CN115328053A - Authority implementation method based on nuclear power plant security level DCS system - Google Patents
Authority implementation method based on nuclear power plant security level DCS system Download PDFInfo
- Publication number
- CN115328053A CN115328053A CN202211010990.8A CN202211010990A CN115328053A CN 115328053 A CN115328053 A CN 115328053A CN 202211010990 A CN202211010990 A CN 202211010990A CN 115328053 A CN115328053 A CN 115328053A
- Authority
- CN
- China
- Prior art keywords
- user
- authority
- data
- project
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000012545 processing Methods 0.000 claims abstract description 17
- 238000012795 verification Methods 0.000 claims abstract description 16
- 238000012360 testing method Methods 0.000 claims abstract description 5
- 238000012544 monitoring process Methods 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 4
- 230000004048 modification Effects 0.000 claims description 4
- 230000000737 periodic effect Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 abstract description 52
- 238000013461 design Methods 0.000 abstract description 6
- 238000012423 maintenance Methods 0.000 abstract description 5
- 238000007726 management method Methods 0.000 description 20
- 238000010586 diagram Methods 0.000 description 14
- 238000005516 engineering process Methods 0.000 description 13
- 230000000694 effects Effects 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000003860 storage Methods 0.000 description 5
- 238000009826 distribution Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
- G05B19/41845—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by system universality, reconfigurability, modularity
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/33—Director till display
- G05B2219/33273—DCS distributed, decentralised controlsystem, multiprocessor
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Manufacturing & Machinery (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Stored Programmes (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
In the invention, aiming at the characteristic of complex software permission data of a nuclear power plant DCS (distributed control System) engineer station, a method for classified management of service permission responsibilities and automatic permission data processing by software is researched, and a user pool concept is introduced, so that effective verification of permission constraint and effective management of permission data are realized. Aiming at the characteristics of a software C/S architecture, methods for separately configuring, separately using and synchronously storing server authority and client authority are researched, and authority management under the C/S architecture is realized. Aiming at the problems of various software functions and complex authority configuration operation, the method for automatically configuring the authority basic data by the software is adopted, and the usability of the software is improved. The invention is suitable for various occasions of engineering design, maintenance, V & V, test and verification of the DCS system of the nuclear power plant.
Description
Technical Field
The invention belongs to the technical field of nuclear power, and particularly relates to a method for realizing user authority control under a cooperative architecture of a DCS platform engineer station of a nuclear power station.
Background
In the nuclear power plant DCS system, engineer station software is main software interacting with users, the functions involved are various, and the users using the functions cover most of related personnel of the nuclear power plant system. The importance of these functions varies, and almost every function corresponds to a particular group of users. In view of the high safety requirements of nuclear power plant systems, the consequences of improper use of functionality are extremely serious. Therefore, a robust authority control method is researched and invented in engineer station software, particularly in engineer station software of a cooperative architecture, so that authority control of all functions and all user groups of the software is effectively realized, and the method is very important for designing the whole DCS engineer station software.
For the engineer station software of the cooperative architecture of the DCS, the related use scene is mainly the cooperative development work of a plurality of persons, and a plurality of functions are executed simultaneously in the same mutually associated network. The related functions cover all aspects of engineering design, engineering management, engineering maintenance, auxiliary operation and the like, and under the complex use scene, all functions are connected with one another in a myriad ways. In the design process of software, effective control of the authority is a very important and very difficult thing for the design and maintenance of the whole DCS system engineering.
The existing nuclear power station DCS system basically has certain authority control, but the functions of the existing nuclear power station DCS system are not complete and perfect enough, misoperation caused by improper authority control accounts for a large proportion in unsafe events of the DCS system, equipment misoperation or device refusal caused by human errors easily occurs in links such as engineering design, software downloading, interface forcing and the like, and the result is very serious. In a DCS (distributed control system) with strong functions and very high safety requirements, complete and clear control over authority is achieved, and the method is a key link for robust operation of the whole system.
From the analysis of the functional structure and the safety requirements of the functions of the DCS system and the actual working processes of different users, the authority distribution function needs to be accurately and completely realized on the basis of the characteristics of a cooperative architecture and a data storage independent module of the engineer station software of the DCS system of the nuclear power station, and the authority control of the DCS system needs to be realized by a reasonable method.
Disclosure of Invention
Aiming at the logic realization of the authority function of an engineer station in a DCS (distributed control System) of a nuclear power station, the invention adopts the technology of service authority responsibility classification management and automatic role data processing by a computer in the nuclear power industry. Based on the technology, the invention discloses a permission implementation method for the nuclear power plant DCS system engineer station software. On one hand, the method can realize the fine control of the authority of the DCS engineer station and the automatic processing of the authority data, thereby improving the working efficiency and saving the engineering design and maintenance cost; on the other hand, by means of data encryption, communication transmission encryption and the like, the scheme of storing in a data and engineering binding mode ensures the security of the authority data, provides guarantee for the safe and robust operation of the DCS, and improves the stability and the robustness of the system.
In order to achieve the purpose, the invention is realized by the following technical scheme:
a permission implementation method based on a nuclear power plant security level DCS system implements the following steps:
A. newly building user pool data; a user administrator creates a project management user in a server, records the responsibility project of the user, allocates a client address to form user information, and a plurality of user information form user pool data;
B. editing user pool data; the user manager edits the user information, judges whether the user information is used by the project or not, and edits the user information;
C. the client side authority is executed; the user information is issued to a client, the project management user selects the existing user, and the client distributes authority for the selected user to form project authority data;
D. merging the user pool data; uploading the project authority data to a server, adding the corresponding project authority into the user information, and updating the user pool data.
The method introduces a user pool concept into the nuclear power field, sets the authority for the characteristics of a software C/S framework, establishes user pool data by adopting a service authority role classification management method, adopts a method for automatically configuring authority basic data by adopting software, adopts a mode of combining the authority data by adopting a computer automation technology and binding and storing the authority data and engineering data, and adopts a mode of synchronously distributing the authority by adopting modules and function points. The concept of 'user pool' is introduced in the nuclear power field, the whole authority data is vividly expressed in the whole system research and development and subsequent operation processes, and the information consistency in the whole process is ensured. The authority is set for the characteristics of the software C/S architecture, and the authority management under the C/S architecture is realized by a method of separately configuring, separately using and synchronously storing the server authority and the client authority.
The method specifically comprises the following steps of establishing new user pool data:
(1) a user administrator creates a user on server software according to personnel conditions, binds a client IP/MAC address for the user, records the responsibility engineering of the user and forms user pool data on a server;
(2) only one user manager is arranged in one server, when the server software is installed, a default user name and a default password of the manager are generated, and the server software can be used for managing the user after the server software is modified when the server software is used for the first time;
(3) the user administrator information is encrypted and stored in the server, and password verification is needed when user management is carried out by local or remote login server software.
The following steps are specifically implemented for editing user pool data:
(1) a user administrator edits all users in the whole network segment on a server, editable attributes are two fields of a user name and a client IP/MAC address, and responsibility engineering information can only be viewed and cannot be edited;
(2) when a user is deleted, it must be satisfied that the user is not assigned by any one project, or that the user has no project task.
The client side authority execution function concretely comprises the following steps:
(1) after a user logs in a project by using the identity of a project manager at a client, defining the authority according to the service;
(2) and the project administrator selects users from the user pool and allocates the rights in the project to form project rights data.
(3) Client engineering user login verification; opening an engineering, firstly selecting a user name, selecting the engineering by a user, inputting a password, and reading the password from the engineering by a client for verification; after the project is successfully opened, the system initializes a software interface and places functional buttons except the gray authority according to the authority of the current user.
Wherein, the client authority executing function further implements the following steps: (4) the project manager removes the users of the project to form new authority user data of the project, the data are uploaded to the server, and the server updates the responsibility project of the users.
Wherein, the client authority executing function further implements the following steps: (5) if the client copies a new project and uploads, the server merges the information of the user data in the network segment.
In the client authority execution function, authority data are encrypted and decrypted by adopting a state cryptographic algorithm, the authority data and engineering data are bound and stored, and the encrypted and stored authority data are associated with an engineering unique identification code.
In the client permission execution function, the self-defined permission comprises one or more of the following: the method comprises the steps of equipment configuration, algorithm configuration, variable configuration, compiling module, offline downloading, downloading verification, equipment monitoring, algorithm monitoring, variable forcing, parameter modification, variable searching, equipment searching, variable unit management and periodic test.
The method specifically comprises the following steps of merging user pool data:
(1) circulating each user in the user pool, and judging whether the user exists in the network segment or not;
(2) if the user does not exist, allocating the IP/MAC address information of the network for the user or receiving the uploaded IP/MAC address information, and adding the data to the user pool data;
(3) if the user exists in the network segment, judging whether the uploaded project name exists in the user data;
(4) if the project name exists, ending the responsibility project processing flow and entering an IP/MAC address processing stage;
(5) if the project name does not exist, updating the responsibility project field;
(6) judging whether the IP/MAC address in the user data exists in the IP/MAC address of the user in the user pool or not, and if not, adding the IP/MAC address in the field;
(7) taking out all data corresponding to the page by taking the page name as a unit, creating a primitive corresponding to the data, judging whether the primitive is created successfully or not, if the primitive is not created successfully, prompting a user and returning to the previous step until the primitive is created successfully.
On the other hand, a nuclear power plant safety level DCS system is provided, and the authority implementation method based on the nuclear power plant safety level DCS system is adopted.
In summary, compared with the prior art, the invention has the following advantages and beneficial effects: the method is adopted on a safety-level DCS system, and the system is applied to demonstration fast reactor DCS goods supply projects. The method introduces the concept of a user pool in the nuclear power industry, and adopts the technologies of service authority responsibility classification management, automatic user data configuration and automatic user pool data processing by a computer. The authority data of the nuclear power system is encrypted and stored through means of data encryption, communication transmission encryption and the like, and a method that a module and a function point are synchronously used for authority distribution and server authority and client authority are separately configured, used and synchronously stored is adopted. The method and the device realize the refined control of the authority function under the software collaboration framework of the nuclear power system engineer station, ensure the safety and reliability of the authority data, and ensure the stability and the orderliness of the execution of the authority function.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention.
FIG. 1 is a flow chart of a DCS engineer station software permission function implementation.
FIG. 2 is a diagram of a custom privilege.
Fig. 3 is a user pool management effect diagram.
FIG. 4 is an engineering user usage user pool data effect diagram.
FIG. 5 is a diagram of effects of rights automation configuration.
Fig. 6 is a diagram of the effect of authority refinement control.
Fig. 7 is a diagram of the effect of encrypted storage of rights data.
Detailed Description
To make the objects, technical solutions and advantages of the present invention more apparent, the following detailed description of the principles, features and the like of the present invention is provided in conjunction with the examples and the accompanying drawings, and the exemplary embodiments and the description thereof are only used for explaining the present invention and are not used to limit the protection scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be apparent to one of ordinary skill in the art that: it is not necessary to employ these specific details to practice the present invention. In other instances, well-known structures, circuits, materials, or methods have not been described in detail so as not to obscure the present invention.
Throughout the description of the specification, reference to "one embodiment," "an embodiment," "one example" or "an example" means: the particular features, structures, or characteristics described in connection with the embodiment or example are included in at least one embodiment of the invention. Thus, the appearances of the phrases "one embodiment," "an embodiment," "one example" or "an example" in various places throughout this specification are not necessarily all referring to the same embodiment or example. Furthermore, the particular features, structures, or characteristics may be combined in any suitable combination and/or sub-combination in one or more embodiments or examples. Further, those of ordinary skill in the art will appreciate that the illustrations provided herein are for illustrative purposes and are not necessarily drawn to scale. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
The following discloses many different embodiments or examples for implementing the subject technology described. While specific examples of one or more arrangements of features are described below to simplify the disclosure, the examples should not be construed as limiting the present disclosure, and a first feature described later in the specification in conjunction with a second feature can include embodiments that are directly related, can also include embodiments that form additional features, and further can include embodiments in which one or more additional intervening features are used to indirectly connect or combine the first and second features to each other so that the first and second features may not be directly related. In the description of the present specification, "a plurality" means at least two, e.g., two, three, etc., unless explicitly defined otherwise.
The terms used in the present specification are those general terms which are currently widely used in the art in consideration of functions related to the present disclosure, but they may be changed according to the intention of a person having ordinary skill in the art, precedent, or new technology in the art. Also, specific terms may be selected by the applicant, and in this case, their detailed meanings will be described in the detailed description of the present disclosure. Therefore, the terms used in the specification should not be construed as simple names but based on the meanings of the terms and the overall description of the present disclosure.
Flowcharts or text are used in this specification to illustrate the operational steps performed in accordance with embodiments of the present application. It should be understood that the operational steps in the embodiments of the present application are not necessarily performed in the exact order recited. Rather, the various steps may be processed in reverse order or simultaneously, as desired. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
Example 1
The embodiment provides a method for realizing user authority control under a cooperative architecture of a nuclear power station DCS platform engineer station. The main functions to be completed for realizing the invention comprise two major parts and four major functions. The two major parts are a server part and a client part respectively; the four functions are respectively a function of creating user pool data, editing user pool data, merging user pool data and a client authority execution function. The detailed function implementation flow is shown in fig. 1.
The method for realizing the authority based on the nuclear power plant security level DCS provided by the embodiment comprises the following steps:
A. newly building user pool data; a user administrator creates a project management user in a server, records the responsibility project of the user, allocates a client address to form user information, and a plurality of user information form user pool data;
B. editing user pool data; the user administrator edits the user information, judges whether the user information is used by the project or not, and edits the user information;
C. the client side authority is executed; the user information is issued to a client, an engineering management user selects an existing user, and the client distributes authority for the selected user to form engineering authority data;
D. merging the user pool data; uploading the project authority data to a server, adding the corresponding project authority into the user information, and updating the user pool data.
The specific implementation steps are as follows:
A. newly building user pool data:
(1) the function is that a user administrator creates a user on server software according to specific personnel conditions, binds a client IP/MAC address for the user, records the responsibility engineering of the user, and forms user pool data on the server.
(2) Only one user manager is arranged in one server, when the server software is installed, a default user name and a default password of the manager are generated, and the server software can be used for managing the user after the server software is modified when the server software is used for the first time;
(3) the user administrator information is encrypted and stored in the server, and password verification is needed when user management is carried out by local or remote login server software.
B. Editing user pool data:
(1) the function is that a user administrator edits all users in the whole network segment on a server, the editable attribute is a user name, two fields of a client IP/MAC address are provided, and responsibility engineering information can only be checked and cannot be edited;
(2) when a user is deleted, it must be that the user is not assigned by any project, i.e., the user has no project tasks.
C. The client side authority executes:
(1) after the client logs in the project with the project administrator identity, the project administrator can customize the authority according to the service, and the customized authority is shown in fig. 2.
(2) The project administrator may select users from a pool of users and assign permissions at the project. And forming engineering authority data, and storing and using the engineering authority data along with other engineering data.
(3) The project manager can remove the user of the project to form new authority user data of the project, the data are uploaded to the server, and the server updates the responsibility project of the user.
(4) When some client copies a new project from other network and uploads it, the server merges the information of user data in the local network segment.
(5) The client engineering user login verification method comprises the steps that when an engineering is opened, a user name is selected, the user selects the engineering, a password is input, and the password is read from the engineering for verification; and after the project is successfully opened, initializing a software interface by the system according to the authority of the current user, and setting a function button except the grey authority.
In the client authority execution function, the authority data is encrypted and decrypted by adopting a national cipher algorithm, the authority data and the engineering data are bound and stored, and the encrypted and stored authority data is associated with the unique engineering identification code. In the client side authority execution function, the self-defined authority comprises one or more of the following: the method comprises the steps of equipment configuration, algorithm configuration, variable configuration, compiling module, offline downloading, downloading verification, equipment monitoring, algorithm monitoring, variable forcing, parameter modification, variable searching, equipment searching, variable unit management and periodic test.
D. Merging user pool data:
(1) circulating each user in the user pool, and judging whether the user exists in the network segment or not;
(2) if the user does not exist, allocating the IP/MAC address information of the network for the user or receiving the uploaded IP/MAC address information, and adding the data to the user pool data;
(3) if the user exists in the network segment, judging whether the uploaded project name exists in the user data;
(4) if the project name exists, ending the responsibility project processing flow and entering an IP/MAC address processing stage (the same project name in the same network segment is regarded as the same project, and if the project name is different projects, the project name is manually renewed by a user and then retransmitted);
(5) if the project name does not exist, updating the responsibility project field;
(6) and judging whether the IP/MAC address in the user data exists in the IP/MAC address of the user in the user pool or not, and if not, adding the IP/MAC address into the field.
(7) Taking out all data corresponding to the page by taking the page name as a unit, creating a primitive corresponding to the data, judging whether the primitive is created successfully or not, if the primitive is not created successfully, prompting a user, and returning to the previous step until the primitive is created successfully.
Based on the permission allocation scheme, the embodiment has the following specific advantages:
(1) establishing user pool data by adopting a method of service authority responsibility classification management, and uniformly taking charge of creating user and binding (mac or ip) of usable equipment by a system administrator to form user pool data; and each project administrator sets project roles and fixed equipment for users under the project based on the user pool data, so that the classified management of the nuclear power authority system data is realized.
(2) The method for automatically configuring the authority basic data by software is adopted, the default commonly-used user project role and the matched authority data are provided by the system, and a new role in the configured authority data can be added to the project in a user-defined mode for subsequent role distribution and use, so that the automation of functions is realized, and the configuration of the authority by a user is facilitated.
(3) And merging the authority data by adopting a computer automation technology, and merging the authority data by using a computer automation processing technology. And merging the authority data by adopting an automation technology in the engineering migration and merging process under the cooperative framework. The data correctness is ensured, the risk of problems caused by artificial combination is reduced, and the workload of operators is reduced.
(4) The authority data are encrypted by adopting a national cryptographic algorithm, and are encrypted and decrypted by using the national cryptographic algorithm (a mode of combining SM4 and SM 2) in the field of the nuclear power plant DCS, so that the safety requirement of the authority data of the nuclear power plant DCS is ensured.
(5) The method adopts a mode of binding and storing the authority data and the engineering data in the nuclear power plant DCS system, and the encrypted and stored authority data is associated with the engineering unique identification code, so that on one hand, user data is prevented from being usurped, and on the other hand, the authority data is prevented from being lost after the engineering is migrated.
(6) The method adopts the mode that the module and the function point are synchronously distributed with authority, adopts the characteristic of various functions of engineer station software in the nuclear power plant DCS, and adopts the mode that the module and the function point are synchronously distributed with authority to finely control the authority, thereby realizing the fine control of the authority function of the engineer station in the DCS.
In the project of demonstrating fast reactor DCS goods supply, the authority control method based on the software of the engineer station of the DCS system of the nuclear power plant is realized. The implementation effect is described as follows:
(1) the service authority role classification management effect is shown in fig. 3 and 4. The login information and the engineering information of the user are separately managed and isolated from each other, and the login authority and the engineering use authority of the user are verified by using the IP/MAC white list.
(2) The method realizes automatic configuration of the authority basic data, and the effect is shown in figure 5.
(3) The method adopts a scheme that the module and the function point synchronously carry out authority distribution, realizes the fine control of complicated authority functions, and has the effect as shown in figure 6.
(4) The method adopts the encryption technology to realize the data storage of the authority, and the effect is shown in figure 7.
In conclusion, aiming at the logic realization of the authority function of an engineer station in a nuclear power station DCS, the invention researches the technology of classifying and managing the authority data according to the service and the technology of automatically configuring the roles by a computer; the concept of a user pool is introduced, and a method for automatically processing user pool data by a computer is used, so that the operation flow of the user is simplified, and the usability of software is improved. The data encryption and communication encryption complementary technology is used in the nuclear power industry, and the scheme of binding and storing the authority data and the engineering is adopted, so that the data correctness is ensured; aiming at the characteristic of various functions of engineer station software, a mode of synchronously carrying out authority distribution on modules and function points is adopted to carry out fine control on authority, so that fine control on the authority function of an engineer station in a DCS (distributed control system) is realized; aiming at the characteristics of an engineer station software cooperative architecture, a method of separate configuration, separate use and synchronous storage of server authority and client authority is adopted in the nuclear power field, so that the authority function under the C/S architecture of the engineer station software of a DSC system in the nuclear power industry is realized.
Example 2
The embodiment provides a nuclear power plant security level DCS system, which employs the authority implementation method based on the nuclear power plant security level DCS system as described in embodiment 1. In the invention, aiming at the characteristic of complex software permission data of a nuclear power plant DCS (distributed control System) engineer station, a method for classified management of service permission responsibilities and automatic permission data processing by software is researched, and a user pool concept is introduced, so that effective verification of permission constraint and effective management of permission data are realized. Aiming at the characteristics of a software C/S architecture, methods for separately configuring, separately using and synchronously storing server authority and client authority are researched, and authority management under the C/S architecture is realized. Aiming at the problems of various software functions and complex authority configuration operation, the method for automatically configuring the authority basic data by the software is adopted, and the usability of the software is improved. The invention is suitable for various occasions of engineering design, maintenance, V & V, test and verification of the DCS system of the nuclear power plant.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only preferred embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A permission implementation method based on a nuclear power plant security level DCS is characterized by comprising the following steps:
A. newly building user pool data; a user manager creates a project management user in a server, records the responsibility project of the user, allocates a client address to form user information, and forms user pool data by a plurality of user information;
B. editing user pool data; the user administrator edits the user information, judges whether the user information is used by the project or not, and edits the user information;
C. the client side authority is executed; the user information is issued to a client, an engineering management user selects an existing user, and the client distributes authority for the selected user to form engineering authority data;
D. merging the user pool data; and uploading the project authority data to a server, adding the corresponding project authority into the user information, and updating the user pool data.
2. The permission implementing method based on the nuclear power plant security level DCS system according to claim 1, wherein the step of specifically implementing the following steps for newly creating the user pool data is as follows:
(1) a user administrator creates a user on server software according to personnel conditions, binds a client IP/MAC address for the user, records the responsibility engineering of the user and forms user pool data on a server;
(2) only one user manager is arranged in one server, when the server software is installed, a default user name and a default password of the manager are generated, and the server software can be used for managing the user after the server software is modified when the server software is used for the first time;
(3) the user administrator information is encrypted and stored in the server, and password verification is needed when user management is carried out by local or remote login server software.
3. The permission implementing method based on the nuclear power plant security level DCS system of claim 2, wherein editing the user pool data specifically implements the following steps:
(1) a user administrator edits all users in the whole network segment on a server, editable attributes are two fields of a user name and a client IP/MAC address, and responsibility engineering information can only be viewed and cannot be edited;
(2) when a user is deleted, it must be satisfied that the user is not assigned by any one project, or that the user has no project task.
4. The authority implementation method based on the nuclear power plant security level DCS system according to claim 3, wherein the client authority execution function specifically implements the following steps:
(1) after a user logs in a project by using the identity of a project manager at a client, defining the authority according to the service;
(2) and the project administrator selects users from the user pool and allocates the rights in the project to form project rights data.
(3) The client engineering user login verification; opening an engineering, firstly selecting a user name, selecting the engineering by a user, inputting a password, and reading the password from the engineering by a client for verification; after the project is successfully opened, the system initializes a software interface and places functional buttons except the gray authority according to the authority of the current user.
5. The authority implementation method based on the nuclear power plant security level DCS system according to claim 4, wherein the client authority execution function further implements the following steps: (4) the project manager removes the users of the project to form new authority user data of the project, the data are uploaded to the server, and the server updates the responsibility project of the users.
6. The authority implementation method based on the nuclear power plant security level DCS system according to claim 5, wherein the client authority execution function further implements the following steps: (5) if the client copies a new project and uploads, the server merges the information of the user data in the network segment.
7. The authority implementation method based on the nuclear power plant security level DCS system according to claim 4, wherein in the client authority execution function, a state encryption algorithm is adopted to encrypt and decrypt authority data, the authority data and engineering data are bound and stored, and the encrypted and stored authority data is associated with an engineering unique identification code.
8. The method of claim 4, wherein the custom permission in the client permission execution function includes one or more of the following: the method comprises the steps of equipment configuration, algorithm configuration, variable configuration, compiling module, offline downloading, downloading verification, equipment monitoring, algorithm supervision, variable monitoring, variable forcing, parameter modification, variable searching, equipment searching, variable unit management and periodic test.
9. The method of claim 6, wherein the merging of user pool data specifically implements the following steps:
(1) circulating each user in the user pool, and judging whether the user exists in the network segment or not;
(2) if the user does not exist, allocating the IP/MAC address information of the network for the user or receiving the uploaded IP/MAC address information, and adding the data to the user pool data;
(3) if the user exists in the network segment, judging whether the uploaded project name exists in the user data;
(4) if the project name exists, ending the responsibility project processing flow and entering an IP/MAC address processing stage;
(5) if the project name does not exist, updating the responsibility project field;
(6) judging whether the IP/MAC address in the user data exists in the IP/MAC address of the user in the user pool or not, and if not, adding the IP/MAC address in the field;
(7) taking out all data corresponding to the page by taking the page name as a unit, creating a primitive corresponding to the data, judging whether the primitive is created successfully or not, if the primitive is not created successfully, prompting a user and returning to the previous step until the primitive is created successfully.
10. A nuclear power plant safety level DCS system, characterized in that the authority implementation method based on the nuclear power plant safety level DCS system of any one of claims 1 to 9 is adopted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211010990.8A CN115328053B (en) | 2022-08-23 | 2022-08-23 | Permission realization method based on security level DCS system of nuclear power plant |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211010990.8A CN115328053B (en) | 2022-08-23 | 2022-08-23 | Permission realization method based on security level DCS system of nuclear power plant |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115328053A true CN115328053A (en) | 2022-11-11 |
| CN115328053B CN115328053B (en) | 2024-05-28 |
Family
ID=83926270
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211010990.8A Active CN115328053B (en) | 2022-08-23 | 2022-08-23 | Permission realization method based on security level DCS system of nuclear power plant |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115328053B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117093979A (en) * | 2023-10-19 | 2023-11-21 | 西安热工研究院有限公司 | Method, system and medium for trusted switching of DCS controller in non-network environment |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5812394A (en) * | 1995-07-21 | 1998-09-22 | Control Systems International | Object-oriented computer program, system, and method for developing control schemes for facilities |
| JP2001216006A (en) * | 2000-02-04 | 2001-08-10 | Meidensha Corp | Programming supporting system |
| DE10058000A1 (en) * | 2000-10-24 | 2002-05-08 | Imm Network Gmbh | Controlling similar processes, especially workflow process, involves specifying flow of group of similar processes in program with several variants for specific processes and input parameters |
| US20060229896A1 (en) * | 2005-04-11 | 2006-10-12 | Howard Rosen | Match-based employment system and method |
| CN101388101A (en) * | 2001-09-24 | 2009-03-18 | 西门子能量及自动化公司 | Method for providing engineering tool services |
| CN101661281A (en) * | 2008-08-28 | 2010-03-03 | 上海宝信软件股份有限公司 | Method for handing over control authority in distributed monitoring system |
| US7962358B1 (en) * | 2006-11-06 | 2011-06-14 | Sprint Communications Company L.P. | Integrated project and staffing management |
| US20120266209A1 (en) * | 2012-06-11 | 2012-10-18 | David Jeffrey Gooding | Method of Secure Electric Power Grid Operations Using Common Cyber Security Services |
| JP2013140476A (en) * | 2012-01-04 | 2013-07-18 | Toyota Motor Corp | Information processing device, access authority giving method, program generation device, and method therefor |
| CN103617485A (en) * | 2013-11-15 | 2014-03-05 | 中国航空无线电电子研究所 | Uniform authority management and deployment system |
| US20150012141A1 (en) * | 2013-07-02 | 2015-01-08 | Abb Technology | Method and system to support technical tasks in distributed control systems |
| US20160098681A1 (en) * | 2014-10-01 | 2016-04-07 | Amadeus S.A.S. | Automated task handling |
| CN106843183A (en) * | 2017-03-29 | 2017-06-13 | 苏州中材建设有限公司 | The long distance control system and control method of the dry type grout line debugging based on VPN technologies |
| CN107273626A (en) * | 2017-06-23 | 2017-10-20 | 中国核动力研究设计院 | One kind is applied to Nuclear Safety level DCS data processing methods |
| US20180224822A1 (en) * | 2017-01-23 | 2018-08-09 | Hayward Industries, Inc. | Systems and methods for providing network connectivity and remote monitoring, optimization, and control of pool/spa equipment |
-
2022
- 2022-08-23 CN CN202211010990.8A patent/CN115328053B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5812394A (en) * | 1995-07-21 | 1998-09-22 | Control Systems International | Object-oriented computer program, system, and method for developing control schemes for facilities |
| JP2001216006A (en) * | 2000-02-04 | 2001-08-10 | Meidensha Corp | Programming supporting system |
| DE10058000A1 (en) * | 2000-10-24 | 2002-05-08 | Imm Network Gmbh | Controlling similar processes, especially workflow process, involves specifying flow of group of similar processes in program with several variants for specific processes and input parameters |
| CN101388101A (en) * | 2001-09-24 | 2009-03-18 | 西门子能量及自动化公司 | Method for providing engineering tool services |
| US20060229896A1 (en) * | 2005-04-11 | 2006-10-12 | Howard Rosen | Match-based employment system and method |
| US7962358B1 (en) * | 2006-11-06 | 2011-06-14 | Sprint Communications Company L.P. | Integrated project and staffing management |
| CN101661281A (en) * | 2008-08-28 | 2010-03-03 | 上海宝信软件股份有限公司 | Method for handing over control authority in distributed monitoring system |
| JP2013140476A (en) * | 2012-01-04 | 2013-07-18 | Toyota Motor Corp | Information processing device, access authority giving method, program generation device, and method therefor |
| US20120266209A1 (en) * | 2012-06-11 | 2012-10-18 | David Jeffrey Gooding | Method of Secure Electric Power Grid Operations Using Common Cyber Security Services |
| US20150012141A1 (en) * | 2013-07-02 | 2015-01-08 | Abb Technology | Method and system to support technical tasks in distributed control systems |
| CN103617485A (en) * | 2013-11-15 | 2014-03-05 | 中国航空无线电电子研究所 | Uniform authority management and deployment system |
| US20160098681A1 (en) * | 2014-10-01 | 2016-04-07 | Amadeus S.A.S. | Automated task handling |
| US20180224822A1 (en) * | 2017-01-23 | 2018-08-09 | Hayward Industries, Inc. | Systems and methods for providing network connectivity and remote monitoring, optimization, and control of pool/spa equipment |
| CN106843183A (en) * | 2017-03-29 | 2017-06-13 | 苏州中材建设有限公司 | The long distance control system and control method of the dry type grout line debugging based on VPN technologies |
| CN107273626A (en) * | 2017-06-23 | 2017-10-20 | 中国核动力研究设计院 | One kind is applied to Nuclear Safety level DCS data processing methods |
Non-Patent Citations (2)
| Title |
|---|
| 熊璋;汪明;王少峰;何志坚;蒲菊华;: "基于LDAP技术的南水北调中线建管系统的用户管理机制", 水资源与水工程学报, no. 06, 15 December 2008 (2008-12-15) * |
| 王晓卫;孙洪涛;梁中起;孙月亮;: "核电厂安全级DCS培训系统设计与研究", 自动化博览, no. 12, 15 December 2016 (2016-12-15) * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117093979A (en) * | 2023-10-19 | 2023-11-21 | 西安热工研究院有限公司 | Method, system and medium for trusted switching of DCS controller in non-network environment |
| CN117093979B (en) * | 2023-10-19 | 2024-01-16 | 西安热工研究院有限公司 | Method, system and medium for trusted switching of DCS controller in non-network environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115328053B (en) | 2024-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110048855B (en) | Introduction method and calling method of cryptographic algorithm, device, equipment and Fabric platform | |
| CN102468971A (en) | Authority management method and device, and authority control method and device | |
| CN105843182A (en) | Power dispatching accident handling scheme preparing system and power dispatching accident handling scheme preparing method based on OMS | |
| CN103617485A (en) | Uniform authority management and deployment system | |
| CN105184144A (en) | Multi-system privilege management method | |
| CN103996000A (en) | Authority management system and method | |
| CN109586963A (en) | A kind of cloud emulation platform safe-guard system, server, terminal and method | |
| CN106302483A (en) | Decentralized management method and system | |
| CN114553865A (en) | Heterogeneous hybrid cloud system architecture design method | |
| CN104008441A (en) | Task management system and method for automatically submitting files into version library | |
| Aubakirov et al. | Development of system architecture for e-government cloud platforms | |
| CN115328053A (en) | Authority implementation method based on nuclear power plant security level DCS system | |
| CN106599718B (en) | The control method and device of information access rights | |
| CN107656796A (en) | A kind of virtual machine cold moving method, system and equipment | |
| CN109543415A (en) | Safe operating system architecture | |
| CN109660381A (en) | Distribution management method, device, server and storage medium | |
| CN101527637A (en) | Virtual proprietary organization platform system and method thereof | |
| CN113467890B (en) | Distributed college virtual laboratory management method, system and storage device | |
| CN104735701A (en) | Centralized LTE parameter management method and LTE platform | |
| CN103177202A (en) | Method and system for realizing consulting authority limit management of patent tree | |
| CN104426695A (en) | Method and system for heterogeneous equipment account management | |
| CN114491452A (en) | Method for realizing cloud resource multi-account authority control facing cloud host and cloud bastion machine | |
| CN116260732A (en) | Sharing system and method for multi-cloud system pipe | |
| CN106060032A (en) | User data integration and redistribution method and system | |
| MVP et al. | Microsoft System Center 2012 R2 Operations Manager Cookbook |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |