[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN110147657A - A kind of user right configuration method and device - Google Patents

A kind of user right configuration method and device Download PDF

Info

Publication number
CN110147657A
CN110147657A CN201910307153.3A CN201910307153A CN110147657A CN 110147657 A CN110147657 A CN 110147657A CN 201910307153 A CN201910307153 A CN 201910307153A CN 110147657 A CN110147657 A CN 110147657A
Authority
CN
China
Prior art keywords
permission
authority
user
preset
package
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910307153.3A
Other languages
Chinese (zh)
Inventor
冯田田
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Smart Technology Co Ltd
Original Assignee
OneConnect Smart Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Smart Technology Co Ltd filed Critical OneConnect Smart Technology Co Ltd
Priority to CN201910307153.3A priority Critical patent/CN110147657A/en
Publication of CN110147657A publication Critical patent/CN110147657A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/105Human resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

本发明实施例提供了一种用户权限配置方法及装置,本发明涉及人工智能技术领域,方法包括:响应于权限申请请求,获取待分配权限的用户的职位信息;提取职位信息中的关键词,并根据关键词匹配得到用户的所属部门、所属职位;根据用户的所属部门获取匹配的权限包,权限包包括至少一个职位的权限集,其中,权限集中的多个权限的申请逻辑相同;根据用户的所属职位从权限包中获取职位匹配的权限集;根据职位匹配的权限集的申请逻辑及权限申请请求触发权限审批流程,并基于权限审批流程配置用户的权限。本发明实施例提供的技术方案能够解决现有技术中权限配置效率低的问题。

Embodiments of the present invention provide a user authority configuration method and device. The present invention relates to the field of artificial intelligence technology. The method includes: responding to an authority application request, obtaining position information of a user to be assigned authority; extracting keywords in the position information, And obtain the user's department and position according to the keyword matching; obtain the matching permission package according to the user's department, the permission package includes the permission set of at least one position, and the application logic of multiple permissions in the permission set is the same; according to the user The position to which the user belongs obtains the permission set matching the position from the permission package; triggers the permission approval process according to the application logic of the permission set matching the position and the permission application request, and configures the user's permissions based on the permission approval process. The technical solutions provided by the embodiments of the present invention can solve the problem of low efficiency of authority configuration in the prior art.

Description

一种用户权限配置方法及装置Method and device for configuring user rights

【技术领域】【Technical field】

本发明涉及人工智能技术领域,尤其涉及一种用户权限配置方法及装置。The present invention relates to the technical field of artificial intelligence, in particular to a method and device for configuring user rights.

【背景技术】【Background technique】

目前,随着公司组织架构不断复杂化,每天有很多新人入职,也有人离职,权限管理人员人工完成权限的配置,审批人员也需要对各种权限的配置进行审批,工作量巨大,容易出现差错,因此如何提高权限配置的效率成为目前亟待解决的问题。At present, with the continuous complexity of the company's organizational structure, many new employees join the company every day, and some leave. The authority management personnel manually complete the authority configuration, and the approval personnel also need to approve the configuration of various authority. The workload is huge and errors are prone to occur. , so how to improve the efficiency of authority configuration has become an urgent problem to be solved.

【发明内容】【Content of invention】

有鉴于此,本发明实施例提供了一种用户权限配置方法及装置,用以解决现有技术中权限配置效率低的问题。In view of this, the embodiments of the present invention provide a user authority configuration method and device, which are used to solve the problem of low efficiency of authority configuration in the prior art.

为了实现上述目的,根据本发明的一个方面,提供了一种用户权限配置方法,所述方法包括:In order to achieve the above object, according to one aspect of the present invention, a method for configuring user rights is provided, the method comprising:

响应于权限申请请求,获取待分配权限的用户的职位信息;提取所述职位信息中的关键词,并根据所述关键词匹配得到所述用户的所属部门、所属职位;根据所述用户的所属部门获取匹配的权限包,所述权限包包括至少一个职位的权限集,其中,所述权限集中的多个权限的申请逻辑相同;根据所述用户的所属职位从所述权限包中获取职位匹配的权限集;根据所述职位匹配的权限集的申请逻辑及所述权限申请请求触发权限审批流程,并基于所述权限审批流程配置所述用户的权限。In response to the authority application request, obtain the position information of the user to be assigned authority; extract keywords in the position information, and match the keywords to obtain the user's department and position; according to the user's affiliation The department obtains a matching permission package, the permission package includes a permission set of at least one position, wherein the application logic of multiple permissions in the permission set is the same; obtain the position matching from the permission package according to the position to which the user belongs The permission set; according to the application logic of the permission set matched with the position and the permission application request, the permission approval process is triggered, and the user's permission is configured based on the permission approval process.

进一步地,在所述根据所述用户的所属部门获取匹配的权限包之前,所述方法还包括:Further, before obtaining the matching authority package according to the department to which the user belongs, the method further includes:

获取多个权限申请记录;提取每个所述权限申请记录中的关键字,得到申请人的所属部门、所属职位及权限;将所述申请人所属职位相同且所述权限申请逻辑也相同的多个所述权限存储至一个预设的权限集,其中,所述预设的权限集以所述职位作为一级分类标签;将所述预设的权限集中的多个所述权限进行去重;将所属部门相同的多个去重后的所述预设的权限集合并为一个预设的权限包,所述预设的权限包以所述部门作为二级分类标签。Obtain multiple authority application records; extract the keywords in each authority application record, and obtain the applicant's department, position and authority; set the applicant's position to the same position and the logic of the authority application storing each of the permissions in a preset permission set, wherein the preset permission set uses the position as a first-level classification label; and deduplicating a plurality of the permissions in the preset permission set; The multiple deduplicated preset permission sets that belong to the same department are combined into a preset permission package, and the preset permission package uses the department as a secondary classification label.

进一步地,所述将所述预设的权限集中的多个权限进行去重,包括:将每个所述权限通过自然语言处理方法进行分词,得到多个词;通过预设的词向量表示模型获取每个所述词的向量表示;采用余弦相似度公式计算多个所述权限的向量相似度;从所述向量相似度大于预设阈值的多个所述权限中保留一个所述权限。Further, the deduplication of multiple permissions in the preset permission set includes: performing word segmentation on each of the permissions through a natural language processing method to obtain multiple words; representing the model through a preset word vector Obtaining the vector representation of each of the words; calculating the vector similarity of multiple permissions by using a cosine similarity formula; and reserving one permission from the multiple permissions whose vector similarity is greater than a preset threshold.

进一步地,在所述提取每个所述权限申请记录中的关键字,得到申请人的所属部门、所属职位及权限之后,并在所述将所述申请人所属职位相同且所述权限申请逻辑也相同的多个所述权限存储至一个预设的权限集之前,所述方法还包括:判断相同权限的所属职位个数是否大于第一预设值;如是,则将所述相同权限确认为通用权限;将所述通用权限存储至预设的通用权限包,其中,所述通用权限包中的通用权限适用于所有新增用户。Further, after extracting the keywords in each authority application record, obtaining the applicant's department, position and authority, and making the applicant's position the same and the authority application logic Before the multiple identical permissions are stored in a preset permission set, the method further includes: judging whether the number of posts with the same permission is greater than the first preset value; if so, confirming the same permission as General authority: storing the general authority in a preset general authority package, wherein the general authority in the general authority package is applicable to all newly added users.

进一步地,所述根据所述职位匹配的权限集的申请逻辑及所述权限申请请求触发权限审批流程,并基于所述权限审批流程配置所述用户的权限之后,所述方法还包括:获取所述用户的增加权限请求,其中,所述增加权限请求携带待增加的权限;判断与所述用户的职位相匹配的权限包内是否存在所述待增加的权限;若存在,则将与所述待增加的权限分配给所述用户;若不存在,则基于所述增加权限请求创建新权限,并根据所述新权限的申请逻辑触发新增权限审批流程。Further, the application logic of the permission set matched with the position and the permission application request trigger a permission approval process, and after configuring the user's permission based on the permission approval process, the method further includes: obtaining all The user’s permission increase request, wherein the permission increase request carries the permission to be increased; judge whether there is the permission to be increased in the permission package matching the user’s position; The authority to be added is assigned to the user; if it does not exist, a new authority is created based on the request to increase the authority, and the new authority approval process is triggered according to the application logic of the new authority.

进一步地,在所述基于所述增加权限请求创建新权限,并根据所述新权限的申请逻辑触发新增权限审批流程之后,所述方法还包括:统计相同职位关于所述新权限的权限申请记录次数;判断所述新权限的权限申请记录次数是否大于第二预设值;如是,则将所述新权限合并至与所述相同职位相匹配的权限集中。Further, after creating a new permission based on the permission increase request and triggering the new permission approval process according to the application logic of the new permission, the method further includes: counting the permission applications of the same position with respect to the new permission Recording times; judging whether the number of authority application records for the new authority is greater than a second preset value; if yes, merging the new authority into the authority set matching the same position.

为了实现上述目的,根据本发明的一个方面,提供了一种用户权限配置装置,所述装置包括:In order to achieve the above object, according to one aspect of the present invention, a user rights configuration device is provided, the device includes:

第一获取单元,响应于权限申请请求,获取待分配权限的用户的职位信息;匹配单元,用于提取所述职位信息中的关键词,并根据所述关键词匹配得到所述用户的所属部门、所属职位;第二获取单元,用于根据所述用户的所属部门获取匹配的权限包,所述权限包包括至少一个职位的权限集,其中,所述权限集中的多个权限的申请逻辑相同;第三获取单元,用于根据所述用户的所属职位从所述权限包中获取职位匹配的权限集;配置单元,用于根据所述职位匹配的权限集的申请逻辑及所述权限申请请求触发权限审批流程,并基于所述权限审批流程配置所述用户的权限。The first acquiring unit, in response to the authority application request, acquires the position information of the user to be assigned the authority; the matching unit is used to extract keywords in the position information, and obtain the department to which the user belongs according to the keyword matching , the position to which the user belongs; a second acquisition unit, configured to acquire a matching authority package according to the department to which the user belongs, the authority package including an authority set of at least one position, wherein the application logic of multiple authorities in the authority set is the same ; The third acquisition unit is used to obtain the permission set matching the position from the permission package according to the position of the user; the configuration unit is used to apply logic and the permission application request according to the permission set matching the position A permission approval process is triggered, and the user's permission is configured based on the permission approval process.

进一步地,所述装置还包括:Further, the device also includes:

第四获取单元,用于获取多个权限申请记录;提取单元,用于提取每个所述权限申请记录中的关键字,得到申请人的所属部门、所属职位及权限;处理单元,用于将所述申请人所属职位相同且所述权限申请逻辑也相同的多个所述权限存储至一个预设的权限集,其中,所述预设的权限集以所述职位作为一级分类标签;去重单元,用于将所述预设的权限集中的多个所述权限进行去重;合并单元,用于将所属部门相同的多个去重后的所述预设的权限集合并为一个预设的权限包,所述预设的权限包以所述部门作为二级分类标签。The fourth obtaining unit is used to obtain multiple permission application records; the extraction unit is used to extract keywords in each permission application record to obtain the applicant's department, position and permission; the processing unit is used to Multiple permissions with the same position to which the applicant belongs and the same permission application logic are stored in a preset permission set, wherein the preset permission set uses the position as a first-level classification label; The duplicate unit is used to deduplicate a plurality of the authority sets in the preset authority set; the merging unit is used to merge the multiple deduplicated preset authority sets belonging to the same department into one preset authority set. A preset permission package, the preset permission package uses the department as a secondary classification label.

为了实现上述目的,根据本发明的一个方面,提供了一种计算机非易失性存储介质,所述存储介质包括存储的程序,在所述程序运行时控制所述存储介质所在设备执行上述的用户权限配置方法。In order to achieve the above object, according to one aspect of the present invention, a computer non-volatile storage medium is provided, the storage medium includes a stored program, and when the program is running, the device where the storage medium is located is controlled to execute the above user Permission configuration method.

为了实现上述目的,根据本发明的一个方面,提供了一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述的用户权限配置方法的步骤。In order to achieve the above object, according to one aspect of the present invention, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and operable on the processor, and the processor executes the Steps for implementing the above-mentioned user authority configuration method when describing a computer program.

在本方案中,通过获取用户的职位信息,用职位信息来获取与该职位信息相匹配的权限包,并根据权限中的申请逻辑自动触发审批流程,将权限包中的多个权限一次性配置给用户,无需反复签报申请,提高权限配置效率。In this solution, by obtaining the user's position information, use the position information to obtain the permission package that matches the position information, and automatically trigger the approval process according to the application logic in the permission, and configure multiple permissions in the permission package at one time For users, there is no need to repeatedly sign and apply, which improves the efficiency of permission allocation.

【附图说明】【Description of drawings】

为了更清楚地说明本发明实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其它的附图。In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the accompanying drawings used in the embodiments will be briefly introduced below. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. Those of ordinary skill in the art can also obtain other drawings based on these drawings without paying creative labor.

图1是本发明实施例提供的一种可选的用户权限配置方法的流程图;FIG. 1 is a flow chart of an optional user rights configuration method provided by an embodiment of the present invention;

图2是本发明实施例提供的一种可选的用户权限配置装置的示意图;Fig. 2 is a schematic diagram of an optional user authority configuration device provided by an embodiment of the present invention;

图3是本发明实施例提供的一种可选的计算机设备的示意图。Fig. 3 is a schematic diagram of an optional computer device provided by an embodiment of the present invention.

【具体实施方式】【Detailed ways】

为了更好的理解本发明的技术方案,下面结合附图对本发明实施例进行详细描述。In order to better understand the technical solutions of the present invention, the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

应当明确,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。It should be clear that the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

在本发明实施例中使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本发明。在本发明实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。Terms used in the embodiments of the present invention are only for the purpose of describing specific embodiments, and are not intended to limit the present invention. As used in the embodiments of the present invention and the appended claims, the singular forms "a", "said" and "the" are also intended to include the plural forms unless the context clearly indicates otherwise.

应当理解,本文中使用的术语“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。It should be understood that the term "and/or" used herein is only an association relationship describing associated objects, which means that there may be three relationships, for example, A and/or B, which may mean that A exists alone, and A and B exist simultaneously. B, there are three situations of B alone. In addition, the character "/" in this article generally indicates that the contextual objects are an "or" relationship.

应当理解,尽管在本发明实施例中可能采用术语第一、第二、第三等来描述终端,但这些终端不应限于这些术语。这些术语仅用来将终端彼此区分开。例如,在不脱离本发明实施例范围的情况下,第一终端也可以被称为第二终端,类似地,第二终端也可以被称为第一终端。It should be understood that although terms such as first, second, and third may be used to describe terminals in this embodiment of the present invention, these terminals should not be limited to these terms. These terms are only used to distinguish one terminal from another. For example, without departing from the scope of the embodiments of the present invention, a first terminal may also be called a second terminal, and similarly, a second terminal may also be called a first terminal.

取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”或“响应于检测”。类似地,取决于语境,短语“如果确定”或“如果检测(陈述的条件或事件)”可以被解释成为“当确定时”或“响应于确定”或“当检测(陈述的条件或事件)时”或“响应于检测(陈述的条件或事件)”。Depending on the context, the word "if" as used herein may be interpreted as "at" or "when" or "in response to determining" or "in response to detecting". Similarly, depending on the context, the phrases "if determined" or "if detected (the stated condition or event)" could be interpreted as "when determined" or "in response to the determination" or "when detected (the stated condition or event) )" or "in response to detection of (a stated condition or event)".

图1是根据本发明实施例的一种用户权限配置方法的流程图,如图1所示,该方法包括:Fig. 1 is a flow chart of a method for configuring user rights according to an embodiment of the present invention. As shown in Fig. 1, the method includes:

步骤S101,响应于权限申请请求,获取待分配权限的用户的职位信息。Step S101, in response to a permission application request, acquire position information of users to be assigned permissions.

步骤S102,提取职位信息中的关键词,并根据关键词匹配得到用户的所属部门、所属职位。Step S102, extract keywords in the position information, and obtain the user's department and position according to the keyword matching.

步骤S103,根据用户的所属部门获取匹配的权限包,权限包包括至少一个职位的权限集,其中,权限集中的多个权限的申请逻辑相同。In step S103, a matching authority package is acquired according to the department to which the user belongs. The authority package includes an authority set of at least one position, wherein the application logic of multiple authorities in the authority set is the same.

步骤S104,根据用户的所属职位从权限包中获取职位匹配的权限集。Step S104 , according to the user's position, the permission set matching the position is obtained from the permission package.

步骤S105,根据职位匹配的权限集的申请逻辑及权限申请请求触发权限审批流程,并基于权限审批流程配置用户的权限。Step S105 , triggering the authority approval process according to the application logic of the authority set matched with the position and the authority application request, and configuring the user's authority based on the authority approval process.

本方案中,通过获取用户的职位信息,用职位信息来获取与该职位信息相匹配的权限包,并根据权限中的申请逻辑自动触发审批流程,将权限包中的多个权限一次性配置给用户,无需反复签报申请,提高权限管理效率。In this solution, by obtaining the user's position information, the position information is used to obtain the permission package that matches the position information, and the approval process is automatically triggered according to the application logic in the permission, and multiple permissions in the permission package are configured at one time. Users do not need to sign and apply repeatedly, which improves the efficiency of authority management.

其中,权限申请逻辑例如为“主管审批-经理审批-人力资源经理备案”,那么这个权限包中的所有权限以列表的形式直接推送至主管,触发审批流程,加快审批。Among them, the permission application logic is, for example, "supervisor approval-manager approval-HR manager filing", then all the permissions in this permission package are directly pushed to the supervisor in the form of a list, triggering the approval process and speeding up the approval process.

可选地,在根据用户的所属部门获取匹配的权限包之前,方法还包括:Optionally, before acquiring the matching permission package according to the department the user belongs to, the method further includes:

获取多个权限申请记录;提取每个权限申请记录中的关键字,得到申请人的所属部门、所属职位及权限;将申请人所属职位相同且权限申请逻辑也相同的多个权限存储至一个预设的权限集,其中,预设的权限集以职位作为一级分类标签;将预设的权限集中的多个权限进行去重;将所属部门相同的多个去重后的预设的权限集合并为一个预设的权限包,预设的权限包以部门作为二级分类标签。Obtain multiple authority application records; extract the keywords in each authority application record, and obtain the applicant's department, position and authority; store multiple authorities with the same position and the same authority application logic as the applicant in a preset The preset permission set, in which, the preset permission set uses the position as the first-level classification label; multiple permissions in the preset permission set are deduplicated; the preset permission set after multiple deduplication of the same department belongs And it is a default permission package, and the default permission package uses the department as the secondary classification label.

其中,权限申请记录可以文档、电子档、邮件等各种形式,权限聚类例如:产品开发部的权限包里面包括测试工程师的权限集、开发工程师的权限集、应用工程师的权限集等。将权限根据适用员工的职位及部门进行聚类,并利用一级标签、二级标签来管理,使得权限的一次性配置成为可能,提高权限配置的效率。Among them, permission application records can be in various forms such as documents, electronic files, and emails. For example, the permission package of the product development department includes the permission set of the test engineer, the permission set of the development engineer, and the permission set of the application engineer. The authority is clustered according to the position and department of the applicable employee, and the first-level label and the second-level label are used to manage, which makes the one-time configuration of authority possible and improves the efficiency of authority allocation.

具体地,先将相同职位的不同权限分类至一个预设的权限集中,并用职位作为分类标签来对权限集进行管理,使得在新员工权限分配过程中,通过职位匹配即可获取相应的权限配置,提高了权限配置的效率。在其他实施方式中,还可以根据职位的细分(如测试工程师细分为ISO软件测试工程师、WEB软件测试工程师等)进一步将权限集分为多个权限子集。从而使得权限配置时能够更加精准。Specifically, first classify the different permissions of the same position into a preset permission set, and use the position as a classification label to manage the permission set, so that in the process of assigning permissions to new employees, the corresponding permission configuration can be obtained through position matching , which improves the efficiency of permission configuration. In other implementation manners, the permission set can be further divided into multiple permission subsets according to the subdivision of positions (eg, test engineers are subdivided into ISO software test engineers, WEB software test engineers, etc.). This makes the permission configuration more precise.

可选地,获取待分配权限的用户的职位信息,包括:Optionally, obtain the position information of the user to be assigned permissions, including:

获取人力资源管理系统推送的新入职员工的职位信息;Obtain the position information of newly recruited employees pushed by the human resources management system;

或,根据用户的员工号在人力资源档案中心查询用户的职位信息。还可以通过登录公司网站或与职位相关的网站(OPC、堡垒机)查询用户的职位信息。例如某团队的测试工程师。具体地,可以每天定时轮询人力资源管理系统里面查找是否有新入职员工。Or, query the user's position information in the human resources file center according to the user's employee number. You can also query the user's position information by logging into the company's website or a position-related website (OPC, bastion host). For example, a team of test engineers. Specifically, the human resource management system may be regularly polled every day to find out whether there are new recruits.

可选地,将预设的权限集中的多个权限进行去重,包括:将每个权限通过自然语言处理方法进行分词,得到多个词;通过预设的词向量表示模型获取每个词的向量表示;采用余弦相似度公式计算多个权限的向量相似度;从向量相似度大于预设阈值的多个权限中保留一个权限。Optionally, deduplication of multiple permissions in the preset permission set includes: segmenting each permission into words through a natural language processing method to obtain multiple words; obtaining the value of each word through a preset word vector representation model Vector representation; the cosine similarity formula is used to calculate the vector similarity of multiple permissions; one permission is reserved from multiple permissions whose vector similarity is greater than a preset threshold.

其中,余弦相似度计算公式为cos(θ)表示相似度,i表示词汇数,其值为1~n的正整数,A表示第一权限,B表示第二权限,Ai表示第一权限中的一关键词,Bi表示第二权限中的一关键词。词向量表示模型例如可以是WORD2VEC等神经网络模型。Among them, the cosine similarity calculation formula is cos(θ) represents the similarity, i represents the number of words, its value is a positive integer from 1 to n, A represents the first authority, B represents the second authority, Ai represents a keyword in the first authority, Bi represents the second A keyword in permissions. The word vector representation model can be, for example, a neural network model such as WORD2VEC.

可选地,在提取每个权限申请记录中的关键字,得到申请人的所属部门、所属职位及权限之后,并在将申请人所属职位相同且权限申请逻辑也相同的多个权限存储至一个预设的权限集之前,方法还包括:判断相同权限的所属职位个数是否大于第一预设值;如是,则将相同权限确认为通用权限;将通用权限存储至预设的通用权限包,其中,通用权限包中的通用权限适用于所有新增用户。Optionally, after extracting the keywords in each authority application record, obtaining the applicant's department, position and authority, and storing multiple authorities with the same position and the same authority application logic as the applicant in one Before the preset permission set, the method also includes: judging whether the number of posts with the same permission is greater than the first preset value; if so, confirming the same permission as a general permission; storing the general permission to the preset general permission package, Among them, the general permissions in the general permission package are applicable to all new users.

例如:权限1为“邮件外发权限”,权限1所属职位包括测试工程师、开发工程师、应用工程师、技术支持工程师等,当权限申请记录中同一权限所匹配到的职位的数量超过预设值(如超过10个职位)时,将权限1确认为通用权限,使得后续新用户申请权限时,通用权限包中的权限将全部配置给新用户。For example: Permission 1 is "Mail Outgoing Permission", and the positions of Permission 1 include test engineer, development engineer, application engineer, technical support engineer, etc., when the number of positions matched by the same permission in the permission application record exceeds the preset value ( If there are more than 10 positions), confirm permission 1 as a general permission, so that when a new user applies for permission, all the permissions in the general permission package will be allocated to the new user.

可选地,根据职位匹配的权限集的申请逻辑及权限申请请求触发权限审批流程,并基于权限审批流程配置用户的权限之后,方法还包括:获取用户的增加权限请求,其中,增加权限请求携带待增加的权限;判断与用户的职位相匹配的权限包内是否存在待增加的权限;若存在,则将与待增加的权限分配给用户;若不存在,则基于增加权限请求创建新权限,并根据新权限的申请逻辑触发新增权限审批流程。其中,增加权限请求为在根据用户的职位信息进行权限配置后,用户基于自身的需求提出的额外权限增加的请求。Optionally, after triggering the permission approval process according to the application logic of the permission set matched with the position and the permission application request, and configuring the user's permission based on the permission approval process, the method further includes: obtaining the user's permission increase request, wherein the permission increase request carries Permissions to be added; determine whether there are permissions to be added in the permission package that matches the user's position; if yes, assign the permissions to be added to the user; if not, create a new permission based on the permission increase request, And trigger the approval process of adding permissions according to the application logic of new permissions. Wherein, the permission increase request is a request for an additional permission increase based on the user's own needs after the permission configuration is performed according to the user's position information.

可选地,在基于增加权限请求创建新权限,并根据新权限的申请逻辑触发新增权限审批流程之后,方法还包括:统计相同职位关于新权限的权限申请记录次数;判断新权限的权限申请记录次数是否大于第二预设值;如是,则将新权限合并至与相同职位相匹配的权限集中。Optionally, after creating a new permission based on the permission increase request, and triggering the new permission approval process according to the application logic of the new permission, the method further includes: counting the number of permission application records for the new permission of the same position; judging the permission application of the new permission Whether the number of records is greater than the second preset value; if yes, the new authority is merged into the authority set matching the same position.

例如:测试工程师1申请权限2,测试工程师2申请权限2,当测试工程师该职位关于权限2的申请次数大于10次时,则自动将权限2纳入测试工程师职位所对应的权限集。将新权限自动分配给同一职位或同一部门的所有用户,即所有的测试工程师都会自动开通权限2。For example: test engineer 1 applies for permission 2, and test engineer 2 applies for permission 2. When the number of applications for permission 2 of the position of test engineer is more than 10, permission 2 will be automatically included in the permission set corresponding to the position of test engineer. Automatically assign new permissions to all users in the same position or in the same department, that is, all test engineers will automatically enable permissions 2.

本发明实施例提供了一种用户权限配置装置,该装置用于执行上述用户权限配置方法,如图2所示,该装置包括:第一获取单元10、匹配单元20、第二获取单元30、第三获取单元40、配置单元50。An embodiment of the present invention provides a user authority configuration device, which is used to execute the above user authority configuration method. As shown in FIG. 2 , the device includes: a first acquisition unit 10, a matching unit 20, a second acquisition unit 30, The third acquisition unit 40 and the configuration unit 50 .

第一获取单元10,响应于权限申请请求,获取待分配权限的用户的职位信息;The first acquiring unit 10, in response to the authority application request, acquires the position information of the user whose authority is to be assigned;

匹配单元20,用于提取职位信息中的关键词,并根据关键词匹配得到用户的所属部门、所属职位;The matching unit 20 is used to extract keywords in the position information, and obtain the user's department and position according to the keyword matching;

第二获取单元30,用于根据用户的所属部门获取匹配的权限包,权限包包括至少一个职位的权限集,其中,权限集中的多个权限的申请逻辑相同;The second acquiring unit 30 is configured to acquire a matching authority package according to the department to which the user belongs, the authority package including an authority set of at least one position, wherein the application logic of multiple authorities in the authority set is the same;

第三获取单元40,用于根据用户的所属职位从权限包中获取职位匹配的权限集;The third obtaining unit 40 is configured to obtain a permission set matching a position from the permission package according to the user's position;

配置单元50,用于根据职位匹配的权限集的申请逻辑及权限申请请求触发权限审批流程,并基于权限审批流程配置用户的权限。The configuration unit 50 is configured to trigger a permission approval process according to the application logic of the permission set matched with the position and the permission application request, and configure user permissions based on the permission approval process.

本方案中,通过获取用户的职位信息,用职位信息来获取与该职位信息相匹配的权限包,并根据权限中的申请逻辑自动触发审批流程,将权限包中的多个权限一次性配置给用户,无需反复签报申请,提高权限管理效率。In this solution, by obtaining the user's position information, the position information is used to obtain the permission package that matches the position information, and the approval process is automatically triggered according to the application logic in the permission, and multiple permissions in the permission package are configured at one time. Users do not need to sign and apply repeatedly, which improves the efficiency of authority management.

其中,权限申请逻辑例如为“主管审批-经理审批-人力资源经理备案”,那么这个权限包中的所有权限以列表的形式直接推送至主管,触发审批流程,加快审批。Among them, the permission application logic is, for example, "supervisor approval-manager approval-HR manager filing", then all the permissions in this permission package are directly pushed to the supervisor in the form of a list, triggering the approval process and speeding up the approval process.

可选地,装置还包括第四获取单元、提取单元、处理单元、去重单元、合并单元。Optionally, the device further includes a fourth acquiring unit, an extracting unit, a processing unit, a deduplication unit, and a merging unit.

第四获取单元,用于获取多个权限申请记录;提取单元,用于提取每个权限申请记录中的关键字,得到申请人的所属部门、所属职位及权限;处理单元,用于将申请人所属职位相同且权限申请逻辑也相同的多个权限存储至一个预设的权限集,其中,预设的权限集以职位作为一级分类标签;去重单元,用于将预设的权限集中的多个权限进行去重;合并单元,用于将所属部门相同的多个去重后的预设的权限集合并为一个预设的权限包,预设的权限包以部门作为二级分类标签。The fourth obtaining unit is used to obtain multiple permission application records; the extraction unit is used to extract keywords in each permission application record, and obtains the applicant's department, position and permission; the processing unit is used to extract the applicant's Multiple permissions with the same position and the same permission application logic are stored in a preset permission set, where the preset permission set uses the position as the first-level classification label; the deduplication unit is used to store the Multiple permissions are deduplicated; the merging unit is used to merge multiple deduplicated preset permission sets belonging to the same department into a preset permission package, and the preset permission package uses the department as a secondary classification label.

其中,权限申请记录可以文档、电子档、邮件等各种形式,权限聚类例如:产品开发部的权限包里面包括测试工程师的权限集、开发工程师的权限集、应用工程师的权限集等。将权限根据适用员工的职位及部门进行聚类,并利用一级标签、二级标签来管理,使得权限的一次性配置成为可能,提高权限配置的效率。Among them, permission application records can be in various forms such as documents, electronic files, and emails. For example, the permission package of the product development department includes the permission set of the test engineer, the permission set of the development engineer, and the permission set of the application engineer. The authority is clustered according to the position and department of the applicable employee, and the first-level label and the second-level label are used to manage, which makes the one-time configuration of authority possible and improves the efficiency of authority allocation.

具体地,先将相同职位的不同权限分类至一个预设的权限集中,并用职位作为分类标签来对权限集进行管理,使得在新员工权限分配过程中,通过职位匹配即可获取相应的权限配置,提高了权限配置的效率。在其他实施方式中,还可以根据职位的细分(如测试工程师细分为ISO软件测试工程师、WEB软件测试工程师等)进一步将权限集分为多个权限子集。从而使得权限配置时能够更加精准。Specifically, first classify the different permissions of the same position into a preset permission set, and use the position as a classification label to manage the permission set, so that in the process of assigning permissions to new employees, the corresponding permission configuration can be obtained through position matching , which improves the efficiency of permission configuration. In other implementation manners, the permission set can be further divided into multiple permission subsets according to the subdivision of positions (eg, test engineers are subdivided into ISO software test engineers, WEB software test engineers, etc.). This makes the permission configuration more precise.

可选地,第一获取单元10包括第一获取子单元、第二获取子单元。Optionally, the first acquisition unit 10 includes a first acquisition subunit and a second acquisition subunit.

第一获取子单元,用于获取人力资源管理系统推送的新入职员工的职位信息;The first acquisition subunit is used to acquire the position information of the newly recruited employees pushed by the human resource management system;

第二获取子单元,用于根据用户的员工号在人力资源档案中心查询用户的职位信息。还可以通过登录公司网站或与职位相关的网站(OPC、堡垒机)查询用户的职位信息。例如某团队的测试工程师。具体地,可以每天定时轮询人力资源管理系统里面查找是否有新入职员工。The second obtaining subunit is used to query the position information of the user in the human resources file center according to the employee number of the user. You can also query the user's position information by logging into the company's website or a position-related website (OPC, bastion host). For example, a team of test engineers. Specifically, the human resource management system may be regularly polled every day to find out whether there are new recruits.

可选地,去重单元包括分词子单元、第三获取子单元、计算子单元、处理子单元。Optionally, the deduplication unit includes a word segmentation subunit, a third acquisition subunit, a calculation subunit, and a processing subunit.

分词子单元,用于将每个权限通过自然语言处理方法进行分词,得到多个词;第三获取子单元,用于通过预设的词向量表示模型获取每个词的向量表示;计算子单元,用于采用余弦相似度公式计算多个权限的向量相似度;处理子单元,用于从向量相似度大于预设阈值的多个权限中保留一个权限。The word segmentation subunit is used to segment each permission through natural language processing methods to obtain multiple words; the third acquisition subunit is used to obtain the vector representation of each word through the preset word vector representation model; the calculation subunit is used to calculate the vector similarity of multiple permissions by adopting the cosine similarity formula; the processing subunit is used to reserve one permission from the multiple permissions whose vector similarity is greater than a preset threshold.

其中,余弦相似度计算公式为cos(θ)表示相似度,i表示词汇数,其值为1~n的正整数,A表示第一权限,B表示第二权限,Ai表示第一权限中的一关键词,Bi表示第二权限中的一关键词。词向量表示模型例如可以是WORD2VEC等神经网络模型。Among them, the cosine similarity calculation formula is cos(θ) represents the similarity, i represents the number of words, its value is a positive integer from 1 to n, A represents the first authority, B represents the second authority, Ai represents a keyword in the first authority, Bi represents the second A keyword in permissions. The word vector representation model can be, for example, a neural network model such as WORD2VEC.

可选地,装置还包括第一判断单元、确认单元、存储单元。Optionally, the device further includes a first judgment unit, a confirmation unit, and a storage unit.

第一判断单元,用于判断相同权限的所属职位个数是否大于第一预设值;确认单元,用于如是,则将相同权限确认为通用权限;存储单元,用于将通用权限存储至预设的通用权限包,其中,通用权限包中的通用权限适用于所有新增用户。The first judging unit is used to judge whether the number of positions belonging to the same authority is greater than the first preset value; the confirming unit is used to confirm the same authority as the general authority; the storage unit is used to store the general authority in the preset A general authority package is set, wherein the general authority in the general authority package is applicable to all newly added users.

例如:权限1为“邮件外发权限”,权限1所属职位包括测试工程师、开发工程师、应用工程师、技术支持工程师等,当权限申请记录中同一权限所匹配到的职位的数量超过预设值(如超过10个职位)时,将权限1确认为通用权限,使得后续新用户申请权限时,通用权限包中的权限将全部配置给新用户。For example: Permission 1 is "Mail Outgoing Permission", and the positions of Permission 1 include test engineer, development engineer, application engineer, technical support engineer, etc., when the number of positions matched by the same permission in the permission application record exceeds the preset value ( If there are more than 10 positions), confirm permission 1 as a general permission, so that when a new user applies for permission, all the permissions in the general permission package will be allocated to the new user.

可选地,装置还包括第五获取单元、第二判断单元、分配单元、触发单元。Optionally, the device further includes a fifth acquiring unit, a second judging unit, an allocating unit, and a triggering unit.

第五获取单元,用于获取用户的增加权限请求,其中,增加权限请求携带待增加的权限;第二判断单元,用于判断与用户的职位相匹配的权限包内是否存在待增加的权限;分配单元,用于若存在,则将与待增加的权限分配给用户;触发单元,用于若不存在,则基于增加权限请求创建新权限,并根据新权限的申请逻辑触发新增权限审批流程。其中,增加权限请求为在根据用户的职位信息进行权限配置后,用户基于自身的需求提出的额外权限增加的请求。The fifth obtaining unit is used to obtain the user's permission increase request, wherein the permission increase request carries the permission to be added; the second judging unit is used to judge whether there is a permission to be added in the permission package matching the user's position; The allocation unit is used to assign the permission to be added to the user if it exists; the trigger unit is used to create a new permission based on the permission increase request if it does not exist, and trigger the new permission approval process according to the application logic of the new permission . Wherein, the permission increase request is a request for an additional permission increase based on the user's own needs after the permission configuration is performed according to the user's position information.

可选地,装置还包括统计单元、第三判断单元、第二合并单元。Optionally, the device further includes a statistical unit, a third judging unit, and a second merging unit.

统计单元,用于统计相同职位关于新权限的权限申请记录次数;第三判断单元,用于判断新权限的权限申请记录次数是否大于第二预设值;第二合并单元,用于如是,则将新权限合并至与相同职位相匹配的权限集中。The statistical unit is used to count the number of times of permission application records of the same position about the new permission; the third judging unit is used to judge whether the number of times of the permission application records of the new permission is greater than the second preset value; the second merging unit is used for if so, then Merge the new permissions into the permission set that matches the same position.

例如:测试工程师1申请权限2,测试工程师2申请权限2,当测试工程师该职位关于权限2的申请次数大于10次时,则自动将权限2纳入测试工程师职位所对应的权限集。将新权限自动分配给同一职位或同一部门的所有用户,即所有的测试工程师都会自动开通权限2。For example: test engineer 1 applies for permission 2, and test engineer 2 applies for permission 2. When the number of applications for permission 2 of the position of test engineer is more than 10, permission 2 will be automatically included in the permission set corresponding to the position of test engineer. Automatically assign new permissions to all users in the same position or in the same department, that is, all test engineers will automatically enable permissions 2.

本发明实施例提供了一种计算机非易失性存储介质,存储介质包括存储的程序,其中,在程序运行时控制存储介质所在设备执行以下步骤:An embodiment of the present invention provides a computer non-volatile storage medium, the storage medium includes a stored program, wherein, when the program is running, the device where the storage medium is located is controlled to perform the following steps:

响应于权限申请请求,获取待分配权限的用户的职位信息;提取职位信息中的关键词,并根据关键词匹配得到用户的所属部门、所属职位;根据用户的所属部门获取匹配的权限包,权限包包括至少一个职位的权限集,其中,权限集中的多个权限的申请逻辑相同;根据用户的所属职位从权限包中获取职位匹配的权限集;根据职位匹配的权限集的申请逻辑及权限申请请求触发权限审批流程,并基于权限审批流程配置用户的权限。In response to the permission application request, obtain the position information of the user to be assigned permission; extract the keywords in the job information, and obtain the user's department and position according to the keyword matching; obtain the matching permission package according to the user's department, permission The package includes a permission set of at least one position, where the application logic of multiple permissions in the permission set is the same; obtain the matching permission set of the position from the permission package according to the user's position; the application logic and permission application of the matching permission set according to the position The request triggers the permission approval process, and configures the user's permissions based on the permission approval process.

可选地,在程序运行时控制存储介质所在设备执行以下步骤:获取多个权限申请记录;提取每个权限申请记录中的关键字,得到申请人的所属部门、所属职位及权限;将申请人所属职位相同且权限申请逻辑也相同的多个权限存储至一个预设的权限集,其中,预设的权限集以职位作为一级分类标签;将预设的权限集中的多个权限进行去重;将所属部门相同的多个去重后的预设的权限集合并为一个预设的权限包,预设的权限包以部门作为二级分类标签。Optionally, when the program is running, control the device where the storage medium is located to perform the following steps: obtain multiple permission application records; extract keywords in each permission application record, and obtain the applicant's department, position and permission; Multiple permissions with the same position and the same permission application logic are stored in a preset permission set, where the preset permission set uses the position as the first-level classification label; multiple permissions in the preset permission set are deduplicated ;Merge multiple deduplicated preset permission sets belonging to the same department into a preset permission package, and the default permission package uses the department as the secondary classification label.

可选地,在程序运行时控制存储介质所在设备执行以下步骤:将每个权限通过自然语言处理方法进行分词,得到多个词;通过预设的词向量表示模型获取每个词的向量表示;采用余弦相似度公式计算多个权限的向量相似度;从向量相似度大于预设阈值的多个权限中保留一个权限。Optionally, when the program is running, control the device where the storage medium is located to perform the following steps: segment each permission into words through a natural language processing method to obtain multiple words; obtain a vector representation of each word through a preset word vector representation model; A cosine similarity formula is used to calculate the vector similarity of multiple permissions; and one permission is reserved from multiple permissions whose vector similarity is greater than a preset threshold.

可选地,在程序运行时控制存储介质所在设备执行以下步骤:判断相同权限的所属职位个数是否大于第一预设值;如是,则将相同权限确认为通用权限;将通用权限存储至预设的通用权限包,其中,通用权限包中的通用权限适用于所有新增用户。Optionally, when the program is running, control the device where the storage medium is located to perform the following steps: determine whether the number of posts with the same authority is greater than the first preset value; if so, confirm the same authority as a general authority; store the general authority in the preset A general authority package is set, wherein the general authority in the general authority package is applicable to all newly added users.

可选地,在程序运行时控制存储介质所在设备执行以下步骤:获取用户的增加权限请求,其中,增加权限请求携带待增加的权限;判断与用户的职位相匹配的权限包内是否存在待增加的权限;若存在,则将与待增加的权限分配给用户;若不存在,则基于增加权限请求创建新权限,并根据新权限的申请逻辑触发新增权限审批流程。Optionally, when the program is running, the device where the storage medium is located is controlled to perform the following steps: obtain the user's permission increase request, wherein the permission increase request carries the permission to be added; determine whether there is a permission package that matches the user's position. If it exists, assign the permission to be added to the user; if it does not exist, create a new permission based on the permission increase request, and trigger the new permission approval process according to the application logic of the new permission.

图3是本发明实施例提供的一种计算机设备的示意图。如图3所示,该实施例的计算机设备100包括:处理器101、存储器102以及存储在存储器102中并可在处理器101上运行的计算机程序103,该计算机程序103被处理器101执行时实现实施例中的用户权限配置方法,为避免重复,此处不一一赘述。或者,该计算机程序被处理器101执行时实现实施例中用户权限配置装置中各模型/单元的功能,为避免重复,此处不一一赘述。Fig. 3 is a schematic diagram of a computer device provided by an embodiment of the present invention. As shown in FIG. 3 , the computer device 100 of this embodiment includes: a processor 101, a memory 102, and a computer program 103 stored in the memory 102 and operable on the processor 101. When the computer program 103 is executed by the processor 101 To avoid repetition, the methods for configuring user rights in the embodiments are not described here. Alternatively, when the computer program is executed by the processor 101, the functions of each model/unit in the user authority configuration device in the embodiment are realized, and to avoid repetition, details are not repeated here.

计算机设备100可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。计算机设备可包括,但不仅限于,处理器101、存储器102。本领域技术人员可以理解,图3仅仅是计算机设备100的示例,并不构成对计算机设备100的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如计算机设备还可以包括输入输出设备、网络接入设备、总线等。The computer device 100 may be computing devices such as desktop computers, notebooks, palmtop computers, and cloud servers. A computer device may include, but not limited to, a processor 101 and a memory 102 . Those skilled in the art can understand that FIG. 3 is only an example of the computer device 100, and does not constitute a limitation to the computer device 100. It may include more or less components than those shown in the illustration, or combine certain components, or different components. , for example, a computer device may also include input and output devices, network access devices, buses, and so on.

所称处理器101可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The so-called processor 101 may be a central processing unit (Central Processing Unit, CPU), and may also be other general-purpose processors, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.

存储器102可以是计算机设备100的内部存储单元,例如计算机设备100的硬盘或内存。存储器102也可以是计算机设备100的外部存储设备,例如计算机设备100上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器102还可以既包括计算机设备100的内部存储单元也包括外部存储设备。存储器102用于存储计算机程序以及计算机设备所需的其他程序和数据。存储器102还可以用于暂时地存储已经输出或者将要输出的数据。The memory 102 may be an internal storage unit of the computer device 100 , such as a hard disk or a memory of the computer device 100 . The memory 102 can also be an external storage device of the computer device 100, such as a plug-in hard disk equipped on the computer device 100, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, a flash memory card (Flash Card) and so on. Further, the storage 102 may also include both an internal storage unit of the computer device 100 and an external storage device. The memory 102 is used to store computer programs and other programs and data required by the computer equipment. The memory 102 can also be used to temporarily store data that has been output or will be output.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

在本发明所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如,多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined Or it can be integrated into another system, or some features can be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware, or in the form of hardware plus software functional units.

上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机装置(可以是个人计算机,服务器,或者网络装置等)或处理器(Processor)执行本发明各个实施例所述方法的部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-mentioned integrated units implemented in the form of software functional units may be stored in a computer-readable storage medium. The above-mentioned software functional units are stored in a storage medium, and include several instructions to make a computer device (which may be a personal computer, server, or network device, etc.) or a processor (Processor) execute the methods described in various embodiments of the present invention. partial steps. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other various media that can store program codes. .

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明保护的范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the present invention. within the scope of protection.

Claims (10)

1.一种用户权限配置方法,其特征在于,所述方法包括:1. A user rights configuration method, characterized in that the method comprises: 响应于权限申请请求,获取待分配权限的用户的职位信息;In response to the permission application request, obtain the position information of the user whose permission is to be assigned; 提取所述职位信息中的关键词,并根据所述关键词匹配得到所述用户的所属部门、所属职位;extracting the keywords in the position information, and matching the keywords to obtain the user's department and position; 根据所述用户的所属部门获取匹配的权限包,所述权限包包括至少一个职位的权限集,其中,所述权限集中的多个权限的申请逻辑相同;Acquiring a matching permission package according to the department to which the user belongs, the permission package including a permission set of at least one position, wherein the application logic of multiple permissions in the permission set is the same; 根据所述用户的所属职位从所述权限包中获取职位匹配的权限集;Acquiring a permission set matching a position from the permission package according to the position of the user; 根据所述职位匹配的权限集的申请逻辑及所述权限申请请求触发权限审批流程,并基于所述权限审批流程配置所述用户的权限。According to the application logic of the permission set matched with the position and the permission application request, a permission approval process is triggered, and the user's permission is configured based on the permission approval process. 2.根据权利要求1所述的方法,其特征在于,在所述根据所述用户的所属部门获取匹配的权限包之前,所述方法还包括:2. The method according to claim 1, wherein, before obtaining the matching authority package according to the department to which the user belongs, the method further comprises: 获取多个权限申请记录;Obtain multiple permission application records; 提取每个所述权限申请记录中的关键字,得到申请人的所属部门、所属职位及权限;Extract the keywords in each authority application record to obtain the applicant's department, position and authority; 将所述申请人所属职位相同且所述权限申请逻辑也相同的多个所述权限存储至一个预设的权限集,其中,所述预设的权限集以所述职位作为一级分类标签;storing the plurality of permissions with the same position to which the applicant belongs and the same permission application logic into a preset permission set, wherein the preset permission set uses the position as a first-level classification label; 将所述预设的权限集中的多个所述权限进行去重;Deduplicating multiple permissions in the preset permission set; 将所属部门相同的多个去重后的所述预设的权限集合并为一个预设的权限包,所述预设的权限包以所述部门作为二级分类标签。The multiple deduplicated preset permission sets that belong to the same department are combined into a preset permission package, and the preset permission package uses the department as a secondary classification label. 3.根据权利要求2所述的方法,其特征在于,所述将所述预设的权限集中的多个权限进行去重,包括:3. The method according to claim 2, wherein the deduplication of multiple permissions in the preset permission set comprises: 将每个所述权限通过自然语言处理方法进行分词,得到多个词;Segment each of the permissions through a natural language processing method to obtain multiple words; 通过预设的词向量表示模型获取每个所述词的向量表示;Obtaining the vector representation of each of the words through a preset word vector representation model; 采用余弦相似度公式计算多个所述权限的向量相似度;calculating the vector similarity of multiple permissions by using a cosine similarity formula; 从所述向量相似度大于预设阈值的多个所述权限中保留一个所述权限。One of the permissions is reserved from the plurality of permissions whose vector similarity is greater than a preset threshold. 4.根据权利要求2所述的方法,其特征在于,在所述提取每个所述权限申请记录中的关键字,得到申请人的所属部门、所属职位及权限之后,并在所述将所述申请人所属职位相同且所述权限申请逻辑也相同的多个所述权限存储至一个预设的权限集之前,所述方法还包括:4. The method according to claim 2, characterized in that, after said extracting the keywords in each said authority application record, obtaining the department to which the applicant belongs, the position to which she belongs and the authority, and said adding said authority Before the applicants have the same position and the permission application logic is stored in a preset permission set, the method further includes: 判断相同权限的所属职位个数是否大于第一预设值;Judging whether the number of posts with the same authority is greater than the first preset value; 如是,则将所述相同权限确认为通用权限;If yes, confirm said same authority as general authority; 将所述通用权限存储至预设的通用权限包,其中,所述通用权限包中的通用权限适用于所有新增用户。The general authority is stored in a preset general authority package, wherein the general authority in the general authority package is applicable to all newly added users. 5.根据权利要求1所述的方法,其特征在于,所述根据所述职位匹配的权限集的申请逻辑及所述权限申请请求触发权限审批流程,并基于所述权限审批流程配置所述用户的权限之后,所述方法还包括:5. The method according to claim 1, wherein the application logic of the permission set matched with the position and the permission application request trigger a permission approval process, and configure the user based on the permission approval process After permissions, the method also includes: 获取所述用户的增加权限请求,其中,所述增加权限请求携带待增加的权限;Obtaining a permission increase request of the user, wherein the permission increase request carries the permission to be increased; 判断与所述用户的职位相匹配的权限包内是否存在所述待增加的权限;judging whether the authority to be added exists in the authority package matching the position of the user; 若存在,则将与所述待增加的权限分配给所述用户;If it exists, assign the authority to be increased to the user; 若不存在,则基于所述增加权限请求创建新权限,并根据所述新权限的申请逻辑触发新增权限审批流程。If it does not exist, a new permission is created based on the permission addition request, and an approval process for adding a permission is triggered according to the application logic of the new permission. 6.根据权利要求5所述的方法,其特征在于,在所述基于所述增加权限请求创建新权限,并根据所述新权限的申请逻辑触发新增权限审批流程之后,所述方法还包括:6. The method according to claim 5, characterized in that, after creating a new permission based on the permission increase request and triggering the new permission approval process according to the application logic of the new permission, the method further comprises : 统计相同职位关于所述新权限的权限申请记录次数;Count the number of permission application records for the new permission in the same position; 判断所述新权限的权限申请记录次数是否大于第二预设值;judging whether the number of permission application records for the new permission is greater than a second preset value; 如是,则将所述新权限合并至与所述相同职位相匹配的权限集中。If yes, the new authority is merged into the authority set matching the same position. 7.一种用户权限配置装置,其特征在于,所述装置包括:7. A user authority configuration device, characterized in that the device comprises: 第一获取单元,响应于权限申请请求,获取待分配权限的用户的职位信息;The first acquiring unit, in response to the authority application request, acquires the position information of the user whose authority is to be assigned; 匹配单元,用于提取所述职位信息中的关键词,并根据所述关键词匹配得到所述用户的所属部门、所属职位;A matching unit, configured to extract keywords in the job information, and obtain the user's department and job according to the keyword matching; 第二获取单元,用于根据所述用户的所属部门获取匹配的权限包,所述权限包包括至少一个职位的权限集,其中,所述权限集中的多个权限的申请逻辑相同;The second acquiring unit is configured to acquire a matching permission package according to the department to which the user belongs, the permission package including a permission set of at least one position, wherein the application logic of multiple permissions in the permission set is the same; 第三获取单元,用于根据所述用户的所属职位从所述权限包中获取职位匹配的权限集;A third acquiring unit, configured to acquire a position-matching permission set from the permission package according to the position to which the user belongs; 配置单元,用于根据所述职位匹配的权限集的申请逻辑及所述权限申请请求触发权限审批流程,并基于所述权限审批流程配置所述用户的权限。A configuration unit, configured to trigger a permission approval process according to the application logic of the permission set matched with the position and the permission application request, and configure the user's permission based on the permission approval process. 8.根据权利要求7所述的装置,其特征在于,所述装置还包括:8. The device according to claim 7, further comprising: 第四获取单元,用于获取多个权限申请记录;The fourth obtaining unit is used to obtain multiple authority application records; 提取单元,用于提取每个所述权限申请记录中的关键字,得到申请人的所属部门、所属职位及权限;An extracting unit, configured to extract keywords in each authority application record, and obtain the applicant's department, position and authority; 处理单元,用于将所述申请人所属职位相同且所述权限申请逻辑也相同的多个所述权限存储至一个预设的权限集,其中,所述预设的权限集以所述职位作为一级分类标签;A processing unit, configured to store the plurality of permissions with the same job position of the applicant and the same permission application logic into a preset permission set, wherein the preset permission set uses the position as the first class label; 去重单元,用于将所述预设的权限集中的多个所述权限进行去重;a deduplication unit, configured to deduplicate a plurality of the permissions in the preset permission set; 合并单元,用于将所属部门相同的多个去重后的所述预设的权限集合并为一个预设的权限包,所述预设的权限包以所述部门作为二级分类标签。The merging unit is configured to merge multiple deduplicated preset permission sets belonging to the same department into a preset permission package, and the preset permission package uses the department as a secondary classification label. 9.一种计算机非易失性存储介质,所述存储介质包括存储的程序,其特征在于,在所述程序运行时控制所述存储介质所在设备执行权利要求1至6任意一项所述的用户权限配置方法。9. A computer non-volatile storage medium, the storage medium includes a stored program, characterized in that, when the program is running, the device where the storage medium is located is controlled to execute the method described in any one of claims 1 to 6. User permission configuration method. 10.一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现权利要求1至6任意一项所述的用户权限配置方法的步骤。10. A computer device, comprising a memory, a processor, and a computer program stored in the memory and operable on the processor, when the processor executes the computer program, any one of claims 1 to 6 is realized Steps in the user rights configuration method described in the item.
CN201910307153.3A 2019-04-17 2019-04-17 A kind of user right configuration method and device Pending CN110147657A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910307153.3A CN110147657A (en) 2019-04-17 2019-04-17 A kind of user right configuration method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910307153.3A CN110147657A (en) 2019-04-17 2019-04-17 A kind of user right configuration method and device

Publications (1)

Publication Number Publication Date
CN110147657A true CN110147657A (en) 2019-08-20

Family

ID=67588363

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910307153.3A Pending CN110147657A (en) 2019-04-17 2019-04-17 A kind of user right configuration method and device

Country Status (1)

Country Link
CN (1) CN110147657A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111859442A (en) * 2020-01-21 2020-10-30 北京嘀嘀无限科技发展有限公司 Authority configuration method, authority configuration system and computer readable storage medium
CN112100593A (en) * 2020-09-21 2020-12-18 珠海格力电器股份有限公司 Authority management method, device, electronic device and storage medium for approval system
CN112347224A (en) * 2020-06-11 2021-02-09 广州锦行网络科技有限公司 Method for enhancing minimum privilege access control based on natural language processing
CN113344744A (en) * 2021-08-02 2021-09-03 广东电网有限责任公司中山供电局 Personalized business function calculation method and device for power system
CN114254281A (en) * 2021-12-13 2022-03-29 以萨技术股份有限公司 A user rights management method, system and storage medium
CN114254333A (en) * 2020-09-22 2022-03-29 浙江大搜车融资租赁有限公司 Application permission processing method and device
CN115037501A (en) * 2022-04-11 2022-09-09 深圳市华宜致信科技有限公司 Authority management system and method of BI tool
CN115687470A (en) * 2022-09-28 2023-02-03 江苏科技大学 A cloud platform-based enterprise management method and system
CN116150723A (en) * 2023-04-19 2023-05-23 北京智麟科技有限公司 Method for identifying administrative approval process permission
CN117455429A (en) * 2023-12-21 2024-01-26 北京帮邦通达医疗器械有限公司 Authority management method, device, equipment and storage medium
CN118734339A (en) * 2024-08-08 2024-10-01 长春职业技术学院 Intelligent management system and method for personnel files
CN112100593B (en) * 2020-09-21 2025-02-18 珠海格力电器股份有限公司 Authorization management method, device, electronic device and storage medium for approval system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101159053A (en) * 2007-11-23 2008-04-09 金蝶软件(中国)有限公司 Resources distribution method and system
CN101699478A (en) * 2009-10-28 2010-04-28 金蝶软件(中国)有限公司 Right management method and device and management system
WO2010124334A1 (en) * 2009-05-01 2010-11-04 Apply Direct Pty Ltd System and method for providing computer-enabled employment search services
CN109388921A (en) * 2017-08-10 2019-02-26 顺丰科技有限公司 A kind of unification user rights management platform and operation method
CN109495480A (en) * 2018-11-22 2019-03-19 北京车和家信息技术有限公司 Right management method, device and server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101159053A (en) * 2007-11-23 2008-04-09 金蝶软件(中国)有限公司 Resources distribution method and system
WO2010124334A1 (en) * 2009-05-01 2010-11-04 Apply Direct Pty Ltd System and method for providing computer-enabled employment search services
CN101699478A (en) * 2009-10-28 2010-04-28 金蝶软件(中国)有限公司 Right management method and device and management system
CN109388921A (en) * 2017-08-10 2019-02-26 顺丰科技有限公司 A kind of unification user rights management platform and operation method
CN109495480A (en) * 2018-11-22 2019-03-19 北京车和家信息技术有限公司 Right management method, device and server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
魏芸;: "基于JAVA的部门日常操作管理系统", 硅谷, no. 10, 23 May 2013 (2013-05-23) *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111859442A (en) * 2020-01-21 2020-10-30 北京嘀嘀无限科技发展有限公司 Authority configuration method, authority configuration system and computer readable storage medium
CN112347224A (en) * 2020-06-11 2021-02-09 广州锦行网络科技有限公司 Method for enhancing minimum privilege access control based on natural language processing
CN112100593B (en) * 2020-09-21 2025-02-18 珠海格力电器股份有限公司 Authorization management method, device, electronic device and storage medium for approval system
CN112100593A (en) * 2020-09-21 2020-12-18 珠海格力电器股份有限公司 Authority management method, device, electronic device and storage medium for approval system
CN114254333A (en) * 2020-09-22 2022-03-29 浙江大搜车融资租赁有限公司 Application permission processing method and device
CN113344744A (en) * 2021-08-02 2021-09-03 广东电网有限责任公司中山供电局 Personalized business function calculation method and device for power system
CN114254281A (en) * 2021-12-13 2022-03-29 以萨技术股份有限公司 A user rights management method, system and storage medium
CN115037501A (en) * 2022-04-11 2022-09-09 深圳市华宜致信科技有限公司 Authority management system and method of BI tool
CN115037501B (en) * 2022-04-11 2024-06-28 深圳市华宜致信科技有限公司 Permission management system and method for BI tool
CN115687470A (en) * 2022-09-28 2023-02-03 江苏科技大学 A cloud platform-based enterprise management method and system
CN116150723A (en) * 2023-04-19 2023-05-23 北京智麟科技有限公司 Method for identifying administrative approval process permission
CN117455429A (en) * 2023-12-21 2024-01-26 北京帮邦通达医疗器械有限公司 Authority management method, device, equipment and storage medium
CN117455429B (en) * 2023-12-21 2024-04-02 北京帮邦通达医疗器械有限公司 Authority management method, device, equipment and storage medium
CN118734339A (en) * 2024-08-08 2024-10-01 长春职业技术学院 Intelligent management system and method for personnel files

Similar Documents

Publication Publication Date Title
CN110147657A (en) A kind of user right configuration method and device
US11562286B2 (en) Method and system for implementing machine learning analysis of documents for classifying documents by associating label values to the documents
US9514145B2 (en) Managing redundant immutable files using deduplication in storage clouds
CN110083623B (en) Business rule generation method and device
CN110147722A (en) A kind of method for processing video frequency, video process apparatus and terminal device
TW202029079A (en) Method and device for identifying irregular group
US11829455B2 (en) AI governance using tamper proof model metrics
US20200026688A1 (en) File sharing method based on two-dimensional code, server and terminal device
KR101630752B1 (en) Data Processing Method for Distributable and Unidentifiable Big Data
US11270226B2 (en) Hybrid learning-based ticket classification and response
CN108604239A (en) System and method for effective grouped data object
CN107209765A (en) System and method for aggregation information assets classes
WO2019244036A1 (en) Method and server for access verification in an identity and access management system
CN110704143A (en) Page generation method and device
CN108614895A (en) The recognition methods of abnormal data access behavior and data processing equipment
WO2021082928A1 (en) Data reduction method and apparatus, computing device, and storage medium
US20240004993A1 (en) Malware detection in containerized environments
US11651097B2 (en) Document security enhancement
CN109582718B (en) Data processing method, device and storage medium
CN108229137B (en) Method and device for distributing document permission
US20230074640A1 (en) Duplicate scene detection and processing for artificial intelligence workloads
CN114648010A (en) Data table standardization method, apparatus, equipment and computer storage medium
KR102430880B1 (en) Method for providing drawing database
CN114648206B (en) Organizational process management method, device, electronic equipment and storage medium
US11163954B2 (en) Propagation of annotation metadata to overlapping annotations of synonymous type

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190820

WD01 Invention patent application deemed withdrawn after publication