CN101226615A - Business events process synergic modeling method based on role authority control - Google Patents
Business events process synergic modeling method based on role authority control Download PDFInfo
- Publication number
- CN101226615A CN101226615A CNA2008100575484A CN200810057548A CN101226615A CN 101226615 A CN101226615 A CN 101226615A CN A2008100575484 A CNA2008100575484 A CN A2008100575484A CN 200810057548 A CN200810057548 A CN 200810057548A CN 101226615 A CN101226615 A CN 101226615A
- Authority
- CN
- China
- Prior art keywords
- lock
- modeling
- subprocess
- combined moving
- revise
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
Provided is an enterprise business synergic modeling approach based on roles access control in the technical field of enterprise engineering and information, which is mainly in view of the characteristics of multi-phase, multi-step and multi-level of process of modern enterprise business and by means of thoughts of system access control based on roles and harmonizing theory and bringing in novel synergic access mechanism, the invention coordinates the modeling personnel of multi-department, different level and different profession to conduct parallel and exotically model building for the process of the enterprise business. The core is based on the roles of modeling personnel in business process access control mechanism RBPMPC and concurrent access control of the model is conducted in the process of synergic modeling by two different sub-procedure operation locks and four locking rules. The invention consults the decomposable process of the process of the enterprise business and decomposes the modeling task by employing top-down manner and manner of refining down step by step, which mainly includes three basic steps of primary decomposition, refining modeling and sub-procedure integration and the like.
Description
Technical field
The present invention relates to enterprise engineering and infotech and field, particularly, relates to a kind of business events process synergic modeling method based on role-security control.
Background technology
Business events process is the core of enterprise, the business procedure chain of being made up of a series of business activities, and related composition of business procedure chain and other views (information view, organize views and resource view etc.).Along with the development of product scale and the appearance of virtual enterprise and dynamic enterprise alliance, the information architecture of enterprise presents the trend of distribution and networking day by day, the complexity of business events process model constantly increases, the specialty span constantly strengthens, often relate to a plurality of stages (as design, manufacture, several megastages of verification experimental verification and working service), a plurality of links are (as the product required design that comes into the market, make, the marketing link), and each stage, each link can further be divided and (is divided into conceptual design again as the design phase, primary design and detailed design phase etc.), even if only also can relate to a plurality of specialties by a part process that enterprise or department were responsible for.Therefore, multistage, too many levels, become modern enterprise business procedure, the important feature of particularly large-scale manufacturing business events process at many levels.
The business events process modeling is exactly by the activity in the definition enterprise, concerns according to the I/O between workflow foundation activity and the product; Cooperation relation between impersonal force resource in the resource model, the human resources foundation activity in the organize models and the movable resource requirement of realization by reference, thus business events process is described.In order to finish modeling, need the professional modeling personnel's of each domain expert, relevant decision-maker and a plurality of department, different levels fellowship usually to the complicated business process.Therefore, at first carry out mutual with regard to modeling demand and model definition in the traditional business process management and reach an agreement by the related personnel, it is inadequate to set up Agile Modeling ability day of single user modeling mode of business process model by professional modeling personnel then, can't make enterprise to continue to change, the uncertain market demand makes reaction rapidly and accurately.
On the other hand, the complicated business process is core with the activity, can be split as numerous independently subprocess, and becomes the base unit of collaborative modeling.According to the logical relation between subprocess, divide different levels, reduce the complicacy of each level, can be from the multi-level collaborative modeling of angle support of model.The whole service process can be used as the subprocess of highest level.Like this, the complicated business process in the single plane will form procedure structure decomposition tree shown in Figure 1, and subprocess shows as combined moving in model, not only can be nested, and have certain stage independence or professional independence.
But need be when collaborative modeling from the angle of work independence and model information safety, the authority of modeling personnel visit or edit model is managed.In the collaborative modeling of business procedure, modeling personnel may be able to operate a plurality of subprocess, and different modeling personnel also may have the identical operations authority to same subprocess, so are a kind of relation of multi-to-multi between modeling personnel and the subprocess, as shown in Figure 2.If directly there are following two kinds of drawbacks in the rights management mode that modeling personnel and corresponding subprocess are connected:
1. owing to concrete modeling personnel can change along with the change (as staff redeployment) of some extraneous factors, subprocess also can carrying out and change with modeling work, therefore produce the needs that modeling personnel's authority is redistributed through regular meeting, thereby be unfavorable for the stable maintenance of rights management;
2. exist for and bring the possibility of repetitive operation when a large amount of modeling personnel carry out right assignment.Particularly in the process model complexity, under a fairly large number of situation of modeling personnel, a large amount of repetitive operations that above drawback caused for the adverse effect of collaborative modeling with even more serious.
Summary of the invention
The objective of the invention is at multi-level, the multistage characteristics of business events process, real needs in conjunction with the enterprise process collaborative modeling, by using for reference based on system's access control of role and coordinating theoretical thought and introduce new collaborative access mechanism, propose a kind of synergic modeling method of the business events process based on role-security control, thereby effectively support the modeling personnel of a plurality of departments, different levels, different specialties that complicated business events process is carried out collaborative modeling.
The core of the inventive method is a kind of business procedure modeling personnel mechanism of authorization control based RBPMPC based on the role (Role-based Business Process Modeler Privilege Control), and it may be defined as one hexa-atomic group, that is:
RBPMAC=(S, U, R, P, RP, UR), wherein:
1.S be the subprocess set;
2.U, be the entity that subprocess is operated for modeling personnel set;
3.R be role's set, each role has represented a kind of qualification, right and responsibility, and has different authorities;
4.P be the authority set, its element is two tuples of a subprocess and a kind of operating right, represents the pairing operating right of different subprocess, P={ (s, p) | s ∈ S, p ∈ w, and r, u}}, wherein:
1) but w is a write permission, expression can be edited the internal information of subprocess s, is included in the model element of creating in the refinement modeling process of s, revising, deletion belongs to s;
2) r is a read-only authority, and expression only can be browsed the internal information of subprocess s;
3) u is an inaccessible, and expression can not be read the internal information of subprocess s.Being provided with of this authority can avoid corresponding modeling personnel to read the model information that it is maintained secrecy, and guarantees the safety of model information to a certain extent;
5.RP be the set of authority configuration relation, its element is a role and a kind of role's two tuples, represents the authority that each role has, and RP={ (r, p) | r ∈ R, p ∈ P};
6.UR be the role assignments set of relationship, its element is modeling personnel and a kind of role's two tuples, the role that expression modeling personnel are appointed, UR={ (u, r) | u ∈ U, r ∈ R}.Modeling personnel can be assigned to some roles, and a kind of role also can be endowed several concrete modeling personnel.
The collaborative modeling environment can by the modeling personnel corresponding role's authority judge whether its operation to subprocess legal, for example, if (p1=w) ∧ ((s1; p1) ∧ ((r1 ∈ P); p1) ∈ RP) ((u1, r1) ∈ UR) illustrates that then modeling personnel u1 has write permission to subprocess s1 to ∧.As shown in Figure 3, after introducing RBPMAC, the role connects modeling personnel and subprocess as middle bridge, in fact to the setting of modeling personnel authority is exactly role assignments to the modeling personnel, and authorize the operating right of role to subprocess, realized the logical separation of modeling personnel and access rights.
The present invention is based on RBPMAC and adopt top-down, the synergic modeling method of refinement progressively, the decomposable process of corresponding business events process carries out the decomposition of modeling task.For avoiding editor's conflict to need to adopt lock mechanism that model is carried out concurrent access control, the present invention has defined two kinds of different subprocess operable lock and four rules that lock for this reason, and is specific as follows in the collaborative modeling process:
1. revise lock: when the user adds the modification lock to combined moving, can make amendment to combined moving, other user can not revise this combined moving.It mainly acts on is to avoid direct access conflict.Be designated as the S lock, the modification lock state of subprocess P is designated as S (P), locks then S (P)=1 if added to revise, otherwise S (P)=0;
2. freeze lock: when the user adds when freezing to lock combined moving, all users can not revise combined moving, comprise the user self that locks, and allow to give a combined moving to add a plurality of locks that freeze.Its effect is to cooperate to revise to lock to avoid indirect conflict.Be designated as the T lock, the lock state that freezes of subprocess P then is designated as T (P), has n to freeze to lock then T (P)=n on the P, and n>0 does not freeze on the P to lock then T (P)=0.
Rule 1 locks: it is not add on the pairing subprocess model of this combined moving to revise lock or freeze lock, i.e. S (P)=0 and T (P)=0 that a combined moving is added the prerequisite of revising lock.
Rule 2 locks: can add the condition of revising lock to a combined moving C is that whole father's combined movings of this combined moving do not add and revise lock, and promptly C if satisfy C* → P, then has S (C)=0.
Rule 3 locks: a combined moving P is added when revising lock, and whole sub-portfolio activities of this combined moving add to be revised lock and adds one for whole father's combined movings and freezes lock, promptly P is added revise lock after, model should satisfy following condition:
1)S(P)=1;
2) C if satisfy P* → C, then makes S (C)=1;
3) C if satisfy C* → P, then makes T (C)=T (C)+1;
Lock regular 4: during to a combined moving P releasing modification lock, whole sub-portfolio activities releasing modifications of this combined moving are locked and are removed one to whole father's combined movings and freeze to lock, and promptly after P releasing modification was locked, model should satisfy following condition:
1)S(P)=0;
2)C,if?P*→C,then?S(C)=0.
3)C,if?C*→P,then?T(C)=T(C)-1.
Before the modeling personnel revise a combined moving, should send one to modeling environment and add the request of revising lock, whether modeling environment application rule two judgment models current states meet the condition that locks of revising lock.If eligible, then three pairs of combined movings of application rule lock.After the modeling personnel revise model, application rule four releases.Utilize two kinds of locks and four rules that lock to avoid concurrent access conflict between model, thereby guarantee the integrality of model semantics.
Description of drawings
The Hiberarchy Decomposition of Fig. 1 complicated business process model
Fig. 2 modeling personnel-subprocess authority corresponding relation
Fig. 3 modeling personnel-role-subprocess authority corresponding relation
Embodiment
Developed prototype system based on the inventive method, this system adopts the physical store pattern based on XML, solve the concurrent access control and the access rights control of process model by encapsulation and integrated version management instrument CVS, utilize the Http agreement to communicate, make modeling not limited by LAN (Local Area Network), thereby support the collaborative modeling of Internet scope.The concrete implementation step of method is as follows:
1. according to certain strategy (as dividing by critical product, dividing, concern chronologically and divide or the like) business procedure that needs modeling is tentatively decomposed by institutional framework, determine subprocess, the required support resource of subprocess operation that the top layer process model comprised, and objects such as the product that exists between the subprocess, data stream, control stream.This step comprises following particular content:
1) sets up the subprocess of each stage correspondence of whole business process model at the process model top layer;
2) create major product and the resource relevant with each stage;
3) set up the annexation between product and the subprocess according to input, output relation;
4) set up incidence relation between subprocess and the relevant support resource.
2. the modeling personnel are according to separately modeling task, respectively to different subprocess refinement modelings.Wherein the modeling task of each subprocess can also combined moving be that further decomposition is done by unit, and the refinement modeling that the detailed business procedure information that promptly each combined moving comprised is carried out all can be used as the modeling task of a subprocess can independently finishing.Process model is by being that core has been carried out Hiberarchy Decomposition with the combined moving, and the modeling task also can the progressively refinement along with the division of model hierarchy.With Fig. 1 is example, when the modeling personnel carry out modeling to the A layer, only need focus on this aspect information such as flow process relation between the activity and product, resource, concrete modeling task for combined moving B0, B2 internal information, promptly, can finish by other modelings personnel strange land to the refinement modeling of B0, the represented model of B2.Equally, combined moving C0, C1, D0 etc. also can carry out the refinement modeling by different modeling personnel;
3. need to carry out task after the modeling of each subprocess is finished and submit to, promptly in consistance of carrying out model and integrity checking, finish the integrated of subprocess.
Because role's authority is relatively stable, adopt RBPMAC not only can reduce the complicacy of empowerment management, reduce administration overhead, and can support the security strategy of enterprise flexibly effectively, make modeling personnel rights management have more retractility the variation of enterprise.In addition, this mechanism can also well be described role's hierarchical relationship, realizes the principle that minimum authority principle is separated with responsibility.Through case verification, the inventive method has feasibility and high efficiency, can effectively manage the access control right of modeling personnel antithetical phrase process, and avoid the various conflicts that produce owing to the incidence relation between the subprocess in the modeling process, thereby the modeling personnel that coordinate a plurality of departments, different levels, different specialties are to the business events process strange land modeling that walks abreast.
Claims (3)
1. business events process synergic modeling method based on role-security control, it is characterized in that it realizes as follows: (1) according to certain strategy (as divide by critical product, by institutional framework divide, relation division chronologically or the like) business procedure that needs modeling is tentatively decomposed, determine subprocess, the required support resource of subprocess operation that the top layer process model comprised, and objects such as the product that exists between the subprocess, data stream, control stream; (2) the modeling personnel are according to separately modeling task, respectively to different subprocess refinement modelings.Wherein the modeling task of each subprocess can also combined moving be that further decomposition is done by unit, and the refinement modeling that the detailed business procedure information that promptly each combined moving comprised is carried out all can be used as the modeling task of a subprocess can independently finishing; (3) carry out task after the modeling of each subprocess is finished and submit to, promptly in consistance of carrying out model and integrity checking, finish the integrated of subprocess.
2. the business events process synergic modeling method based on role-security control according to claim 1, it is characterized in that in step (2) adopting business procedure modeling personnel mechanism of authorization control based RBPMPC based on the role, by the modeling personnel corresponding role's authority judge whether its operation to subprocess legal;
3. the business events process synergic modeling method based on role-security control according to claim 1, it is characterized in that in step (2), adopting lock mechanism that model is carried out concurrent access control, specifically comprise two kinds of different subprocess operable lock and four rules that lock:
1) revise lock: when the user adds the modification lock to combined moving, can make amendment to combined moving, other user can not revise this combined moving.It mainly acts on is to avoid direct access conflict.Be designated as the S lock, the modification lock state of subprocess P is designated as S (P), locks then S (P)=1 if added to revise, otherwise S (P)=0;
2) freeze lock: when the user adds when freezing to lock combined moving, all users can not revise combined moving, comprise the user self that locks, and allow to give a combined moving to add a plurality of locks that freeze.Its effect is to cooperate to revise to lock to avoid indirect conflict.Be designated as the T lock, the lock state that freezes of subprocess P then is designated as T (P), has n to freeze to lock then T (P)=n on the P, and n>0 does not freeze on the P to lock then T (P)=0.
Rule 1 locks: it is not add on the pairing subprocess model of this combined moving to revise lock or freeze lock, i.e. S (P)=0 and T (P)=0 that a combined moving is added the prerequisite of revising lock.
Rule 2 locks: can add the condition of revising lock to a combined moving C is that whole father's combined movings of this combined moving do not add and revise lock, and promptly C if satisfy C* → P, then has S (C)=0.
Rule 3 locks: a combined moving P is added when revising lock, and whole sub-portfolio activities of this combined moving add to be revised lock and adds one for whole father's combined movings and freezes lock, promptly P is added revise lock after, model should satisfy following condition:
i.S(P)=1:
Ii. C if satisfy P* → C, then makes S (C)=1;
Iii. C if satisfy C* → P, then makes T (C)=T (C)+1;
Lock regular 4: during to a combined moving P releasing modification lock, whole sub-portfolio activities releasing modifications of this combined moving are locked and are removed one to whole father's combined movings and freeze to lock, and promptly after P releasing modification was locked, model should satisfy following condition:
i.S(P)=0;
ii.C,if?P*→C,then?S(C)=0.
iii.C,if?C*→P,then?T(C)=T(C)-1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100575484A CN101226615A (en) | 2008-02-03 | 2008-02-03 | Business events process synergic modeling method based on role authority control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100575484A CN101226615A (en) | 2008-02-03 | 2008-02-03 | Business events process synergic modeling method based on role authority control |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101226615A true CN101226615A (en) | 2008-07-23 |
Family
ID=39858596
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008100575484A Pending CN101226615A (en) | 2008-02-03 | 2008-02-03 | Business events process synergic modeling method based on role authority control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101226615A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102651738A (en) * | 2011-02-28 | 2012-08-29 | 北京航空航天大学 | Synergistic modeling treatment method and system based on Web |
| CN103198141A (en) * | 2013-04-18 | 2013-07-10 | 中国农业银行股份有限公司 | Data record access control method and device in hierarchical relationship |
| CN103809438A (en) * | 2012-11-05 | 2014-05-21 | 洛克威尔自动控制技术股份有限公司 | Secure models for model-based control and optimization |
| WO2016026320A1 (en) * | 2014-08-22 | 2016-02-25 | 中兴通讯股份有限公司 | Access control method and apparatus |
| CN105930741A (en) * | 2016-04-14 | 2016-09-07 | 国网浙江省电力公司电力科学研究院 | Power system resource permission management system |
| CN106843167A (en) * | 2015-10-11 | 2017-06-13 | 计算系统有限公司 | responsibility span access control system |
| CN106971289A (en) * | 2016-01-14 | 2017-07-21 | 北京仿真中心 | A kind of collaborative design method and cooperative system based on data-driven |
| CN107871067A (en) * | 2016-09-27 | 2018-04-03 | 优甸网络科技(上海)有限公司 | Composition mechanism applied to role |
| WO2019184119A1 (en) * | 2018-03-26 | 2019-10-03 | 平安科技(深圳)有限公司 | Risk model training method and apparatus, risk identification method and apparatus, device, and medium |
| CN110506240A (en) * | 2017-03-28 | 2019-11-26 | 横河电机株式会社 | Engineering auxiliary system, engineering auxiliary method, server apparatus, storage medium, client device and client-side program |
| CN112130813A (en) * | 2020-08-04 | 2020-12-25 | 中科天玑数据科技股份有限公司 | Multi-user collaborative modeling method, system and equipment for big data analysis |
| CN112464215A (en) * | 2020-12-15 | 2021-03-09 | 深圳市中博科创信息技术有限公司 | Identity authentication and control method for enterprise service system |
-
2008
- 2008-02-03 CN CNA2008100575484A patent/CN101226615A/en active Pending
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102651738A (en) * | 2011-02-28 | 2012-08-29 | 北京航空航天大学 | Synergistic modeling treatment method and system based on Web |
| US10359767B2 (en) | 2012-11-05 | 2019-07-23 | Rockwell Automation Technologies, Inc. | Secure models for model-based control and optimization |
| CN103809438A (en) * | 2012-11-05 | 2014-05-21 | 洛克威尔自动控制技术股份有限公司 | Secure models for model-based control and optimization |
| US9292012B2 (en) | 2012-11-05 | 2016-03-22 | Rockwell Automation Technologies, Inc. | Secure models for model-based control and optimization |
| US10852716B2 (en) | 2012-11-05 | 2020-12-01 | Rockwell Automation Technologies, Inc. | Secure models for model-based control and optimization |
| CN103198141A (en) * | 2013-04-18 | 2013-07-10 | 中国农业银行股份有限公司 | Data record access control method and device in hierarchical relationship |
| CN103198141B (en) * | 2013-04-18 | 2016-12-28 | 中国农业银行股份有限公司 | Data record access control method and device under hierarchical relationship |
| WO2016026320A1 (en) * | 2014-08-22 | 2016-02-25 | 中兴通讯股份有限公司 | Access control method and apparatus |
| US10713369B2 (en) | 2014-08-22 | 2020-07-14 | Zte Corporation | Method and device for access control |
| CN106843167A (en) * | 2015-10-11 | 2017-06-13 | 计算系统有限公司 | responsibility span access control system |
| CN106971289A (en) * | 2016-01-14 | 2017-07-21 | 北京仿真中心 | A kind of collaborative design method and cooperative system based on data-driven |
| CN105930741A (en) * | 2016-04-14 | 2016-09-07 | 国网浙江省电力公司电力科学研究院 | Power system resource permission management system |
| CN107871067A (en) * | 2016-09-27 | 2018-04-03 | 优甸网络科技(上海)有限公司 | Composition mechanism applied to role |
| CN110506240A (en) * | 2017-03-28 | 2019-11-26 | 横河电机株式会社 | Engineering auxiliary system, engineering auxiliary method, server apparatus, storage medium, client device and client-side program |
| US11562309B2 (en) | 2017-03-28 | 2023-01-24 | Yokogawa Electric Corporation | System, method, and non-transitory computer readable medium for process engineering assistance |
| WO2019184119A1 (en) * | 2018-03-26 | 2019-10-03 | 平安科技(深圳)有限公司 | Risk model training method and apparatus, risk identification method and apparatus, device, and medium |
| CN112130813A (en) * | 2020-08-04 | 2020-12-25 | 中科天玑数据科技股份有限公司 | Multi-user collaborative modeling method, system and equipment for big data analysis |
| CN112464215A (en) * | 2020-12-15 | 2021-03-09 | 深圳市中博科创信息技术有限公司 | Identity authentication and control method for enterprise service system |
| CN112464215B (en) * | 2020-12-15 | 2024-06-04 | 深圳市中博科创信息技术有限公司 | Identity authentication and control method for enterprise service system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101226615A (en) | Business events process synergic modeling method based on role authority control | |
| CN109670686A (en) | Construct method, equipment and the business process management system of operation flow template | |
| CN104899401A (en) | Aircraft research & development process and adjoint acknowledge combined method | |
| CN103942474B (en) | Method for controlling permission three-dimensional model system in software project management process | |
| Schleipen et al. | The CAEX tool suite-User assistance for the use of standardized plant engineering data exchange | |
| Drzymalski et al. | Supervisory control of a multi-echelon supply chain: A modular Petri net approach for inter-organizational control | |
| Suliman Eissa Mohammed et al. | Blockchain technology and the future of construction industry in the Arab region: applications, challenges, and future opportunities | |
| CN103995699A (en) | Electric power enterprise information system development method based on MDA | |
| Shentu et al. | Framework and data management of digital design system for nuclear power | |
| CN101751618A (en) | Method, device and system for realizing rail traffic construction management collaborative application platform | |
| Wu et al. | Knowledge map application of business-oriented problem solving | |
| Hunhevicz | Exploring the potential of blockchain and cryptoeconomics for the construction industry | |
| Williams | Seeking optimum project duration extensions | |
| CN113536542A (en) | System engineering agile development method for uncertain demand and rapid technology change | |
| Kalsaas et al. | New approach to developing integrated milestones for planning and production control | |
| Li et al. | Integration of well-defined BIM external module with CAD via associative feature templates | |
| Jacob et al. | A model for product-process integration in the building industry using industry foundation classes and design structure matrix | |
| Williams | The risk of safety regulation changes in transport development projects | |
| Sayeb et al. | Extending enterprise architecture modeling languages: application to requirements of information systems urbanization | |
| Gao et al. | Research on Collaborative Mechanism in Large and Complex Business Process Modeling | |
| Abramov et al. | Tool support for enforcing security policies on databases | |
| Tekinerdogan et al. | Exploring architecture design alternatives for global software product line engineering | |
| Tahir et al. | Individual decision making based on a shared context | |
| Gebhart et al. | Rule-based service modeling | |
| Carruthers | Data Management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080723 |