CN105335669A - Permission configuration method and system used for photovoltaic monitoring system - Google Patents

Abstract

The invention discloses a permission configuration method and system used for a photovoltaic monitoring system, belonging to the field of permission management. The permission configuration method comprises the steps of determining the basic permission of the system and the character corresponding to a user according to the demand information; allocating the basic permission for the character, thus generating character permission; acquiring node information; determining the basic permission corresponding to a node and the related user according to the node information, thus generating node permission; dividing a function submodule of the photovoltaic monitoring system; allocating the basic permission for the function submodule, and determining the relevant mapping relationship between each function submodule and the user; and generating a configuration result information and storing the information in a database. According to the invention, the individual business function of the character and the node is realized, the safety of data access of the photovoltaic monitoring system, and the use and operation efficiency of the photovoltaic monitoring system can be improved.

Description

A kind of authority configuring method for photovoltaic supervisory system and system

Technical field

The present invention relates to the rights management techniques field of photovoltaic power system, be specifically related to a kind of authority configuring method for photovoltaic supervisory system and system.

Background technology

The world today, the fossil energy such as coal, oil signals for help repeatedly, and problem of environmental pollution is increasingly serious.And sun power is as the regenerative resource of most potentiality, because of the economy of the unlimitedness of its reserves, the ubiquity of existence, the spatter property of utilization and practicality, more and more favor by people.Greatly develop photovoltaic industry, active development sun power, obtain unprecedented attention in the world, become the important component part of various countries' strategy of sustainable development.Photovoltaic industry also claims solar cell industry, namely utilizes solar level semi-conductor electronic device to absorb solar radiation energy, and makes it the industry being converted to electric energy.

Photovoltaic supervisory system can be monitored in real time equipment such as the array in solar photovoltaic power plant, header box, inverter, alternating current-direct current power distribution cabinet, solar tracking control system and control, grasped the ruuning situation in power station fast by the chart of various pattern and data, the user interface of its close friend, powerful analytic function, perfect fault alarm ensure that the completely reliable of solar photovoltaic generation system and stable operation.

Supervisory system provides function to select picture, and carries out monitoring in real time and display, as outdoor temp angle value, humidity percentage, illuminance and array surface temperature value etc. to photovoltaic array site environment; Separated regions monitors the information such as charging voltage and electric current, battery tension and temperature of each photovoltaic array in real time, and carries out abnormal show and alarm to trouble spot; Display contravarianter voltage-time curve, power-time curve etc. can be drawn, DC side input current real-time curve, AC inverter output current curve, and the electric parameters such as acquisition and display daily generation; Record can be carried out for the various events at photovoltaic generation scene, as communication acquisition exception, switch changed position, operation note etc., time interocclusal record support inquire about by type, and change can be carried out to off-limit alarm and arrange; Moon rod figure and annual excellent figure can be formed to the generated energy of photovoltaic generation to show, and be converted to carbon dioxide, sulphuric dioxide reduction of discharging value; And can check that intensity of solar radiation trend curve, wind speed change trend curve show.

Along with the development of photovoltaic supervisory system, the business need of multi-user and many application constantly increases, and this just needs the security further increasing photovoltaic supervisory system, with the safe handling of the data and resource that ensure system.On the other hand, along with the development of computer technology and the arrival of information age, computer means solve the problems referred to above becomes possibility.Increasing enterprise comes to realise the enormous benefits that information system management brings enterprise, implements widely so various software systems obtain in enterprise and applies, and substantially increases the automaticity of photovoltaic supervisory system.

Such as: the Chinese invention patent application that application number is 201510247289.1, denomination of invention is " photovoltaic plant long distance control system and application thereof based on Internet of Things and satellite communication " discloses a kind of photovoltaic plant long distance control system based on Internet of Things and satellite communication, comprises photovoltaic plant remote monitoring center, far-end main website, satellite repeater, photovoltaic electric station grid connection monitoring module and photovoltaic plant independence monitoring module; Photovoltaic plant independence monitoring module comprises photovoltaic module, first communication module, first microprocessor, the first inverter, DC load, AC load, the first power supply and accumulator; Photovoltaic electric station grid connection monitoring module comprises photovoltaic module group, second communication module, the second microprocessor, the second inverter, electrical network and second source; Photovoltaic plant remote monitoring center comprises communication gate, central monitor, fault alarm steady arm and individual mobile monitoring terminal.

Again such as, the Chinese invention patent application that application number is 201510178084.2, denomination of invention is " a kind of distributed photovoltaic access remote online monitoring system " discloses a kind of distributed photovoltaic access remote online monitoring system, and this system comprises distributed photovoltaic power master station, distributed photovoltaic power terminal, distributed photovoltaic power monitoring substation and communication system composition: distributed photovoltaic power master station is used for distributed photovoltaic power data acquisition monitoring, cutting-in control, distant place islanding detect and scheduling; Distributed photovoltaic power terminal is used for distributed power source and runs on-the-spot monitoring, protection, control, metering; Distributed photovoltaic power monitoring substation is arranged on the middle layer equipment of distributed photovoltaic power master station and distributed photovoltaic power terminal unit, the grid-connected management of the maintenance of substation device and self diagnosis, islanding detect and distributed power source; Communication system is the communication network connecting distributed power source master station, realize information transmission between terminal unit and monitoring substation.

But, the software systems of above-mentioned existing photovoltaic monitoring or monitoring are all carry out development system function for the concrete operations of certain user, namely existing software development mode is usually according to the division of labor of service logic and service management, user is carried out dividing into groups or classifying, each group (class) user is defined as the role of an application system, then develops corresponding program function for each role.Such as, the role of system can be divided into power user, keeper, yardman, inspector etc., and wherein, power user has the exercisable authority of whole system and divides systemic-function submodule; Keeper can leading subscriber and simple right assignment; Yardman needs operations such as checking system, browse, and part needs to carry out control authority; And inspector only has and checks authority.

But the shortcoming of this development scheme is: when the business division of labor adjusts, original program function can not meet the operational requirements of user, corresponding amendment must be carried out to adapt to the adjustment of the business division of labor to the program function of corresponding role.Therefore, the feature operation of the software systems of existing photovoltaic monitoring or monitoring all immobilizes, when the business division of labor adjusts, original program function can not meet the operational requirements of user, and, user needs first to navigate to the group belonging to oneself or class at every turn, check which authority is group belonging to oneself have, then role belonging to oneself is located, see which authority role has, then the limiting operation of oneself is checked according to authority common factor or union, need locate step by step and check, make its user operation efficiency not high, be difficult to the different demands meeting system different user.

Meanwhile, because the security intensity that different rights management policy produces is different, this just may cause the leak of mechanism information safety management, makes the access of data also dangerous.

Summary of the invention

Goal of the invention of the present invention is to provide a kind of authority configuring method for photovoltaic supervisory system, solves the problem of inefficiency in existing operating process, makes user can the authority that has to oneself of quick position and the corresponding operating that can carry out; And, the user of different rights, different pieces of information and the problem of carrying out difference in functionality operation in access system, thus improve the data access security of system.

In order to solve the problems of the technologies described above, the technical solution used in the present invention is as follows:

For an authority configuring method for photovoltaic supervisory system, comprise the following steps:

Information according to demand, the basic authority of certainty annuity and role corresponding to user;

For the basic authority of described role assignments, generate role-security;

Obtain nodal information;

The basic authority corresponding according to described nodal information determination node and the user associated, generate node authority;

The function sub-modules of described photovoltaic supervisory system is divided;

For described function sub-modules distributes basic authority, determine the relationship maps relation between each function sub-modules and user;

Generate configuration result information and preserve database.

Further, described information according to demand, further comprising the steps of before the basic authority of certainty annuity and role's step corresponding to user:

Set up authority information table, user message table, Role Information table and informational table of nodes, and be stored in database, wherein, in each table, include its corresponding major key and external key;

Described authority information table, user message table, Role Information table and informational table of nodes are associated by major key and external key.

Further, described is the basic authority of described role assignments, generate the step of role-security, it is right access control model realization by setting up based role, namely be associated by the major key in database and external key and set up the relation between user and basic authority by role, specifically comprising the following steps:

Determine the relationship maps relation between role and basic authority, generate role-security;

Generate configuration result information to store in a database, wherein, described configuration result information comprises the relationship maps relation between described role and described basic authority.

Further, the described basic authority corresponding according to described nodal information determination node and the user associated, generating node authority is realized by the right access control model set up based on node, namely be associated by the major key in database and external key, set up node and the relation substantially between authority, user, specifically comprise the following steps:

Configuration interdependent node;

Be bundled in operable user on described node;

Bind the basic authority of described node, generate node authority;

Generate configuration result information and preserve database, wherein, described configuration result information comprises the relationship maps relation between described node and described basic authority.

Further, the step generating the retention of configuration result information sharing memory file on the local computer according to the described configuration result information of preserving in described database is also comprised.

Further, the step of resolving described configuration result information sharing memory file is also comprised after the step that described generation configuration result information sharing memory file is retained.

Further, the described step determining the relationship maps relation between each function sub-modules and user, specifically comprises following process:

Corresponding role and node is given by the basic right assignment of described function sub-modules;

By role and node by described function sub-modules and user-association.

Further, described give corresponding role and node by the basic right assignment of described function sub-modules before, further comprising the steps of:

According to the function of described photovoltaic supervisory system, the user right type of setting three types, is respectively module inlet authority, feature operation authority and data manipulation authority;

Its user right type is set for each function sub-modules.

Further, described user, role, authority, internodal relationship maps relation are specifically:

It is the relation of multi-to-multi between user and role;

It is the relation of multi-to-multi between Role and privilege;

It is the relation of multi-to-multi between user and authority;

It is the relation of multi-to-multi between user and node;

It is the relation of multi-to-multi between node and authority;

User right at least comprises described node authority and described role-security.

According to another aspect of the present invention, additionally provide a kind of authority configuration-system for photovoltaic supervisory system, comprise IO interface, first configurable switch matrix, second configurable switch matrix, 3rd configurable switch matrix, 4th configurable switch matrix, 5th configurable switch matrix, storer, go here and there and the function sub-modules of transceiver and photovoltaic supervisory system, described first configurable switch matrix respectively with described IO interface and described second configurable switch matrix, 3rd configurable switch matrix, 4th configurable switch matrix connects, described 3rd configurable switch matrix respectively with described string and transceiver and described 5th configurable switch matrix be connected, described 4th configurable switch matrix is connected with described function sub-modules and described 5th configurable switch matrix respectively, described 5th configurable switch matrix is connected with described second configurable switch matrix and described storer respectively, wherein,

Described first configurable switch matrix obtains demand information by described IO interface, exports the basic authority of described system and role corresponding to user;

Basic authority and described role described in described second configurable switch Input matrix, export role-security;

Basic authority described in described 3rd configurable switch Input matrix and obtain nodal information, output node authority by described string transceiver;

Described in described 4th configurable switch Input matrix, the information of function sub-modules, exports the relationship maps relation between each function sub-modules and user;

Role-security, node authority and the relationship maps relation between each function sub-modules and user described in described 5th configurable switch Input matrix, export configuration result information and the database be stored in described storer.

The invention discloses a kind of authority configuring method for photovoltaic supervisory system and system, authority configuration is carried out by custom-made software, described authority is configured in after systematic unity configured, different privileges configuration information is generated to each user, and set up authority archives for each user, generate corresponding mapped file, the software simulating user developed is made to conduct interviews to system data according to own service demand or its own right and operate systemic-function, realize based role, the individual business function of node, thus realize while index, greatly accelerate the efficiency of operation.

Meanwhile, this is used for authority configuring method and the system generation nodal information of photovoltaic supervisory system, and record user and the authority of this node binding, Software Create and hardware are bound mutually, thus add the security of system.Above-mentioned explanation is only the general introduction of technical solution of the present invention, clearly understand in order to technological means of the present invention can be made, reach the degree that those skilled in the art can be implemented according to the content of instructions, and in order to above and other objects of the present invention, feature and advantage can be allowed to become apparent, be illustrated with the specific embodiment of the present invention below.

Accompanying drawing explanation

By reading the detailed description in hereafter preferred embodiment, the present invention various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Figure of description only for illustrating the object of preferred implementation, and does not think limitation of the present invention.Apparently, accompanying drawing described below is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.And in whole accompanying drawing, represent identical parts with identical Reference numeral.In the accompanying drawings:

Fig. 1 shows the authority configuring method process flow diagram for photovoltaic supervisory system according to the embodiment of the present invention one;

Fig. 2 shows the authority configuring method process flow diagram for photovoltaic supervisory system according to the embodiment of the present invention two;

Fig. 3 shows and uses process flow diagram according to the authority configuring method for photovoltaic supervisory system of the embodiment of the present invention three;

Fig. 4-1, Fig. 4-2, Fig. 4-3, Fig. 4-4 and Fig. 4-5 shows the rights management interface schematic diagram for photovoltaic supervisory system according to the embodiment of the present invention four;

Fig. 5 shows the authority configuration-system structural representation for photovoltaic supervisory system according to the embodiment of the present invention five.

Embodiment

In more detail specific embodiments of the invention are described below with reference to accompanying drawings.Although show specific embodiments of the invention in accompanying drawing, however should be appreciated that can realize the present invention in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the present invention can be understood, and complete for scope of the present invention can be conveyed to those skilled in the art.

It should be noted that, in the middle of instructions and claim, employ some vocabulary to censure specific components.Those skilled in the art should be appreciated that hardware manufacturer may call same assembly with different noun.This specification and claims are not used as with the difference of noun the mode distinguishing assembly, but are used as the criterion of differentiation with assembly difference functionally." comprising " or " comprising " as mentioned in the middle of instructions and claim is in the whole text an open language, therefore should be construed to " comprise but be not limited to ".Instructions subsequent descriptions is for implementing better embodiment of the present invention, and right described description is for the purpose of the rule of instructions, and is not used to limit scope of the present invention.Protection scope of the present invention is when being as the criterion depending on the claims person of defining.

For ease of the understanding to the embodiment of the present invention, be further explained explanation below in conjunction with accompanying drawing for several specific embodiment, and each accompanying drawing does not form the restriction to the embodiment of the present invention.

Embodiment one, a kind of authority configuring method for photovoltaic supervisory system.

Fig. 1 is the authority configuring method process flow diagram figure for photovoltaic supervisory system of the embodiment of the present invention one, and composition graphs 1 is specifically described by the embodiment of the present invention.

As shown in Figure 1, embodiments provide a kind of authority configuring method for photovoltaic supervisory system, comprise the following steps:

Step S101: information according to demand, the basic authority of certainty annuity and role corresponding to user;

It should be noted that, the described basic authority that the present invention mentions within a context refers to the operating right of the described photovoltaic supervisory system without attribute, and it is not yet allocated to some particular users; Role-security is the authority based on the role assignments corresponding to user; Node authority is the authority based on the peer distribution residing for user; And user right is at least the role-security of based role imparting, the union based on the node authority of node.Preferably, described user right can also comprise the authority for certain user specific distributes separately.

Preferred in the embodiment of the present invention, also comprise user grouping in above-mentioned steps S101, i.e. information and relevant industry background (referring in the embodiment of the present invention that photovoltaic is monitored) according to demand, to carrying out user grouping.Here grouping can be such as " dispatch group ", " maintenance group ", " maintenance group " etc., the role of its correspondence can have " yardman ", " maintenance person ", " inspector " etc., same role can corresponding multiple user, can be numbered this multiple user.Such as, inside dispatch group, there is user Zhang San correspondence " yardman 1 ", user Li Si correspondence " yardman 2 " ...

Concrete, described demand information refers in concrete photovoltaic monitoring application scenarios, has which user, and these users need to carry out which operation to system, and have which working node, node allows whom carry out which operation.

In the embodiment of the present invention preferably, the role that described user is corresponding determines according to the work position of user.Certainly, according to demand, can also be determine not to be construed as limiting the role that user is corresponding to the present invention at this according to job specification and/or application scenarios.

In the embodiment of the present invention preferably, the role that described user is corresponding is divided into keeper, yardman, domestic consumer and operator.

Step S102: be the basic authority of described role assignments, generates role-security;

Step S103: obtain nodal information;

In the embodiment of the present invention, described node refers to photovoltaic monitoring station, namely installed the computing machine of photovoltaic supervisory system of the present invention, each node is unique, is undertaken identifying, distinguishing by computing machine unique informations such as computer name, IP address and associated nets card informations.

Step S104: the basic authority corresponding according to described nodal information determination node and the user associated, generates node authority;

Concrete, the described basic authority corresponding according to described nodal information determination node and the user associated, generating node authority is right access control model realization by setting up based on node, wherein, the core of the described right access control model based on node is the access based on node, check corresponding user, check its authority whether within its scope.Here can be the operation for multiple user, be limited to which user on this node and can carry out which operation, described operation can comprise browing system configuration interface, remote operation apparatus, browse editor's form etc.

Step S105: the function sub-modules of described photovoltaic supervisory system is divided;

Step S106: for described function sub-modules distributes basic authority, determines the relationship maps relation between each function sub-modules and user;

Such as report capability submodule needs logon rights, also may need to edit, browse, revise, the basic authority such as derivation.

Step S107: generate configuration result information and preserve database.

Wherein, described configuration result information comprises the information such as basic authority, role-security, node authority of user profile, nodal information, function sub-modules information, function sub-modules, namely the role-security that the role that a certain user is corresponding, this role have, also comprise user to operate on which node, what operating right concrete node has.

Preferred in the embodiment of the present invention, further comprising the steps of before described step S101:

Set up authority information table, user message table, Role Information table and informational table of nodes, and be stored in database, wherein, in each table, include its corresponding major key and external key;

Described authority information table, user message table, Role Information table and informational table of nodes are associated by major key and external key.

Concrete, the embodiment of the present invention is according to the analysis of demand information and Data Sheet Design principle and method, definition user, node, Role and privilege, designing user information table, informational table of nodes, Role Information table and authority information table, determine the field name of each table, data type and describe major key and the external key of each table of design, correlation table is associated by described major key and external key.Wherein, in 2 tables of data, first table certain record major key be second table certain record external key, record be same field, by interrelated for these two tables, user index can be convenient to by described major key and external key.

Preferred in the embodiment of the present invention, the field of described user message table comprises user ID, account, password, address name, user profile, role's code, mobile phone account, Email Accounts, affiliated function and interpolation time etc., wherein, described user ID is the major key of described user message table; The field of described authority information table comprises permission ID, authority description, father's permission ID, authority name etc., and wherein, described permission ID is as the major key of described authority information table; The field of described Role Information table comprises role ID, father's role ID, role's title, creation-time, Role delineation etc., and wherein, described role ID is as the major key of described Role Information table; The field of described informational table of nodes comprises node ID, node A network segment IP, Node B network segment IP, node description, nodename etc., and wherein, described node ID is as the major key of described informational table of nodes.

Preferred in the embodiment of the present invention, described major key and external key are used for contingency table information, such as: in described user message table and Role Information table, described user ID is the major key of described user message table, but described user ID is as external key in described Role Information table simultaneously, in like manner, described role ID is the major key of described Role Information table, but be as external key in described user message table, by described user ID and described role ID major key and external key, described user message table and described Role Information table be associated; The same, in described authority information table and described Role Information table, by described permission ID and described role ID major key and external key, described authority information table and described Role Information table are associated; In described informational table of nodes and authority information table, by described node ID and described permission ID major key and external key, described informational table of nodes and authority information table are associated.

Preferred in the embodiment of the present invention, described is the basic authority of described role assignments, generate the step of role-security, it is right access control model realization by setting up based role, namely be associated (this refers to index) by the major key in database and external key and set up the relation between user and basic authority by role, specifically comprising the following steps:

Determine the relationship maps relation between role and basic authority;

Generate configuration result information to store in a database, wherein, described configuration result information comprises the relationship maps relation between described role and described basic authority.

Preferred in the embodiment of the present invention, after determining the relationship maps relation between role and basic authority, calling interface and the method for role-authority can also be set up.

Preferred in the embodiment of the present invention, described is the basic authority of described role assignments, generates in the step of role-security, after described generation configuration result information stores step in a database, also comprises and generates the retention of configuration result information sharing memory file.Described configuration result information sharing memory file is a kind of mode of the storage file described configuration result information stored in described database become in certain node concrete, namely user is by reading the calling interface of described role-authority, described configuration result information is read at local computer by described configuration result information sharing memory file, can quick position to the role needed for oneself and the mapping result between basic authority, i.e. its role-security.

Preferred in the embodiment of the present invention, the described basic authority corresponding according to described nodal information determination node and the user associated, generating node authority is realized by the right access control model set up based on node, namely be associated by the major key in database and external key, set up node and the relation substantially between authority, user, specifically comprise the following steps:

Configuration interdependent node;

Be bundled in operable user on described node;

Bind the basic authority of described node, generate node authority;

Generate configuration result information and preserve database, wherein, described configuration result information comprises the relationship maps relation between described node and described basic authority.

Concrete, according to the nodal information of user current place computing machine, obtain the user profile that this node can carry out operating, determine the relationship maps relation between node and basic authority.

Preferred in the embodiment of the present invention, also comprise and set up the calling interface of node-authority and the step of method.

Preferred in the embodiment of the present invention, the described basic authority corresponding according to described nodal information determination node and the user associated, generate in the step of node authority, after described generation configuration result information preserves database, also comprise user generates the retention of configuration result information sharing memory file on its local computer step according to the described configuration result information of preserving in described database.

Preferred in the embodiment of the present invention, also comprising the calling interface by calling described node-authority after above-mentioned steps, resolving described configuration result information sharing memory file, obtaining described node authority.

Preferred in the embodiment of the present invention, the described step determining the relationship maps relation between each function sub-modules and user, specifically comprises following process:

Corresponding role and node is given by the basic right assignment of described function sub-modules;

By role and node by described function sub-modules and user-association.

Preferred in the embodiment of the present invention, described give corresponding role and node by the basic right assignment of described function sub-modules before, further comprising the steps of:

According to the function of described photovoltaic supervisory system, the user right type of setting three types, is respectively module inlet authority, feature operation authority and data manipulation authority;

Its user right type is set for each function sub-modules.

Wherein, namely described module inlet authority logs in the authority of a certain function sub-modules, and namely can described feature operation authority carry out the operating rights such as certain equipment control, and namely described data manipulation authority is edited, set the operating rights such as related data.

In the embodiment of the present invention, the authority classification that described user right type three kinds of referring to that certain function sub-modules concrete has are large, such as certain module may be browsed to log in only, certain module is browsed can also carry out feature operation except being logged in, certain module can also carry out data manipulation except first two, and foregoing basic authority is for whole photovoltaic supervisory system, which type of demand user has, the basic authority of corresponding this Demand Design, this concrete operating right of such as editing data form, the data content that when data sheet is browsed, different user can be checked is different, even in the data content also difference (such as outer computer is different with the data that inner computer shows) that different node is checked.

Preferred in the embodiment of the present invention, after described step S106 and before described step S107, also comprise the step setting up module-authority calling interface and method.Wherein, the calling interface of described module-authority and method are realized by the class that each function sub-modules is corresponding.

Preferred in the embodiment of the present invention, also comprise analyzing step, be specially:

Read described module-authority calling interface, resolve described configuration result information, obtain the described basic authority that each function sub-modules has distributed.

In the embodiment of the present invention preferably, described user, role, authority, internodal relationship maps relation are specifically:

It is the relation of multi-to-multi between user and role;

It is the relation of multi-to-multi between Role and privilege;

It is the relation of multi-to-multi between user and authority; Namely a kind of authority can be performed by multiple different user, and a user can have multiple authority;

It is the relation of multi-to-multi between user and node;

It is the relation of multi-to-multi between node and authority;

User right at least comprises described node authority and described role-security.

Preferred in the embodiment of the present invention, described photovoltaic supervisory system also comprises authority configuration interface, and described authority configuration interface comprises module inlet authority configuration plate, feature operation authority configuration plate and data base authority configuration plate.Wherein, configuration is by calling corresponding calling interface and method is carried out.

The embodiment of the invention discloses a kind of authority configuring method for photovoltaic supervisory system, determine node, user, relationship maps relation between Role and privilege, be associated by the major key in database and external key, set up based role and the right access control model based on node, set up user, role, relationship maps relation between authority and node, make the application software run based on this node, based on application demand or its own right, corresponding limiting operation is carried out to node, realize based role, the individual business function of node, thus improve the efficiency of photovoltaic supervisory system use with operation and the security of photovoltaic supervisory system data access.Such as, some users need to limit system interface, and to checking that data source limits, the user of different stage checks different interfaces, the data that even same interface is checked are all different, i.e. external publish data and self check that data are also different.In addition, at same Node registers, the data that different users can check also are different, and each user is also different in the operation that same node can complete, the user such as had long-rangely can carry out switch divide-shut brake, but some users just cannot, if security is not high, a lot of security incident can be caused.

Embodiment two, a kind of authority configuring method for photovoltaic supervisory system.

Fig. 2 is the authority configuring method process flow diagram for photovoltaic supervisory system of the embodiment of the present invention two, and composition graphs 2 is specifically described by the embodiment of the present invention.

As shown in Figure 2, embodiments provide a kind of authority configuring method for photovoltaic supervisory system, comprise: authority 201, role 202, group 203, node 204 and user 205, it is the relation of multi-to-multi between described role 202 and described authority 201, it is the relation of multi-to-multi between described role 202 and described user 205, described node 204 binds described authority 201, and described user 205 binds described node 204, and user right comprises the union of described node authority and role-security.

Preferred in the embodiment of the present invention, role corresponding to the described user of determination determines according to work position, and role can be divided into keeper, domestic consumer, yardman and operator.Certainly, Partition of role is here exemplary, can also have other types or dividing mode, not be construed as limiting the invention this.

Preferred in the embodiment of the present invention, first the relation between three kinds of agent objects (user, role, basic authority) is determined, namely role is with the relation between user being multi-to-multi, and user does not have direct relation with between basic authority, is the relation of multi-to-multi between role and basic authority.User only has and just enjoys by role the user right that this role has, thus accesses corresponding function sub-modules.To be associated by the major key in database and external key and role sets up the relation between user and basic authority as bridge, build up the user right access control model of based role, exactly basic authority and role are set up corresponding relation, certain role is made to have some specific role-security, then for user distributes its role be applicable to, such user and role-security are just associating.

Such as, certain function sub-modules (object) is set to o, certain user is set to u, the role corresponding with this user is set to r, user u is designated as P (u, o) to the authority that this function sub-modules (object) o has, and the role-security of role r to business object o given by user u is designated as Pr (r (u), o), then following relation is had:

P(u,o)＝Pr(r(u),o)。

Preferred in the embodiment of the present invention, described authority configuring method is also by setting up the right access control model based on node, determine the relation between node and user, basic authority, namely node is with the relation between user being multi-to-multi, user does not have direct relation with between authority, be the relation of multi-to-multi between node and authority, only have and could judge that can corresponding user carry out corresponding register, data manipulation or feature operation by node authority.Preferably, to be associated by the major key in database and external key and node sets up the relation between user and node authority as bridge.The described right access control model built up based on node, sets up marriage relation by basic authority and node exactly, makes certain node have some specific operating right.

Preferred in the embodiment of the present invention, the function sub-modules of described photovoltaic supervisory system carries out Functional Design according to business demand, its permission type divides according to user right type, comprises the types such as module inlet authority, feature operation authority and data manipulation authority.

Preferred in the embodiment of the present invention, the determination of the relationship maps relation between each function sub-modules and user, comprises following process:

First according to the function of described photovoltaic supervisory system, the user right type of setting three types, is respectively module inlet authority, feature operation authority and data manipulation authority; Wherein, can described module inlet authority control user enter into certain function sub-modules of system, and user has two states to certain function sub-modules of system, and one to enter, and another kind can not enter exactly.Described feature operation authority refers to the concrete operations can carried out after user enters into a certain function sub-modules, also comprises two states: can carry out operation and can not operate.Described data manipulation authority refers to the concrete operations that user can be correlated with to certain object, as staff can browse basic data, revise or deletion etc.

Then, then for each function sub-modules set its user right type.Concrete, each function sub-modules corresponding, its authority includes module inlet authority, also may comprise feature operation authority and/or data manipulation authority.

Then, give corresponding role and node by the basic right assignment of each function sub-modules, with node, described function sub-modules is associated with user by role.

Preferred in the embodiment of the present invention, described function sub-modules is designed with: user logs in submodule and each business function submodule, as curve, form browse submodule, interface operation submodule and back-stage management submodule etc.Design corresponding interface and method according to function sub-modules, its objective is and realize calling of each submodule.Such as, user logs in submodule and is provided with user class, authority class and cipher type etc., interface and method is realized by programming language and oracle database interconnection technique, the external interface of its each business function submodule is by being associated to the block code in the role ID in authority information table, node ID and Role Information table, and application sql like language obtains execution result.

Preferred in the embodiment of the present invention, also comprise and set up the calling interface of module-authority and the step of method.

Preferred in the embodiment of the present invention, the authority configuration of each function sub-modules is that the interface and method by calling corresponding module-authority carries out, and specifically comprises the steps:

User logs in submodule by described user and logs in described photovoltaic supervisory system, inquiring according to nodal information can in the user profile of this Node registers, provide user profile prompting, call the interface of cipher type, the password of user's input is decrypted, and carry out matching ratio comparatively with user message table, if password is identical, this system can be entered;

Data in the interface captures user information table of then invoke user class;

By resolving the described configuration result information sharing memory file generated, the role ID obtaining user carrys out the data of association role information table, and the interface calling authority class obtains the restriction of node authority, obtain final user right, thus obtain the operating right such as feature operation and data manipulation of this user.

In the embodiment of the present invention, described authority configuring method is by setting up the right access control model of based role, by corresponding with role for the basic authority of each function sub-modules to described photovoltaic supervisory system, and distributing to role corresponding to each user, user obtains corresponding to the corresponding user right of each function sub-modules by different roles.

Preferred in the embodiment of the present invention, the field of described user message table comprises record identification, login account, user cipher, address name, phone number, E-mail address, creation-time, login time, last login time, login times etc., wherein record identification is the major key of described user message table, in order to identify uniqueness.

Preferred in the embodiment of the present invention, the field of described Role Information table comprises role ID, father's role ID, role's title, Role delineation, creation-time etc., wherein role ID is the major key of described Role Information table, in order to identify uniqueness, meanwhile, described user message table associates with described Role Information table as the external key of described Role Information table as the external key of described user message table, described record identification by described role ID.

Preferred in the embodiment of the present invention, the field of described informational table of nodes comprises node ID, node A nets IP, Node B net IP, nodename, node describe, wherein node ID is as the major key of described informational table of nodes, in order to identify uniqueness, described user message table associates with described role node information table as the external key of described informational table of nodes as the external key of described user message table, described record identification by described node ID simultaneously.

The embodiment of the invention discloses a kind of authority configuring method for photovoltaic supervisory system, configuration-system function is carried out by user right, the software simulating user developed is made to conduct interviews to system data according to own service demand or its own right and operate systemic-function, realize the individual business function of based role, node, thus improve the security of photovoltaic supervisory system data access and the efficiency with operation is used to photovoltaic supervisory system.

In the embodiment of the present invention, other content is see the content in foregoing invention embodiment, does not repeat them here.

Embodiment three, a kind of authority configuring method for photovoltaic supervisory system use flow process.

Fig. 3 is that the authority configuring method for photovoltaic supervisory system of the embodiment of the present invention three uses process flow diagram, and composition graphs 3 is specifically described by the embodiment of the present invention.

As shown in Figure 3, embodiments provide a kind of authority configuring method for photovoltaic supervisory system and use flow process, comprise the following steps:

Step S301: log in;

Step S302: read the user name in user message table, judge that user exists by user name? if user name exists, then enter next step; Otherwise, jump back to step S301;

Step S303: read the password in user message table, judge that whether password correct? if password is correct, then enter next step; Otherwise, jump back to step S301;

Step S304: obtain user basic information by reading user message table;

Step S305: read Role Information table, obtain the Role Information of described user;

Step S306: linkage function submodule interface, is resolved by XML file, obtains the function sub-modules that role can operate;

Step S307: the forms opening corresponding function sub-modules.

In the embodiment of the present invention, other content is see the content in foregoing invention embodiment, does not repeat them here.

Embodiment four, a kind of rights management interface for photovoltaic supervisory system.

Fig. 4-1, Fig. 4-2, Fig. 4-3, Fig. 4-4 and Fig. 4-5 is the rights management interface schematic diagram for photovoltaic supervisory system of the embodiment of the present invention four, and composition graphs 4 is specifically described by the embodiment of the present invention.

As shown in Figure 4, embodiments provide a kind of rights management interface for photovoltaic supervisory system, wherein, Fig. 4-1 is basic authority configuration interface, Fig. 4-2 is group block configuration interface, Fig. 4-3 is role module configuration interface, and Fig. 4-4 is node module configuration interface, and Fig. 4-5 is line module configuration interface.

Preferred in the embodiment of the present invention, described basic authority configuration interface comprises authority module, group module, role module, node module, line module.User right comprises the role-security of node authority, the corresponding role of user, and user right is the comprehensive of described node authority and described role-security; Be the relation of multi-to-multi between authority and role, namely a role can have multiple authority, and a kind of authority can distribute to multiple role; Be the relation of multi-to-multi between role and user, namely role can corresponding multiple user, same, and user also can corresponding multiple role; Node binding authority, i.e. specific node binding specified permission information, some specific authority can only complete on certain node specific; User binds node, and namely user can only complete some operation by specific node, and node authority defines the information at this nodal operation, and user has bound node, just can carry out associative operation within the extent of competence that need allow at node.

As shown in Fig. 4-1, described basic authority configuration interface, interpolation authority, editing authority, submission amendment can be carried out, cancel the operations such as amendment, erase right, renewal view, comprise permission ID, father's permission ID, authority name, authority describe, its base attribute comprises: obtain role and authority corresponding to role; Obtain user and authority corresponding to user; The authority of acquisition group and correspondence; Obtain the authority of node and correspondence.

As shown in the Fig. 4-2, described group of block configuration interface comprises basic group of table, comprises member, has authority, described basic group of table comprises group ID (such as, 0,1,2), group name claims (such as Surveillance center), father organizes ID, creation-time, group description etc., the described member of comprising comprises record identification (such as, 0,7,10,11), user's name (such as Zhang San, lyq), affiliated group (such as Surveillance center), described in have that authority comprises record identification, group name claims, authority describes.

As shown in Fig. 4-3, affiliated role module configuration interface comprises basic role table, comprises member, has authority, described basic role table comprises role ID, father's role ID, role's title, creation-time, Role delineation, the described member of comprising comprises record identification, user's name (such as Zhang San), affiliated role (role's title), belonging to have authority comprise record identification, role's title, authority describe.

As shown in Fig. 4-4, described node module configuration interface, comprise fundamental node table, comprise member, have authority, described fundamental node table comprises node ID, node A net, Node B net, nodename, Hostname, node description, port arrangement, node type, such as: 1192.165.0.28192.166.0.28WIN-JBC74EPKBVK monitoring-data store 100012.The described member of comprising comprises record identification, user's name, nodename, such as: 1 Zhang San WIN-JBC74EPKBVK.The described authority that has comprises record identification, nodename, authority name.

As illustrated in figures 4-5, described line module configuration interface, comprises user ID, logon name, user cipher, user's name, user mobile phone, subscriber mailbox, creation-time, login time, last login, login statistics.Authorization Attributes comprises affiliated group, affiliated role, substantially authority.Node authority comprises record identification, user, node.Affiliated authority comprises record identification, user, authority.In the embodiment of the present invention, other content is see the content in foregoing invention embodiment, does not repeat them here.

The embodiment of the invention discloses a kind of authority configuring method for photovoltaic supervisory system, configuration-system function is carried out by user right, the software simulating user developed is made to conduct interviews to system data according to own service demand or its own right and operate systemic-function, realize the individual business function of based role, node, thus improve the security of photovoltaic supervisory system data access and the efficiency with operation is used to photovoltaic supervisory system.

Embodiment five, a kind of authority configuration-system for photovoltaic supervisory system.

As shown in Figure 5, embodiments provide a kind of authority configuration-system for photovoltaic supervisory system, comprise IO interface 501, first configurable switch matrix 504, second configurable switch matrix 505, 3rd configurable switch matrix 506, 4th configurable switch matrix 507, 5th configurable switch matrix 508, storer 509, go here and there and the function sub-modules 503 of transceiver 502 and photovoltaic supervisory system, described first configurable switch matrix 504 respectively with described IO interface 501 and described second configurable switch matrix 505, 3rd configurable switch matrix 506, 4th configurable switch matrix 507 connects, described 3rd configurable switch matrix 506 respectively with described string and transceiver 502 and described 5th configurable switch matrix 508 be connected, described 4th configurable switch matrix 507 is connected with described function sub-modules 503 and described 5th configurable switch matrix 508 respectively, described 5th configurable switch matrix 508 is connected with described second configurable switch matrix 505 and described storer 509 respectively, wherein,

Described first configurable switch matrix obtains demand information by described IO interface, exports the basic authority of described system and role corresponding to user;

Basic authority and described role described in described second configurable switch Input matrix, export role-security;

Basic authority described in described 3rd configurable switch Input matrix and obtain nodal information, output node authority by described string transceiver;

Described in described 4th configurable switch Input matrix, the information of function sub-modules, exports the relationship maps relation between each function sub-modules and user;

Role-security, node authority and the relationship maps relation between each function sub-modules and user described in described 5th configurable switch Input matrix, export configuration result information and the database be stored in described storer.

In the embodiment of the present invention, other guide is with reference to the content in above-described embodiment, does not repeat them here.

The present invention can bring these useful technique effects: the disclosed authority configuring method for photovoltaic supervisory system of the embodiment of the present invention and system, configuration-system function is carried out by user right, thus make the photovoltaic application software simulating user developed conduct interviews to system data according to photovoltaic business demand or its own right and operate systemic-function, solve the secure user data access of different rights and the problem of efficient operation systemic-function, the authority that system user has according to self data are conducted interviews and according to oneself business demand to the efficient operation of systemic-function, realize based role, the individual business function of node, thus work efficiency and security are provided.

Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.

Claims (10)

1., for an authority configuring method for photovoltaic supervisory system, comprise the following steps:

Information according to demand, the basic authority of certainty annuity and role corresponding to user;

For the basic authority of described role assignments, generate role-security;

Obtain nodal information;

The basic authority corresponding according to described nodal information determination node and the user associated, generate node authority;

The function sub-modules of described photovoltaic supervisory system is divided;

For described function sub-modules distributes basic authority, determine the relationship maps relation between each function sub-modules and user;

Generate configuration result information and preserve database.

2. the authority configuring method for photovoltaic supervisory system according to claim 1, is characterized in that: described information according to demand, further comprising the steps of before the basic authority of certainty annuity and role's step corresponding to user:

Set up authority information table, user message table, Role Information table and informational table of nodes, and be stored in database, wherein, in each table, include its corresponding major key and external key;

Described authority information table, user message table, Role Information table and informational table of nodes are associated by major key and external key.

3. the authority configuring method for photovoltaic supervisory system according to claim 2, it is characterized in that: described is the basic authority of described role assignments, generate the step of role-security, it is right access control model realization by setting up based role, namely be associated by the major key in database and external key and set up the relation between user and basic authority by role, specifically comprising the following steps:

Determine the relationship maps relation between role and basic authority, generate role-security;

Generate configuration result information to store in a database, wherein, described configuration result information comprises the relationship maps relation between described role and described basic authority.

4. the authority configuring method for photovoltaic supervisory system according to Claims 2 or 3, it is characterized in that: the described basic authority corresponding according to described nodal information determination node and the user associated, generating node authority is realized by the right access control model set up based on node, namely be associated by the major key in database and external key, set up node and the relation substantially between authority, user, specifically comprise the following steps:

Configuration interdependent node;

Be bundled in operable user on described node;

Bind the basic authority of described node, generate node authority;

Generate configuration result information and preserve database, wherein, described configuration result information comprises the relationship maps relation between described node and described basic authority.

5. the authority configuring method for photovoltaic supervisory system according to claim 1, is characterized in that: also comprise the step generating the retention of configuration result information sharing memory file on the local computer according to the described configuration result information of preserving in described database.

6. the authority configuring method for photovoltaic supervisory system according to claim 5, is characterized in that: also comprise the step of resolving described configuration result information sharing memory file after the step that described generation configuration result information sharing memory file is retained.

7. the authority configuring method for photovoltaic supervisory system according to claim 1, is characterized in that: the described step determining the relationship maps relation between each function sub-modules and user, specifically comprises following process:

Corresponding role and node is given by the basic right assignment of described function sub-modules;

By role and node by described function sub-modules and user-association.

8. the authority configuring method for photovoltaic supervisory system according to claim 7, is characterized in that: described give corresponding role and node by the basic right assignment of described function sub-modules before, further comprising the steps of:

According to the function of described photovoltaic supervisory system, the user right type of setting three types, is respectively module inlet authority, feature operation authority and data manipulation authority;

Its user right type is set for each function sub-modules.

9. the authority configuring method for photovoltaic supervisory system according to claim 4, is characterized in that: described user, role, authority, internodal relationship maps relation specifically:

It is the relation of multi-to-multi between user and role;

It is the relation of multi-to-multi between Role and privilege;

It is the relation of multi-to-multi between user and authority;

It is the relation of multi-to-multi between user and node;

It is the relation of multi-to-multi between node and authority;

User right at least comprises described node authority and described role-security.

10. the authority configuration-system for photovoltaic supervisory system, it is characterized in that: comprise IO interface, first configurable switch matrix, second configurable switch matrix, 3rd configurable switch matrix, 4th configurable switch matrix, 5th configurable switch matrix, storer, go here and there and the function sub-modules of transceiver and photovoltaic supervisory system, described first configurable switch matrix respectively with described IO interface and described second configurable switch matrix, 3rd configurable switch matrix, 4th configurable switch matrix connects, described 3rd configurable switch matrix respectively with described string and transceiver and described 5th configurable switch matrix be connected, described 4th configurable switch matrix is connected with described function sub-modules and described 5th configurable switch matrix respectively, described 5th configurable switch matrix is connected with described second configurable switch matrix and described storer respectively, wherein,

Described first configurable switch matrix obtains demand information by described IO interface, exports the basic authority of described system and role corresponding to user;

Basic authority and described role described in described second configurable switch Input matrix, export role-security;

Basic authority described in described 3rd configurable switch Input matrix and obtain nodal information, output node authority by described string transceiver;

Described in described 4th configurable switch Input matrix, the information of function sub-modules, exports the relationship maps relation between each function sub-modules and user;

Role-security, node authority and the relationship maps relation between each function sub-modules and user described in described 5th configurable switch Input matrix, export configuration result information and the database be stored in described storer.