[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112163206A - Data permission setting method and device, computer equipment and storage medium - Google Patents

Data permission setting method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN112163206A
CN112163206A CN202011197022.3A CN202011197022A CN112163206A CN 112163206 A CN112163206 A CN 112163206A CN 202011197022 A CN202011197022 A CN 202011197022A CN 112163206 A CN112163206 A CN 112163206A
Authority
CN
China
Prior art keywords
role
authority
data
organization
parent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011197022.3A
Other languages
Chinese (zh)
Inventor
罗晓宁
左秋思
陈尧章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Pingan Zhihui Enterprise Information Management Co.,Ltd.
Original Assignee
Ping An Digital Information Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Digital Information Technology Shenzhen Co Ltd filed Critical Ping An Digital Information Technology Shenzhen Co Ltd
Priority to CN202011197022.3A priority Critical patent/CN112163206A/en
Publication of CN112163206A publication Critical patent/CN112163206A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2457Query processing with adaptation to user needs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application belongs to the technical field of authority management, and relates to a data authority setting method and device based on organization and time, computer equipment and a storage medium. In addition, the present application also relates to a block chain technology, and the current organization information of the user can be stored in the block chain. According to the method and the system, the organization authority and the time attribute of the data are distributed to the user, the control over the data authority is achieved, the control over the data authority is more flexible, the requirement of a manager for tracing and referring to historical data is met, the authority management with special management requirements (historical data query) for personnel data or personnel archive data and the like is provided, the application scenes and the control modes are richer, and the communication cost and the time cost brought by offline data are greatly reduced.

Description

Data permission setting method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of rights management technologies, and in particular, to a method and an apparatus for setting data rights based on organization and time, a computer device, and a storage medium.
Background
The authority control is the basis of each system, is an indispensable part for normal operation of the system, and distinguishes different users and different functions so that the functions and data range which can be seen by the users are within the work functions of the users.
An existing permission setting method is Based on a RBAC (Role-Based Access Control) permission Control model, that is, the method includes: role-based entitlement control. The user authority is indirectly given by the role-associated user and the role-associated authority. Where the rights section generally contains both functional rights and data rights.
However, the conventional permission setting method is generally not intelligent, because the data of the managed person is only associated with the organization structure, the manager can only check the data generated under the organization structure, but in practical application, when the manager needs to check all the data (whether the data is generated in the current organization) historically generated by the managed person to predict or warn, the query requirement of the manager cannot be met through the conventional permission setting method, and data acquisition or data improvement through other channels is required offline, so that the conventional permission setting method cannot meet the query requirement of the employee data.
Disclosure of Invention
The embodiment of the application aims to provide a data authority setting method and device based on organization and time, computer equipment and a storage medium, so as to solve the problem that the traditional authority setting method cannot meet the inquiry requirement of employee data.
In order to solve the above technical problem, an embodiment of the present application provides a data permission setting method based on organization and time, which adopts the following technical solutions:
receiving an authority deployment request carrying a user identifier sent by a request terminal;
reading a system database, and extracting at least one role data corresponding to the user identification from the system database, wherein the role data at least comprises role functions;
establishing an incidence relation between the user identification and the role function so as to realize function permission deployment;
acquiring current organization information corresponding to the role data in the system database;
acquiring management object data corresponding to the role data based on the current organization information;
obtaining historical organization data corresponding to the management object data in the system database, wherein the historical organization data at least comprises current organization data;
and establishing an incidence relation between the user identification and the management object data and historical organization data so as to realize data authority deployment.
In order to solve the above technical problem, an embodiment of the present application further provides an organization and time-based data permission setting apparatus, which adopts the following technical solutions:
the request receiving module is used for receiving an authority deployment request which is sent by a request terminal and carries a user identifier;
the role extraction module is used for reading a system database and extracting at least one role data corresponding to the user identification from the system database, wherein the role data at least comprise role functions;
the function permission deployment module is used for establishing the incidence relation between the user identification and the role function so as to realize function permission deployment;
the organization information acquisition module is used for acquiring current organization information corresponding to the role data from the system database;
a management object acquisition module for acquiring management object data corresponding to the role data based on the current organization information;
a historical data acquisition module, configured to acquire historical organization data corresponding to the management object data in the system database, where the historical organization data at least includes current organization data;
and the data authority deployment module is used for establishing the incidence relation between the user identification and the management object data and the historical organization data so as to realize data authority deployment.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, which adopts the following technical solutions:
comprising a memory having computer readable instructions stored therein and a processor that when executed implements the steps of the organization and time based data permission setting method as described above.
In order to solve the above technical problem, an embodiment of the present application further provides a computer-readable storage medium, which adopts the following technical solutions:
the computer readable storage medium has stored thereon computer readable instructions which, when executed by a processor, implement the steps of the organization and time based data permission setting method as described above.
Compared with the prior art, the embodiment of the application mainly has the following beneficial effects:
the application provides a data authority setting method based on organization and time, firstly, the setting of function authority is realized by establishing the incidence relation between a user and a role function, meanwhile, the data authority deployment is realized by establishing the incidence relation between the user and the management object data and the historical organization data, thereby reserving the mode of controlling the function authority through the role, simultaneously stripping the data authority separately, the control of the data authority is realized by distributing the organization authority and the time attribute of the data for the user, the control of the data authority is more flexible, the requirement of a manager for tracing and referring to historical data is met, authority management with special management requirements (historical data query) for personnel data or personnel archive data and the like is provided, application scenes and control modes are richer, and communication cost and time cost brought by offline data are greatly reduced.
Drawings
In order to more clearly illustrate the solution of the present application, the drawings needed for describing the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is a flowchart of an implementation of a method for setting data permissions based on organization and time according to an embodiment of the present application;
FIG. 2 is a flowchart of an implementation of a role data creation method according to an embodiment of the present application;
FIG. 3 is a flowchart of an implementation of step S201 in FIG. 2;
FIG. 4 is a flowchart of an implementation of step S202 in FIG. 2;
FIG. 5 is a flowchart of an implementation of step S203 in FIG. 2;
FIG. 6 is a flowchart of an implementation of step S204 in FIG. 2;
FIG. 7 is a schematic structural diagram of an organization and time-based data right setting apparatus according to a second embodiment of the present application;
fig. 8 is a schematic structural diagram of a character data creation apparatus according to a second embodiment of the present application;
FIG. 9 is a schematic block diagram of one embodiment of a computer device according to the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
Example one
Referring to fig. 1, a flowchart of an implementation of a data permission setting method based on organization and time according to an embodiment of the present application is shown, and for convenience of description, only a part related to the present application is shown.
In step S101, an authority deployment request carrying a user identifier sent by a request terminal is received.
In the embodiment of the present application, the requesting terminal is mainly used for a login authority management system, and the requesting terminal may be a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a navigation device, and the like, and a fixed terminal such as a digital TV, a desktop computer, and the like.
In the embodiment of the present application, the user identifier is mainly used for uniquely identifying a user logging in the "functional system", and the user identifier may be set based on a user name, for example: zhangsan, lisi, etc.; the user identifier may also be set based on a numerical serial number, for example: 001. 002, etc.; the user identifier may also be set based on a user name and a number, for example: zhangsan001, lisi002, etc., it should be understood that the examples of user identification herein are merely for ease of understanding and are not intended to limit the present application.
In step S102, a system database is read, and at least one role data corresponding to the user identifier is extracted from the system database, where the role data at least includes a role function.
In the embodiment of the application, the system database is mainly used for storing data associated with the "function system", in the system database, a user has preset a frame of the "function system", roles of each function, functions corresponding to the roles, and the like in advance, and the functions corresponding to the roles are displayed in the system database in a function permission list.
In the embodiment of the present application, the role data is mainly used for identifying role roles that the logged-in user plays in the "function system", it should be noted that a user may simultaneously have a plurality of roles in the "function system", each role includes different functions, and the function range available to the user is composed of a union of functions of the roles.
In the embodiment of the present application, the role function refers to a position authority of a login user, and the position authority may be, for example: employee data editing, employee scheduling, and the like.
In step S103, an association relationship between the user identifier and the role function is established to implement function permission deployment.
In the embodiment of the application, when a user logs in the 'functional system', after the incidence relation between the user identification and the role function is established, the page key corresponding to the role function is displayed in the function bar of the 'functional system' page, and the user can execute the corresponding function authority by triggering the page key.
In the embodiment of the application, after a user enters a system, the system acquires the role owned by the user according to the user id and displays a corresponding function menu; and after the menu is clicked to enter the function, determining the data range which can be inquired by the user according to the organization authority of the user and the time attribute of the employee data, and displaying the data on a page.
In step S104, current organization information corresponding to the character data is acquired in the system database.
In the embodiment of the present application, the current organization information refers to upper and lower level information, group information, grouping information, or the like of a role assumed by the user in the above-described "role system".
In step S105, management object data corresponding to the character data is acquired based on the current organization information.
In the embodiment of the present application, the management object data refers to an employee object that can be managed by the user in the "function system" described above.
In step S106, historical organization data corresponding to the management object data is acquired in the system database, the historical organization data including at least the current organization data.
In the embodiment of the application, since the role of the employee is not consistent, there may be situations such as job mobilization at any time, and the historical organization data refers to data generated by the current and previous jobs, groups, and the like of the employee governed by the user, and the data is associated with the employee.
In step S107, an association relationship between the user identifier and the management object data and the historical organization data is established to implement data authority deployment.
In the embodiment of the application, the incidence relation between the user identification and the management object data and the historical organization data is established, so that the login user has the authority to access the historical organization data of the management object, the requirement of a manager for tracing and referring to the historical data is met, and the richer applicable scenes and control modes are provided for the authority management of personnel data or personnel archive data and the like with special management requirements (inquiring the historical data), and the communication cost and the time cost brought by offline searching of the data are greatly reduced.
In the embodiment of the application, the data authority consists of organizations distributed to users and data generation time, and one user can have the authority of a plurality of organizations and can view the data of the organizations; when an employee belongs to a certain organization for management, a user with the organization authority can check data generated by the data of the employee in the current organization, and if a changed employee also generates data before the employee is called into the organization, the user with the organization authority can also check the data of the employee before the employee is called into the organization; if the employee calls out the current organization, the data generated by the employee after the employee calls out cannot be checked by the user with the organization authority.
The application provides a data authority setting method based on organization and time, firstly, the setting of function authority is realized by establishing the incidence relation between a user and a role function, meanwhile, the data authority deployment is realized by establishing the incidence relation between the user and the management object data and the historical organization data, thereby reserving the mode of controlling the function authority through the role, simultaneously stripping the data authority separately, the control of the data authority is realized by distributing the organization authority and the time attribute of the data for the user, the control of the data authority is more flexible, the requirement of a manager for tracing and referring to historical data is met, authority management with special management requirements (historical data query) for personnel data or personnel archive data and the like is provided, application scenes and control modes are richer, and communication cost and time cost brought by offline data are greatly reduced.
Continuing to refer to fig. 2, a flowchart of an implementation of a role data creation method provided in an embodiment of the present application is shown, and for convenience of description, only the relevant portions of the present application are shown.
In some optional implementation manners of the first embodiment of the present application, the method further includes: step S201, step S202, step S203, step S204, and step S205.
In step S201, a right is created, and basic information of the right is saved after a management service corresponding to the right is set.
In step S202, a parent role is created and one or more permissions are selected for the parent role.
In step S203, the attributes of the parent role authority are set, and the attributes include a public attribute of the subclass owned and resettable attribute and a private attribute that the subclass cannot own.
In step S204, a child role under the parent role corresponding node is created, and the child role sets the property of its authority after selecting one or more authorities, thereby forming a tree structure for displaying the inheritance relationship between roles.
In step S205, the authority of the current role is determined according to the inheritance relationship in the tree structure, and access control is completed, where the authority of the current role, that is, the current node, includes the own authority and the inheritance authority of the current role.
With continuing reference to fig. 3, a flowchart for implementing step S201 in fig. 2 is shown, and for convenience of explanation, only the portions relevant to the present application are shown.
In some optional implementation manners of the first embodiment of the present application, the step S201 specifically includes: step S301 and step S302.
In step S301, a rights entity unit is created, and a record is generated after basic information of the rights entity unit is set, where the rights basic information includes a rights number, a rights name, a rights enabling state, and a service unit for rights management.
In step S302, the record is stored in a system database.
With continued reference to fig. 4, a flowchart for implementing step S202 in fig. 2 is shown, and for convenience of illustration, only the portions relevant to the present application are shown.
In some optional implementation manners of the first embodiment of the present application, the step S202 specifically includes: step S401 and step S402.
In step S401, a parent role entity unit is created, an attribute corresponding to a parent role is set, and a record is generated, where the attribute includes: parent class number, role name, role effective time, role expiration time and sequencing sequence number.
In step S402, one or more authorities are selected for the parent role entity unit through the authority-role relationship entity unit, and a corresponding relationship attribute of one or more roles and authorities is created and a record is generated, where the relationship attribute of roles and authorities includes a parent authority number and a parent role number.
Continuing to refer to fig. 5, a flowchart for implementing step S203 in fig. 2 is shown, and for convenience of illustration, only the portions relevant to the present application are shown.
In some optional implementation manners of the first embodiment of the present application, step S203 specifically includes: step S501 and step S502.
In step S501, the attribute of the parent role authority is set by the authority and role relationship entity unit.
In the embodiment of the present application, if the right is a public attribute, its inheritance property is as follows:
the child role inheriting the role automatically has the authority;
the authority can reset the attribute to a public attribute or a private attribute in the subclass;
the subclass role can set a new authority and set the new authority as a public attribute or a private attribute;
if the authority is a private attribute, the inheritance property is as follows:
a child role that inherits the role cannot own the right.
In step S502, the record and the attribute of the parent role authority are saved to the database.
With continued reference to fig. 6, a flowchart for implementing step S204 in fig. 2 is shown, and for convenience of explanation, only the portions relevant to the present application are shown.
In some optional implementation manners of the first embodiment of the present application, the step S204 specifically includes: step S601 and step S602.
In step S601, after a child role under the parent role corresponding node is created by setting the parent role number in the child role attribute, basic information of the child role is saved.
In step S602, one or more permissions are selected for the child roles through the permission and role relationship entity unit, and then the attributes of the permissions are set, and the attributes and basic information generating records of the child roles are stored in the database through the role relationship entity unit, so as to form a tree structure for displaying the inheritance relationship between the roles.
In summary, the present application provides a method for setting data permission based on organization and time, which first establishes an association relationship between a user and a role function to realize setting of function permission, meanwhile, the data authority deployment is realized by establishing the incidence relation between the user and the management object data and the historical organization data, thereby reserving the mode of controlling the function authority through the role, simultaneously stripping the data authority separately, the control of the data authority is realized by distributing the organization authority and the time attribute of the data for the user, the control of the data authority is more flexible, the requirement of a manager for tracing and referring to historical data is met, authority management with special management requirements (historical data query) for personnel data or personnel archive data and the like is provided, application scenes and control modes are richer, and communication cost and time cost brought by offline data are greatly reduced. Meanwhile, compared with the setting of the authority of the single role, the authority attribute shape can be reduced by 50 to 90 percent through the role inheritance relationship; compared with the existing role permission inheritance, the public attribute and the private attribute of the permission can be reduced by 30% to 50% of permission attribute setting; the invention realizes the avoidance of multi-role inheritance dead cycle, the simultaneous inheritance of a plurality of subclass roles to a parent role and the simple setting of the authority by constructing a tree structure and introducing a private authority; the inheritance relationship between the roles is represented by constructing a tree structure, and the relationship between the roles adopts a visual display mode, so that the relationship is visual and clear, and dead circulation in the inheritance relationship is avoided when the roles are inherited; one parent role node in the tree structure can create a plurality of child role nodes, so that the parent role is allowed to be inherited by a plurality of child roles simultaneously, and the problem that the role relationship can only be inherited singly is solved; by introducing the private authority type, the private authority cannot be inherited, partial or all authorities of the parent role can be inherited by the child role, the efficiency of setting the authority of the role by a user is improved, and the problem of high authority setting complexity caused by the fact that the authorities need to be set respectively when a single role is inherited is solved.
It is emphasized that, to further ensure the privacy and security of the current organization information, the current organization information may also be stored in a node of a block chain.
The block chain referred by the application is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
The application is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware associated with computer readable instructions, which can be stored in a computer readable storage medium, and when executed, can include processes of the embodiments of the methods described above. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
Example two
With further reference to fig. 7, as an implementation of the method shown in fig. 1, the present application provides an organization and time based data authority setting apparatus, where an embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 1, and the apparatus may be applied to various electronic devices.
As shown in fig. 7, the apparatus 100 for setting data permissions based on organization and time provided in the second embodiment of the present application includes: the system comprises a request receiving module 101, a role extraction module 102, a function authority deployment module 103, an organization information acquisition module 104, a management object acquisition module 105, a historical data acquisition module 106 and a data authority deployment module 107. Wherein:
a request receiving module 101, configured to receive an authority deployment request carrying a user identifier sent by a request terminal;
a role extraction module 102, configured to read a system database, and extract at least one role data corresponding to a user identifier from the system database, where the role data at least includes a role function;
the function permission deployment module 103 is configured to establish an association relationship between a user identifier and a role function, so as to implement function permission deployment;
an organization information obtaining module 104, configured to obtain current organization information corresponding to the role data from a system database;
a management object acquisition module 105 for acquiring management object data corresponding to the character data based on the current organization information;
a historical data obtaining module 106, configured to obtain historical organization data corresponding to the management object data in the system database, where the historical organization data at least includes current organization data;
and the data authority deployment module 107 is configured to establish an association relationship between the user identifier and the management object data and the historical organization data, so as to implement data authority deployment.
In the embodiment of the present application, the requesting terminal is mainly used for a login authority management system, and the requesting terminal may be a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a navigation device, and the like, and a fixed terminal such as a digital TV, a desktop computer, and the like.
In the embodiment of the present application, the user identifier is mainly used for uniquely identifying a user logging in the "functional system", and the user identifier may be set based on a user name, for example: zhangsan, lisi, etc.; the user identifier may also be set based on a numerical serial number, for example: 001. 002, etc.; the user identifier may also be set based on a user name and a number, for example: zhangsan001, lisi002, etc., it should be understood that the examples of user identification herein are merely for ease of understanding and are not intended to limit the present application.
In the embodiment of the application, the system database is mainly used for storing data associated with the "function system", in the system database, a user has preset a frame of the "function system", roles of each function, functions corresponding to the roles, and the like in advance, and the functions corresponding to the roles are displayed in the system database in a function permission list.
In the embodiment of the present application, the role data is mainly used for identifying role roles that the logged-in user plays in the "function system", it should be noted that a user may simultaneously have a plurality of roles in the "function system", each role includes different functions, and the function range available to the user is composed of a union of functions of the roles.
In the embodiment of the present application, the role function refers to a position authority of a login user, and the position authority may be, for example: employee data editing, employee scheduling, and the like.
In the embodiment of the application, when a user logs in the 'functional system', after the incidence relation between the user identification and the role function is established, the page key corresponding to the role function is displayed in the function bar of the 'functional system' page, and the user can execute the corresponding function authority by triggering the page key.
In the embodiment of the application, after a user enters a system, the system acquires the role owned by the user according to the user id and displays a corresponding function menu; and after the menu is clicked to enter the function, determining the data range which can be inquired by the user according to the organization authority of the user and the time attribute of the employee data, and displaying the data on a page.
In the embodiment of the present application, the current organization information refers to upper and lower level information, group information, grouping information, or the like of a role assumed by the user in the above-described "role system".
In the embodiment of the present application, the management object data refers to an employee object that can be managed by the user in the "function system" described above.
In the embodiment of the application, since the role of the employee is not consistent, there may be situations such as job mobilization at any time, and the historical organization data refers to data generated by the current and previous jobs, groups, and the like of the employee governed by the user, and the data is associated with the employee.
In the embodiment of the application, the incidence relation between the user identification and the management object data and the historical organization data is established, so that the login user has the authority to access the historical organization data of the management object, the requirement of a manager for tracing and referring to the historical data is met, and the richer applicable scenes and control modes are provided for the authority management of personnel data or personnel archive data and the like with special management requirements (inquiring the historical data), and the communication cost and the time cost brought by offline searching of the data are greatly reduced.
In the embodiment of the application, the data authority consists of organizations distributed to users and data generation time, and one user can have the authority of a plurality of organizations and can view the data of the organizations; when an employee belongs to a certain organization for management, a user with the organization authority can check data generated by the data of the employee in the current organization, and if a changed employee also generates data before the employee is called into the organization, the user with the organization authority can also check the data of the employee before the employee is called into the organization; if the employee calls out the current organization, the data generated by the employee after the employee calls out cannot be checked by the user with the organization authority.
The application provides a data authority setting device based on organization and time, which first establishes the association relationship between users and role functions to realize the setting of function authority, meanwhile, the data authority deployment is realized by establishing the incidence relation between the user and the management object data and the historical organization data, thereby reserving the mode of controlling the function authority through the role, simultaneously stripping the data authority separately, the control of the data authority is realized by distributing the organization authority and the time attribute of the data for the user, the control of the data authority is more flexible, the requirement of a manager for tracing and referring to historical data is met, authority management with special management requirements (historical data query) for personnel data or personnel archive data and the like is provided, application scenes and control modes are richer, and communication cost and time cost brought by offline data are greatly reduced.
Continuing to refer to fig. 8, a schematic structural diagram of a character data creation apparatus provided in embodiment two of the present application is shown, and for convenience of description, only the portions related to the present application are shown.
In some optional implementation manners of the second embodiment of the present invention, the data permission setting apparatus 100 based on organization and time further includes: a privilege creation module 108, a parent creation module 109, a parent property setting module 110, a child creation module 111, and a current role determination module 112. Wherein:
the authority creating module 108 is used for creating authority, setting the management service corresponding to the authority, and then storing basic information of the authority;
a parent creation module 109, configured to create a parent role and select one or more permissions for the parent role;
a parent property setting module 110, configured to set properties of parent role permissions, where the properties include a public property that a child may own and may reset the properties and a private property that the child may not own;
the subclass creating module 111 is used for creating subclass roles under nodes corresponding to parent roles, and the subclass roles select one or more permissions and set the permission attributes of the sub-classes to form a tree structure for displaying the inheritance relationship among the roles;
and a current role determining module 112, configured to determine, according to the inheritance relationship in the tree structure, a right of a current role, to complete access control, where the right of the current role, that is, the current node, includes a current role own right and inheritance rights.
In some optional implementations of the second embodiment of the present invention, the permission creating module 108 specifically includes: an entity unit creating submodule and a record storage submodule. Wherein:
the entity unit creating submodule is used for creating an authority entity unit and generating a record after setting basic information of the authority entity unit, wherein the authority basic information comprises an authority number, an authority name, an authority starting state and a service unit for authority management;
and the record storage submodule is used for storing the record in a system database.
In some optional implementation manners of the second embodiment of the present invention, the parent creation module 109 specifically includes: attribute recording submodule and authority recording submodule. Wherein:
the attribute recording submodule is used for creating a parent role entity unit, setting the attribute corresponding to the parent role and generating a record, wherein the attribute comprises: parent serial number, role name, role effective time, role expiration time and sequencing serial number;
and the authority record submodule is used for selecting one or more authorities for the parent role entity unit through the authority and role relation entity unit, creating corresponding relation attributes of one or more roles and authorities and generating records, wherein the relation attributes of the roles and the authorities comprise parent authority numbers and parent role numbers.
In some optional implementations of the second embodiment of the present invention, the parent attribute setting module 110 specifically includes: attribute setting submodule and attribute storage submodule. Wherein:
the attribute setting submodule is used for setting the attribute of the authority of the parent role through the authority and role relation entity unit;
and the attribute storage submodule is used for storing the record and the attribute of the parent role authority to the database.
In the embodiment of the present application, if the right is a public attribute, its inheritance property is as follows:
the child role inheriting the role automatically has the authority;
the authority can reset the attribute to a public attribute or a private attribute in the subclass;
the subclass role can set a new authority and set the new authority as a public attribute or a private attribute;
if the authority is a private attribute, the inheritance property is as follows:
a child role that inherits the role cannot own the right.
In some optional implementations of the second embodiment of the present invention, the subclass creating module 111 specifically includes: the subclass information storage submodule and the tree structure forming submodule. Wherein:
the subclass information storage submodule is used for storing basic information of the subclass role after the subclass role under the corresponding node of the parent role is created by setting the parent role number in the subclass role attribute;
and the tree structure forming submodule is used for selecting one or more authorities for the subclass roles through the authority and role relation entity unit, setting the authority attributes, generating and recording the attributes and basic information of the subclass roles through the role relation entity unit, and storing the attributes and basic information of the subclass roles in a database to form a tree structure for displaying the inheritance relationship between the roles.
In summary, the present application provides a data authority setting device based on organization and time, which first establishes the association relationship between the user and the role function to realize the setting of the function authority, meanwhile, the data authority deployment is realized by establishing the incidence relation between the user and the management object data and the historical organization data, thereby reserving the mode of controlling the function authority through the role, simultaneously stripping the data authority separately, the control of the data authority is realized by distributing the organization authority and the time attribute of the data for the user, the control of the data authority is more flexible, the requirement of a manager for tracing and referring to historical data is met, authority management with special management requirements (historical data query) for personnel data or personnel archive data and the like is provided, application scenes and control modes are richer, and communication cost and time cost brought by offline data are greatly reduced. Meanwhile, compared with the setting of the authority of the single role, the authority attribute shape can be reduced by 50 to 90 percent through the role inheritance relationship; compared with the existing role permission inheritance, the public attribute and the private attribute of the permission can be reduced by 30% to 50% of permission attribute setting; the invention realizes the avoidance of multi-role inheritance dead cycle, the simultaneous inheritance of a plurality of subclass roles to a parent role and the simple setting of the authority by constructing a tree structure and introducing a private authority; the inheritance relationship between the roles is represented by constructing a tree structure, and the relationship between the roles adopts a visual display mode, so that the relationship is visual and clear, and dead circulation in the inheritance relationship is avoided when the roles are inherited; one parent role node in the tree structure can create a plurality of child role nodes, so that the parent role is allowed to be inherited by a plurality of child roles simultaneously, and the problem that the role relationship can only be inherited singly is solved; by introducing the private authority type, the private authority cannot be inherited, partial or all authorities of the parent role can be inherited by the child role, the efficiency of setting the authority of the role by a user is improved, and the problem of high authority setting complexity caused by the fact that the authorities need to be set respectively when a single role is inherited is solved.
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 9, fig. 9 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 200 includes a memory 210, a processor 220, and a network interface 230 communicatively coupled to each other via a system bus. It is noted that only computer device 200 having components 210 and 230 is shown, but it is understood that not all of the illustrated components are required and that more or fewer components may alternatively be implemented. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 210 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 210 may be an internal storage unit of the computer device 200, such as a hard disk or a memory of the computer device 200. In other embodiments, the memory 210 may also be an external storage device of the computer device 200, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 200. Of course, the memory 210 may also include both internal and external storage devices of the computer device 200. In this embodiment, the memory 210 is generally used for storing an operating system and various application software installed in the computer device 200, such as computer readable instructions of a data authority setting method based on organization and time. In addition, the memory 210 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 220 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 220 is generally operative to control overall operation of the computer device 200. In this embodiment, the processor 220 is configured to execute the computer readable instructions stored in the memory 210 or process data, for example, execute the computer readable instructions of the organization and time-based data permission setting method.
The network interface 230 may include a wireless network interface or a wired network interface, and the network interface 230 is generally used to establish a communication connection between the computer device 200 and other electronic devices.
The method for setting the data authority based on organization and time first establishes the association relationship between the user and the role function to realize the setting of the function authority, meanwhile, the data authority deployment is realized by establishing the incidence relation between the user and the management object data and the historical organization data, thereby reserving the mode of controlling the function authority through the role, simultaneously stripping the data authority separately, the control of the data authority is realized by distributing the organization authority and the time attribute of the data for the user, the control of the data authority is more flexible, the requirement of a manager for tracing and referring to historical data is met, authority management with special management requirements (historical data query) for personnel data or personnel archive data and the like is provided, application scenes and control modes are richer, and communication cost and time cost brought by offline data are greatly reduced.
The present application provides yet another embodiment, which is a computer-readable storage medium having stored thereon computer-readable instructions executable by at least one processor to cause the at least one processor to perform the steps of the organization and time based data permission setting method as described above.
The method for setting the data authority based on organization and time first establishes the association relationship between the user and the role function to realize the setting of the function authority, meanwhile, the data authority deployment is realized by establishing the incidence relation between the user and the management object data and the historical organization data, thereby reserving the mode of controlling the function authority through the role, simultaneously stripping the data authority separately, the control of the data authority is realized by distributing the organization authority and the time attribute of the data for the user, the control of the data authority is more flexible, the requirement of a manager for tracing and referring to historical data is met, authority management with special management requirements (historical data query) for personnel data or personnel archive data and the like is provided, application scenes and control modes are richer, and communication cost and time cost brought by offline data are greatly reduced.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.

Claims (10)

1. A data authority setting method based on organization and time is characterized by comprising the following steps:
receiving an authority deployment request carrying a user identifier sent by a request terminal;
reading a system database, and extracting at least one role data corresponding to the user identification from the system database, wherein the role data at least comprises role functions;
establishing an incidence relation between the user identification and the role function so as to realize function permission deployment;
acquiring current organization information corresponding to the role data in the system database;
acquiring management object data corresponding to the role data based on the current organization information;
obtaining historical organization data corresponding to the management object data in the system database, wherein the historical organization data at least comprises current organization data;
and establishing an incidence relation between the user identification and the management object data and historical organization data so as to realize data authority deployment.
2. The organization and time based data permission setting method according to claim 1, further comprising, before the step of reading a system database, extracting at least one role data corresponding to the user identification in the system database:
establishing authority, setting a management service corresponding to the authority, and storing basic information of the authority;
creating a parent role, and selecting one or more authorities for the parent role;
setting the attribute of the parent role authority, wherein the attribute comprises a public attribute of a subclass owned attribute and a resettable attribute and a private attribute of a subclass not owned attribute;
establishing a subclass role under a parent role corresponding node, wherein the subclass role selects one or more authorities and then sets the authority attributes of the subclass role to form a tree structure for displaying the inheritance relationship between roles;
and determining the authority of the current role according to the inheritance relationship in the tree structure to complete access control, wherein the authority of the current role, namely the current node comprises the self authority and the inheritance authority of the current role.
3. The method for setting data permission based on organization and time according to claim 2, wherein the step of creating permission and saving basic information of permission after setting the management service corresponding to the permission specifically comprises:
creating an authority entity unit, and generating a record after setting basic information of the authority entity unit, wherein the authority basic information comprises an authority number, an authority name, an authority starting state and an authority management service unit;
storing the record in the system database.
4. The organization and time-based data permission setting method according to claim 2, wherein the step of creating a parent role and selecting one or more permissions for the parent role specifically comprises:
creating a parent role entity unit, setting the attribute corresponding to the parent role and generating a record, wherein the attribute comprises: parent serial number, role name, role effective time, role expiration time and sequencing serial number;
and selecting one or more authorities for the parent role entity unit through the authority and role relation entity unit, creating corresponding relation attributes of one or more roles and authorities and generating records, wherein the relation attributes of the roles and the authorities comprise parent authority numbers and parent role numbers.
5. The organization and time-based data permission setting method according to claim 4, wherein the step of setting the attributes of the parent role permission, the attributes including a public attribute of a subclass-owned and resettable attribute and a private attribute of a subclass-not-owned specifically includes:
setting the attribute of the parent role authority through the authority and role relationship entity unit;
and storing the record and the attribute of the parent role authority to a database.
6. The method for setting data permissions based on organization and time according to claim 2, wherein the step of creating child roles under parent role corresponding nodes, the child roles setting their permissions attributes after selecting one or more permissions, and forming a tree structure for showing inheritance relationships between roles specifically comprises:
after a subclass role under a node corresponding to the parent role is created by setting a parent role number in the subclass role attribute, basic information of the subclass role is stored;
and selecting one or more authorities for the subclass roles through the authority and role relation entity unit, setting the authority attributes, and storing the attribute and basic information generation record of the subclass roles to a database through the role relation entity unit to form a tree structure for displaying the inheritance relation between the roles.
7. An organization and time-based data right setting apparatus, comprising:
the request receiving module is used for receiving an authority deployment request which is sent by a request terminal and carries a user identifier;
the role extraction module is used for reading a system database and extracting at least one role data corresponding to the user identification from the system database, wherein the role data at least comprise role functions;
the function permission deployment module is used for establishing the incidence relation between the user identification and the role function so as to realize function permission deployment;
the organization information acquisition module is used for acquiring current organization information corresponding to the role data from the system database;
a management object acquisition module for acquiring management object data corresponding to the role data based on the current organization information;
a historical data acquisition module, configured to acquire historical organization data corresponding to the management object data in the system database, where the historical organization data at least includes current organization data;
and the data authority deployment module is used for establishing the incidence relation between the user identification and the management object data and the historical organization data so as to realize data authority deployment.
8. The organization and time based data right setting apparatus according to claim 7, further comprising:
the authority creating module is used for creating authority, setting management service corresponding to the authority and then storing basic information of the authority;
the system comprises a parent creating module, a setting module and a setting module, wherein the parent creating module is used for creating a parent role and selecting one or more authorities for the parent role;
the parent attribute setting module is used for setting the attribute of the parent role authority, wherein the attribute comprises a public attribute which can be owned by the subclass and can be reset and a private attribute which can not be owned by the subclass;
the subclass creating module is used for creating subclass roles under nodes corresponding to the parent roles, and the subclass roles select one or more permissions and set the permission attributes of the subclass roles to form a tree structure for displaying the inheritance relationship among the roles;
and the current role determining module is used for determining the authority of the current role according to the inheritance relationship in the tree structure and finishing access control, wherein the authority of the current role, namely the current node, comprises the self authority and the inheritance authority of the current role.
9. A computer device comprising a memory having computer readable instructions stored therein and a processor which when executed implements the steps of the organization and time based data permission setting method of any one of claims 1 to 6.
10. A computer readable storage medium having computer readable instructions stored thereon which, when executed by a processor, implement the steps of the organization and time based data permission setting method of any one of claims 1 to 6.
CN202011197022.3A 2020-10-30 2020-10-30 Data permission setting method and device, computer equipment and storage medium Pending CN112163206A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011197022.3A CN112163206A (en) 2020-10-30 2020-10-30 Data permission setting method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011197022.3A CN112163206A (en) 2020-10-30 2020-10-30 Data permission setting method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112163206A true CN112163206A (en) 2021-01-01

Family

ID=73865321

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011197022.3A Pending CN112163206A (en) 2020-10-30 2020-10-30 Data permission setting method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112163206A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113326321A (en) * 2021-06-10 2021-08-31 支付宝(杭州)信息技术有限公司 User data management method and device based on block chain
CN113806779A (en) * 2021-09-23 2021-12-17 深圳市商汤科技有限公司 System authority management method and device, electronic equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102930226A (en) * 2012-10-25 2013-02-13 无锡中科泛在信息技术研发中心有限公司 Method for controlling use permission of fine-grained client
CN105099983A (en) * 2014-04-16 2015-11-25 阿里巴巴集团控股有限公司 Authorization method, authority setting method and devices
CN106227785A (en) * 2016-07-15 2016-12-14 杭州数梦工场科技有限公司 The display packing of a kind of page object and device
CN107506658A (en) * 2017-07-10 2017-12-22 上海最会保网络科技有限公司 A kind of user authority management system and method
CN107633184A (en) * 2017-10-19 2018-01-26 上海砾阳软件有限公司 A kind of database and method and apparatus for being used to manage user right
CN109344601A (en) * 2018-10-11 2019-02-15 四川大学 A kind of role-security access control method and system
CN111291408A (en) * 2020-01-21 2020-06-16 文思海辉智科科技有限公司 Data management method and device and electronic equipment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102930226A (en) * 2012-10-25 2013-02-13 无锡中科泛在信息技术研发中心有限公司 Method for controlling use permission of fine-grained client
CN105099983A (en) * 2014-04-16 2015-11-25 阿里巴巴集团控股有限公司 Authorization method, authority setting method and devices
CN106227785A (en) * 2016-07-15 2016-12-14 杭州数梦工场科技有限公司 The display packing of a kind of page object and device
CN107506658A (en) * 2017-07-10 2017-12-22 上海最会保网络科技有限公司 A kind of user authority management system and method
CN107633184A (en) * 2017-10-19 2018-01-26 上海砾阳软件有限公司 A kind of database and method and apparatus for being used to manage user right
CN109344601A (en) * 2018-10-11 2019-02-15 四川大学 A kind of role-security access control method and system
CN111291408A (en) * 2020-01-21 2020-06-16 文思海辉智科科技有限公司 Data management method and device and electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113326321A (en) * 2021-06-10 2021-08-31 支付宝(杭州)信息技术有限公司 User data management method and device based on block chain
CN113806779A (en) * 2021-09-23 2021-12-17 深圳市商汤科技有限公司 System authority management method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US11030709B2 (en) Method and system for automatically creating and assigning assembly labor activities (ALAs) to a bill of materials (BOM)
US7237119B2 (en) Method, system and computer program for managing user authorization levels
CN112307444B (en) Role creation method, device, computer equipment and storage medium
US20230319001A1 (en) Snippet(s) of content associated with a communication platform
CN111814179A (en) User authority management and data control method and related equipment thereof
CN111680310B (en) Authority control method and device, electronic equipment and storage medium
JP7154842B2 (en) Permission management for cloud-based documents
CN112286997B (en) Salary data query method based on distributed deployment and related equipment
CN110134930A (en) Electronic contract management method, device, computer equipment and storage medium
CN113326991A (en) Automatic authorization method, device, computer equipment and storage medium
CN112163206A (en) Data permission setting method and device, computer equipment and storage medium
CN112328486A (en) Interface automation test method and device, computer equipment and storage medium
TWI716385B (en) Authentication method and authentication device
WO2017114210A1 (en) Apparatus and method for security control of data processing system
CN112860662A (en) Data blood relationship establishing method and device, computer equipment and storage medium
CN111651749A (en) Method and device for finding account based on password, computer equipment and storage medium
CN110750765A (en) Service system, front-end page control method thereof, computer device, and storage medium
CN112650659B (en) Buried point setting method and device, computer equipment and storage medium
CN114493901A (en) Data access application processing method and device, computer equipment and storage medium
CN112256760B (en) Data prediction method and device, computer equipment and storage medium
CN110648443B (en) Access control verification method, device, equipment and medium
CN113204427A (en) Resource management method, resource management device, computer equipment and storage medium
CN114666141B (en) Platform-as-a-service-based data processing method, device, medium and product
CN113283759B (en) Account risk portrait updating method, device, equipment and storage medium
CN111835852B (en) Method for transmitting data between WEB page and FTP server and related equipment thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20210204

Address after: 518000 room 64, 3 / F, building 364B, Jingui building, 68 Puti Road, Fubao community, Fubao street, Futian District, Shenzhen City, Guangdong Province

Applicant after: Shenzhen Pingan Zhihui Enterprise Information Management Co.,Ltd.

Address before: No.1411-14158, main tower of shipping center, No.59 Linhai Avenue, Nanshan street, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong 518000

Applicant before: Ping An digital information technology (Shenzhen) Co.,Ltd.

TA01 Transfer of patent application right