Nothing Special   »   [go: up one dir, main page]

WO2024140916A1 - Internet of things permission matrix model and interaction method thereof - Google Patents

Internet of things permission matrix model and interaction method thereof Download PDF

Info

Publication number
WO2024140916A1
WO2024140916A1 PCT/CN2023/142773 CN2023142773W WO2024140916A1 WO 2024140916 A1 WO2024140916 A1 WO 2024140916A1 CN 2023142773 W CN2023142773 W CN 2023142773W WO 2024140916 A1 WO2024140916 A1 WO 2024140916A1
Authority
WO
WIPO (PCT)
Prior art keywords
permission
internet
things
platform
role
Prior art date
Application number
PCT/CN2023/142773
Other languages
French (fr)
Chinese (zh)
Inventor
赵金鹏
钱长杰
丁霞
朱明�
Original Assignee
天翼物联科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 天翼物联科技有限公司 filed Critical 天翼物联科技有限公司
Publication of WO2024140916A1 publication Critical patent/WO2024140916A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Definitions

  • the present application relates to the technical field of Internet of Things, and in particular to an Internet of Things permission matrix model and an interaction method thereof.
  • Distributed platform management which is used to manage the information of each platform in the Internet of Things system
  • Permission code management which is used to manage permission codes in the Internet of Things system
  • Menu management the menu management is used to manage menu organization level information of the Internet of Things system
  • Universal role management which is used to maintain universal role types and universal role permission codes in the Internet of Things system.
  • managing the permission code in the Internet of Things system includes:
  • the menu organization level information includes a menu level, a button level, or an interface level.
  • managing the associated tenant permission information in the IoT system includes:
  • a tenant permission group corresponding to the new tenant is generated, and a corresponding general role is generated in the tenant permission group.
  • an embodiment of the present application provides an interactive method of an Internet of Things permission matrix model, comprising the following steps:
  • the menu code, the button code and the role code are verified for validity.
  • the permission synchronization includes checking partial or full role synchronization, incremental or full synchronization, synchronization of all tenants or part of tenants, and synchronization to a distributed platform.
  • FIG2 is a flow chart of an interactive method of an Internet of Things permission matrix model according to an embodiment of the present application
  • FIG3 is a schematic diagram of the interaction among the centralized platform, the authority matrix model and the distributed platform according to an embodiment of the present application.
  • an embodiment of the present application provides an Internet of Things permission matrix model, including distributed platform management, permission code management, menu management, tenant permission groups and general role management.
  • distributed platform management is used to manage the information of each platform in the IoT system, such as the name and Identification information.
  • the platform includes the centralized platform and each distributed platform.
  • the tenant permission group is used to manage the associated tenant permission information in the IoT system.
  • a tenant permission group when a new tenant successfully applies for registration, a tenant permission group will be automatically generated, and the corresponding general role will be generated by default in the tenant permission group and the general role permissions will be automatically maintained.
  • Tenants are supported to customize roles within the permission range of the general role, and customized role permissions are granted to tenant members.
  • granting roles operators are supported to grant permissions at the menu level, button interface level, and permission code. The system defaults to the permission code corresponding to the menu, button, and interface.
  • General role management is used to maintain general role types and permission codes related to general roles in the IoT system.
  • the interaction method of FIG. 2 when the interaction method of FIG. 2 is performed on the centralized platform, the authority matrix model, and the distributed platform, as shown in FIG. 3 , the following steps are included but are not limited to:
  • the operator creates an authorization code in the IAM module and selects the corresponding authorization code management system
  • Operation personnel can update and maintain permissions for configured general roles and permissions. Click on the page to view the menu organization structure, button interface organization structure, and permission code, and check the corresponding menus, buttons, and interfaces for each general role according to operation requirements. The system automatically adds the respective permission codes to the role.
  • the operator exports its permission matrix model in the centralized platform or other distributed platforms, and imports it into the new distributed platform to complete the distributed platform's menus, common roles, permission codes and other permission initialization work.
  • a company proposes to deploy a new distributed system in a certain province.
  • the operator exports the permission matrix model in the intensive platform, confirms that the menu, button, and interface permissions of the common roles involved in the permission matrix are correct, and then imports them into the newly built distributed system, thus completing the permission initialization of the new distributed system.
  • this embodiment has the following beneficial effects:

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses an Internet of Things permission matrix model and an interaction method thereof, and can be widely applied to the technical field of Internet of Things. The Internet of Things permission matrix model comprises: distributed platform management, the distributed platform management being used for managing information of each platform in a Internet of Things system; permission code management, the permission code management being used for managing permission codes in the Internet of Things system; menu management, the menu management being used for managing menu organization level information in the Internet of Things system; a tenant permission group, the tenant permission group being used for managing associated tenant permission information in the Internet of Things system; universal role management, the universal role management being used for maintaining the universal role type and a permission code of the universal role in the Internet of Things system. By means of the present Internet of Things permission matrix model, convenient maintenance of the system permission matrix can be implemented, so as to simplify the permission configuration process, allow an operator to conveniently maintain the default permission of each post role, and improve the operation efficiency.

Description

物联网权限矩阵模型及其交互方法Internet of Things Permission Matrix Model and Its Interaction Method 技术领域Technical Field
本申请涉及物联网技术领域,尤其是一种物联网权限矩阵模型及其交互方法。The present application relates to the technical field of Internet of Things, and in particular to an Internet of Things permission matrix model and an interaction method thereof.
背景技术Background technique
相关技术中,物联网系统的开发过程中,功能越来越丰富,每个菜单按钮以及接口都有重要意义,同时系统涉及到的人群角色也越来越广泛,不同人群需要使用物联网系统中的部分或全部功能。然而目前系统中的权限配置过程偏技术化,导致用户难以修改。In the related technologies, in the process of developing IoT systems, the functions are becoming more and more abundant, and each menu button and interface has important significance. At the same time, the roles of people involved in the system are becoming more and more extensive, and different groups of people need to use some or all functions in the IoT system. However, the permission configuration process in the current system is relatively technical, which makes it difficult for users to modify.
发明内容Summary of the invention
本申请旨在至少解决现有技术中存在的技术问题之一。为此,本申请提出一种物联网权限矩阵模型及其交互方法,能够简化权限配置过程。The present application aims to solve at least one of the technical problems existing in the prior art. To this end, the present application proposes an Internet of Things permission matrix model and an interaction method thereof, which can simplify the permission configuration process.
一方面,本申请实施例提供了一种物联网权限矩阵模型,包括:On the one hand, the embodiment of the present application provides an Internet of Things permission matrix model, including:
分布式平台管理,所述分布式平台管理用于管理物联网系统中各个平台信息;Distributed platform management, which is used to manage the information of each platform in the Internet of Things system;
权限码管理,所述权限码管理用于管理所述物联网系统中的权限码;Permission code management, which is used to manage permission codes in the Internet of Things system;
菜单管理,所述菜单管理用于管理所述物联网系统的菜单组织层级信息;Menu management, the menu management is used to manage menu organization level information of the Internet of Things system;
租户权限组,所述租户权限组用于管理所述物联网系统中的关联租户权限信息;A tenant permission group, which is used to manage the associated tenant permission information in the Internet of Things system;
通用角色管理,所述通用角色管理用于维护所述物联网系统中的通用角色类型和通用角色的权限码。Universal role management, which is used to maintain universal role types and universal role permission codes in the Internet of Things system.
在一些实施例中,所述管理物联网系统中各个平台信息,包括:In some embodiments, the management of information of each platform in the Internet of Things system includes:
管理物联网系统中各个平台的名称和标识信息。Manage the name and identification information of each platform in the IoT system.
在一些实施例中,所述管理所述物联网系统中的权限码,包括:In some embodiments, managing the permission code in the Internet of Things system includes:
管理所述物联网系统中访问使用的功能菜单权限、按钮权限和接口权限。Manage the function menu permissions, button permissions, and interface permissions used for access in the IoT system.
在一些实施例中,所述菜单组织层级信息包括菜单级、按钮级或接口级。In some embodiments, the menu organization level information includes a menu level, a button level, or an interface level.
在一些实施例中,所述管理所述物联网系统中的关联租户权限信息,包括:In some embodiments, managing the associated tenant permission information in the IoT system includes:
当有新租户申请注册成功,生成所述新租户对应的租户权限组,并在所述租户权限组中生成对应的通用角色。 When a new tenant successfully applies for registration, a tenant permission group corresponding to the new tenant is generated, and a corresponding general role is generated in the tenant permission group.
另一方面,本申请实施例提供了一种物联网权限矩阵模型的交互方法,包括以下步骤:On the other hand, an embodiment of the present application provides an interactive method of an Internet of Things permission matrix model, comprising the following steps:
通用角色权限初始化;Initialize general role permissions;
分布式平台权限初始化;Distributed platform permissions initialization;
对扩展权限进行配置。Configure extended permissions.
在一些实施例中,所述通用角色权限初始化,包括:In some embodiments, the general role permission initialization includes:
收集通用角色的菜单编码、按钮编码和角色编码;Collect menu codes, button codes and role codes of common characters;
将所述菜单编码、所述按钮编码和所述角色编码配置到所述物联网权限矩阵模型;Configuring the menu code, the button code and the role code to the Internet of Things authority matrix model;
在进入集约平台后,对所述菜单编码、所述按钮编码和所述角色编码进行有效性校验。After entering the centralized platform, the menu code, the button code and the role code are verified for validity.
在一些实施例中,所述分布式平台权限初始化,包括:In some embodiments, the distributed platform permission initialization includes:
在完成新建分布式平台后,确定需要复用权限的平台,导出平台权限矩阵文件;After completing the creation of a new distributed platform, determine the platform that needs to reuse permissions and export the platform permission matrix file;
将所述平台权限矩阵文件导入新建分布式平台,生成对应菜单、按钮、接口、通用角色和权限码。The platform permission matrix file is imported into the newly created distributed platform to generate corresponding menus, buttons, interfaces, general roles and permission codes.
在一些实施例中,所述对扩展权限进行配置,包括:In some embodiments, configuring the extended permissions includes:
当确定物联网系统新增功能,在通用角色处进行权限同步。When new functions are added to the IoT system, permissions are synchronized in the general roles.
在一些实施例中,所述权限同步包括复选部分或全部角色同步、增量或全量同步、全部租户或部分租户同步、以及同步至分布式平台。In some embodiments, the permission synchronization includes checking partial or full role synchronization, incremental or full synchronization, synchronization of all tenants or part of tenants, and synchronization to a distributed platform.
本申请实施例提供的一种物联网权限矩阵模型,具有如下有益效果:The IoT permission matrix model provided in the embodiment of the present application has the following beneficial effects:
通过在物联网权限矩阵模型中设置分布式平台管理、权限码管理、菜单管理、租户权限组和通用角色管理,以实现系统权限矩阵的便捷维护,进而简化权限配置过程,方便运营人员维护各岗位角色的默认权限,提高操作效率。By setting up distributed platform management, permission code management, menu management, tenant permission groups and general role management in the IoT permission matrix model, convenient maintenance of the system permission matrix can be achieved, thereby simplifying the permission configuration process, making it easier for operators to maintain the default permissions of each position role and improving operational efficiency.
本申请的附加方面和优点将在下面的描述中部分给出,部分将从下面的描述中变得明显,或通过本申请的实践了解到。Additional aspects and advantages of the present application will be given in part in the description below, and in part will become apparent from the description below, or will be learned through the practice of the present application.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
下面结合附图和实施例对本申请做进一步的说明,其中:The present application is further described below with reference to the accompanying drawings and embodiments, wherein:
图1为本申请实施例一种物联网权限矩阵模型的示意图;FIG1 is a schematic diagram of an Internet of Things permission matrix model according to an embodiment of the present application;
图2为本申请实施例一种物联网权限矩阵模型的交互方法的流程图;FIG2 is a flow chart of an interactive method of an Internet of Things permission matrix model according to an embodiment of the present application;
图3为本申请实施例集约平台、权限矩阵模型和分布式平台的交互示意图。FIG3 is a schematic diagram of the interaction among the centralized platform, the authority matrix model and the distributed platform according to an embodiment of the present application.
具体实施方式 Detailed ways
下面详细描述本申请的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本申请,而不能理解为对本申请的限制。The embodiments of the present application are described in detail below, and examples of the embodiments are shown in the accompanying drawings, wherein the same or similar reference numerals throughout represent the same or similar elements or elements having the same or similar functions. The embodiments described below with reference to the accompanying drawings are exemplary and are only used to explain the present application, and cannot be understood as limiting the present application.
在本申请的描述中,需要理解的是,涉及到方位描述,例如上、下、前、后、左、右等指示的方位或位置关系为基于附图所示的方位或位置关系,仅是为了便于描述本申请和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本申请的限制。In the description of the present application, it should be understood that descriptions involving orientation, such as up, down, front, back, left, right, etc., indicating orientations or positional relationships, are based on the orientations or positional relationships shown in the accompanying drawings, and are only for the convenience of describing the present application and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and therefore should not be understood as a limitation on the present application.
在本申请的描述中,若干的含义是一个以上,多个的含义是两个以上,大于、小于、超过等理解为不包括本数,以上、以下、以内等理解为包括本数。如果有描述到第一、第二只是用于区分技术特征为目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量或者隐含指明所指示的技术特征的先后关系。In the description of this application, "several" means more than one, "many" means more than two, "greater than", "less than", "exceed", etc. are understood to exclude the number itself, and "above", "below", "within", etc. are understood to include the number itself. If there is a description of "first" or "second", it is only used for the purpose of distinguishing technical features, and cannot be understood as indicating or implying relative importance or implicitly indicating the number of the indicated technical features or implicitly indicating the order of the indicated technical features.
本申请的描述中,除非另有明确的限定,设置、安装、连接等词语应做广义理解,所属技术领域技术人员可以结合技术方案的具体内容合理确定上述词语在本申请中的具体含义。In the description of this application, unless otherwise clearly defined, terms such as setting, installing, connecting, etc. should be understood in a broad sense, and technicians in the relevant technical field can reasonably determine the specific meanings of the above terms in this application based on the specific content of the technical solution.
本申请的描述中,参考术语“一个实施例”、“一些实施例”、“示意性实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本申请的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of the present application, the description with reference to the terms "one embodiment", "some embodiments", "illustrative embodiments", "examples", "specific examples", or "some examples" means that the specific features, structures, materials, or characteristics described in conjunction with the embodiment or example are included in at least one embodiment or example of the present application. In this specification, the schematic representation of the above terms does not necessarily refer to the same embodiment or example. Moreover, the specific features, structures, materials, or characteristics described may be combined in any one or more embodiments or examples in a suitable manner.
相关技术中,物联网在当今社会的运用已经越来越普遍,深入到一线生活中。而物联网系统作为承载物联网设备数据上传以及应用客户端指令下发传递的中间纽带,重要性也越发凸显。Among the related technologies, the application of IoT has become more and more common in today's society and has penetrated into the daily life of the frontline. As the intermediate link for uploading IoT device data and sending and transmitting application client instructions, the importance of IoT system has become more and more prominent.
物联网系统的开发过程中,功能越来越丰富,每个菜单按钮以及接口都有其重要的意义,同时系统涉及到的人群角色也越来越广泛,不同的人群需要使用物联网系统中部分或全部功能。During the development of the Internet of Things system, the functions are becoming more and more abundant. Each menu button and interface has its important significance. At the same time, the roles of the people involved in the system are becoming more and more extensive. Different people need to use some or all of the functions in the Internet of Things system.
为了解决物联网系统中复杂权限定义以及后续系统功能扩展后权限分配控制,并且实现为特定、非特定角色查看、操作相关权限分配尤为重要。同时涉及到不同省份分布式平台相关权限有其类似性,如何快速进行特定权限分配也非常重要。In order to solve the complex permission definition in the IoT system and the subsequent permission allocation control after the system function expansion, it is particularly important to realize the allocation of relevant permissions for specific and non-specific roles to view and operate. At the same time, the relevant permissions of distributed platforms in different provinces are similar, so how to quickly allocate specific permissions is also very important.
基于此,参照图1,本申请实施例提供了一种物联网权限矩阵模型,包括分布式平台管理、权限码管理、菜单管理、租户权限组和通用角色管理。Based on this, referring to Figure 1, an embodiment of the present application provides an Internet of Things permission matrix model, including distributed platform management, permission code management, menu management, tenant permission groups and general role management.
具体地,分布式平台管理用于管理物联网系统中各个平台信息,例如各个平台的名称和 标识信息。其中,平台包括集约平台和各个分布式平台。Specifically, distributed platform management is used to manage the information of each platform in the IoT system, such as the name and Identification information. The platform includes the centralized platform and each distributed platform.
权限码管理用于管理物联网系统中各个功能的权限码,用于实质控制用户能够访问使用的功能菜单权限、按钮权限或接口权限,包括权限码名称、权限编码等。Permission code management is used to manage the permission codes of various functions in the IoT system, and is used to actually control the function menu permissions, button permissions or interface permissions that users can access and use, including permission code names, permission codes, etc.
菜单管理用于管理所述物联网系统的菜单组织层级信息。本实施例中,物联网系统中菜单包括菜单组织层级,涵盖多级维度,菜单组织层级信息包括菜单级、按钮级、接口级。创建包括名称、类型、资源编码、权限编码、排序、备注等字段。Menu management is used to manage the menu organization level information of the IoT system. In this embodiment, the menu in the IoT system includes a menu organization level, covering multiple levels of dimensions, and the menu organization level information includes menu level, button level, and interface level. Create fields including name, type, resource code, permission code, sort, and remarks.
租户权限组用于管理所述物联网系统中的关联租户权限信息。本实施例中,当有新租户申请注册成功后,将自动生成一个租户权限组,并且在该租户权限组中默认生成对应的通用角色并自动维护好通用角色权限。支持租户基于通用角色的权限范围内自定义角色,并给租户成员赋予自定义角色权限。其中在进行角色赋权时,支持运营人员按菜单级赋权、按钮接口级赋权、权限码赋权,系统默认取菜单、按钮、接口对应的权限码。The tenant permission group is used to manage the associated tenant permission information in the IoT system. In this embodiment, when a new tenant successfully applies for registration, a tenant permission group will be automatically generated, and the corresponding general role will be generated by default in the tenant permission group and the general role permissions will be automatically maintained. Tenants are supported to customize roles within the permission range of the general role, and customized role permissions are granted to tenant members. When granting roles, operators are supported to grant permissions at the menu level, button interface level, and permission code. The system defaults to the permission code corresponding to the menu, button, and interface.
通用角色管理用于维护物联网系统中的通用角色类型和通用角色涉及的权限码。General role management is used to maintain general role types and permission codes related to general roles in the IoT system.
基于图1所示的物联网权限矩阵模型,如图2所示,本申请实施例提供了一种物联网权限矩阵模型的交互方法,包括但不限于以下步骤:Based on the IoT permission matrix model shown in FIG1 , as shown in FIG2 , the embodiment of the present application provides an interaction method of the IoT permission matrix model, including but not limited to the following steps:
步骤S210、通用角色权限初始化;Step S210, initializing general role permissions;
在本申请实施例中,在通用角色权限初始化时,可以收集通用角色的菜单编码、按钮编码和角色编码;将菜单编码、按钮编码和角色编码配置到物联网权限矩阵模型;并在进入集约平台后,对菜单编码、按钮编码和角色编码进行有效性校验。可以理解的是,本申请实施例提供的交互方法包括提供一套权限矩阵模型表,涉及id(菜单、按钮、接口对应的id)、组织架构层级(菜单层级、按钮层级、接口层级)、通用角色、角色编码。本实施例在收集好各通用角色相关的菜单、按钮、接口权限矩阵后,维护至模型中。然后登录集约平台,在权限维护页面,选择需要导入的系统(例如运营后台、控制台等),系统进行数据有效性校验。校验成功后,完成权限矩阵导入,实现各通用角色默认权限的维护。In an embodiment of the present application, when the general role permissions are initialized, the menu codes, button codes, and role codes of the general roles can be collected; the menu codes, button codes, and role codes are configured to the Internet of Things permission matrix model; and after entering the intensive platform, the menu codes, button codes, and role codes are checked for validity. It can be understood that the interactive method provided in the embodiment of the present application includes providing a set of permission matrix model tables, involving id (id corresponding to menus, buttons, and interfaces), organizational structure levels (menu levels, button levels, interface levels), general roles, and role codes. After collecting the menu, button, and interface permission matrices related to each general role, this embodiment maintains them in the model. Then log in to the intensive platform, select the system to be imported (such as the operation background, console, etc.) on the permission maintenance page, and the system performs data validity verification. After the verification is successful, the permission matrix import is completed to achieve the maintenance of the default permissions of each general role.
步骤S220、分布式平台权限初始化;Step S220: Distributed platform permissions are initialized;
在本申请实施例中,本实施例在完成新建分布式平台后,确定需要复用权限的平台,导出平台权限矩阵文件;然后将平台权限矩阵文件导入新建分布式平台,生成对应菜单、按钮、接口、通用角色和权限码。可以理解的是,集约或分布式平台支持权限矩阵模型的导出及导入。新搭建的分布式平台搭建后,先选择需要复用权限的平台,在对应系统中点击系统权限矩阵菜单,导出该平台权限矩阵文件,包括对应的通用角色、角色编码及对应的菜单、按钮、接口id相关信息,在新搭建的分布式平台中完成导入,校验成功后,将自动生成对应的菜单、 按钮、接口以及通用角色和对应权限码。In an embodiment of the present application, after completing the construction of a new distributed platform, this embodiment determines the platform that needs to reuse permissions and exports the platform permission matrix file; then imports the platform permission matrix file into the new distributed platform to generate corresponding menus, buttons, interfaces, general roles and permission codes. It can be understood that intensive or distributed platforms support the export and import of permission matrix models. After the newly built distributed platform is built, first select the platform that needs to reuse permissions, click the system permission matrix menu in the corresponding system, export the platform permission matrix file, including the corresponding general roles, role codes and corresponding menus, buttons, interface id related information, complete the import in the newly built distributed platform, and after successful verification, the corresponding menus, buttons, and interface ids will be automatically generated. Buttons, interfaces, common roles and corresponding permission codes.
步骤S230、对扩展权限进行配置。Step S230: configure extended permissions.
在本申请实施例中,当确定物联网系统新增功能,在通用角色处进行权限同步。其中,权限同步包括复选部分或全部角色同步、增量或全量同步、全部租户或部分租户同步、以及同步至分布式平台。可以理解的是,当物联网系统拓展开发了新功能,在通用角色处支持权限同步。其中权限同步支持复选部分或全部角色同步、增量或全量同步、同步全部租户或部分租户以及同步至分布式平台。In an embodiment of the present application, when a new function is determined for the IoT system, permission synchronization is performed at the general role. Among them, permission synchronization includes checking some or all role synchronization, incremental or full synchronization, synchronization of all tenants or some tenants, and synchronization to a distributed platform. It is understandable that when the IoT system expands and develops new functions, permission synchronization is supported at the general role. Among them, permission synchronization supports checking some or all role synchronization, incremental or full synchronization, synchronization of all tenants or some tenants, and synchronization to a distributed platform.
在一些实施例中,将图2的交互方法在集约平台、权限矩阵模型和分布式平台进行交互时,如图3所示,包括但不限于以下步骤:In some embodiments, when the interaction method of FIG. 2 is performed on the centralized platform, the authority matrix model, and the distributed platform, as shown in FIG. 3 , the following steps are included but are not limited to:
系统初始化,初始化系统基本初始能力,例如IAM功能模块;System initialization, initializing the basic initial capabilities of the system, such as the IAM function module;
运营人员在IAM模块中创建权限码,选择对应的权限码管理系统;The operator creates an authorization code in the IAM module and selects the corresponding authorization code management system;
运营人员在菜单管理中创建菜单、按钮、接口,并维护其对应的权限码;Operators create menus, buttons, and interfaces in menu management and maintain their corresponding permission codes;
运营人员在通用角色管理中配置默认角色,如:租户管理员、租户成员、运营管理员、运营专员等通用角色。Operation personnel configure default roles in general role management, such as tenant administrator, tenant member, operation administrator, operation specialist, and other general roles.
运营人员进行权限矩阵维护,先导出本系统的权限矩阵模型,包括id、菜单、按钮、接口组织架构、通用角色及角色编码。在导出的权限矩阵模型表格中维护收集的各个角色需要用到的权限,并导入到系统中。The operator performs permission matrix maintenance and first exports the permission matrix model of the system, including id, menu, button, interface organization structure, general role and role code. In the exported permission matrix model table, the permissions required by each role are maintained and imported into the system.
运营人员针对已配置的通用角色及权限,可以更新维护权限。通过页面点击查看菜单组织架构、按钮接口组织架构、权限码,并且根据运营要求对各个通用角色勾选对应的菜单、按钮、接口,系统自动将各自的权限码添加至角色中。Operation personnel can update and maintain permissions for configured general roles and permissions. Click on the page to view the menu organization structure, button interface organization structure, and permission code, and check the corresponding menus, buttons, and interfaces for each general role according to operation requirements. The system automatically adds the respective permission codes to the role.
分布式平台搭建后,运营人员在集约平台或其他分布式平台中导出其权限矩阵模型,在新分布式平台中进行导入,即可完成分布式平台的菜单、通用角色、权限码等权限初始化工作。After the distributed platform is built, the operator exports its permission matrix model in the centralized platform or other distributed platforms, and imports it into the new distributed platform to complete the distributed platform's menus, common roles, permission codes and other permission initialization work.
运营人员针对物联网系统新开发的功能,可以在通用角色管理中点击同步按钮,可以选择部分或全量角色、权限增量或全量、全部租户或部分租户以及同步至哪些分布式平台的工作。For new features developed for the IoT system, operators can click the Sync button in General Role Management and select partial or full roles, incremental or full permissions, all or some tenants, and which distributed platforms to synchronize to.
在一些示例性场景中,某公司提出在某省新部署一个分布式系统,运营人员将集约平台中权限矩阵模型导出,确认权限矩阵中涉及的各通用角色的菜单、按钮、接口权限无误后,在新搭建的分布式系统中进行导入,即完成了新分布式系统的权限初始化。In some exemplary scenarios, a company proposes to deploy a new distributed system in a certain province. The operator exports the permission matrix model in the intensive platform, confirms that the menu, button, and interface permissions of the common roles involved in the permission matrix are correct, and then imports them into the newly built distributed system, thus completing the permission initialization of the new distributed system.
同时,初始化权限后,后续的运营工作中,审计人员会定期对各角色的权限进行审计, 审计人员仅需导出该平台的权限矩阵,核对各个角色的编辑、导出、审核等敏感权限是否合规,审计的过程中可以剔除角色的不合规菜单、按钮、接口权限,便可以将合规的权限矩阵重新导入系统,系统自动将角色的原有权限替换成新权限。At the same time, after the permissions are initialized, auditors will regularly audit the permissions of each role in subsequent operations. Auditors only need to export the platform's permission matrix and check whether each role's sensitive permissions such as editing, exporting, and reviewing are compliant. During the audit process, the role's non-compliant menus, buttons, and interface permissions can be eliminated, and the compliant permission matrix can be re-imported into the system. The system automatically replaces the role's original permissions with new permissions.
由此可知,本申请实施例提供了一种物联网权限矩阵模型的交互方法,通过维护一套集约平台的权限矩阵,包括设置集约平台的各类权限码、角色管理、菜单按钮接口管理,即可完成权限矩阵配置。进而可以在集约平台新租户创建后初始化角色权限并能实现租户间通用角色权限差异化配置,同时可以解决现有分布式系统搭建后,角色权限需全部要重新维护的问题。It can be seen that the embodiment of the present application provides an interactive method for the Internet of Things permission matrix model. By maintaining a set of permission matrices of an intensive platform, including setting various permission codes, role management, and menu button interface management of the intensive platform, the permission matrix configuration can be completed. Then, the role permissions can be initialized after the creation of a new tenant on the intensive platform, and the differentiated configuration of the common role permissions between tenants can be realized. At the same time, it can solve the problem that all role permissions need to be re-maintained after the existing distributed system is built.
并且搭建的权限矩阵可以让运营人员摆脱现有权限配置过程中偏技术化的配置方式,解决运营人员对权限码与实际用户可见的菜单、按钮、接口之间的对应关系的差异。从而实现运营人员配置的所见即所得,以保证权限配置的准确性及便捷性。In addition, the permission matrix built can help operators get rid of the technical configuration method in the existing permission configuration process, and solve the differences in the correspondence between the permission code and the menus, buttons, and interfaces visible to actual users. This will enable operators to configure what they see is what they get, ensuring the accuracy and convenience of permission configuration.
综上所述,本实施例具有如下有益效果:In summary, this embodiment has the following beneficial effects:
第一点、通过物联网分布式权限矩阵模型构建可以实现系统权限矩阵的便捷维护,方便运营人员维护各岗位角色的默认权限,提高操作效率。First, through the construction of the IoT distributed permission matrix model, convenient maintenance of the system permission matrix can be achieved, which makes it convenient for operators to maintain the default permissions of various job roles and improve operational efficiency.
第二点、权限矩阵模型搭建后,可以进行权限矩阵模型的导出,即可进行定期权限审计,将超量权限回收以及赋予审计后合规权限。Second, after the permission matrix model is built, the permission matrix model can be exported, and regular permission audits can be conducted to reclaim excess permissions and grant compliance permissions after the audit.
第三点、权限矩阵模型还能实现新分布式平台的菜单、按钮、接口、权限码等权限初始化工作,极大提升运营效率。Third, the permission matrix model can also realize the permission initialization work such as menus, buttons, interfaces, permission codes, etc. of the new distributed platform, greatly improving operational efficiency.
第四点、权限矩阵交互方法中支持通过依据菜单、按钮、接口组织架构来勾选,系统自动赋予勾选的对应的权限码,可以减少目前系统运营人员勾选的权限码与实际需要的权限之间的不一致的问题,做到所见即所得。Fourthly, the permission matrix interaction method supports checking based on the menu, button, and interface organizational structure. The system automatically assigns the corresponding permission code to the checked one, which can reduce the inconsistency between the permission code checked by the current system operator and the actual required permissions, so that what you see is what you get.
第五点、权限矩阵交互方法中支持权限的多样化同步操作,包括增量/全量权限同步、全部租户/部分租户权限同步等操作,极大简化运营人员赋权的繁琐工作。Fifth, the permission matrix interaction method supports diversified synchronization operations of permissions, including incremental/full permission synchronization, synchronization of permissions of all tenants/partial tenants, etc., which greatly simplifies the tedious work of empowering operators.
上面结合附图对本申请实施例作了详细说明,但是本申请不限于上述实施例,在所属技术领域普通技术人员所具备的知识范围内,还可以在不脱离本申请宗旨的前提下作出各种变化。此外,在不冲突的情况下,本申请的实施例及实施例中的特征可以相互组合。 The embodiments of the present application are described in detail above in conjunction with the accompanying drawings, but the present application is not limited to the above embodiments. Various changes can be made within the knowledge of ordinary technicians in the relevant technical field without departing from the purpose of the present application. In addition, the embodiments of the present application and the features in the embodiments can be combined with each other without conflict.

Claims (10)

  1. 一种物联网权限矩阵模型,包括:An Internet of Things permission matrix model, including:
    分布式平台管理,所述分布式平台管理用于管理物联网系统中各个平台信息;Distributed platform management, which is used to manage the information of each platform in the Internet of Things system;
    权限码管理,所述权限码管理用于管理所述物联网系统中的权限码;Permission code management, which is used to manage permission codes in the Internet of Things system;
    菜单管理,所述菜单管理用于管理所述物联网系统的菜单组织层级信息;Menu management, the menu management is used to manage menu organization level information of the Internet of Things system;
    租户权限组,所述租户权限组用于管理所述物联网系统中的关联租户权限信息;A tenant permission group, which is used to manage the associated tenant permission information in the Internet of Things system;
    通用角色管理,所述通用角色管理用于维护所述物联网系统中的通用角色类型和通用角色的权限码。Universal role management, which is used to maintain universal role types and universal role permission codes in the Internet of Things system.
  2. 根据权利要求1所述的一种物联网权限矩阵模型,其中,所述管理物联网系统中各个平台信息,包括:According to the IoT authority matrix model of claim 1, the management of information of each platform in the IoT system includes:
    管理物联网系统中各个平台的名称和标识信息。Manage the name and identification information of each platform in the IoT system.
  3. 根据权利要求1所述的一种物联网权限矩阵模型,其中,所述管理所述物联网系统中的权限码,包括:According to the Internet of Things permission matrix model of claim 1, wherein the management of permission codes in the Internet of Things system comprises:
    管理所述物联网系统中访问使用的功能菜单权限、按钮权限和接口权限。Manage the function menu permissions, button permissions, and interface permissions used for access in the IoT system.
  4. 根据权利要求1所述的一种物联网权限矩阵模型,其中,所述菜单组织层级信息包括菜单级、按钮级或接口级。According to the Internet of Things permission matrix model according to claim 1, wherein the menu organization level information includes menu level, button level or interface level.
  5. 根据权利要求1所述的一种物联网权限矩阵模型,其中,所述管理所述物联网系统中的关联租户权限信息,包括:According to the IoT permission matrix model of claim 1, the step of managing the associated tenant permission information in the IoT system comprises:
    当有新租户申请注册成功,生成所述新租户对应的租户权限组,并在所述租户权限组中生成对应的通用角色。When a new tenant successfully applies for registration, a tenant permission group corresponding to the new tenant is generated, and a corresponding general role is generated in the tenant permission group.
  6. 一种物联网权限矩阵模型的交互方法,其中,包括以下步骤:An interactive method for an Internet of Things permission matrix model, comprising the following steps:
    通用角色权限初始化;Initialize general role permissions;
    分布式平台权限初始化;Distributed platform permissions initialization;
    对扩展权限进行配置。Configure extended permissions.
  7. 根据权利要求6所述的一种物联网权限矩阵模型的交互方法,其中,所述通用角色权限初始化,包括:According to the interactive method of the Internet of Things permission matrix model according to claim 6, wherein the general role permission initialization includes:
    收集通用角色的菜单编码、按钮编码和角色编码;Collect menu codes, button codes and role codes of common characters;
    将所述菜单编码、所述按钮编码和所述角色编码配置到所述物联网权限矩阵模型;Configuring the menu code, the button code and the role code to the Internet of Things authority matrix model;
    在进入集约平台后,对所述菜单编码、所述按钮编码和所述角色编码进行有效性校验。 After entering the centralized platform, the menu code, the button code and the role code are checked for validity.
  8. 根据权利要求6所述的一种物联网权限矩阵模型的交互方法,其中,所述分布式平台权限初始化,包括:According to the interactive method of the Internet of Things permission matrix model according to claim 6, wherein the distributed platform permission initialization includes:
    在完成新建分布式平台后,确定需要复用权限的平台,导出平台权限矩阵文件;After completing the creation of a new distributed platform, determine the platform that needs to reuse permissions and export the platform permission matrix file;
    将所述平台权限矩阵文件导入新建分布式平台,生成对应菜单、按钮、接口、通用角色和权限码。The platform permission matrix file is imported into the newly created distributed platform to generate corresponding menus, buttons, interfaces, general roles and permission codes.
  9. 根据权利要求6所述的一种物联网权限矩阵模型的交互方法,其中,所述对扩展权限进行配置,包括:According to the interactive method of the Internet of Things permission matrix model according to claim 6, wherein the configuring of the extended permissions comprises:
    当确定物联网系统新增功能,在通用角色处进行权限同步。When new functions are added to the IoT system, permissions are synchronized in the general roles.
  10. 根据权利要求9所述的一种物联网权限矩阵模型的交互方法,其中,所述权限同步包括复选部分或全部角色同步、增量或全量同步、全部租户或部分租户同步、以及同步至分布式平台。 According to the interactive method of the Internet of Things permission matrix model according to claim 9, the permission synchronization includes checking some or all role synchronization, incremental or full synchronization, synchronization of all tenants or some tenants, and synchronization to a distributed platform.
PCT/CN2023/142773 2022-12-29 2023-12-28 Internet of things permission matrix model and interaction method thereof WO2024140916A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202211708728.0 2022-12-29
CN202211708728.0A CN116094787A (en) 2022-12-29 2022-12-29 Internet of things permission matrix model and interaction method thereof

Publications (1)

Publication Number Publication Date
WO2024140916A1 true WO2024140916A1 (en) 2024-07-04

Family

ID=86209663

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/142773 WO2024140916A1 (en) 2022-12-29 2023-12-28 Internet of things permission matrix model and interaction method thereof

Country Status (2)

Country Link
CN (1) CN116094787A (en)
WO (1) WO2024140916A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116094787A (en) * 2022-12-29 2023-05-09 天翼物联科技有限公司 Internet of things permission matrix model and interaction method thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019543A (en) * 2020-08-27 2020-12-01 四川长虹电器股份有限公司 Multi-tenant permission system based on BRAC model
CN113688376A (en) * 2021-07-15 2021-11-23 上海浦东发展银行股份有限公司 Tenant authority control method for realizing container cloud platform based on CMDB system and RBAC model
CN113761506A (en) * 2020-09-24 2021-12-07 北京京东拓先科技有限公司 Authority management method and device
WO2021254501A1 (en) * 2020-06-19 2021-12-23 京东方科技集团股份有限公司 Role authorization method and system
CN116094787A (en) * 2022-12-29 2023-05-09 天翼物联科技有限公司 Internet of things permission matrix model and interaction method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021254501A1 (en) * 2020-06-19 2021-12-23 京东方科技集团股份有限公司 Role authorization method and system
CN112019543A (en) * 2020-08-27 2020-12-01 四川长虹电器股份有限公司 Multi-tenant permission system based on BRAC model
CN113761506A (en) * 2020-09-24 2021-12-07 北京京东拓先科技有限公司 Authority management method and device
CN113688376A (en) * 2021-07-15 2021-11-23 上海浦东发展银行股份有限公司 Tenant authority control method for realizing container cloud platform based on CMDB system and RBAC model
CN116094787A (en) * 2022-12-29 2023-05-09 天翼物联科技有限公司 Internet of things permission matrix model and interaction method thereof

Also Published As

Publication number Publication date
CN116094787A (en) 2023-05-09

Similar Documents

Publication Publication Date Title
US8250636B2 (en) Instrument access control system
CN110472388B (en) Equipment management and control system and user permission control method thereof
US6058426A (en) System and method for automatically managing computing resources in a distributed computing environment
WO2024140916A1 (en) Internet of things permission matrix model and interaction method thereof
JP5623271B2 (en) Information processing apparatus, authority management method, program, and recording medium
US20050188367A1 (en) Executable application configuration system
JP2002099686A (en) Workflow system, information processor, workflow defining method, storage medium, and program transmission device
CN101262377A (en) Integration management architecture for user identity information and its method
CN111898149B (en) User management system and method for multiple organizations
US9253173B2 (en) System and method for supporting security administration
WO2005022367A1 (en) System and method for managing access entitlements in a computing network
US7895332B2 (en) Identity migration system apparatus and method
CN101548263B (en) Method and system for modeling options for opaque management data for a user and/or an owner
CN113688376A (en) Tenant authority control method for realizing container cloud platform based on CMDB system and RBAC model
CN117785975A (en) System for checking service data by using rule set
CN117275123A (en) Verification mode configuration method and device and computer equipment
CN115357284A (en) Multi-dimensional data authority control configuration system and method
CN114157581B (en) Method, apparatus, storage medium and electronic device for providing blockchain service
WO2019237589A1 (en) Method, device, and computer apparatus, for automatic authorization and computer storage medium
CN114726629B (en) Authority configuration method, system, device, electronic equipment and readable storage medium
JP2019159715A (en) Information processing device, control method therefor, and program
CN117828632A (en) Authority data control method and device
CN116127526A (en) Data verification method, device, electronic equipment and computer readable storage medium
CN114693080A (en) Management system based on industrial internet identification analysis secondary node
JP2021060662A (en) Information processing system and control method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23910832

Country of ref document: EP

Kind code of ref document: A1