OA19305A - Permission granting method and system based on one-to-one correspondence between roles and users - Google Patents
Permission granting method and system based on one-to-one correspondence between roles and users Download PDFInfo
- Publication number
- OA19305A OA19305A OA1201900411 OA19305A OA 19305 A OA19305 A OA 19305A OA 1201900411 OA1201900411 OA 1201900411 OA 19305 A OA19305 A OA 19305A
- Authority
- OA
- OAPI
- Prior art keywords
- rôle
- user
- rôles
- department
- correspondence
- Prior art date
Links
- 230000000875 corresponding Effects 0.000 description 5
- 230000004048 modification Effects 0.000 description 4
- 238000006011 modification reaction Methods 0.000 description 4
- 238000000034 method Methods 0.000 description 3
- 238000003780 insertion Methods 0.000 description 1
Abstract
A permission granting method and system based on one-to-one correspondence between roles and users is disclosed in the present invention, including the following sequential steps: SI: creating roles, where each role is an independent individual rather than a group or class; S2: respectively authorizing the roles created in step SI; and S3: relating a user to a role, where one role can only be related to a unique user in the same period, and one user can be related to one or more roles. A role in the present invention is an independent individual, and is different from a conventional role of a group or class nature. One role can be related to only one user in a same period of time, thereby significantly improving permission management efficiency in using a system, making dynamic authorization simpler, more convenient, clearer, and more explicit, and improving efficiency and reliability of permission setting.
Description
[0035] The technical solution of the présent invention will be described in further detail below with reference to the accompanying drawings, but the scope of protection of the présent invention is not limited to the following.
[0036] [Embodiment 1] As shown in FIG. 1, a permission granting method based on one-to-one correspondence between rôles and users includes the following sequential steps:
SI: creating rôles, each rôle being an independent individual, not a group/class; S2: authorizing the rôles created in SI respectively; S3: relating a user to a rôle, wherein one rôle can only be related to a unique user in the same period, and one user is related to one or more rôles; once the user is related to the rôle, the user has ail the operation permission of the rôle. Further, the user can only détermine the permission through the relation of the user to the rôle; if the user's permission is to be modified, the permission of the user related to the rôle can be changed by adjusting the permissions owned by the rôle; the user is not directly authorized, but is authorized by the rôle related to the user.
[0037] The role's relation to the user is one-to-one (when the rôle is related to a user, other users can no longer be related to the rôle; if the rôle is not related to the user, it can be related to other users). A user's relation to a rôle is one-to-many (one user can be related to multiple rôles at the same time).
[0038] Définition of a rôle: A rôle is not in the nature of a group/class/category/post/position/work type or the like, but is of a non-collective nature. The rôle has its uniqueness and is an independent entity. Applied in an enterprise or institution, the rôle is équivalent to a post number (the post number herein is not a post, one post may hâve multiple employées at same time, but one post number corresponds to only one employée during the same period).
[0039] For example, in a company system, the following rôles may be created: general manager, deputy general manager 1, deputy general manager 2, manager of Beijing sales department I, manager of Beijing sales department II, manager of Beijing sales department III, Shanghai sales engineer 1, Shanghai sales engineer 2, Shanghai sales engineer 3, Shanghai sales engineer 4, Shanghai sales engineer 5, and so on. Relationship between users and rôles: If Zhang San, the company's employée, serves as the deputy general manager 2 of the company and serves as the manager of Beijing sales department I, Zhang San needs to be related to the deputy general manager 2 and the manager of Beijing sales department I, and Zhang San hâve the permission to both rôles.
[0040] Authorization of a rôle: The system's authorization for a rôle includes, but is not limited to, authorization of a form, authorization of a menu, or authorization of a function. Authorization for the operation of the form includes, but is not limited to, addition, délétion, insertion and modification.
[0041] The concept of conventional rôles is group/class/post/position/work type, and one rôle can correspond to multiple users. The concept of rôle in the présent application is équivalent to the post number/work station number, and is similar to the rôle in the film and télévision drama: a rôle can only be played by one actor at the same time (childhood, juvénile, middle-age...), and an actor may play multiple rôles.
[0042] Authorization for a rôle includes, but is not limited to, authorization of a form, authorization of a menu, or authorization of a function.
[0043] When said rôle is created, a department must be selected. Once the rôle is created, the rôle belongs to the department, the rôle is unique under the department, and the rôle is authorized according to the work content of the rôle.
[0044] If the user wants to change the department, it involves cross-department transfer. The spécifie operation process includes: (1) canceling the relation between the user and the rôle in the original department; and (2) relating the user to the rôle in the new department.
[0045] After the rôle is created, the rôle may be related to a user in the process of creating the user, or related to the user at any time after the user is created. After the user is related to the rôle, the relation to the rôle can be canceled at any time, and the relation to other rôles can also be created at any time.
[0046] [Embodiment 2] A permission granting method based on one-to-one correspondence between rôles and users includes the following sequential steps: SI: creating rôles, each rôle being an independent individual, not a group/class; S2: relating a user to a rôle, wherein one rôle can only be related to a unique user in the same period, and one user is related to one or more rôles; S3: authorizing the rôles created in SI respectively.
[0047] [Embodiment 3] In order to implement the foregoing method for granting permission, a permission granting System based on one-to-one correspondence between rôles and users is provided, including at least a rôle création unit, a rôle authorization unit, and a user-role relation unit. Said rôle création unit is used to perform rôle layout according to posts, and créâtes System rôles, each of which is an independent individual, not a group/class, and said system rôle is composed of: a post name + a post number. For example: workshop worker 1, workshop worker 2, workshop worker 3, and so on. The rôle is an independent individual équivalent to the concept of a post number and a work station number, but is different from the rôle in the conventional permission management system. The concept of a rôle in the conventional permissions management system is of a group or class nature such as a post, a position, a work type or the like.
[0048] Said rôle authorization unit is used to grant permission to the rôles according to the work content of the rôles. Said user-role relation unit is used to relate a user to a rôle and ensure that one rôle can only be related to a unique user during the same period, and one user is related to one or more rôles.
[0049] [Embodiment 4] The following example shows the relationship between employées, users and rôles after the employée Zhang San enters a company: 1. Recruiting: after the employée is recruited, the user (employée) is directly related to a rôle of a corresponding post number or work station number. For example, when Zhang San joins the company (the company assigns a user to Zhang San) and is responsible for the sale of refrigerator products in Beijing area under the sales department I (the corresponding rôle is sales engineer 5 under sales department I), the user Zhang San directly selects the rôle of sales engineer 5 and the relation can be done
[0050] 2. Adding position: After Zhang San works for a period of time, the company arranges Zhang San to be responsible for the sale of TV products in Beijing area (the corresponding rôle is sales engineer 8 under sales department I) and to also serve as a supervisor of an after-sales department (a corresponding rôle is after-sales department supervisor 1). In this case, two rôles, that is, sales engineer 8 under sales department I and after-sales department supervisor 1 under the after-sales department, are additionally related to the user Zhang San. In this case, the employée Zhang San is related to three rôles: sales engineer 5 and sales engineer 8 under sales department I, and after-sales department supervisor 1 under the after-sales department. Therefore, the user Zhang San has permissions of the three rôles.
[0051] 3. Reducing position: After another period of time, the company décidés to let
Zhang San serve as an after-sales department manager (corresponding to a rôle after-sales manager under the after-sales department) and no longer take up other posts. In this case, the user Zhang San is related to the rôle of after-sales department manager under the after-sales department, and the three rôles previously related (sales engineer 5 and sales engineer 8 under sales department I, and after-sales department superviser 1 under the sales department) are canceled. In this case, the user Zhang San only has the authority of the rôle of after-sales department manager under the after-sales department.
[0052] 4. Adjustment of permissions of rôle (for the adjustment of the permissions of the rôle itself): If the company décidés to add permissions to the after-sales department manager, the permissions only need to be added to the rôle of the after-sales department manager. With the increase in the permissions of the rôle of the after-sales department manager, the permissions of the user Zhang San are also increased.
[0053] 5. Resigning: After one year, Zhang San resigns. In this case, it is only necessary to cancel the relationship between the user Zhang San and the rôle after-sales department manager under the after-sales department.
[0054] For example, during dynamic operation of the company, recruiting and resigning of staff often occur continuously, but post numbers or work station numbers seldom change (or even remain unchanged within a period of time).
[0055] Conventional authorization method: in the case of a large number of system functions, the authorization with the conventional group/class rôle involves heavy and cumbersome workloads and is error-prone. Even worse, errors cannot be easily detected in a short time and tend to cause damage to a system user.
[0056] In the authorization method according to the présent application, rôles of a post number or work station number nature are authorized in the présent application, and users are related to the rôles so that permissions of the users are determined. Therefore, the permissions of the users are controlled merely through a simple user-role relation. Permission control is simple, easy to operate, clear, and explicit, thereby significantly improving efficiency and reliability of authorization.
[0057] The above are merely preferred embodiments of the présent invention, and it should be understood that the présent invention is not limited to the forms disclosed herein, and is not to be construed as being limited to the other embodiments, but may be used in various other combinations, modifications and environments. Modifications can be made by the techniques or knowledge of the above teachings or related art within the scope of the teachings herein. Ail changes and modifications made by those skilled in the art are intended 5 to be within the scope: of the appended claims.
Claims (10)
1. A permission granting method based on one-to-one correspondence between rôles and users, comprising the following sequential steps:
SI : creating rôles, each rôle being an independent individual, not a group/class;
S2: authorizing the rôles created in SI respectively; and
S3: relating a user to a rôle, wherein one rôle can only be related to a unique user in the same period, and one user is related to one or more rôles.
2. The permission granting method based on one-to-one correspondence between rôles and users according to claim 1, wherein when said rôle is created, a department must be selected, once said rôle is created, said rôle belongs to said department, and said rôle is unique under said department, and said rôle is authorized according to the work content of said rôle.
3. The permission granting method based on one-to-one correspondence between rôles and users according to claim 2, further comprising a cross-department transfer management step, which specifically comprises:
(1) canceling the relation between said user and said rôle in an original department; and (2) relating said user to a rôle in a new department.
4. The permission granting method based on one-to-one correspondence between rôles and users according to claim 1, wherein said user only can détermine the permission through the relation of said user to said rôle.
5. A permission granting method based on one-to-one correspondence between rôles and users, comprising the following sequential steps:
SI: creating rôles, each rôle being an independent individual, not a group/class;
S2: relating a user to a rôle, wherein one rôle can only be related to a unique user in the same period, and one user is related to one or more rôles; and
S3: authorizing the rôles created in SI respectively.
6. The permission granting method based on one-to-one correspondence between rôles and users according to claim 5, when said rôle is created, a department must be selected, once said rôle is created, said rôle belongs to the department, and said rôle is unique under the department, and said rôle is authorized according to the work content of said rôle.
7. The permission granting method based on one-to-one correspondence between rôles and users according to claim 5, further comprising a cross-department transfer management step, which specifically comprises:
(1 ) canceling the relation between said user and said rôle in an original department; and (2 ) relating said user to a rôle in a new department.
8. The permission granting method based on one-to-one correspondence between rôles and users according to claim 5, wherein said user only can détermine the permission through the relation of said user to said rôle.
9. A permission granting system based on one-to-one correspondence between rôles and users, comprising: a rôle création unit, a rôle authorization unit, and a user-role relation unit, wherein said rôle création unit is used to perform rôle layout according to posts, and create system rôles, each of which is an independent individual, not a group/class;
said rôle authorization unit is used to grant permissions to the rôles according to the work content of the rôles s; and said user-role relation unit is used to relate a user to a rôle and ensure that one rôle can only be related to a unique user during the same period, and one user is related to one or more rôles.
10. The permission granting system based on one-to-one correspondence between rôles and users according to claim 9, wherein said system rôle is composed of: a post name + a post number.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710268338.9 | 2017-04-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
OA19305A true OA19305A (en) | 2020-06-05 |
Family
ID=
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11363026B2 (en) | Workflow control method and system based on one-to-one correspondence between roles and users | |
US20200389463A1 (en) | Permission granting method and system based on one-to-one correspondence between roles and users | |
EP3614283A1 (en) | Permission granting method and system based on one-to-one correspondence between roles and users | |
CN109214150B (en) | Form operation authority authorization method based on role | |
US20200218796A1 (en) | Method for authorizing operation permissions of form-field values | |
US20200143328A1 (en) | Method for setting up approval role according to department by approval node in workflow | |
US11599656B2 (en) | Method for authorizing form data operation authority | |
AU2018299512A1 (en) | Method for setting approval procedure based on base fields | |
KR20200023467A (en) | How to Authorize Form Data Acquired Based on Role | |
CN108958870B (en) | Shortcut function setting method | |
AU2018314917A1 (en) | Statistical list operation permission authorization method | |
CA3068670A1 (en) | Method for granting form operation authority respectively according to form field values | |
AU2018318803A1 (en) | Method for setting operating record viewing right based on time period | |
CN108875391A (en) | Employee logs in the permission display methods after its account in system | |
US20200143068A1 (en) | Method for authorizing field value of form field by means of third party field | |
WO2018205940A1 (en) | Organizational structure chart generation method based on one-to-one correspondence between roles and users, and application method | |
US20200204559A1 (en) | Method for authorizing authorization operator in system | |
EP3667539A1 (en) | Column value-based separate authorization method for statistical list operations | |
OA19305A (en) | Permission granting method and system based on one-to-one correspondence between roles and users | |
OA19363A (en) | Method for authorizing form data operation authority. | |
OA19403A (en) | Statistical list operation permission authorization method. | |
OA19448A (en) | Role acquisition-based method for authorizing form data. | |
OA19402A (en) | Column value-based separate authorization method for statistical list operations. | |
OA19376A (en) | Method for authorizing operation permissions of form field values. | |
OA19306A (en) | Workflow control method and system based on one-to-one correspondence between roles and users. |