OA19403A - Statistical list operation permission authorization method. - Google Patents

Statistical list operation permission authorization method. Download PDF

Info

Publication number
OA19403A
OA19403A OA1202000059 OA19403A OA 19403 A OA19403 A OA 19403A OA 1202000059 OA1202000059 OA 1202000059 OA 19403 A OA19403 A OA 19403A
Authority
OA
OAPI
Prior art keywords
statistical list
authorizing
authorization
rôle
column
Prior art date
Application number
OA1202000059
Inventor
Dazhi Chen
Original Assignee
Chengdu Qianniucao Information Technology Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Qianniucao Information Technology Co., Ltd. filed Critical Chengdu Qianniucao Information Technology Co., Ltd.
Publication of OA19403A publication Critical patent/OA19403A/en

Links

Abstract

Disclosed is a method for authorizing operation permissions of statistical list, comprising a statistical list operation permission authorization step and a step to select an authorized object; said statistical list operation permission authorization step comprises the following steps: SI: selecting a statistical list that needs to be authorized, and displaying the names of columns in the statistical list that require operation permission control; S2: separately authorizing operation permission for each column; in the step to select an authorized object, selecting one or a plurality of authorized objects. The present invention can achieve separate authorization of the operation permissions of each column in a statistical list, increasing the range of applications of the statistical list, improving the fineness of system management, and truly meeting the requirements of usage during actual operation of enterprises and institutions. It is displayed that when a recent operator performs traceability and accountability in the event of a permission authorization error, the most recent operating time is displayed, making it easy to intuitively determine whether it is necessary to re-authorize the statistical list operation permission.

Description

[0056] The following describes technical solutions of the présent invention in further detail with reference to accompanying drawings, but the protection scope of the présent invention is not limited to the following descriptions.
[0057] [Embodiment 1] The method for authorizing operation permissions of statistical list comprising a step of authorizing a statistical list operation and a step of selecting a grantee, wherein the grantee may be an employée, a user, a rôle of a group/class nature, or the like. The step of authorizing a statistical list operation includes the following steps: SI: selecting a statistical list needing authorization, and displaying a column name of a column needing operation permission control in the statistical list; and S2: as shown in FIG. 5, authorizing an operation permission for each column separately, where in the step of selecting a grantee, one or more grantees are selected.
[0058] In this embodiment, the authorized operation includes viewing.
[0059] A column not authorized for viewing is displayed in one or more ofthe following manners: (1) as shown in FIG. 6, displaying a column name of the column, but hiding corresponding column content by using a hider character; and (2) as shown in FIG. 7, neither the name of the column nor the content of the column is displayed (neither is displayed may also be expressed as none is displayed. For example, in FIG. 7, none of the statistical data identified by ... is displayed. That is, the row is not displayed or disappears).
[0060] The présent invention can be implemented to authorize operations on each column in a statistical list separately, increase the scope of application of the statistical list, improving the fine-tuning of system management, and meeting usage requirements of enterprises and institutions in actual operations.
[0061] For example, in a Sales performance statistical list, column names include employée ID, name, department, position, amount of signed contracts, amount of received payments, amount of royalties, and status of disbursement. Now Zhang San, an employée of the finance department, needs to check whether the data of the amount of received payments is accurate. Therefore, Zhang San may be authorized to view the content of the columns employée ID, name, department, position', and amount of received payments in the statistical list. Once authorized, Zhang San can see only the content of such authorized columns, but cannot see sensitive or private data such as the amount of signed contracts and the amount of royalties.
[0062] [Embodiment 2] When only one grantee is selected and when the statistical list needing authorization is selected, authorization status of an operation permission previously authorized for the grantee to operate each column needing operation permission control in the statistical list is displayed (as shown in FIG. 5).
[0063] [Embodiment 3] When two or more grantees are selected and when the statistical list needing authorization is selected, the column needing operation permission control in the statistical list is displayed, but previous authorization status of each column needing operation permission control is not displayed (as shown in FIG. 8).
[0064] [Embodiment 4] As shown in FIG. 9, when only one grantee is selected and the statistical list needing authorization is selected, an authorizer who last performs an authorization operation on the statistical list for the grantee and time of such operation are displayed.
[0065] The display of the last grantee makes authorization errors easily traceable and accountable. By displaying the last operation time, it is more convenient to intuitively détermine whether the statistical list operation permission needs to be re-authorized.
[0066] For example, at 11:00 on May 21, 2015, Li Si last authorized a grantee Zhang San to operate the Sales performance statistical list. When Zhang San is selected as a grantee and when the Sales performance statistical list is selected as the statistical list needing authorization, the authorizer of this authorization operation can see that at 11:00 on May 21, 2015, Li Si last authorized Zhang San to operate the Sales performance statistical list.
[0067] If Zhang San is not entitled to view the content of a sensitive/private column but the last authorization enables Zhang San to view the content of the sensitive/private column, the last authorizer can be searched out as a responsibility taker in the subséquent process of investigating responsibility.
[0068] For another example, an authorizer needs to authorize 100 grantees to operate a statistical list, but complétés the authorization operations for only 70 grantees in a day. When the authorizer continues to perform authorization operations the next day, the authorizer may détermine, by checking the time at which each grantee was last authorized, whether the grantee needs to be authorized. The authorizer may also designate an authorization time interval, and search out ail grantees who are authorized in the designated time interval. By checking the last time of authorizing the grantee, the authorizer can find how long the permission of the grantee has remained unchanged, thereby helping to intuitively détermine whether the grantee needs to be re-authorized.
[0069] [Embodiment 5] The method for authorizing operation permissions of statistical list further comprising a step of authorizing a template, specifically including: (1) selecting a grantee and the statistical list needing authorization: selecting one or more grantees, and selecting one statistical list needing authorization; (2) authorizing the grantee: selecting an existing authorized grantee or a created template as an authorization template, and granting statistical list operation permissions of the authorization template to the grantee; and (3) performing a save operation after modification or no modification to obtain an operation permission for the grantee to operate the statistical list.
[0070] For example, as shown in FIG. 10, Zhang San's operation permissions for the Sales performance statistical list are used as an authorization template for authorizing Li Er.
[0071] This method enables sélection of multiple grantees simultaneously for being authorized in batches, thereby improving authorization efficiency. In addition, the method supports template authorization. That is, an existing authorized grantee/role or a created template is selected as an authorization template. The statistical list operation permissions of the authorization template are directly granted to (updated for) the grantee (and saved after being simply modified). The authorization operation is simple and efficient. By combining the two manners, efficiency of authorizing operations for the statistical list in the system is improved greatly.
[0072] [Embodiment 6] The method for authorizing operation permissions of statistical list comprising a step of authorizing a statistical list operation and a step of selecting a to-beauthorized rôle, wherein the order between the step of authorizing a statistical list operation and the step of selecting a to-be-authorized rôle is not limited. The step of authorizing a statistical list operation includes the following steps: SI: selecting a statistical list needing authorization, and displaying a column name of a column needing operation permission control in the statistical list; and S2: authorizing an operation permission for each column separately, wherein further, the columns include time-nature columns named, for example, contract signing time, payment receipt time, and outbound time. After a permission for viewing a time-nature column is set, a time statistics/query range of the column may also be set. Specifically, after a timenature column is selected, six authorization period setting formats are displayed for the authorizer to set time accordingly. The six authorization period setting formats specifically include: a period from a time point earlier than current time by a fixed time length to the current time (the current time is dynamic), a period from a start time to the current time, a period from an end time to a system initial time, a period from the start time to the end time, a period with a time column of a null value, and a period from the system initial time to the current time, wherein the period from the system initial time to the current time includes the period with a time column of a null value. The start time and the end time are manually set by the authorizer. The period with a time column of a null value and the period from the system initial time to the current time may be options (the period from the system initial time to the current time may also be expressed as ail time, that is, the current time and ail time before the current time) available for being selected by the authorizer.
[0073] In the step of selecting a to-be-authorized rôle, one or more to-be-authorized rôles are selected. As shown in FIG. 4, each of the to-be-authorized rôles is a rôle having an independent individual nature not a group/class, and in the same period, one rôle having an independent individual nature can only be related to a unique user, while one user is related to one or more rôles having an independent individual nature (as shown in FIG. 4, the rôle is authorized according to the work content of the rôle, and the user obtains the permissions of the rôle related to the user).
[0074] Further, if a department is selected for a rôle when or after the rôle is created, the rôle belongs to the department, the rôle is authorized according to the work content of the rôle, the name of the rôle is unique in the department, and the number of the rôle is unique in the system. When said user is transferred from a post, the user's relation to an original rôle is canceled, and the user is related to a new rôle.
[0075] If the user needs to be transferred from a post, the method further comprising a step of managing user transfer, specifically including: (1) canceling a relation between the user and an original rôle; and (2) relating the user to a new rôle to which the user is transferred, whereby the user automatically obtains statistical list operation permissions of the new rôle.
[0076] In this embodiment, the method further comprises a step of authorizing a template, specifically including: (1) selecting a to-be-authorized rôle and the statistical list needing authorization: selecting one or more to-be-authorized rôles, and selecting one statistical list needing authorization; (2) authorizing the to-be-authorized rôles: selecting an existing rôle or a created template as an authorization template, and granting statistical list operation permissions of the authorization template to the to-be-authorized rôle; and (3) performing a save operation after modification or no modification to obtain an operation permission for the to-be-authorized rôle to operate the statistical list.
[0077] In this embodiment, the grantee has a rôle of an independent individual nature. When an employée is resigned or transferred from a post, the operation permissions for the statistical list are handed over and updated simply by creating or canceling a relation of the user to rôle, thereby achieving seamless handover of the operation permissions, ensuring timely update of the user's operation permissions for the statistical list, avoiding hystérésis or omission of update of the operation permissions, avoiding impact on the normal operation of the enterprise, and avoiding the risk of leaking confidential information.
[0078] Résignation example: The user corresponding to an employée Zhang San is related to a rôle of production worker 1. When Zhang San is resigned, the system administrator (or the corresponding administrator) directly cancels the relation between the user corresponding to Zhang San and the rôle of'production worker 1. Therefore, Zhang San automatically loses the statistical list operation permissions corresponding to production worker 1, thereby avoiding hystérésis of handover of statistical list operation permissions, and preventing relevant confidential information from being leaked to Zhang San in the case that Zhang San still has the permission to view certain confidential information after résignation due to the hystérésis. When a new employée Li Si takes over Zhang San's work, the user corresponding to Li Si is directly related to production worker 1. In this way, Li Si automatically obtains the statistical list operation permissions corresponding to the rôle production worker 1 , and it is not necessary to set the statistical list operation permissions for Li Si again, thereby simplifying and quickening the operations and greatly reducing the workload.
[0079] Job transfer example: An employée Zhang San needs to be transferred from the production department to the after-sales department. The system administrator (or the corresponding administrator) cancels the relation between the user corresponding to Zhang San and the original rôle production worker 1, and relates Zhang San to a new rôle after-sales staff 3 of the after-sales department, so that Zhang San automatically obtains the statistical list operation permissions corresponding to the rôle after-sales staff 3.
[0080] In the following, the advantages of authorizing the user by using the rôle having the nature of an independent individual are analyzed: The user détermines (obtains) permissions through its relation to the rôle. If the permissions of the user need to be modified, the permissions owned by the rôle are adjusted to achieve the purpose of changing the permissions of the user related to the rôle. Once the user is related to the rôle, the user owns ail the operation permissions of the rôle.
[0081] A rôle is in a one-to-one relation to a user (when the rôle is related to a user, other users can no longer be related to that rôle; and if the rôle is not related to the user, the rôle can be selected to be related to other users; that is, during the same period, one rôle can only be related to one user). A user is in a one-to-many relation to rôles (one user can be related to multiple rôles at the same time).
[0082] Définition of a rôle: A rôle does not hâve the nature of a group/a class/a category/a post/a position/a type of work or the like, but has a non-collective nature. The rôle is unique and is an independent individual. Applied in an enterprise or an institution, the rôle is équivalent to a post number (the post number herein is not a post, and one post may hâve multiple employées at the same time, but one post number can only correspond to one employée during the same period).
[0083] For example, in a company system, the following rôles may be created: a general manager, a deputy general manager 1, a deputy general manager 2, a manager of Beijing sales department I, a manager of Beijing sales department II, a manager of Beijing sales department III, a Shanghai sales engineer 1, a Shanghai sales engineer 2, a Shanghai sales engineer 3, a Shanghai sales engineer 4, a Shanghai sales engineer 5, and so on. The relation between users and rôles is as follows: if Zhang San, the company's employée, serves as a deputy general manager 2 of the company and also serves as a manager of Beijing sales department I, the rôles to which Zhang San needs to be related are the deputy general manager 2 and the manager of Beijing sales department I, and Zhang San owns the permissions of the two rôles.
[0084] The concept of conventional rôles is a group/a class/a post/a position/a type of work in nature, and one rôle can correspond to multiple users. However, in the présent application, the concept of rôle is équivalent to a post number/a work station number, and is also similar to the rôle in a film and télévision drama: one rôle in the same period (in childhood, juvénile, middle-age...) can be played by only one actor or actress, but one actor or actress may play multiple rôles respectively.
[0085] After the rôle is created, a user may be related to the rôle in the process of creating the user, or may be related to the rôle at any time after the user is created. After the user is related to the rôle, the user can be released from the relation to the rôle at any time, and the relation of the user to another rôle may be created at any time.
[0086] The said system rôle is composed of: a post name + a post number. For example:
rôles of a workshop worker 1, a workshop worker 2, a workshop worker 3, and the like each are an independent individual which is independent individuals, équivalent to the concept of a post number and a work station number, but is different from the rôle in the conventional permission management system. The concept of a rôle in the conventional rights management system is of a group or class nature such as a post, a position, a type of work or the like.
[0087] The following example shows the relationship between employées, users and rôles after the employée Zhang San enters a company: 1. Recruiting: after the employée is recruited, it can be done that he directly is related the rôle of the corresponding post number/work station number for the user (employée), for example: Zhang San has joined the company (the company has assigned a user for Zhang San), the work content is responsible for the sale of refrigerator products in Beijing area, in the sale department I,(the corresponding rôle is the rôle of Sale Engineer 5 in the sale department I), then user Zhang Sans directly select the rôle of Sale Engineer 5 and the relation can be done.
[0088] 2. Adding position: After Zhang San has worked for a period of time, the company will further arrange Zhang San to be responsible for the sale of TV products in Beijing area (a corresponding rôle is sale engineer 8 under sale department I) and to also serve as a supervisor of an after-sale department (a corresponding rôle is after-sale department supervisor 1). In this case, two rôles, that is, sale engineer 8 under sale department I and after-sale department supervisor 1 under the after-sale department, are additionally related to the user Zhang San. In this case, the employée Zhang San is related to three rôles: sale engineer 5 and sale engineer 8 under sale department I, and after-sale department supervisor 1 under the after-sale department. Therefore, the user Zhang San has permissions of the three rôles.
[0089] 3. Reducing position: After a while, the company decided to let Zhang San serve as the post-sale manager (corresponding to a rôle after-sale manager under the after-sale department) and no longer take up other post. Then user Zhang San is related to the rôle of after-sale manager in the after-sale department 1, and cancels the three rôles previously related (sale engineer 5 and sale engineer 8 under sale department I, and after-sale department supervisor 1 under the sale department)at the same time. In this case, the user Zhang San only has the authority of the rôle of after-sales manager under the after-sales department.
[0090] 4. Adjustment of permission of rôle (for the adjustment of the permissions of the rôle itself): If the company décidés to add permission to the after-sale department manager, the permission only need to be added to the rôle of the after-sale department manager. With the increase in the permission of the rôle of the after-sale department manager, the permission of the user Zhang San are also increased.
[0091] 5. Resigning: After one year, Zhang San resigns, it is only necessary to cancel the relationship between Zhang San's user and the rôle of after-sales manager under aftersales department.
[0092] For example, during dynamic operation of the company, recruiting and resigning of staff often occur continuously, but post numbers or work station numbers seldom change (or even remain unchanged within a period of time).
[0093] In the conventional authorization method: in the case of a large number of system functions points, not only the authorization workload is large, complicated, but also easy to make mistakes, in the authorization with the conventional group/class rôle. Even if it is wrong, it is not easy to find in a short time. It is easy to cause damage to the system user.
[0094] In the authorization method according to the présent application, the rôle in the nature of a post number or work station number nature are authorized in the présent application, and users are related to the rôles so that permissions of the users are determined. Therefore, the permission of the users are controlled merely through a simple user-role relation. Such that permission control is in a simple, easy to operate, clear, and explicit manner, thereby significantly improving efficiency and reliability of authorization.
[0095] The above is only a preferred embodiment of the présent invention. It should be understood that the présent invention is not limited to the forms disclosed herein, and is not to be construed as the exclusion to the other embodiments, but may be used in various other combinations, modifications and environments. Modifications can be made according to the techniques or knowledge of the above teachings or related art within the conceptive scope of the teachings herein. Ail changes and modifications made by those skilled in the art are intended to be within the scope of the appended claims.

Claims (2)

1. A method for authorizing operation permissions of statistical list, comprising a step of authorizing a statistical list operation and a step of selecting a grantee, wherein the order between the step of authorizing a statistical list operation and the step of selecting a grantee is not limited;
The said step of authorizing a statistical list operation comprises the following steps:
SI: selecting a statistical list needing authorization, and displaying a column name of a column needing operation permission control in the statistical list; and
S2: authorizing an operation permission for each column separately, wherein in the step of selecting a grantee, one or more grantees are selected.
2. The method for authorizing operation permissions of statistical list according to claim 1, further comprising a step of setting an authorization period of a time-nature column, wherein after a time-nature column is selected, six authorization period setting formats are displayed for an authorizer to perform corresponding time setting, and the six authorization period setting formats specifically comprise: a period from a time point earlier than current time by a fixed time length to the current time, a period from a start time to the current time, a period from an end time to a system initial time, a period from the start time to the end time, a period with a time column of a null value, and a period from the system initial time to the current time, wherein the period from the system initial time to the current time comprises the period with a time column of a null value.
3. The method for authorizing operation permissions of statistical list according to claim 2, wherein a column not authorized for viewing is displayed in one or more of the following manners:
(1 ) displaying a column name of the column, but hiding corresponding column content by using a hider character; and (2 ) displaying neither the column name of the column nor the corresponding column content.
4. The method for authorizing operation permissions of statistical list according to claim 1, wherein when only one grantee is selected and the statistical list needing authorization is selected, authorization status of an operation permission previously authorized for the grantee to operate each column needing operation permission control in the statistical list is displayed.
5. The method for authorizing operation permissions of statistical list according to claim 1, wherein when two or more grantees are selected and the statistical list needing authorization is selected, the column needing operation permission control in the statistical list is displayed, but previous authorization status of each column needing operation permission control is not displayed.
6. The method for authorizing operation permissions of statistical list according to claim 1, wherein when only one grantee is selected and the statistical list needing authorization is selected, an authorizer who last performs an authorization operation on the statistical list for the grantee and time of such operation are displayed.
7. The method for authorizing operation permissions of statistical list according to claim 1, wherein further comprising a step of authorizing a template, specifically comprising: (1) selecting a grantee and the statistical list needing authorization: selecting one or more grantees, and selecting one statistical list needing authorization;
(2 ) authorizing the grantee: selecting an existing authorized grantee or a created template as an authorization template, and granting statistical list operation permissions of the authorization template to the grantee; and (3 ) performing a save operation after modification or no modification to obtain an operation permission for the grantee to operate the statistical list.
8. A method for authorizing operation permissions of statistical list, wherein comprising a step of authorizing a statistical list operation and a step of selecting a to-be-authorized rôle, wherein the order between the step of authorizing a statistical list operation and the step of selecting a to-be-authorized rôle is not limited;
the step of authorizing a statistical list operation comprises the following steps:
SI: selecting a statistical list needing authorization, and displaying a column name of a column needing operation permission control in the statistical list; and
S2: authorizing an operation permission for each column separately, wherein in the step of selecting a to-be-authorized rôle, one or more to-be-authorized rôles are selected, each of the to-be-authorized rôles is a rôle having an independent individual nature not a group/class, and during the same period, one rôle having an independent individual nature can only be related to a unique user, while one user is related to one or more rôles having an independent individual nature.
9. The method for authorizing operation permissions of statistical list according to claim 8, wherein if the user needs to be transferred from a post, the method further comprises a step of managing user transfer, specifically comprising: (1) canceling a relation between the user 5 and an original rôle; and (2) relating the user to a new rôle to which the user is transferred, whereby the user automatically obtains statistical list operation permissions ofthe new rôle.
10. The method for authorizing operation permissions of statistical list according to claim 8, wherein further comprising a step of authorizing a template, specifically comprising: (1) 10 selecting a to-be-authorized rôle and the statistical list needing authorization: selecting one or more to-be-authorized rôles, and selecting one statistical list needing authorization;
(2) authorizing the to-be-authorized rôles: selecting an existing rôle or a created template as an authorization template, and granting statistical list operation permissions of the authorization template to the to-be-authorized rôle; and
15 (3) performing a save operation after modification or no modification to obtain an operation permission for the to-be-authorized rôle to operate the statistical list.
OA1202000059 2017-08-07 2018-08-06 Statistical list operation permission authorization method. OA19403A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710668230.9 2017-08-07

Publications (1)

Publication Number Publication Date
OA19403A true OA19403A (en) 2020-07-31

Family

ID=

Similar Documents

Publication Publication Date Title
US11475142B2 (en) Method for authorizing operation permission of a statistical list
CN109214150B (en) Form operation authority authorization method based on role
US20200218796A1 (en) Method for authorizing operation permissions of form-field values
EP3654133A1 (en) Method for setting approval procedure based on base fields
US11750616B2 (en) Method for authorizing approval processes and approval nodes thereof for user
CN108875391B (en) Authority display method for system after employee logs in account
US20200184091A1 (en) Method for granting form operation authority respectively according to form field values
EP3657365A1 (en) Method for authorizing form data operation authority
JP2020530630A (en) How to set the authority to inspect operation records based on the time zone
US11775687B2 (en) Method for authorizing field value of form field by means of third party field
EP3667539A1 (en) Column value-based separate authorization method for statistical list operations
US20200219063A1 (en) Form authority granting method based on time property fields of form
OA19403A (en) Statistical list operation permission authorization method.
OA19402A (en) Column value-based separate authorization method for statistical list operations.
OA19305A (en) Permission granting method and system based on one-to-one correspondence between roles and users
OA19376A (en) Method for authorizing operation permissions of form field values.
EA044830B1 (en) METHOD OF GRANTING RIGHTS TO PERFORM OPERATIONS WITH A STATISTICAL TABLE
OA19389A (en) Method for setting approval procedure based on base fields.
OA19401A (en) Authorization method for displaying current permissions status of all system users.