priority Critical patent/CN118521279A/en
Publication of CN118521279A publication Critical patent/CN118521279A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/105Human resources
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Operations Research (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Data Mining & Analysis (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本申请公开了一种权限设置方法、装置、电子设备、存储介质和程序产品,所述权限设置方法包括:获取第一用户的职位信息,所述第一用户为至少两个业务系统中的用户,所述职位信息包括职位参数和岗位职责参数;基于所述职位参数,确定与所述职位参数对应的第一业务对象,其中,所述至少两个业务系统包括所述第一业务对象,且所述第一业务对象在每个业务系统中对应至少一个系统菜单;基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限,其中,不同的岗位职责参数对应的操作类型不同。本申请技术方案可以简化权限设置的过程。

The present application discloses a permission setting method, device, electronic device, storage medium and program product, wherein the permission setting method comprises: obtaining the position information of a first user, wherein the first user is a user in at least two business systems, and the position information comprises position parameters and position responsibility parameters; based on the position parameters, determining a first business object corresponding to the position parameters, wherein the at least two business systems comprise the first business object, and the first business object corresponds to at least one system menu in each business system; based on the position responsibility parameters, in the at least two business systems, updating the first user's operation permission for the first business object, wherein different position responsibility parameters correspond to different operation types. The technical solution of the present application can simplify the process of permission setting.

Description

权限设置方法、装置、电子设备、存储介质和程序产品Permission setting method, device, electronic device, storage medium and program product

技术领域Technical Field

本申请涉及新一代信息技术领域中的适用于行政、管理、监督目的的数据处理系统领域,具体涉及一种权限设置方法、装置、电子设备、存储介质和程序产品。The present application relates to the field of data processing systems suitable for administration, management and supervision purposes in the field of new generation information technology, and specifically to a permission setting method, device, electronic device, storage medium and program product.

背景技术Background Art

相关技术中,权限分配属于业务系统中的常用功能。目前,在对用户进行权限分配时,通常是由权限管理人员逐一进行手动分配,该过程中由于需要权限管理人员逐一选择权限内容,因此,操作较为繁琐,尤其是在存在多个不同业务系统时,针对同一用户的权限分配过程,通常需要权限管理人员在各个系统中逐一进行操作。可见,现有的权限分配方法存在权限分配过程较为繁琐的问题。In the related art, permission allocation is a common function in business systems. At present, when allocating permissions to users, it is usually done manually one by one by permission management personnel. In this process, the permission management personnel need to select the permission content one by one, so the operation is relatively cumbersome. Especially when there are multiple different business systems, the permission allocation process for the same user usually requires the permission management personnel to operate one by one in each system. It can be seen that the existing permission allocation method has the problem that the permission allocation process is relatively cumbersome.

发明内容Summary of the invention

本申请实施例的目的是提供一种权限设置方法、装置、电子设备、存储介质和程序产品,可以简化权限设置的过程。The purpose of the embodiments of the present application is to provide a permission setting method, device, electronic device, storage medium and program product, which can simplify the permission setting process.

第一方面,本申请实施例提供了一种权限设置方法,所述方法包括:In a first aspect, an embodiment of the present application provides a method for setting permissions, the method comprising:

获取第一用户的职位信息,所述第一用户为至少两个业务系统中的用户,所述职位信息包括职位参数和岗位职责参数;Acquire position information of a first user, where the first user is a user in at least two business systems, and the position information includes position parameters and job responsibility parameters;

基于所述职位参数,确定与所述职位参数对应的第一业务对象,其中,所述至少两个业务系统包括所述第一业务对象,且所述第一业务对象在每个业务系统中对应至少一个系统菜单;Based on the position parameter, determining a first business object corresponding to the position parameter, wherein the at least two business systems include the first business object, and the first business object corresponds to at least one system menu in each business system;

基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限,其中,不同的岗位职责参数对应的操作类型不同。Based on the job responsibility parameters, in the at least two business systems, the operation authority of the first user on the first business object is updated, wherein different job responsibility parameters correspond to different operation types.

第二方面,本申请实施例提供了一种权限设置装置,包括:In a second aspect, an embodiment of the present application provides a permission setting device, including:

获取模块,用于获取第一用户的职位信息,所述第一用户为至少两个业务系统中的用户,所述职位信息包括职位参数和岗位职责参数;An acquisition module, configured to acquire position information of a first user, where the first user is a user in at least two business systems, and the position information includes position parameters and job responsibility parameters;

确定模块,用于基于所述职位参数,确定与所述职位参数对应的第一业务对象,其中,所述至少两个业务系统包括所述第一业务对象,且所述第一业务对象在每个业务系统中对应至少一个系统菜单;a determination module, configured to determine, based on the position parameter, a first business object corresponding to the position parameter, wherein the at least two business systems include the first business object, and the first business object corresponds to at least one system menu in each business system;

更新模块,用于基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限,其中,不同的岗位职责参数对应的操作类型不同。An updating module is used to update the operation authority of the first user on the first business object in the at least two business systems based on the job responsibility parameters, wherein different job responsibility parameters correspond to different operation types.

第三方面,本申请实施例还提供了一种电子设备,所述电子设备包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序,所述程序被所述处理器执行时实现如第一方面所述的方法的步骤。In a third aspect, an embodiment of the present application further provides an electronic device, comprising a processor, a memory, and a program stored in the memory and executable on the processor, wherein the program, when executed by the processor, implements the steps of the method described in the first aspect.

第四方面,本申请实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如第一方面所述的方法的步骤。In a fourth aspect, an embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the method described in the first aspect are implemented.

第五方面,本申请实施例还提供了一种计算机程序产品,包括计算机指令,该计算机指令被处理器执行时实现如第一方面所述的方法的步骤。In a fifth aspect, an embodiment of the present application further provides a computer program product, comprising computer instructions, which, when executed by a processor, implement the steps of the method described in the first aspect.

在本申请实施例中,通过建立职位参数与各个业务系统中的业务对象之间的对应关系,以及,建立岗位职责参数与操作类型之间的对应关系,并抽象出不同业务系统包括的公共的业务对象,如此,在对用户进行权限设置时,仅需获取用户的职位信息,即可确定用户在各个业务系统中有权限从操作的第一业务对象,以及,确定用户对第一业务对象进行操作的操作类型,从而可以根据所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限,从而实现了对用户在至少两个业务系统中的权限设置过程,相对于现有技术而言,由于基于职位信息即可确定用户的所有权限内容,因此,相关人员在对用户进行权限设置的过程中,无需逐一选择权限内容,同时,由于至少两个业务系统均包括相同的业务对象,因此,可以同时对用户在至少两个业务系统中的权限进行更新,无需逐一切换业务系统进行权限设置,从而有利于简化权限设置的过程。In an embodiment of the present application, by establishing a correspondence between position parameters and business objects in each business system, and establishing a correspondence between position responsibility parameters and operation types, and abstracting common business objects included in different business systems, when setting permissions for users, it is only necessary to obtain the user's position information to determine the first business object that the user has the permission to operate in each business system, and to determine the operation type of the user's operation on the first business object. Therefore, according to the position responsibility parameters, the first user's operation permission for the first business object can be updated in the at least two business systems, thereby realizing the permission setting process for the user in at least two business systems. Compared with the prior art, since all the permission contents of the user can be determined based on the position information, the relevant personnel do not need to select the permission contents one by one in the process of setting permissions for the user. At the same time, since at least two business systems include the same business objects, the user's permissions in at least two business systems can be updated at the same time without switching business systems one by one to set permissions, which is conducive to simplifying the permission setting process.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本申请实施例的技术方案,下面将对本申请实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for use in the description of the embodiments of the present application will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying any creative labor.

图1为本申请实施例提供的权限设置方法的流程示意图;FIG1 is a schematic diagram of a method for setting permissions according to an embodiment of the present application;

图2为本申请实施例提供的权限设置装置的结构示意图;FIG2 is a schematic diagram of the structure of a permission setting device provided in an embodiment of the present application;

图3为本申请实施例提供的电子设备的结构示意图。FIG3 is a schematic diagram of the structure of an electronic device provided in an embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员获得的所有其他实施例,都属于本申请保护的范围。The following will be combined with the drawings in the embodiments of the present application to clearly describe the technical solutions in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, rather than all the embodiments. All other embodiments obtained by ordinary technicians in this field based on the embodiments in the present application belong to the scope of protection of this application.

本申请的说明书和权利要求书中的术语“第一”、“第二”等是用于区别类似的对象,而不用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便本申请的实施例能够以除了在这里图示或描述的那些以外的顺序实施,且“第一”、“第二”等所区分的对象通常为一类,并不限定对象的个数,例如第一对象 可以是一个,也可以是多个。此外,说明书以及权利要求中“和/或”表示所连接对象的至少其中之一,字符“/”,一般表示前后关联对象是一种“或”的关系。The terms "first", "second", etc. in the specification and claims of this application are used to distinguish similar objects, and are not used to describe a specific order or sequence. It should be understood that the data used in this way can be interchangeable when appropriate, so that the embodiments of the present application can be implemented in an order other than those illustrated or described here, and the objects distinguished by "first", "second", etc. are generally of one type, and the number of objects is not limited. For example, the first object can be one or more. In addition, "and/or" in the specification and claims represents at least one of the connected objects, and the character "/" generally indicates that the objects associated with each other are in an "or" relationship.

下面结合附图,通过具体的实施例及其应用场景对本申请实施例提供的方法进行详细地说明。The method provided in the embodiment of the present application is described in detail below through specific embodiments and their application scenarios in conjunction with the accompanying drawings.

请参见图1,图1是本申请实施例提供的一种权限设置方法的流程示意图,所述权限设置方法包括:Please refer to FIG. 1 , which is a flowchart of a permission setting method provided in an embodiment of the present application, wherein the permission setting method includes:

步骤101、获取第一用户的职位信息,所述第一用户为至少两个业务系统中的用户,所述职位信息包括职位参数和岗位职责参数;Step 101: Acquire the position information of a first user, where the first user is a user in at least two business systems, and the position information includes position parameters and job responsibility parameters;

步骤102、基于所述职位参数,确定与所述职位参数对应的第一业务对象,其中,所述至少两个业务系统包括所述第一业务对象,且所述第一业务对象在每个业务系统中对应至少一个系统菜单;Step 102: Based on the position parameter, determine a first business object corresponding to the position parameter, wherein the at least two business systems include the first business object, and the first business object corresponds to at least one system menu in each business system;

步骤103、基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限,其中,不同的岗位职责参数对应的操作类型不同。Step 103: Based on the job responsibility parameters, in the at least two business systems, update the first user's operation authority for the first business object, wherein different job responsibility parameters correspond to different operation types.

其中,上述业务系统可以是企业内部各种办公系统,具体地,由于企业内部根据自身需要,通常会开发各种类型的办公系统,业务系统中的用户可以在业务系统中查看相关业务数据,或者,对相关业务数据进行编辑等。例如,当企业内部存在多个品牌的产品时,可能针对不同品牌的产品存在不同的管理系统。此外,也可以根据不同业务功能,分别设置不同的业务系统,例如,所述至少两个业务系统包括:采购系统、销售系统和售后系统。此外,在本申请一些实施例中,所述至少两个业务系统包括以下至少两项:主数据管理平台、会员运营一体化平台、渠道自助服务平台、大数据平台、员工自助服务平台、导购管理平台和营销费用管控系统。Among them, the above-mentioned business system can be various office systems within the enterprise. Specifically, since the enterprise usually develops various types of office systems according to its own needs, users in the business system can view relevant business data in the business system, or edit relevant business data, etc. For example, when there are multiple brands of products within the enterprise, there may be different management systems for products of different brands. In addition, different business systems can also be set up according to different business functions. For example, the at least two business systems include: a procurement system, a sales system, and an after-sales system. In addition, in some embodiments of the present application, the at least two business systems include at least two of the following: a master data management platform, an integrated member operation platform, a channel self-service platform, a big data platform, an employee self-service platform, a shopping guide management platform, and a marketing expense control system.

上述第一用户为至少两个业务系统中的用户具体是指:在所述至少两个业务系统中,均有所述第一用户的账号,即所述第一用户可以访问所述至少两个业务系统。The first user being a user in at least two business systems specifically means that both of the at least two business systems have accounts of the first user, that is, the first user can access the at least two business systems.

上述第一业务对象可以是上述至少两个业务系统中的任意一个公共的业务对象,例如,当所述至少两个业务系统为至少两个不同品牌的产品对应的管理系统时,每个业务系统中通常会包括一些公共的业务对象,例如,所述公共的业务对象可以包括“采购询价单”、“发货仓”、“仓库子库”、“搬运地点”等。The above-mentioned first business object can be any common business object in the above-mentioned at least two business systems. For example, when the at least two business systems are management systems corresponding to at least two products of different brands, each business system usually includes some common business objects. For example, the common business objects may include "purchase inquiry form", "shipping warehouse", "warehouse sub-warehouse", "transportation location", etc.

可以理解的是,上述业务对象可以是通过对企业中的业务数据固化下来的业务对象。具体地,所述业务对象可以包括业务系统中各种业务主体,例如,上述“采购询价单”是指采购过程中询价的通用单据,不同品牌的产品均可以复用同一个“采购询价单”模板,因此,不同品牌的产品的管理系统中均可以包括“采购询价单”这一业务对象。相应地,上述“发货仓”可以记录“发货仓”中当前储放的产品的状态,由于不同品牌的产品均有对应的“发货仓”,因此,不同品牌的产品的管理系统中均可以包括“发货仓”这一业务对象。It is understandable that the above-mentioned business objects can be business objects solidified by business data in the enterprise. Specifically, the business objects can include various business entities in the business system. For example, the above-mentioned "Purchase Inquiry Form" refers to a general document for inquiry during the procurement process. Products of different brands can reuse the same "Purchase Inquiry Form" template. Therefore, the management system of products of different brands can include the business object of "Purchase Inquiry Form". Correspondingly, the above-mentioned "Shipping Warehouse" can record the status of the products currently stored in the "Shipping Warehouse". Since products of different brands have corresponding "Shipping Warehouses", the management system of products of different brands can include the business object of "Shipping Warehouse".

上述系统菜单具体是指:可视化的业务系统中的菜单栏。其中,每个系统菜单具体可以包括业务系统中的至少一个页面,系统菜单所包括的页面用于记载所对应的业务对象相关的内容。用户可以在业务系统中的特定系统菜单对对应的业务对象的相关内容进行查看或编辑等操作。The above-mentioned system menu specifically refers to: a menu bar in a visualized business system. Each system menu may specifically include at least one page in the business system, and the page included in the system menu is used to record the content related to the corresponding business object. The user can view or edit the relevant content of the corresponding business object in a specific system menu in the business system.

可以理解的是,上述业务对象与系统菜单之间的对应关系可以预先创建。It is understandable that the correspondence between the above business objects and the system menus can be created in advance.

上述权限设置方法可以应用于权限管理系统,其中,该权限管理系统可以用于对上述至少两个业务系统中的用户进行权限设置。其中,所述权限管理系统和业务系统均可以是指特定的应用程序。由于不同职位所能够操作的业务对象通常不同,同时,同一职位下的不同岗位根据岗位职责对所对应的业务对象的操作类型也可能不同,因此,在进行权限设置之前,相关人员可以预先建立第一对应关系表和第二对应关系表。其中,所述第一对应关系表用于表征不同职位与不同业务对象之间的对应关系,所述第二对应关系表用于表征不同岗位与不同操作类型之间的对应关系。The above-mentioned permission setting method can be applied to a permission management system, wherein the permission management system can be used to set permissions for users in the above-mentioned at least two business systems. Wherein, the permission management system and the business system can both refer to specific applications. Since the business objects that can be operated by different positions are usually different, and at the same time, different positions under the same position may also have different types of operations on the corresponding business objects according to job responsibilities, before setting permissions, relevant personnel can pre-establish a first correspondence table and a second correspondence table. Wherein, the first correspondence table is used to characterize the correspondence between different positions and different business objects, and the second correspondence table is used to characterize the correspondence between different positions and different operation types.

其中,所述第一映射关系表可以包括:至少两个职位参数,以及,每个职位参数对应的第一业务对象,所述至少两个职位参数与至少两个不同的职位一一对应,可以理解的是,所述至少两个职位参数可以包括企业中所有职位的职位参数,所述职位可以是各种常见的职位,例如,总经理、部长、销售总监、财务总监、行政人员、技术人员等。由于一个职位通常会管理多个业务对象,因此,上述职位参数可以对应至少一个第一业务对象。相应地,上述基于所述职位参数,确定与所述职位参数对应的第一业务对象具体是指:基于所述职位参数,确定与所述职位参数对应的所有第一业务对象,即所确定的第一业务对象的数量可以为1个,也可以大于1个。上述基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限具体是指:基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所确定的所有第一业务对象的操作权限。所述职位参数可以是各种代码,例如,职位参数0001对应的职位为:总经理,职位参数0002对应的职位为:财务总监。Wherein, the first mapping relationship table may include: at least two position parameters, and the first business object corresponding to each position parameter, wherein the at least two position parameters correspond to at least two different positions one by one, and it can be understood that the at least two position parameters may include position parameters of all positions in the enterprise, and the positions may be various common positions, such as general manager, department head, sales director, financial director, administrative staff, technical staff, etc. Since a position usually manages multiple business objects, the above position parameter may correspond to at least one first business object. Accordingly, the above determination of the first business object corresponding to the position parameter based on the position parameter specifically refers to: determining all first business objects corresponding to the position parameter based on the position parameter, that is, the number of the determined first business objects may be 1 or more than 1. The above updating of the first user's operation authority for the first business object in the at least two business systems based on the position responsibility parameter specifically refers to: updating the first user's operation authority for all determined first business objects in the at least two business systems based on the position responsibility parameter. The position parameter may be various codes, for example, the position corresponding to the position parameter 0001 is: general manager, and the position corresponding to the position parameter 0002 is: financial director.

具体地,由于企业中可能存在两个以上员工的职位相同,即同一职位下可能需要设置两个以上的岗位,同一职位下的不同岗位的岗位职责可能不同,例如,职位“行政人员”下可能设有如下岗位:一部秘书、二部秘书、人事、前台等。又例如,职位“技术人员”下可能根据不同业务设置不同的岗位。而不同的岗位由于岗位职责不同,因此,对于所对应的业务对象的操作类型可以不同。Specifically, since there may be more than two employees with the same position in an enterprise, that is, more than two posts may be set up under the same position, and the job responsibilities of different posts under the same position may be different. For example, the position of "administrative staff" may have the following posts: secretary of the first department, secretary of the second department, human resources, front desk, etc. For another example, different posts may be set up under the position of "technician" according to different businesses. Different posts have different job responsibilities, so the operation types for the corresponding business objects may be different.

所述操作类型至少包括:查看操作、编辑操作、删除操作、确认操作和新增操作。The operation types include at least: viewing operation, editing operation, deleting operation, confirming operation and adding operation.

上述第二映射表可以包括:至少两个岗位职责参数,以及,每个岗位职责参数对应的操作类型。其中,不同的岗位职责参数对应不同的岗位,不同的岗位的岗位职责通常不同。可以理解的是,有些岗位对于所对应的第一业务对象可能即需要查看权限,也需要编辑权限,因此,所述岗位职责参数所对应的操作类型的数量可能为1个,也可能大于一个,例如,职位参数0003、岗位职责参数AAA的用户对所对应的第一业务对象的操作权限可以为:查看操作,此时,职位参数0003、岗位职责参数AAB的用户对所对应的第一业务对象的操作权限可以为:查看操作、编辑操作和删除操作。The above-mentioned second mapping table may include: at least two job responsibility parameters, and the operation type corresponding to each job responsibility parameter. Among them, different job responsibility parameters correspond to different positions, and the job responsibilities of different positions are usually different. It is understandable that some positions may require both viewing permissions and editing permissions for the corresponding first business object. Therefore, the number of operation types corresponding to the job responsibility parameters may be 1 or more than one. For example, the operation permission of a user with job parameter 0003 and job responsibility parameter AAA for the corresponding first business object can be: viewing operation. At this time, the operation permission of a user with job parameter 0003 and job responsibility parameter AAB for the corresponding first business object can be: viewing operation, editing operation and deletion operation.

上述基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限,具体可以是指:基于所述岗位职责参数,同时在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限。例如,若确定上述第一用户的职位参数为0003,岗位职责参数为AAA,所述0003对应的所有第一业务对象包括:业务对象A和业务对象B,所述岗位职责参数AAA对应的操作类型包括:查看操作和删除操作。则基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限具体可以是指:在所述至少两个业务系统中,为所述第一用户分配对业务对象A和业务对象B的“查看操作和删除操作”权限。或者,所述基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限具体也可以是指:在所述至少两个业务系统中,删除所述第一用户分配对业务对象A和业务对象B的“查看操作和删除操作”权限。The updating of the operation authority of the first user to the first business object in the at least two business systems based on the job responsibility parameters may specifically refer to: updating the operation authority of the first user to the first business object in the at least two business systems based on the job responsibility parameters. For example, if it is determined that the position parameter of the first user is 0003 and the job responsibility parameter is AAA, all the first business objects corresponding to 0003 include: business object A and business object B, and the operation types corresponding to the job responsibility parameter AAA include: viewing operation and deletion operation. Based on the job responsibility parameters, updating the operation authority of the first user to the first business object in the at least two business systems may specifically refer to: assigning the "view operation and delete operation" authority to the first user for business object A and business object B in the at least two business systems. Alternatively, based on the job responsibility parameters, updating the operation authority of the first user to the first business object in the at least two business systems may specifically refer to: deleting the "view operation and delete operation" authority assigned to the first user for business object A and business object B in the at least two business systems.

该实施方式中,通过建立职位参数与各个业务系统中的业务对象之间的对应关系,以及,建立岗位职责参数与操作类型之间的对应关系,并抽象出不同业务系统包括的公共的业务对象,如此,在对用户进行权限设置时,仅需获取用户的职位信息,即可确定用户在各个业务系统中有权限从操作的第一业务对象,以及,确定用户对第一业务对象进行操作的操作类型,从而可以根据所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限,从而实现了对用户在至少两个业务系统中的权限设置过程,相对于现有技术而言,由于基于职位信息即可确定用户的所有权限内容,因此,相关人员在对用户进行权限设置的过程中,无需逐一选择权限内容,同时,由于至少两个业务系统均包括相同的业务对象,因此,可以同时对用户在至少两个业务系统中的权限进行更新,无需逐一切换业务系统进行权限设置,从而有利于简化权限设置的过程。In this implementation, by establishing a correspondence between position parameters and business objects in each business system, and establishing a correspondence between position responsibility parameters and operation types, and abstracting common business objects included in different business systems, when setting permissions for users, it is only necessary to obtain the user's position information to determine the first business object that the user has the permission to operate in each business system, and to determine the operation type of the user's operation on the first business object. Therefore, according to the position responsibility parameters, the first user's operation permission for the first business object can be updated in the at least two business systems, thereby realizing the permission setting process for the user in at least two business systems. Compared with the prior art, since all the permission contents of the user can be determined based on the position information, the relevant personnel do not need to select the permission contents one by one in the process of setting permissions for the user. At the same time, since at least two business systems include the same business objects, the user's permissions in at least two business systems can be updated at the same time without switching business systems one by one to set permissions, which is conducive to simplifying the permission setting process.

可选地,所述方法还包括:Optionally, the method further comprises:

在接收到所述第一用户发送的专项授权请求的情况下,对所述专项授权请求进行校验;Upon receiving the special authorization request sent by the first user, verifying the special authorization request;

在对所述专项授权请求进行校验,且校验通过的情况下,确定所述专项授权请求所请求授权的第二业务对象,其中,所述至少两个业务系统包括所述第二业务对象,且所述第二业务对象对应每个业务系统中的至少一个系统菜单,所述第二业务对象为所述第一业务对象之外的其他业务对象;When the special authorization request is verified and the verification passes, determining a second business object requested for authorization by the special authorization request, wherein the at least two business systems include the second business object, and the second business object corresponds to at least one system menu in each business system, and the second business object is a business object other than the first business object;

在所述至少两个业务系统中,向所述第一用户分配对所述第二业务对象的操作权限。In the at least two business systems, the first user is assigned operation rights for the second business object.

上述专项授权请求可以是第一用户在相关业务系统中申请的请求,具体地,用户在工作过程中,由于业务需要,可能需要临时对某一些不具有操作权限的业务对象进行操作。在此情况下,用户可以通过相关业务系统临时申请专项授权,在相关人员对专项授权请求审批通过之后,即可为该用户分配对所申请的业务对象的专项操作权限。The above-mentioned special authorization request may be a request applied by the first user in the relevant business system. Specifically, during the work process, the user may need to temporarily operate certain business objects for which he does not have the operation authority due to business needs. In this case, the user may temporarily apply for special authorization through the relevant business system. After the relevant personnel approve the special authorization request, the user can be assigned the special operation authority for the applied business object.

上述专项授权请求可以包括如下信息:第二业务对象、目标操作类型、申请理由、开始时间、结束时间等。当第一用户在相关业务系统发起所述专项授权请求的情况下,可以将第一用户的申请发送至相关管理人员的账号处进行审批,若审批通过,该审批过程即为上述校验过程,若审批通过,则确定校验通过,此时,可以在所述至少两个业务系统中,为该第一用户分配对第二业务对象的目标操作权限,其中,所述目标操作权限为所述目标操作类型所指示的操作权限,所述目标操作类型包括一下操作类型中的至少一项:查看操作、编辑操作、删除操作、确认操作和新增操作。所述第一用户在所述开始时间与结束时间之间的时间段内具有对第二业务对象的目标操作权限,在开始时间之前和结束时间之后,均不具有对第二业务对象的目标操作权限。The above-mentioned special authorization request may include the following information: the second business object, the target operation type, the reason for application, the start time, the end time, etc. When the first user initiates the special authorization request in the relevant business system, the application of the first user can be sent to the account of the relevant management personnel for approval. If the approval is passed, the approval process is the above-mentioned verification process. If the approval is passed, it is determined that the verification is passed. At this time, the target operation authority of the second business object can be allocated to the first user in the at least two business systems, wherein the target operation authority is the operation authority indicated by the target operation type, and the target operation type includes at least one of the following operation types: viewing operation, editing operation, deleting operation, confirming operation and adding operation. The first user has the target operation authority of the second business object in the time period between the start time and the end time, and does not have the target operation authority of the second business object before the start time and after the end time.

上述对转向授权请求的审批流程可以包括:发起人-发起人直接上级-发起人部门负责人-授权对象消费系统管理员-授权对象管理系统管理员。The above-mentioned approval process for the redirection authorization request may include: initiator-initiator's direct superior-initiator's department head-authorized object consumption system administrator-authorized object management system administrator.

该实施方式中,通过基于用户的专项授权请求对用户进行专项授权,有利于进一步优化权限设置的过程。In this implementation, by performing special authorization on the user based on the user's special authorization request, it is beneficial to further optimize the permission setting process.

可选地,所述获取第一用户的职位信息,包括:Optionally, obtaining the position information of the first user includes:

在满足预设条件的情况下,获取所述第一用户的职位信息,其中,所述预设条件包括以下任意一项:When a preset condition is met, the position information of the first user is obtained, wherein the preset condition includes any one of the following:

所述第一用户离职;The first user resigns;

所述第一用户入职;the first user is onboarded;

所述第一用户的职位发生变化;The position of the first user changes;

所述第一用户的岗位职责发生变化。The job responsibilities of the first user have changed.

其中,所述基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限,包括:Wherein, updating the operation authority of the first user on the first business object in the at least two business systems based on the job responsibility parameters includes:

在所述预设条件为所述第一用户入职的情况下,在所述至少两个业务系统中,基于所述岗位职责参数,向所述第一用户分配对所述第一业务对象的操作权限;或者,在所述预设条件为所述第一用户的职位发生变化的情况下,在所述至少两个业务系统中,基于所述岗位职责参数,向所述第一用户分配对所述第一业务对象的操作权限,其中,所述职位信息为所述第一用户的职位发生变化之后的职位信息;或者,在所述预设条件为所述第一用户的岗位职责发生变化的情况下,在所述至少两个业务系统中,基于所述岗位职责参数,向所述第一用户分配对所述第一业务对象的操作权限,其中,所述职位信息为所述第一用户的岗位职责变化之后的职位信息。In a case where the preset condition is that the first user joins the company, in the at least two business systems, based on the job responsibility parameters, the first user is allocated operating rights for the first business object; or, in a case where the preset condition is that the first user's position has changed, in the at least two business systems, based on the job responsibility parameters, the first user is allocated operating rights for the first business object, wherein the position information is the position information after the position of the first user has changed; or, in a case where the preset condition is that the job responsibilities of the first user have changed, in the at least two business systems, based on the job responsibilities parameters, the first user is allocated operating rights for the first business object, wherein the position information is the position information after the job responsibilities of the first user have changed.

所述基于所述职位参数,确定与所述职位参数对应的第一业务对象之后,所述方法还包括:在所述预设条件为所述第一用户离职的情况下,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限的权限失效时间,其中,所述第一用户对所述第一业务对象的操作权限在所述权限失效时间所指示的时间点失效。After determining the first business object corresponding to the position parameters based on the position parameters, the method also includes: when the preset condition is that the first user resigns, updating the expiration time of the first user's operating rights for the first business object in the at least two business systems, wherein the first user's operating rights for the first business object expires at the time point indicated by the expiration time.

具体地,当第一用户在相关业务系统中提出离职申请时,业务系统可以向权限管理系统触发一个第一权限变更请求,此时,所述权限管理系统可以响应于第一权限变更请求获取第一用户的职位信息,基于所述职位参数,确定与所述职位参数对应的第一业务对象,然后,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限的权限失效时间,其中,所述第一用户对所述第一业务对象的操作权限在所述权限失效时间所指示的时间点失效。可以理解的是,所述权限失效时间为第一用户在离职申请中提出的最后离开公司的时间日期。Specifically, when the first user submits a resignation application in the relevant business system, the business system may trigger a first permission change request to the permission management system. At this time, the permission management system may obtain the position information of the first user in response to the first permission change request, determine the first business object corresponding to the position parameter based on the position parameter, and then update the permission expiration time of the first user's operation permission for the first business object in the at least two business systems, wherein the first user's operation permission for the first business object expires at the time indicated by the permission expiration time. It can be understood that the permission expiration time is the date and time of the last leaving the company proposed by the first user in the resignation application.

相应地,当第一用户在相关业务系统中提出职位或岗位变更申请时,业务系统可以向权限管理系统触发一个第二权限变更请求,此时,所述权限管理系统可以响应于第二权限变更请求获取第一用户的职位信息,基于所述职位参数,确定与所述职位参数对应的第一业务对象,并在所述至少两个业务系统中,基于所述岗位职责参数,向所述第一用户分配对所述第一业务对象的操作权限,其中,所述职位信息为所述第一用户的职位发生变化之后的职位信息;或者,在所述至少两个业务系统中,基于所述岗位职责参数,向所述第一用户分配对所述第一业务对象的操作权限,其中,所述职位信息为所述第一用户的岗位职责变化之后的职位信息。Accordingly, when the first user submits an application for a position or job change in the relevant business system, the business system may trigger a second permission change request to the authority management system. At this time, the authority management system may obtain the position information of the first user in response to the second permission change request, determine the first business object corresponding to the position parameters based on the position parameters, and in the at least two business systems, based on the position responsibility parameters, allocate operating rights to the first business object to the first user, wherein the position information is the position information of the first user after the position changes; or, in the at least two business systems, based on the position responsibility parameters, allocate operating rights to the first business object to the first user, wherein the position information is the position information of the first user after the position responsibilities of the first user change.

相应地,当第一用户在相关业务系统中提出入职申请时,业务系统可以向权限管理系统触发一个第三权限变更请求,此时,所述权限管理系统可以响应于第三权限变更请求获取第一用户的职位信息,基于所述职位参数,确定与所述职位参数对应的第一业务对象,在所述至少两个业务系统中,基于所述岗位职责参数,向所述第一用户分配对所述第一业务对象的操作权限。Accordingly, when the first user submits an employment application in the relevant business system, the business system may trigger a third permission change request to the permission management system. At this time, the permission management system may obtain the position information of the first user in response to the third permission change request, and based on the position parameters, determine the first business object corresponding to the position parameters, and in the at least two business systems, based on the job responsibilities parameters, assign the first user operation permissions for the first business object.

具体地,基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限的过程中,权限管理系统可以触发一个审批流程,该审批流程的审批规则可以是:发起人-被授权人直接上级-被授权人部门负责人-授权对象消费系统管理员-授权对象管理系统管理员,在通过该审批流程审批通过之后,可以在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限。当然,也可以不通过任何审批流程,由权限管理系统根据用户的职位或岗位职责变化,自动更新用户在各个业务系统中的权限。Specifically, based on the job responsibility parameters, in the at least two business systems, during the process of updating the first user's operating authority for the first business object, the authority management system can trigger an approval process, and the approval rules of the approval process can be: initiator - authorized person's direct superior - authorized person's department head - authorized object consumption system administrator - authorized object management system administrator. After passing the approval process, the first user's operating authority for the first business object can be updated in the at least two business systems. Of course, it is also possible to automatically update the user's authority in each business system according to the user's position or job responsibility changes without going through any approval process.

该实施方式中,当用户的职位或岗位职责发生变化时,可以业务系统可以自动向权限管理系统发送对应的权限变更请求,以便于及时更新用户在各个业务系统中的权限。In this implementation, when the user's position or job responsibilities change, the business system can automatically send a corresponding permission change request to the permission management system to facilitate timely updating of the user's permissions in various business systems.

可选地,所述方法还包括:Optionally, the method further comprises:

每隔预设时长,对所述业务系统中的用户的权限进行校验,得到第一校验信息;在所述第一校验信息表征第二用户存在互斥权限的情况下,生成第一预警信息,其中,所述第一预警信息包括:第一异常标识、所述第二用户的身份信息和所述第二用户的权限信息;At preset intervals, the permissions of the user in the business system are verified to obtain first verification information; when the first verification information indicates that the second user has mutually exclusive permissions, first warning information is generated, wherein the first warning information includes: a first abnormality identifier, identity information of the second user, and permission information of the second user;

在更新所述第一用户对所述第一业务对象的操作权限的过程中,获取审批流程信息,在所述审批流程信息存在预设异常的情况下,生成第二预警信息,其中,所述第二预警信息包括:第二异常标识和所述审批流程信息,所述审批流程信息包括:至少两个审批节点和每个审批节点对应的审批结论信息,所述预设异常包括:提交审批申请的节点的身份信息与对所述审批申请进行审批的节点的身份信息相同。In the process of updating the operation authority of the first user on the first business object, approval process information is obtained, and when there is a preset exception in the approval process information, second warning information is generated, wherein the second warning information includes: a second exception identifier and the approval process information, the approval process information includes: at least two approval nodes and approval conclusion information corresponding to each approval node, and the preset exception includes: identity information of the node that submits the approval application is the same as the identity information of the node that approves the approval application.

其中,上述预设时长可以根据需要进行设置,例如,可以为一天、一周、半个月等。Among them, the above-mentioned preset duration can be set as needed, for example, it can be one day, one week, half a month, etc.

具体地,可以预先建立一个互斥权限列表,所述互斥权限列表中包括至少一个互斥权限对,所述互斥权限对包括互斥的两个权限。其中,当用户拥有互斥权限时,该用户通常具有足够权力可以独立进行欺诈行为。因此,在企业中,通常需要杜绝给用户分配互斥权限。上述对业务系统中的用户的权限进行校验:可以是对所述至少两个业务系统中的所有用户的权限进行校验,例如,在对第二用户在第一业务系统中的权限进行校验时,可以获取该第二用户在第一业务系统中的所有权限,然后,基于所述互斥权限列表对第二用户在第一业务系统中的所有权限进行校验,若所述第二用户在第一业务系统中的所有权限中包括互斥权限列表中的任意一组互斥权限,则确定第二用户存在互斥权限,此时,可以生成第一预警信息,并将该第一预警信息发送至相关权限管理人员,以便于相关权限管理人员确定是否需要对第二用户的权限进行调整,从而可以避免因第二用户拥有互斥权限而造成对公司的损害。其中,所述第一业务系统可以是所述至少两个业务系统中的任意一个业务系统。Specifically, a mutually exclusive permission list can be established in advance, and the mutually exclusive permission list includes at least one mutually exclusive permission pair, and the mutually exclusive permission pair includes two mutually exclusive permissions. Wherein, when a user has mutually exclusive permissions, the user usually has sufficient power to independently commit fraud. Therefore, in an enterprise, it is usually necessary to prevent the assignment of mutually exclusive permissions to users. The above-mentioned verification of the permissions of users in the business system can be: the permissions of all users in the at least two business systems can be verified. For example, when the permissions of the second user in the first business system are verified, all permissions of the second user in the first business system can be obtained, and then all permissions of the second user in the first business system are verified based on the mutually exclusive permission list. If all permissions of the second user in the first business system include any group of mutually exclusive permissions in the mutually exclusive permission list, it is determined that the second user has mutually exclusive permissions. At this time, a first warning information can be generated and sent to the relevant permission management personnel, so that the relevant permission management personnel can determine whether it is necessary to adjust the permissions of the second user, thereby avoiding damage to the company caused by the second user having mutually exclusive permissions. Wherein, the first business system can be any one of the at least two business systems.

此外,在确定所述第二用户存在互斥权限的情况下,可以在生成第一预警信息的同时,禁用第二用户的互斥权限,即禁用第二用户的相互斥的两个权限,直至相关权限管理人员在对第一预警信息进行审批,且确认该第二用户具有该互斥权限的情况下,互斥第二用户的互斥权限。在相关权限管理人员确认该第二用户具有该互斥权限的情况下,可以为第二用户的互斥权限添加一个授权标识,如此,在后续的权限校验过程中,再次检测到该第二用户具有该具有授权标识的互斥权限时,则不会再次生成第一预警信息。In addition, when it is determined that the second user has mutually exclusive permissions, the mutually exclusive permissions of the second user can be disabled while the first warning information is generated, that is, the two mutually exclusive permissions of the second user can be disabled until the relevant permission management personnel approve the first warning information and confirm that the second user has the mutually exclusive permissions, and then the mutually exclusive permissions of the second user are mutually excluded. When the relevant permission management personnel confirm that the second user has the mutually exclusive permissions, an authorization identifier can be added to the mutually exclusive permissions of the second user, so that in the subsequent permission verification process, when it is detected again that the second user has the mutually exclusive permissions with the authorization identifier, the first warning information will not be generated again.

上述提交审批申请的节点的身份信息与对所述审批申请进行审批的节点的身份信息相同具体是指:发起审批请求的用户与审批该审批请求的用户为同一用户。即在发起审批请求的用户与审批该审批请求的用户为同一用户时,生成第二预警信息,并可以将该第二预警信息发送至相关权限管理人员,以便于相关权限管理人员确定该授权过程是否为存在异常。The identity information of the node that submits the approval application is the same as the identity information of the node that approves the approval application. Specifically, it means that the user who initiates the approval request and the user who approves the approval request are the same user. That is, when the user who initiates the approval request and the user who approves the approval request are the same user, a second warning information is generated, and the second warning information can be sent to the relevant authority management personnel, so that the relevant authority management personnel can determine whether there is an abnormality in the authorization process.

可以理解的是,上述对业务系统中的用户进行互斥权限校验,以及,对审批流程信息进行校验的过程均可以由规则引擎实现。并且可以通过流程监控监控报告和权限监控监控报告的形式记录所述第一预警信息和第二预警信息,同时,所生成的预警信息可以通过工作台概览的形式呈现。It is understandable that the above-mentioned mutually exclusive permission verification of users in the business system and the verification of approval process information can be implemented by the rule engine. And the first warning information and the second warning information can be recorded in the form of process monitoring report and permission monitoring report. At the same time, the generated warning information can be presented in the form of a workbench overview.

关于上述互斥权限,本申请实施例进一步作如下说明:Regarding the above mutually exclusive permissions, the embodiment of the present application further explains as follows:

企业在确定职责分工过程中,应当充分考虑不相容职务相互分离的制衡要求。不相容职务通常包括:授权、批准、业务经办、会计记录、财产保管、稽核检查等。When determining the division of responsibilities, enterprises should fully consider the checks and balances required to separate incompatible duties. Incompatible duties usually include: authorization, approval, business handling, accounting records, property custody, auditing and inspection, etc.

企业应当根据各项经济业务与事项的流程和特点,系统、完整地分析、梳理执行该经济业务与事项涉及的不相容职务,并结合岗位职责分工采取分离措施。有条件的企业,可以借助计算机信息技术系统,通过权限设定等方式自动实现不相容职务的相互分离。Enterprises should systematically and completely analyze and sort out the incompatible duties involved in the execution of various economic operations and matters according to the processes and characteristics of the economic operations and matters, and take separation measures in combination with the division of job responsibilities. Enterprises with conditions can use computer information technology systems to automatically separate incompatible duties through authority settings and other means.

货币资金业务的不相容岗位至少应当包括:Incompatible positions in monetary fund business shall at least include:

(一)货币资金支付的审批与执行;(1) Approval and execution of monetary fund payments;

(二)货币资金的保管与盘点清查;(2) safekeeping and inventory checking of monetary funds;

(三)货币资金的会计记录与审计监督。(3) Accounting records and audit supervision of monetary funds.

企业采购与付款业务的不相容岗位至少包括:Incompatible positions in corporate procurement and payment business include at least:

(一)请购与审批;(1) Purchase request and approval;

(二)询价与确定供应商;(2) Inquiry for prices and identification of suppliers;

(三)采购合同的订立与审核;(3) Conclusion and review of procurement contracts;

(四)采购、验收与相关会计记录;(iv) Procurement, acceptance and related accounting records;

(五)付款的申请、审批与执行。(V) Application, approval and execution of payment.

存货业务的不相容岗位至少包括:Incompatible positions in inventory business include at least:

(一)存货的请购与审批,审批与执行;(1) Inventory purchase request and approval, approval and execution;

(二)存货的采购与验收、付款;(2) Purchase, acceptance and payment of inventory;

(三)存货的保管与相关会计记录;(3) the safekeeping of inventories and related accounting records;

(四)存货发出的申请与审批,申请与会计记录;(iv) Application and approval for the shipment of inventory, and application and accounting records;

(五)存货处置的申请与审批,申请与会计记录。(V) Application and approval for inventory disposal, and application and accounting records.

固定资产业务不相容岗位至少包括:Incompatible positions in fixed assets business include at least:

(一)固定资产投资预算的编制与审批,审批与执行;(1) Preparation, approval, examination and implementation of fixed asset investment budgets;

(二)固定资产采购、验收与款项支付;(2) Purchase, acceptance and payment of fixed assets;

(三)固定资产投保的申请与审批;(3) Application and approval for fixed asset insurance;

(四)固定资产处置的申请与审批,审批与执行;(iv) Application and approval, approval and execution of fixed asset disposal;

(五)固定资产取得与处置业务的执行与相关会计记录。(V) The execution of fixed asset acquisition and disposal business and related accounting records.

可以理解的是,上述不相容岗位的权限即为上述互斥权限。It is understandable that the permissions of the above-mentioned incompatible positions are the above-mentioned mutually exclusive permissions.

请参见图2,图2为本申请实施例提供的一种权限设置装置200的结构示意图,所述权限设置装置200包括:Please refer to FIG. 2 , which is a schematic diagram of the structure of a permission setting device 200 provided in an embodiment of the present application. The permission setting device 200 includes:

获取模块201,用于获取第一用户的职位信息,所述第一用户为至少两个业务系统中的用户,所述职位信息包括职位参数和岗位职责参数;An acquisition module 201 is used to acquire position information of a first user, where the first user is a user in at least two business systems, and the position information includes position parameters and job responsibility parameters;

确定模块202,用于基于所述职位参数,确定与所述职位参数对应的第一业务对象,其中,所述至少两个业务系统包括所述第一业务对象,且所述第一业务对象在每个业务系统中对应至少一个系统菜单;A determination module 202, configured to determine, based on the position parameter, a first business object corresponding to the position parameter, wherein the at least two business systems include the first business object, and the first business object corresponds to at least one system menu in each business system;

更新模块203,用于基于所述岗位职责参数,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限,其中,不同的岗位职责参数对应的操作类型不同。The updating module 203 is used to update the operation authority of the first user on the first business object in the at least two business systems based on the job responsibility parameters, wherein different job responsibility parameters correspond to different operation types.

可选地,所述操作类型至少包括:查看操作、编辑操作、删除操作、确认操作和新增操作。Optionally, the operation types include at least: a view operation, an edit operation, a delete operation, a confirm operation and a add operation.

可选地,所述装置还包括:Optionally, the device further comprises:

校验模块,用于在接收到所述第一用户发送的专项授权请求的情况下,对所述专项授权请求进行校验;A verification module, configured to verify the special authorization request upon receiving the special authorization request sent by the first user;

所述确定模块202,还用于在对所述专项授权请求进行校验,且校验通过的情况下,确定所述专项授权请求所请求授权的第二业务对象,其中,所述至少两个业务系统包括所述第二业务对象,且所述第二业务对象对应每个业务系统中的至少一个系统菜单,所述第二业务对象为所述第一业务对象之外的其他业务对象;The determination module 202 is further configured to, when the special authorization request is verified and the verification passes, determine a second business object requested for authorization by the special authorization request, wherein the at least two business systems include the second business object, and the second business object corresponds to at least one system menu in each business system, and the second business object is a business object other than the first business object;

所述更新模块203,还在所述至少两个业务系统中,向所述第一用户分配对所述第二业务对象的操作权限。The updating module 203 further allocates, in the at least two business systems, operating rights for the second business object to the first user.

可选地,所述获取模块201,具体用于在满足预设条件的情况下,获取所述第一用户的职位信息,其中,所述预设条件包括以下任意一项:Optionally, the acquisition module 201 is specifically configured to acquire the position information of the first user when a preset condition is met, wherein the preset condition includes any one of the following:

所述第一用户离职;The first user resigns;

所述第一用户入职;the first user is onboarded;

所述第一用户的职位发生变化;The position of the first user changes;

所述第一用户的岗位职责发生变化。The job responsibilities of the first user have changed.

可选地,所述更新模块203,具体用于在所述预设条件为所述第一用户入职的情况下,在所述至少两个业务系统中,基于所述岗位职责参数,向所述第一用户分配对所述第一业务对象的操作权限;或者,Optionally, the updating module 203 is specifically configured to allocate, in the at least two business systems, operating rights for the first business object to the first user based on the job responsibility parameters when the preset condition is that the first user joins the company; or

所述更新模块203,具体用于在所述预设条件为所述第一用户的职位发生变化的情况下,在所述至少两个业务系统中,基于所述岗位职责参数,向所述第一用户分配对所述第一业务对象的操作权限,其中,所述职位信息为所述第一用户的职位发生变化之后的职位信息;或者,The updating module 203 is specifically configured to allocate, in the at least two business systems, the operation authority for the first business object to the first user based on the job responsibility parameters when the preset condition is that the first user's job position has changed, wherein the job position information is the job position information after the first user's job position has changed; or

所述更新模块203,具体用于在所述预设条件为所述第一用户的岗位职责发生变化的情况下,在所述至少两个业务系统中,基于所述岗位职责参数,向所述第一用户分配对所述第一业务对象的操作权限,其中,所述职位信息为所述第一用户的岗位职责变化之后的职位信息;The updating module 203 is specifically configured to allocate, in the at least two business systems, the operation authority for the first business object to the first user based on the job responsibility parameters when the preset condition is that the job responsibilities of the first user have changed, wherein the job information is the job information of the first user after the job responsibilities have changed;

所述更新模块203,具体用于在所述预设条件为所述第一用户离职的情况下,在所述至少两个业务系统中,更新所述第一用户对所述第一业务对象的操作权限的权限失效时间,其中,所述第一用户对所述第一业务对象的操作权限在所述权限失效时间所指示的时间点失效。The update module 203 is specifically used to update the expiration time of the first user's operating rights for the first business object in the at least two business systems when the preset condition is the resignation of the first user, wherein the first user's operating rights for the first business object expire at the time point indicated by the expiration time.

可选地,所述装置还包括:Optionally, the device further comprises:

预警模块,用于每隔预设时长,对所述业务系统中的用户的权限进行校验,得到第一校验信息;在所述第一校验信息表征第二用户存在互斥权限的情况下,生成第一预警信息,其中,所述第一预警信息包括:第一异常标识、所述第二用户的身份信息和所述第二用户的权限信息;An early warning module is used to verify the authority of the user in the business system at a preset time interval to obtain first verification information; if the first verification information indicates that the second user has mutually exclusive authority, generate first early warning information, wherein the first early warning information includes: a first abnormality identifier, identity information of the second user, and authority information of the second user;

所述预警模块,还用于在更新所述第一用户对所述第一业务对象的操作权限的过程中,获取审批流程信息,在所述审批流程信息存在预设异常的情况下,生成第二预警信息,其中,所述第二预警信息包括:第二异常标识和所述审批流程信息,所述审批流程信息包括:至少两个审批节点和每个审批节点对应的审批结论信息,所述预设异常包括:提交审批申请的节点的身份信息与对所述审批申请进行审批的节点的身份信息相同。The early warning module is further used to obtain approval process information during the process of updating the first user's operation authority for the first business object, and generate second early warning information when there is a preset exception in the approval process information, wherein the second early warning information includes: a second exception identifier and the approval process information, the approval process information includes: at least two approval nodes and approval conclusion information corresponding to each approval node, and the preset exception includes: the identity information of the node that submits the approval application is the same as the identity information of the node that approves the approval application.

需要说明的是,本申请实施例提供的权限设置装置200能够实现如图1实施例所示的权限设置方法的全部技术过程,并达到相同的技术效果,为避免重复,在此不再赘述。It should be noted that the permission setting device 200 provided in the embodiment of the present application can implement the entire technical process of the permission setting method shown in the embodiment of Figure 1 and achieve the same technical effect. To avoid repetition, it will not be repeated here.

本申请实施例还提供了一种电子设备,包括:处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序,所述程序被所述处理器执行时实现上述图1所示权限设置方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。An embodiment of the present application also provides an electronic device, including: a processor, a memory, and a program stored in the memory and executable on the processor. When the program is executed by the processor, the various processes of the embodiment of the permission setting method shown in FIG. 1 above are implemented, and the same technical effect can be achieved. To avoid repetition, it will not be described here.

具体的,参见图3所示,本申请实施例还提供了一种电子设备,包括总线301、收发机302、天线303、总线接口304、处理器305和存储器306。Specifically, as shown in FIG. 3 , an embodiment of the present application further provides an electronic device, including a bus 301 , a transceiver 302 , an antenna 303 , a bus interface 304 , a processor 305 , and a memory 306 .

在该实施方式中,所述电子设备还包括:存储在存储器306上并可在处理器305上运行的计算机程序。所述计算机程序被处理器305执行时可实现如图1实施例所示的权限设置方法的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。In this embodiment, the electronic device further includes: a computer program stored in the memory 306 and executable on the processor 305. When the computer program is executed by the processor 305, each process of the permission setting method shown in the embodiment of FIG. 1 can be implemented, and the same technical effect can be achieved. To avoid repetition, it will not be described here.

在图3中,总线架构(用总线301来代表),总线301可以包括任意数量的互联的总线和桥,总线301将包括由处理器305代表的一个或多个处理器和存储器306代表的存储器的各种电路链接在一起。总线301还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口304在总线301和收发机302之间提供接口。收发机302可以是一个元件,也可以是多个元件,比如多个接收器和发送器,提供用于在传输介质上与各种其他装置通信的单元。经处理器305处理的数据通过天线303在无线介质上进行传输,进一步,天线303还接收数据并将数据传送给处理器305。In FIG3 , a bus architecture (represented by bus 301) is shown. Bus 301 may include any number of interconnected buses and bridges. Bus 301 links various circuits including one or more processors represented by processor 305 and memory represented by memory 306. Bus 301 may also link various other circuits such as peripherals, voltage regulators, and power management circuits, which are well known in the art and are therefore not further described herein. Bus interface 304 provides an interface between bus 301 and transceiver 302. Transceiver 302 may be one element or multiple elements, such as multiple receivers and transmitters, providing a unit for communicating with various other devices on a transmission medium. Data processed by processor 305 is transmitted on a wireless medium via antenna 303. Further, antenna 303 also receives data and transmits the data to processor 305.

处理器305负责管理总线301和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节、电源管理以及其他控制功能。而存储器306可以被用于存储处理器305在执行操作时所使用的数据。Processor 305 is responsible for managing bus 301 and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management and other control functions. Memory 306 can be used to store data used by processor 305 when performing operations.

可选地,处理器305可以是CPU、ASIC、FPGA或CPLD。Optionally, the processor 305 may be a CPU, an ASIC, an FPGA or a CPLD.

本申请实施例还提供一种计算机可读存储介质,计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现上述图1所示方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。其中,所述的计算机可读存储介质,如ROM、RAM、磁碟或者光盘等。The embodiment of the present application also provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, each process of the method embodiment shown in FIG. 1 is implemented, and the same technical effect can be achieved. To avoid repetition, it is not repeated here. The computer-readable storage medium is, for example, a ROM, RAM, a magnetic disk or an optical disk.

本申请实施例还提供一种计算机程序产品,包括计算机指令,计算机指令被处理器执行时实现上述图1所示方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。The embodiment of the present application also provides a computer program product, including computer instructions. When the computer instructions are executed by a processor, the various processes of the method embodiment shown in Figure 1 above are implemented, and the same technical effect can be achieved. To avoid repetition, they are not repeated here.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that, in this article, the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, an element defined by the sentence "comprises a ..." does not exclude the existence of other identical elements in the process, method, article or device including the element.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对相关技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that the above-mentioned embodiment methods can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present application, or the part that contributes to the relevant technology, can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, disk, CD), and includes a number of instructions for a terminal (which can be a mobile phone, computer, server, air conditioner, or network equipment, etc.) to execute the methods described in each embodiment of the present application.

上面结合附图对本申请的实施例进行了描述,但是本申请并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本申请的启示下,在不脱离本申请宗旨和权利要求所保护的范围情况下,还可做出很多形式,均属于本申请的保护之内。The embodiments of the present application are described above in conjunction with the accompanying drawings, but the present application is not limited to the above-mentioned specific implementation methods. The above-mentioned specific implementation methods are merely illustrative and not restrictive. Under the guidance of the present application, ordinary technicians in this field can also make many forms without departing from the purpose of the present application and the scope of protection of the claims, all of which are within the protection of the present application.

Claims (10)

1. A rights setting method, characterized in that the method comprises:
acquiring position information of a first user, wherein the first user is a user in at least two business systems, and the position information comprises position parameters and position responsibility parameters;
Determining a first business object corresponding to the job position parameter based on the job position parameter, wherein the at least two business systems comprise the first business object, and the first business object corresponds to at least one system menu in each business system;
And updating the operation authority of the first user on the first business object in the at least two business systems based on the post responsibility parameters, wherein the operation types corresponding to different post responsibility parameters are different.
2. The method according to claim 1, characterized in that said operation types comprise at least: viewing operations, editing operations, deleting operations, confirming operations, and adding operations.
3. The method according to claim 1, wherein the method further comprises:
Under the condition that a special authorization request sent by the first user is received, checking the special authorization request;
Determining a second service object requested to be authorized by the special authorization request under the condition that the special authorization request is checked and the check is passed, wherein the at least two service systems comprise the second service object, the second service object corresponds to at least one system menu in each service system, and the second service object is other service objects except the first service object;
and in the at least two business systems, the operation authority of the second business object is allocated to the first user.
4. The method of claim 1, wherein the obtaining job information of the first user comprises:
acquiring position information of the first user under the condition that preset conditions are met, wherein the preset conditions comprise any one of the following:
the first user leaves the office;
the first user takes part in the job;
the position of the first user changes;
the first user's job title changes.
5. The method of claim 4, wherein updating the first user's operational rights to the first business object in the at least two business systems based on the post responsibility parameters comprises:
In the case that the preset condition is that the first user is in duty, in the at least two service systems, based on the post duty parameter, assigning the operation authority to the first service object to the first user; or alternatively
When the preset condition is that the position of the first user changes, in the at least two service systems, based on the position responsibility parameters, the operation authority of the first service object is allocated to the first user, wherein the position information is position information after the position of the first user changes; or alternatively
When the preset condition is that the post responsibility of the first user changes, in the at least two service systems, based on the post responsibility parameters, distributing operation authority of the first service object to the first user, wherein the post information is post information after the post responsibility of the first user changes;
after the first business object corresponding to the job position parameter is determined based on the job position parameter, the method further comprises:
And under the condition that the preset condition is that the first user leaves the service, updating the authority invalidation time of the operation authority of the first user on the first service object in the at least two service systems, wherein the operation authority of the first user on the first service object is invalidated at a time point indicated by the authority invalidation time.
6. The method according to claim 1, wherein the method further comprises:
Checking the authority of a user in the service system every preset time length to obtain first check information; generating first early warning information under the condition that the first verification information characterizes that the second user has mutual exclusion authority, wherein the first early warning information comprises: the first abnormal identifier, the identity information of the second user and the authority information of the second user;
Acquiring approval process information in the process of updating the operation authority of the first user on the first business object, and generating second early warning information under the condition that the approval process information has preset abnormality, wherein the second early warning information comprises: the second abnormal identifier and the approval process information comprise: at least two approval nodes and approval conclusion information corresponding to each approval node, wherein the preset exception comprises: the identity information of the node submitting the approval application is the same as the identity information of the node approving the approval application.
7. A rights setting apparatus characterized by comprising:
The system comprises an acquisition module, a control module and a control module, wherein the acquisition module is used for acquiring position information of a first user, the first user is a user in at least two business systems, and the position information comprises position parameters and position responsibility parameters;
A determining module, configured to determine a first service object corresponding to the job status parameter based on the job status parameter, where the at least two service systems include the first service object, and the first service object corresponds to at least one system menu in each service system;
and the updating module is used for updating the operation authority of the first user on the first business object in the at least two business systems based on the post responsibility parameters, wherein the operation types corresponding to different post responsibility parameters are different.
8. An electronic device, comprising: a processor, a memory and a program stored on the memory and executable on the processor, which when executed by the processor, performs the steps of the method according to any one of claims 1 to 6.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 6.
10. A computer program product comprising computer instructions which, when executed by a processor, implement the steps of the method of any of claims 1 to 6.
CN202410969680.1A 2024-07-19 2024-07-19 Authority setting method, authority setting device, electronic device, storage medium and program product Pending CN118521279A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410969680.1A CN118521279A (en) 2024-07-19 2024-07-19 Authority setting method, authority setting device, electronic device, storage medium and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410969680.1A CN118521279A (en) 2024-07-19 2024-07-19 Authority setting method, authority setting device, electronic device, storage medium and program product

Publications (1)

Publication Number Publication Date
CN118521279A true CN118521279A (en) 2024-08-20

Family

ID=92274165

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410969680.1A Pending CN118521279A (en) 2024-07-19 2024-07-19 Authority setting method, authority setting device, electronic device, storage medium and program product

Country Status (1)

Country Link
CN (1) CN118521279A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294578A1 (en) * 2005-06-23 2006-12-28 Microsoft Corporation Unified authorization for heterogeneous applications
CN107633184A (en) * 2017-10-19 2018-01-26 上海砾阳软件有限公司 A kind of database and method and apparatus for being used to manage user right
CN110298167A (en) * 2019-05-22 2019-10-01 深圳壹账通智能科技有限公司 Method for managing user right, device, computer equipment and storage medium
CN111970228A (en) * 2020-06-19 2020-11-20 吴建廷 Unified management method and platform for user permission of multi-service system integration
CN112257090A (en) * 2020-10-28 2021-01-22 国寿投资控股有限公司 Method and system for checking role authority
CN117932628A (en) * 2023-12-21 2024-04-26 宝钢工程技术集团有限公司 RBAC-based financial information system authorization management method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294578A1 (en) * 2005-06-23 2006-12-28 Microsoft Corporation Unified authorization for heterogeneous applications
CN107633184A (en) * 2017-10-19 2018-01-26 上海砾阳软件有限公司 A kind of database and method and apparatus for being used to manage user right
CN110298167A (en) * 2019-05-22 2019-10-01 深圳壹账通智能科技有限公司 Method for managing user right, device, computer equipment and storage medium
CN111970228A (en) * 2020-06-19 2020-11-20 吴建廷 Unified management method and platform for user permission of multi-service system integration
CN112257090A (en) * 2020-10-28 2021-01-22 国寿投资控股有限公司 Method and system for checking role authority
CN117932628A (en) * 2023-12-21 2024-04-26 宝钢工程技术集团有限公司 RBAC-based financial information system authorization management method

Similar Documents

Publication Publication Date Title
US7590597B2 (en) Electronic business transaction system
JP4903408B2 (en) Organization reference data and qualification system
CN110599276B (en) Bill reimbursement method, device and equipment and computer storage medium
US7236947B2 (en) Providing highly automated procurement services
WO2021135169A1 (en) Blockchain-based management method, terminal, apparatus, and storage medium
US20010011222A1 (en) Integrated procurement management system using public computer network
KR102213465B1 (en) Apparatus and method for managing information security
CN109741008A (en) Expense reimbursement management method and device
CN109741009A (en) Expense reimbursement management method and device
KR20020041390A (en) Method for construction project management using internet and system therefor
KR100339643B1 (en) System and method for trading business management in Internet web
KR101631169B1 (en) System for mediating used goods and system for transaction of used goods using the same
KR101919865B1 (en) Apparatus and method for managing electronic receipt
KR20140146255A (en) Method for managing customer for marketing of finance and system using the same
CN118521279A (en) Authority setting method, authority setting device, electronic device, storage medium and program product
CN115859379A (en) Method and system for checking travel data, electronic device and storage medium
JP6993840B2 (en) Management server, credit center server, and computer program
JP2021002129A (en) Quality management support method, quality management support system, and quality management support device
KR101662707B1 (en) System for managing used goods and system for transaction of used goods using the same
KR101631166B1 (en) System for deleting of security data in used electronics and system for transaction of used goods using the same
US9135614B2 (en) System and method for managing issuance of financial accounts
KR102498822B1 (en) consignment management server
JP2001175759A (en) An integrated construction type integrated information system using the Internet.
CA2914639C (en) Unauthenticated access to artifacts in commerce networks
KR101631170B1 (en) System for compensation sale of used goods and system for transaction of used goods using the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20240820

RJ01 Rejection of invention patent application after publication