OA19305A - Permission granting method and system based on one-to-one correspondence between roles and users - Google Patents

Permission granting method and system based on one-to-one correspondence between roles and users Download PDF

Info

Publication number
OA19305A
OA19305A OA1201900411 OA19305A OA 19305 A OA19305 A OA 19305A OA 1201900411 OA1201900411 OA 1201900411 OA 19305 A OA19305 A OA 19305A
Authority
OA
OAPI
Prior art keywords
rôle
user
rôles
department
correspondence
Prior art date
Application number
OA1201900411
Inventor
Dazhi Chen
Original Assignee
Chengdu Qianniucao Information Technology Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Qianniucao Information Technology Co., Ltd. filed Critical Chengdu Qianniucao Information Technology Co., Ltd.
Publication of OA19305A publication Critical patent/OA19305A/en

Links

Abstract

A permission granting method and system based on one-to-one correspondence between roles and users is disclosed in the present invention, including the following sequential steps: SI: creating roles, where each role is an independent individual rather than a group or class; S2: respectively authorizing the roles created in step SI; and S3: relating a user to a role, where one role can only be related to a unique user in the same period, and one user can be related to one or more roles. A role in the present invention is an independent individual, and is different from a conventional role of a group or class nature. One role can be related to only one user in a same period of time, thereby significantly improving permission management efficiency in using a system, making dynamic authorization simpler, more convenient, clearer, and more explicit, and improving efficiency and reliability of permission setting.

Description

[0035] The technical solution of the présent invention will be described in further detail below with reference to the accompanying drawings, but the scope of protection of the présent invention is not limited to the following.
[0036] [Embodiment 1] As shown in FIG. 1, a permission granting method based on one-to-one correspondence between rôles and users includes the following sequential steps:
SI: creating rôles, each rôle being an independent individual, not a group/class; S2: authorizing the rôles created in SI respectively; S3: relating a user to a rôle, wherein one rôle can only be related to a unique user in the same period, and one user is related to one or more rôles; once the user is related to the rôle, the user has ail the operation permission of the rôle. Further, the user can only détermine the permission through the relation of the user to the rôle; if the user's permission is to be modified, the permission of the user related to the rôle can be changed by adjusting the permissions owned by the rôle; the user is not directly authorized, but is authorized by the rôle related to the user.
[0037] The role's relation to the user is one-to-one (when the rôle is related to a user, other users can no longer be related to the rôle; if the rôle is not related to the user, it can be related to other users). A user's relation to a rôle is one-to-many (one user can be related to multiple rôles at the same time).
[0038] Définition of a rôle: A rôle is not in the nature of a group/class/category/post/position/work type or the like, but is of a non-collective nature. The rôle has its uniqueness and is an independent entity. Applied in an enterprise or institution, the rôle is équivalent to a post number (the post number herein is not a post, one post may hâve multiple employées at same time, but one post number corresponds to only one employée during the same period).
[0039] For example, in a company system, the following rôles may be created: general manager, deputy general manager 1, deputy general manager 2, manager of Beijing sales department I, manager of Beijing sales department II, manager of Beijing sales department III, Shanghai sales engineer 1, Shanghai sales engineer 2, Shanghai sales engineer 3, Shanghai sales engineer 4, Shanghai sales engineer 5, and so on. Relationship between users and rôles: If Zhang San, the company's employée, serves as the deputy general manager 2 of the company and serves as the manager of Beijing sales department I, Zhang San needs to be related to the deputy general manager 2 and the manager of Beijing sales department I, and Zhang San hâve the permission to both rôles.
[0040] Authorization of a rôle: The system's authorization for a rôle includes, but is not limited to, authorization of a form, authorization of a menu, or authorization of a function. Authorization for the operation of the form includes, but is not limited to, addition, délétion, insertion and modification.
[0041] The concept of conventional rôles is group/class/post/position/work type, and one rôle can correspond to multiple users. The concept of rôle in the présent application is équivalent to the post number/work station number, and is similar to the rôle in the film and télévision drama: a rôle can only be played by one actor at the same time (childhood, juvénile, middle-age...), and an actor may play multiple rôles.
[0042] Authorization for a rôle includes, but is not limited to, authorization of a form, authorization of a menu, or authorization of a function.
[0043] When said rôle is created, a department must be selected. Once the rôle is created, the rôle belongs to the department, the rôle is unique under the department, and the rôle is authorized according to the work content of the rôle.
[0044] If the user wants to change the department, it involves cross-department transfer. The spécifie operation process includes: (1) canceling the relation between the user and the rôle in the original department; and (2) relating the user to the rôle in the new department.
[0045] After the rôle is created, the rôle may be related to a user in the process of creating the user, or related to the user at any time after the user is created. After the user is related to the rôle, the relation to the rôle can be canceled at any time, and the relation to other rôles can also be created at any time.
[0046] [Embodiment 2] A permission granting method based on one-to-one correspondence between rôles and users includes the following sequential steps: SI: creating rôles, each rôle being an independent individual, not a group/class; S2: relating a user to a rôle, wherein one rôle can only be related to a unique user in the same period, and one user is related to one or more rôles; S3: authorizing the rôles created in SI respectively.
[0047] [Embodiment 3] In order to implement the foregoing method for granting permission, a permission granting System based on one-to-one correspondence between rôles and users is provided, including at least a rôle création unit, a rôle authorization unit, and a user-role relation unit. Said rôle création unit is used to perform rôle layout according to posts, and créâtes System rôles, each of which is an independent individual, not a group/class, and said system rôle is composed of: a post name + a post number. For example: workshop worker 1, workshop worker 2, workshop worker 3, and so on. The rôle is an independent individual équivalent to the concept of a post number and a work station number, but is different from the rôle in the conventional permission management system. The concept of a rôle in the conventional permissions management system is of a group or class nature such as a post, a position, a work type or the like.
[0048] Said rôle authorization unit is used to grant permission to the rôles according to the work content of the rôles. Said user-role relation unit is used to relate a user to a rôle and ensure that one rôle can only be related to a unique user during the same period, and one user is related to one or more rôles.
[0049] [Embodiment 4] The following example shows the relationship between employées, users and rôles after the employée Zhang San enters a company: 1. Recruiting: after the employée is recruited, the user (employée) is directly related to a rôle of a corresponding post number or work station number. For example, when Zhang San joins the company (the company assigns a user to Zhang San) and is responsible for the sale of refrigerator products in Beijing area under the sales department I (the corresponding rôle is sales engineer 5 under sales department I), the user Zhang San directly selects the rôle of sales engineer 5 and the relation can be done
[0050] 2. Adding position: After Zhang San works for a period of time, the company arranges Zhang San to be responsible for the sale of TV products in Beijing area (the corresponding rôle is sales engineer 8 under sales department I) and to also serve as a supervisor of an after-sales department (a corresponding rôle is after-sales department supervisor 1). In this case, two rôles, that is, sales engineer 8 under sales department I and after-sales department supervisor 1 under the after-sales department, are additionally related to the user Zhang San. In this case, the employée Zhang San is related to three rôles: sales engineer 5 and sales engineer 8 under sales department I, and after-sales department supervisor 1 under the after-sales department. Therefore, the user Zhang San has permissions of the three rôles.
[0051] 3. Reducing position: After another period of time, the company décidés to let
Zhang San serve as an after-sales department manager (corresponding to a rôle after-sales manager under the after-sales department) and no longer take up other posts. In this case, the user Zhang San is related to the rôle of after-sales department manager under the after-sales department, and the three rôles previously related (sales engineer 5 and sales engineer 8 under sales department I, and after-sales department superviser 1 under the sales department) are canceled. In this case, the user Zhang San only has the authority of the rôle of after-sales department manager under the after-sales department.
[0052] 4. Adjustment of permissions of rôle (for the adjustment of the permissions of the rôle itself): If the company décidés to add permissions to the after-sales department manager, the permissions only need to be added to the rôle of the after-sales department manager. With the increase in the permissions of the rôle of the after-sales department manager, the permissions of the user Zhang San are also increased.
[0053] 5. Resigning: After one year, Zhang San resigns. In this case, it is only necessary to cancel the relationship between the user Zhang San and the rôle after-sales department manager under the after-sales department.
[0054] For example, during dynamic operation of the company, recruiting and resigning of staff often occur continuously, but post numbers or work station numbers seldom change (or even remain unchanged within a period of time).
[0055] Conventional authorization method: in the case of a large number of system functions, the authorization with the conventional group/class rôle involves heavy and cumbersome workloads and is error-prone. Even worse, errors cannot be easily detected in a short time and tend to cause damage to a system user.
[0056] In the authorization method according to the présent application, rôles of a post number or work station number nature are authorized in the présent application, and users are related to the rôles so that permissions of the users are determined. Therefore, the permissions of the users are controlled merely through a simple user-role relation. Permission control is simple, easy to operate, clear, and explicit, thereby significantly improving efficiency and reliability of authorization.
[0057] The above are merely preferred embodiments of the présent invention, and it should be understood that the présent invention is not limited to the forms disclosed herein, and is not to be construed as being limited to the other embodiments, but may be used in various other combinations, modifications and environments. Modifications can be made by the techniques or knowledge of the above teachings or related art within the scope of the teachings herein. Ail changes and modifications made by those skilled in the art are intended 5 to be within the scope: of the appended claims.

Claims (10)

1. A permission granting method based on one-to-one correspondence between rôles and users, comprising the following sequential steps:
SI : creating rôles, each rôle being an independent individual, not a group/class;
S2: authorizing the rôles created in SI respectively; and
S3: relating a user to a rôle, wherein one rôle can only be related to a unique user in the same period, and one user is related to one or more rôles.
2. The permission granting method based on one-to-one correspondence between rôles and users according to claim 1, wherein when said rôle is created, a department must be selected, once said rôle is created, said rôle belongs to said department, and said rôle is unique under said department, and said rôle is authorized according to the work content of said rôle.
3. The permission granting method based on one-to-one correspondence between rôles and users according to claim 2, further comprising a cross-department transfer management step, which specifically comprises:
(1) canceling the relation between said user and said rôle in an original department; and (2) relating said user to a rôle in a new department.
4. The permission granting method based on one-to-one correspondence between rôles and users according to claim 1, wherein said user only can détermine the permission through the relation of said user to said rôle.
5. A permission granting method based on one-to-one correspondence between rôles and users, comprising the following sequential steps:
SI: creating rôles, each rôle being an independent individual, not a group/class;
S2: relating a user to a rôle, wherein one rôle can only be related to a unique user in the same period, and one user is related to one or more rôles; and
S3: authorizing the rôles created in SI respectively.
6. The permission granting method based on one-to-one correspondence between rôles and users according to claim 5, when said rôle is created, a department must be selected, once said rôle is created, said rôle belongs to the department, and said rôle is unique under the department, and said rôle is authorized according to the work content of said rôle.
7. The permission granting method based on one-to-one correspondence between rôles and users according to claim 5, further comprising a cross-department transfer management step, which specifically comprises:
(1 ) canceling the relation between said user and said rôle in an original department; and (2 ) relating said user to a rôle in a new department.
8. The permission granting method based on one-to-one correspondence between rôles and users according to claim 5, wherein said user only can détermine the permission through the relation of said user to said rôle.
9. A permission granting system based on one-to-one correspondence between rôles and users, comprising: a rôle création unit, a rôle authorization unit, and a user-role relation unit, wherein said rôle création unit is used to perform rôle layout according to posts, and create system rôles, each of which is an independent individual, not a group/class;
said rôle authorization unit is used to grant permissions to the rôles according to the work content of the rôles s; and said user-role relation unit is used to relate a user to a rôle and ensure that one rôle can only be related to a unique user during the same period, and one user is related to one or more rôles.
10. The permission granting system based on one-to-one correspondence between rôles and users according to claim 9, wherein said system rôle is composed of: a post name + a post number.
OA1201900411 2017-04-22 2018-04-19 Permission granting method and system based on one-to-one correspondence between roles and users OA19305A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710268338.9 2017-04-22

Publications (1)

Publication Number Publication Date
OA19305A true OA19305A (en) 2020-06-05

Family

ID=

Similar Documents

Publication Publication Date Title
US11363026B2 (en) Workflow control method and system based on one-to-one correspondence between roles and users
US20200389463A1 (en) Permission granting method and system based on one-to-one correspondence between roles and users
EP3614283A1 (en) Permission granting method and system based on one-to-one correspondence between roles and users
CN109214150B (en) Form operation authority authorization method based on role
US20200218796A1 (en) Method for authorizing operation permissions of form-field values
US20200143328A1 (en) Method for setting up approval role according to department by approval node in workflow
US11599656B2 (en) Method for authorizing form data operation authority
AU2018299512A1 (en) Method for setting approval procedure based on base fields
KR20200023467A (en) How to Authorize Form Data Acquired Based on Role
CN108958870B (en) Shortcut function setting method
AU2018314917A1 (en) Statistical list operation permission authorization method
CA3068670A1 (en) Method for granting form operation authority respectively according to form field values
AU2018318803A1 (en) Method for setting operating record viewing right based on time period
CN108875391A (en) Employee logs in the permission display methods after its account in system
US20200143068A1 (en) Method for authorizing field value of form field by means of third party field
WO2018205940A1 (en) Organizational structure chart generation method based on one-to-one correspondence between roles and users, and application method
US20200204559A1 (en) Method for authorizing authorization operator in system
EP3667539A1 (en) Column value-based separate authorization method for statistical list operations
OA19305A (en) Permission granting method and system based on one-to-one correspondence between roles and users
OA19363A (en) Method for authorizing form data operation authority.
OA19403A (en) Statistical list operation permission authorization method.
OA19448A (en) Role acquisition-based method for authorizing form data.
OA19402A (en) Column value-based separate authorization method for statistical list operations.
OA19376A (en) Method for authorizing operation permissions of form field values.
OA19306A (en) Workflow control method and system based on one-to-one correspondence between roles and users.