CN115328053B - Permission realization method based on security level DCS system of nuclear power plant - Google Patents
Permission realization method based on security level DCS system of nuclear power plant Download PDFInfo
- Publication number
- CN115328053B CN115328053B CN202211010990.8A CN202211010990A CN115328053B CN 115328053 B CN115328053 B CN 115328053B CN 202211010990 A CN202211010990 A CN 202211010990A CN 115328053 B CN115328053 B CN 115328053B
- Authority
- CN
- China
- Prior art keywords
- user
- authority
- data
- project
- engineering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000012545 processing Methods 0.000 claims abstract description 16
- 238000012795 verification Methods 0.000 claims abstract description 14
- 238000012360 testing method Methods 0.000 claims abstract description 5
- 238000012544 monitoring process Methods 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 4
- 230000004048 modification Effects 0.000 claims description 4
- 230000000737 periodic effect Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 abstract description 52
- 238000013461 design Methods 0.000 abstract description 7
- 238000012423 maintenance Methods 0.000 abstract description 5
- 238000007726 management method Methods 0.000 description 19
- 238000005516 engineering process Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 10
- 230000000694 effects Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 4
- 238000003860 storage Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000013508 migration Methods 0.000 description 2
- 230000005012 migration Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
- G05B19/41845—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by system universality, reconfigurability, modularity
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/33—Director till display
- G05B2219/33273—DCS distributed, decentralised controlsystem, multiprocessor
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Manufacturing & Machinery (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Stored Programmes (AREA)
Abstract
In the invention, aiming at the characteristic that the authority data of the station software of the DCS system engineer of the nuclear power plant is complex, the methods of classifying management of business authority responsibilities and automatic processing of the authority data by the software are researched, and the concept of a user pool is introduced, so that effective verification of authority constraint and effective management of the authority data are realized. Aiming at the characteristics of the software C/S architecture, the method for separately configuring, separately using and synchronously storing the server authority and the client authority is researched, and the authority management under the C/S architecture is realized. Aiming at the problems of multiple software functions and complex authority configuration operation, the method for automatically configuring the authority basic data by the software is adopted, and the usability of the software is improved. The invention is suitable for various occasions of engineering design, maintenance, V & V, test and verification of the DCS system of the nuclear power plant.
Description
Technical Field
The invention belongs to the technical field of nuclear power, and particularly relates to a method for realizing user authority control under a station collaborative architecture of a DCS (distributed control system) platform engineer of a nuclear power station.
Background
In a nuclear power plant DCS system, engineer station software is the primary software for interacting with users, and involves a large number of functions, and users using these functions cover most of the relevant personnel of the nuclear power plant system. The importance of these functions is not the same, but almost every function corresponds to a particular class of users. In view of the high safety requirements of the nuclear power plant systems, the consequences of improper use of functions are extremely serious. Therefore, the invention relates to a robust authority control method in engineer station software, in particular to engineer station software with cooperative architecture, which effectively realizes the authority control of each function and each user group of the software and is very important for the design of the whole DCS system engineer station software.
For engineer station software of a cooperative architecture of a DCS system, the related use scenario mainly comprises that a plurality of persons work cooperatively, and a plurality of functions are executed simultaneously in the same mutually-related network. The related functions cover various aspects of engineering design, engineering management, engineering maintenance, auxiliary operation and the like, and under such complex use occasions, the functions are in communication with each other in a universal manner. In the process of designing software, the effective control of the authority is a very important thing and a very difficult thing for the design and maintenance of the whole DCS system engineering.
The existing nuclear power station DCS system basically has a certain authority control, but the functions of the system are not complete and perfect, in unsafe events of the DCS system, misoperation of improper authority control accounts for a large proportion, and equipment misoperation or refusal operation caused by human errors are easy to occur in links such as engineering design, software downloading, interface forcing and the like, so that the consequences are very serious. In a DCS system with strong functions and very high safety requirements, complete and clear control of authority is achieved, and the method is a key link of the robust operation of the whole system.
From the analysis of the functional structure and the safety requirement of the function of the DCS system and the actual working process of different users, the authority control of the DCS system must be realized by a reasonable method in order to accurately and completely realize the authority distribution function based on the characteristics of the collaborative architecture of the station software of the DCS system engineer of the nuclear power station and the independent data storage module.
Disclosure of Invention
Aiming at the logic realization of the authority function of an engineer station in a nuclear power station DCS system, the invention adopts the technology of business authority responsibility classification management and computer automatic processing role data in the nuclear power industry. Based on the technology, the invention discloses a method for realizing the authority of station software of a nuclear power plant DCS system engineer. On one hand, the method can realize the fine control of station authorities of DCS engineers, and the automatic processing of authority data, thereby improving the working efficiency and saving the engineering design and maintenance cost; on the other hand, the security of the authority data is ensured by means of data encryption, communication transmission encryption and the like and adopting a scheme of storing the data in a mode of binding with engineering, so that the security and the robustness of the DCS are ensured, and the stability and the robustness of the system are improved.
In order to achieve the above purpose, the invention is realized by the following technical scheme:
a method for realizing authority based on a security level DCS system of a nuclear power plant comprises the following steps:
A. Newly creating user pool data; a user manager establishes engineering management users in a server, records responsibility engineering of the users, allocates addresses of clients to form user information, and a plurality of user information forms user pool data;
B. Editing user pool data; editing user information by a user manager, judging whether the user information is used by engineering, and editing the user information;
C. Executing the client permission; the user information is issued to a client, an engineering management user selects the existing user, and the client allocates rights for the selected user to form engineering rights data;
D. merging the user pool data; and uploading the engineering authority data to a server, adding the corresponding engineering authority into the user information, and updating the user pool data.
In the method, a user pool concept is introduced into the nuclear power field, authority is set for the characteristics of a software C/S architecture, user pool data is established by adopting a method of classifying and managing business authority responsibilities, authority basic data is configured by adopting software automation, authority data is combined by adopting a computer automation technology, the authority data and engineering data are bound and stored, and the authority distribution is carried out by adopting a mode of synchronizing a module and a function point. The concept of a user pool is introduced in the nuclear power field, and the whole authority data is expressed in a very visual way in the whole system research and development and subsequent operation processes, so that the information consistency of the whole process is ensured. The authority is set for the characteristics of the software C/S architecture, and the method of separately configuring, separately using and synchronously storing the server authority and the client authority is realized for the authority management under the C/S architecture.
Wherein, the newly built user pool data concretely implements the following steps:
① A user manager builds a user on server software according to personnel conditions, binds an IP/MAC address of a client for the user, records responsibility engineering of the user, and forms user pool data on the server;
② When the server software is installed, the default user name and password of the administrator are generated, and the server software can be used for managing the user after the user is required to be modified for the first time later;
③ The user manager information is stored in the server in an encrypted mode, and password verification is needed when user management is carried out through local or remote login server software.
Wherein editing user pool data specifically implements the following steps:
① A user manager edits all users in the whole network segment on a server, wherein editable attributes are a user name and a client IP/MAC address, and responsibility engineering information can only be checked and can not be edited;
② When a user is deleted, it must be satisfied that the user is not assigned by any one of the projects, or that the user has no project tasks.
The client permission execution function specifically implements the following steps:
① After logging in the project by the identity of the project manager at the client, the user self-defines the authority according to the business;
② And the project manager selects users from the user pool and distributes the rights in the project to form project rights data.
③ Logging and verifying a client engineering user; opening a project, firstly selecting a user name, selecting the project by a user, inputting a password, and reading the password from the project by a client for verification; after the engineering is successfully opened, the system initializes a software interface and sets function buttons outside the gray authority according to the authority of the current user.
Wherein, the client-side authority execution function also implements the following steps: ④ And removing the user of the project by the project manager to form new authority user data of the project, uploading the data to the server, and updating the responsibility project of the user by the server.
Wherein, the client-side authority execution function also implements the following steps: ⑤ When a client copies in a new project and uploads the new project, the server merges the information of the user data in the local network segment.
In the client side authority execution function, authority data is encrypted and decrypted by adopting a cryptographic algorithm, the authority data and engineering data are bound and stored, and an engineering unique identification code is associated in the encrypted and stored authority data.
In the client permission execution function, the customized permission comprises one or more of the following: device configuration, algorithm configuration, variable configuration, compiling module, off-line downloading, downloading verification, device monitoring, algorithm supervision, variable monitoring, variable forcing, parameter modification, variable searching, device searching, variable unit management and periodic test.
Wherein, merging the user pool data specifically implements the following steps:
① Each user in the circulating user pool judges whether the user exists in the local network section or not;
② If the user does not exist, the IP/MAC address information of the network is distributed to the user or the uploaded IP/MAC address information is received, and the data is added to the user pool data;
③ If the user exists in the home network segment, judging whether the uploaded project name exists under the user data;
④ If the engineering name exists, ending the responsibility engineering processing flow, and entering an IP/MAC address processing stage;
⑤ If the project name does not exist, updating the responsible project field;
⑥ Judging whether the IP/MAC address in the user data exists in the IP/MAC address of the user in the user pool, if not, adding the IP/MAC address in the field;
⑦ Taking the page name as a unit, taking out all data corresponding to the page, creating a graphic primitive corresponding to the data, judging whether the graphic primitive is created successfully, if the graphic primitive is created unsuccessfully, prompting a user and returning to the previous step until the graphic primitive is created successfully.
On the other hand, the nuclear power plant security level DCS system is provided, and the authority implementation method based on the nuclear power plant security level DCS system is adopted.
In summary, compared with the prior art, the invention has the following advantages and beneficial effects: the method has been employed on a security level DCS system that has been applied to demonstration of fast reactor DCS supply projects. The method introduces the concept of a user pool in the nuclear power industry and adopts the techniques of business authority responsibility classification management, automatic configuration of user data and automatic processing of user pool data by a computer. And encrypting and storing the authority data of the nuclear power system by means of data encryption, communication transmission encryption and the like, and adopting a method for synchronously distributing the authority of the module and the function point, and separately configuring, separately using and synchronously storing the authority of the server and the authority of the client. The method realizes the fine control of the authority function under the cooperative architecture of the nuclear power system engineer station software, ensures the safety and reliability of the authority data, and ensures the stability and the order of the execution of the authority function.
Drawings
The accompanying drawings, which are included to provide a further understanding of embodiments of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the principles of the application.
FIG. 1 is a flow chart of a DCS system engineer station software entitlement function implementation.
FIG. 2 is a custom rights schematic.
FIG. 3 is a user pool management effect diagram.
FIG. 4 is a graph of the effect of engineering users on using user pool data.
Fig. 5 is a diagram of the effect of the authority automation configuration.
Fig. 6 is a diagram of the authority refinement control effect.
Fig. 7 is a diagram of the effect of encrypting and storing rights data.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the principles and features of the present invention will be described in further detail below with reference to the examples and the accompanying drawings, and the exemplary embodiments of the present invention and the descriptions thereof are only for explaining the present invention and are not intended to limit the scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be apparent to one of ordinary skill in the art that: no such specific details are necessary to practice the invention. In other instances, well-known structures, circuits, materials, or methods have not been described in detail in order not to obscure the invention.
Throughout the description, reference to "one embodiment," "an embodiment," "one example," or "an example" means: a particular feature, structure, or characteristic described in connection with the embodiment or example is included within at least one embodiment of the invention. Thus, the appearances of the phrases "in one embodiment," "in an example," or "in an example" in various places throughout this specification are not necessarily all referring to the same embodiment or example. Furthermore, the particular features, structures, or characteristics may be combined in any suitable combination and/or sub-combination in one or more embodiments or examples. Moreover, those of ordinary skill in the art will appreciate that the illustrations provided herein are for illustrative purposes and that the illustrations are not necessarily drawn to scale. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
The following discloses a number of different embodiments or examples of implementing the subject technology. Specific examples of one or more arrangements of features are described below to simplify the disclosure, but the examples are not limiting of the present disclosure, and a first feature described later in this disclosure is connected to a second feature, and may include embodiments that are directly connected to each other, or may include embodiments that form additional features, and further include embodiments that indirectly connect or combine the first feature and the second feature with each other using one or more other intervening features, so that the first feature and the second feature may not be directly connected to each other. In the description of the present specification, the meaning of "plurality" means at least two, for example, two, three, etc., unless explicitly defined otherwise.
The terms used in the present specification are those general terms that are currently widely used in the art in view of the functions of the present disclosure, but may vary according to the intention, precedent, or new technology in the art of the person of ordinary skill in the art. Furthermore, specific terms may be selected by the applicant, and in this case, their detailed meanings will be described in the detailed description of the present disclosure. Accordingly, the terms used in the specification should not be construed as simple names, but rather based on the meanings of the terms and the general description of the present disclosure.
Flowcharts or text is used in this specification to describe the operational steps performed according to embodiments of the present application. It should be understood that the steps of operations in embodiments of the present application are not necessarily performed in the exact order recited. Rather, the various steps may be processed in reverse order or simultaneously, as desired. Also, other operations may be added to or removed from these processes.
Example 1
The embodiment provides a method for realizing user permission control under a nuclear power station DCS platform engineer station cooperative architecture. The main functions to be completed by implementing the invention comprise two parts and four functions. The two major parts are a server part and a client part respectively; the four functions are respectively a new user pool data, a user pool editing data, a user pool merging data and a client permission executing function. The detailed functional implementation flow is shown in fig. 1.
The authority implementation method based on the security level DCS system of the nuclear power plant provided by the embodiment comprises the following steps:
A. Newly creating user pool data; a user manager establishes engineering management users in a server, records responsibility engineering of the users, allocates addresses of clients to form user information, and a plurality of user information forms user pool data;
B. Editing user pool data; editing user information by a user manager, judging whether the user information is used by engineering, and editing the user information;
C. Executing the client permission; the user information is issued to a client, an engineering management user selects the existing user, and the client allocates rights for the selected user to form engineering rights data;
D. merging the user pool data; and uploading the engineering authority data to a server, adding the corresponding engineering authority into the user information, and updating the user pool data.
The specific implementation steps are as follows:
A. Newly creating user pool data:
① The function is that a user manager builds a user on server software according to specific personnel conditions, binds the IP/MAC address of a client for the user, records the responsibility engineering of the user, and forms user pool data on the server.
② When the server software is installed, the default user name and password of the administrator are generated, and the server software can be used for managing the user after the user is required to be modified for the first time later;
③ The user manager information is stored in the server in an encrypted mode, and password verification is needed when user management is carried out through local or remote login server software.
B. Editing user pool data:
① The function is that a user manager edits all users in the whole network section on a server, the editable attribute is a user name, the client IP/MAC address is two fields, and the responsibility engineering information can only be checked and can not be edited;
② When a user is deleted, it must be that the user is not assigned by any one project, i.e., the user has no project tasks.
C. client rights execution:
① After the client logs in the project with the identity of the project manager, the project manager can customize the authority according to the service, and the customized authority is shown in figure 2.
② The project administrator may select a user from a pool of users and assign rights in the project. And forming engineering authority data, and storing and using the engineering authority data together with other engineering data.
③ The project manager can remove the user of the project to form new authority user data of the project, and upload the data to the server, and the server updates the responsibility project of the user.
④ When a certain client copies in a new project from other networks and uploads the new project, the server merges the information of the user data in the local network segment.
⑤ When the engineering is opened, firstly, a user name is selected, the engineering is selected by the user, a password is input, and the password is read from the engineering for verification; after the engineering is successfully opened, the system initializes a software interface and sets function buttons outside the gray authority according to the authority of the current user.
In the client-side authority execution function, the authority data is encrypted and decrypted by adopting a cryptographic algorithm, and the authority data and engineering data are bound and stored, and an engineering unique identification code is associated in the encrypted and stored authority data. In the client-side authority execution function, the customized authority comprises one or more of the following: device configuration, algorithm configuration, variable configuration, compiling module, off-line downloading, downloading verification, device monitoring, algorithm supervision, variable monitoring, variable forcing, parameter modification, variable searching, device searching, variable unit management and periodic test.
D. Merging user pool data:
① Each user in the circulating user pool judges whether the user exists in the local network section or not;
② If the user does not exist, the IP/MAC address information of the network is distributed to the user or the uploaded IP/MAC address information is received, and the data is added to the user pool data;
③ If the user exists in the home network segment, judging whether the uploaded project name exists under the user data;
④ If the project name exists, the process flow of ending responsible projects enters an IP/MAC address processing stage (the same project name of the same network segment is regarded as the same project, if the project name is different projects, the project name is manually renamed by a user and then retransmitted);
⑤ If the project name does not exist, updating the responsible project field;
⑥ Judging whether the IP/MAC address in the user data exists in the IP/MAC address of the user in the user pool, if not, adding the IP/MAC address in the field.
⑦ Taking the page name as a unit, taking out all data corresponding to the page, creating a graphic primitive corresponding to the data, judging whether the graphic primitive is created successfully, prompting a user if the graphic primitive is not created successfully, and returning to the previous step until the graphic primitive is created successfully.
Based on the rights allocation scheme, the embodiment has the following specific advantages:
① Establishing user pool data by adopting a service authority responsibility classification management method, and uniformly responsible for the creation of users and the binding (mac or ip) of usable equipment by a system administrator to form the user pool data; and each project manager sets the project role and the fixed equipment for the user under the project based on the user pool data, thereby realizing the classified management of the nuclear power authority system data.
② The method for automatically configuring the authority basic data by software is adopted, default common user engineering roles and matched authority data are provided through the system, new roles in the configured authority data can be added for the engineering in a custom mode for subsequent roles to be distributed and used, and therefore function automation is achieved, and the configuration of the user on the authorities is facilitated.
③ And combining the authority data by adopting a computer automation technology, and combining the authority data by adopting a computer automation processing technology. And merging the authority data by adopting an automation technology in the engineering migration and merging process under the collaborative architecture. The correctness of the data is ensured, the risk of introducing problems by artificial merging is reduced, and the workload of operators is reduced.
④ The authority data is encrypted by adopting a national encryption algorithm, and the authority data is encrypted and decrypted by adopting the national encryption algorithm (SM 4 and SM2 combined mode) in the field of the nuclear power plant DCS, so that the security requirement of the authority data of the nuclear power plant DCS system is ensured.
⑤ The method is characterized in that a mode of binding and storing the authority data and the engineering data is adopted, a mode of binding and storing the authority data and the engineering data is adopted in a DCS system of the nuclear power plant, and an engineering unique identification code is associated with the authority data stored in an encrypted mode, so that user data is prevented from being tampered, and the condition that the authority data is not lost after engineering migration is guaranteed.
⑥ The method for performing authority allocation by synchronizing the modules and the function points is adopted in the DCS system of the nuclear power plant, and the mode for performing authority allocation by synchronizing the modules and the function points is adopted to perform the fine control of the authority aiming at the characteristic of multiple functions of the engineer station software, so that the fine control of the authority function of the engineer station in the DCS system is realized.
In the exemplary fast reactor DCS supply project, the authority control method based on the nuclear power plant DCS system engineer station software has been implemented. The effect of this implementation is described as follows:
① The business authority responsibility classification management effect is shown in fig. 3 and 4. The login information and the engineering information of the user are separately managed and isolated, and the IP/MAC white list verification is used for the login and engineering use authorities of the user.
② The method realizes the automatic configuration of the authority basic data, and the effect is shown in figure 5.
③ The method adopts a scheme of synchronously carrying out authority allocation on the modules and the function points, and realizes the fine control of the authority complex function, and the effect is shown in figure 6.
④ The method adopts encryption technology to realize the data storage of the rights, and the effect is shown in figure 7.
In summary, the invention researches the technology of classifying and managing the authority data according to the service aiming at the logic realization of the authority function of the engineer station in the DCS system of the nuclear power station, and researches the technology of character configuration through computer autonomy; the concept of a user pool is introduced, and a method for automatically processing user pool data by a computer is used, so that the user operation flow is simplified, and the availability of software is improved. The complementary technology of data encryption and communication encryption is used in the nuclear power industry, and the scheme of binding and storing the authority data and engineering is adopted, so that the data correctness is ensured; aiming at the characteristic of multiple functions of the engineer station software, the method adopts a mode of synchronously carrying out authority allocation on modules and function points to carry out the fine control of the authority, thereby realizing the fine control of the authority function of the engineer station in the DCS system; aiming at the characteristics of the engineering station software collaborative architecture, the method of separately configuring, separately using and synchronously storing the server authority and the client authority is adopted in the nuclear power field, so that the authority function under the DSC system engineering station software C/S architecture in the nuclear power industry is realized.
Example 2
The embodiment provides a nuclear power plant security level DCS system, which adopts the authority implementation method based on the nuclear power plant security level DCS system as described in the embodiment 1. In the invention, aiming at the characteristic that the authority data of the station software of the DCS system engineer of the nuclear power plant is complex, the methods of classifying management of business authority responsibilities and automatic processing of the authority data by the software are researched, and the concept of a user pool is introduced, so that effective verification of authority constraint and effective management of the authority data are realized. Aiming at the characteristics of the software C/S architecture, the method for separately configuring, separately using and synchronously storing the server authority and the client authority is researched, and the authority management under the C/S architecture is realized. Aiming at the problems of multiple software functions and complex authority configuration operation, the method for automatically configuring the authority basic data by the software is adopted, and the usability of the software is improved. The invention is suitable for various occasions of engineering design, maintenance, V & V, test and verification of the DCS system of the nuclear power plant.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing detailed description of the preferred embodiments has been presented for purposes of illustration and description, and it is to be understood that the invention is not limited to the particular embodiments disclosed, but is intended to cover modifications, equivalents, alternatives, and improvements within the spirit and principles of the invention.
Claims (7)
1. The authority realizing method based on the security level DCS system of the nuclear power plant is characterized by comprising the following steps of:
A. Newly creating user pool data; a user manager establishes engineering management users in a server, records responsibility engineering of the users, allocates addresses of clients to form user information, and a plurality of user information forms user pool data;
B. Editing user pool data; editing user information by a user manager, judging whether the user information is used by engineering, and editing the user information;
C. Executing the client permission; the user information is issued to a client, an engineering management user selects the existing user, and the client allocates rights for the selected user to form engineering rights data;
D. merging the user pool data; uploading engineering authority data to a server, adding corresponding engineering authority into user information, and updating user pool data;
The client-side authority execution function specifically implements the following steps:
① After logging in the project by the identity of the project manager at the client, the user self-defines the authority according to the business;
② The project manager selects users from the user pool and distributes the rights in the project to form project rights data;
③ Logging and verifying a client engineering user; opening a project, firstly selecting a user name, selecting the project by a user, inputting a password, and reading the password from the project by a client for verification; after the engineering is successfully opened, initializing a software interface and setting a function button outside the gray authority by the system according to the authority of the current user;
The client rights enforcement function also implements the following steps:
④ The project manager removes the user of the project to form new authority user data of the project, the data is uploaded to a server, and the server updates the responsibility project of the user;
the merging of the user pool data is carried out by:
① Each user in the circulating user pool judges whether the user exists in the local network section or not;
② If the user does not exist, the IP/MAC address information of the network is distributed to the user or the uploaded IP/MAC address information is received, and the data is added to the user pool data;
③ If the user exists in the home network segment, judging whether the uploaded project name exists under the user data;
④ If the engineering name exists, ending the responsibility engineering processing flow, and entering an IP/MAC address processing stage;
⑤ If the project name does not exist, updating the responsible project field;
⑥ Judging whether the IP/MAC address in the user data exists in the IP/MAC address of the user in the user pool, if not, adding the IP/MAC address in the field;
⑦ Taking the page name as a unit, taking out all data corresponding to the page, creating a graphic primitive corresponding to the data, judging whether the graphic primitive is created successfully, if the graphic primitive is created unsuccessfully, prompting a user and returning to the previous step until the graphic primitive is created successfully.
2. The authority implementation method based on the security level DCS system of the nuclear power plant according to claim 1, wherein the newly created user pool data specifically implements the steps of:
① A user manager builds a user on server software according to personnel conditions, binds an IP/MAC address of a client for the user, records responsibility engineering of the user, and forms user pool data on the server;
② When the server software is installed, the default user name and password of the administrator are generated, and the server software can be used for managing the user after the user is required to be modified for the first time later;
③ The user manager information is stored in the server in an encrypted mode, and password verification is needed when user management is carried out through local or remote login server software.
3. The rights implementing method based on the security level DCS system of a nuclear power plant according to claim 2, wherein editing the user pool data specifically implements the steps of:
① A user manager edits all users in the whole network segment on a server, wherein editable attributes are a user name and a client IP/MAC address, and responsibility engineering information can only be checked and can not be edited;
② When a user is deleted, it must be satisfied that the user is not assigned by any one of the projects, or that the user has no project tasks.
4. A method for implementing rights based on a security level DCS system of a nuclear power plant according to claim 3, wherein the client rights execution function further performs the steps of: ⑤ When a client copies in a new project and uploads the new project, the server merges the information of the user data in the local network segment.
5. The method for realizing the authority based on the security level DCS system of the nuclear power plant according to claim 4, wherein in the client-side authority execution function, the authority data is encrypted and decrypted by adopting a cryptographic algorithm, the authority data and the engineering data are bound and stored, and the engineering unique identification code is associated in the encrypted and stored authority data.
6. The method for implementing rights based on a security level DCS system of a nuclear power plant according to claim 5, wherein the client rights execution function comprises one or more of the following rights: device configuration, algorithm configuration, variable configuration, compiling module, off-line downloading, downloading verification, device monitoring, algorithm supervision, variable monitoring, variable forcing, parameter modification, variable searching, device searching, variable unit management and periodic test.
7. A nuclear power plant security level DCS system, wherein the rights implementing method based on the nuclear power plant security level DCS system as claimed in any one of claims 1 to 6 is adopted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211010990.8A CN115328053B (en) | 2022-08-23 | 2022-08-23 | Permission realization method based on security level DCS system of nuclear power plant |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211010990.8A CN115328053B (en) | 2022-08-23 | 2022-08-23 | Permission realization method based on security level DCS system of nuclear power plant |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115328053A CN115328053A (en) | 2022-11-11 |
| CN115328053B true CN115328053B (en) | 2024-05-28 |
Family
ID=83926270
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211010990.8A Active CN115328053B (en) | 2022-08-23 | 2022-08-23 | Permission realization method based on security level DCS system of nuclear power plant |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115328053B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117093979B (en) * | 2023-10-19 | 2024-01-16 | 西安热工研究院有限公司 | Method, system and medium for trusted switching of DCS controller in non-network environment |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5812394A (en) * | 1995-07-21 | 1998-09-22 | Control Systems International | Object-oriented computer program, system, and method for developing control schemes for facilities |
| JP2001216006A (en) * | 2000-02-04 | 2001-08-10 | Meidensha Corp | Programming supporting system |
| DE10058000A1 (en) * | 2000-10-24 | 2002-05-08 | Imm Network Gmbh | Controlling similar processes, especially workflow process, involves specifying flow of group of similar processes in program with several variants for specific processes and input parameters |
| CN101388101A (en) * | 2001-09-24 | 2009-03-18 | 西门子能量及自动化公司 | Method for providing engineering tool services |
| CN101661281A (en) * | 2008-08-28 | 2010-03-03 | 上海宝信软件股份有限公司 | Method for handing over control authority in distributed monitoring system |
| US7962358B1 (en) * | 2006-11-06 | 2011-06-14 | Sprint Communications Company L.P. | Integrated project and staffing management |
| JP2013140476A (en) * | 2012-01-04 | 2013-07-18 | Toyota Motor Corp | Information processing device, access authority giving method, program generation device, and method therefor |
| CN103617485A (en) * | 2013-11-15 | 2014-03-05 | 中国航空无线电电子研究所 | Uniform authority management and deployment system |
| CN106843183A (en) * | 2017-03-29 | 2017-06-13 | 苏州中材建设有限公司 | The long distance control system and control method of the dry type grout line debugging based on VPN technologies |
| CN107273626A (en) * | 2017-06-23 | 2017-10-20 | 中国核动力研究设计院 | One kind is applied to Nuclear Safety level DCS data processing methods |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7805382B2 (en) * | 2005-04-11 | 2010-09-28 | Mkt10, Inc. | Match-based employment system and method |
| US20120266209A1 (en) * | 2012-06-11 | 2012-10-18 | David Jeffrey Gooding | Method of Secure Electric Power Grid Operations Using Common Cyber Security Services |
| EP2821947A1 (en) * | 2013-07-02 | 2015-01-07 | ABB Technology AG | Method and system to support technical tasks in distributed control systems |
| US20160098681A1 (en) * | 2014-10-01 | 2016-04-07 | Amadeus S.A.S. | Automated task handling |
| US20180224822A1 (en) * | 2017-01-23 | 2018-08-09 | Hayward Industries, Inc. | Systems and methods for providing network connectivity and remote monitoring, optimization, and control of pool/spa equipment |
-
2022
- 2022-08-23 CN CN202211010990.8A patent/CN115328053B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5812394A (en) * | 1995-07-21 | 1998-09-22 | Control Systems International | Object-oriented computer program, system, and method for developing control schemes for facilities |
| JP2001216006A (en) * | 2000-02-04 | 2001-08-10 | Meidensha Corp | Programming supporting system |
| DE10058000A1 (en) * | 2000-10-24 | 2002-05-08 | Imm Network Gmbh | Controlling similar processes, especially workflow process, involves specifying flow of group of similar processes in program with several variants for specific processes and input parameters |
| CN101388101A (en) * | 2001-09-24 | 2009-03-18 | 西门子能量及自动化公司 | Method for providing engineering tool services |
| US7962358B1 (en) * | 2006-11-06 | 2011-06-14 | Sprint Communications Company L.P. | Integrated project and staffing management |
| CN101661281A (en) * | 2008-08-28 | 2010-03-03 | 上海宝信软件股份有限公司 | Method for handing over control authority in distributed monitoring system |
| JP2013140476A (en) * | 2012-01-04 | 2013-07-18 | Toyota Motor Corp | Information processing device, access authority giving method, program generation device, and method therefor |
| CN103617485A (en) * | 2013-11-15 | 2014-03-05 | 中国航空无线电电子研究所 | Uniform authority management and deployment system |
| CN106843183A (en) * | 2017-03-29 | 2017-06-13 | 苏州中材建设有限公司 | The long distance control system and control method of the dry type grout line debugging based on VPN technologies |
| CN107273626A (en) * | 2017-06-23 | 2017-10-20 | 中国核动力研究设计院 | One kind is applied to Nuclear Safety level DCS data processing methods |
Non-Patent Citations (2)
| Title |
|---|
| 基于LDAP技术的南水北调中线建管系统的用户管理机制;熊璋;汪明;王少峰;何志坚;蒲菊华;;水资源与水工程学报;20081215(06);全文 * |
| 核电厂安全级DCS培训系统设计与研究;王晓卫;孙洪涛;梁中起;孙月亮;;自动化博览;20161215(12);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115328053A (en) | 2022-11-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105324750B (en) | Develop environmental system, exploitation environmental device and exploitation environment providing method | |
| CN106572000A (en) | WeChat official account platform-based construction site quality and safety management method | |
| CN102468971A (en) | Authority management method and device, and authority control method and device | |
| CN104391694B (en) | Intelligent mobile terminal software public service support platform system | |
| CN107087009A (en) | A kind of realization method and system of collaborative share | |
| CN110472388A (en) | A kind of apparatus management/control system and its user authority control method | |
| CN103996000A (en) | Authority management system and method | |
| CN105645202A (en) | Password authority control method and system, remote server and elevator controller | |
| CN106302483A (en) | Decentralized management method and system | |
| CN115328053B (en) | Permission realization method based on security level DCS system of nuclear power plant | |
| CN106648589A (en) | svn source code online management and shared viewing system and method | |
| CN105487556A (en) | Flight control method and flight control device of unmanned aircraft | |
| CN107656796A (en) | A kind of virtual machine cold moving method, system and equipment | |
| CN112925666A (en) | Third-party API integrated management method based on groovy script technology | |
| CN113743905A (en) | Engineering information processing platform and method based on RPA technology | |
| CN117519046A (en) | Industrial sequence control system and method based on BPMN standard | |
| CN103310138A (en) | Account managing device and a method thereof | |
| CN110928526A (en) | Processing device for Internet of things | |
| CN109377412A (en) | A kind of intensive artwork maintenance system of auxiliary tone and its maintaining method | |
| CN116260732A (en) | Sharing system and method for multi-cloud system pipe | |
| CN103177202A (en) | Method and system for realizing consulting authority limit management of patent tree | |
| CN112765602A (en) | Information security supervision method and device | |
| CN107203615B (en) | System and method for realizing database configuration and management based on Windows self-contained Bat command | |
| Widianto et al. | Online Disposition Data Based Management System | |
| CN109960660A (en) | A kind of electrical network business networking security evaluation method based on Ansible |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |