WO2018192557A1 - 基于角色对用户的一对一的权限授权方法和系统 - Google Patents
基于角色对用户的一对一的权限授权方法和系统 Download PDFInfo
- Publication number
- WO2018192557A1 WO2018192557A1 PCT/CN2018/083812 CN2018083812W WO2018192557A1 WO 2018192557 A1 WO2018192557 A1 WO 2018192557A1 CN 2018083812 W CN2018083812 W CN 2018083812W WO 2018192557 A1 WO2018192557 A1 WO 2018192557A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- role
- user
- roles
- department
- authorization
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
Definitions
- the present invention relates to a user rights management method for a management software system such as an EPR, and more particularly to a one-to-one authority authorization method and system for a user based on a role.
- Role-based access control is one of the most researched and matured database rights management mechanisms in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and autonomous access control (DAC).
- the basic idea of role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and indirectly access database resources by being assigned different roles.
- the role-based permission control mechanism can manage the access rights of the system simply and efficiently, which greatly reduces the burden and cost of the system rights management, and makes the system rights management more in line with the business management specifications of the application system.
- the traditional role-based user rights management method adopts the "role-to-user one-to-many" association mechanism, and its "role” is group/class nature, that is, one role can simultaneously correspond to/associate multiple users, and the role is similar to the post.
- the authorization of user rights under this association mechanism is basically divided into the following three forms: 1, as shown in Figure 1, directly authorized to the user, the disadvantage is that the workload is large, the operation is frequent and troublesome; As shown in Figure 2, the role (class/group/post/work type) is authorized (a role can be associated with multiple users), and the user obtains the permission through the role; 3. As shown in Figure 3, the above two methods are combined. .
- both 2 and 3 need to authorize the role of the class/group nature, and the way of authorization through the role of class/group/post/work type has the following disadvantages: 1.
- the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
- the object of the present invention is to overcome the deficiencies of the prior art, and provide a one-to-one authority authorization method and system based on a role to a user.
- a role can only be associated with a unique user in the same period, and the rights management in the system is greatly improved.
- Efficiency makes dynamic authorization simpler, more convenient, clearer, clearer, and improves the efficiency and reliability of permission settings.
- a one-to-one authority authorization method based on a role to a user comprising the following sequential steps: S1: establishing a role, each role being an independent individual, not a group/class; S2: Authorize the roles established by S1 separately; S3: Associate users to roles, wherein one role can only associate with a unique user in the same period, and one user associates one or more roles.
- Authorization of a role includes authorization of the form, authorization of the menu, or authorization of the function.
- a role When a role is created, a department must be selected. Once the role is created, the role belongs to the department, and the role is unique under the department, and the role is authorized according to the work content of the role.
- a one-to-one authorization authorization method for a user based on a role and a user inter-department management operation step, which includes: (1) canceling the association between the user and the role in the original department; and (2) placing the user with the new department.
- the role is associated.
- the user can and can only determine the rights through its association with the role.
- a one-to-one authorization method for a user based on a role including the following sequential steps: S1: establishing a role, each role being an independent individual, not a group/class; S2: associating a user to a role, wherein one at the same time A role can only be associated with a unique user, and a user is associated with one or more roles; S3: Authorize the roles established by S1 separately.
- Authorization of a role includes authorization of the form, authorization of the menu, or authorization of the function.
- a role When a role is created, a department must be selected. Once the role is created, the role belongs to the department, and the role is unique under the department, and the role is authorized according to the work content of the role.
- a one-to-one authorization authorization method for a user based on a role and a user inter-department management operation step, which includes: (1) canceling the association between the user and the role in the original department; and (2) placing the user with the new department.
- the role is associated.
- the user can and can only determine the rights through its association with the role.
- a one-to-one authority authorization system based on roles for users including a role establishment unit, a role authorization unit, and a user-role association unit;
- the role establishment unit is configured to perform role layout according to posts, and establish system roles, each role is Independent individual, not group/class;
- the role authorization unit is used to assign rights to the role according to the work content of the role;
- the user-role association unit is used to associate the user to the role, ensuring that only one role can be played in the same time period Associate a unique user, one user associated with one or more roles.
- the system role is composed of: a post name + a post number.
- the traditional rights management mechanism defines roles as groups, types of work, classes, etc.
- the roles are one-to-many relationships with users. In actual system use, it is often necessary to perform user rights in the course of operations. Adjustments, for example, when the employee permissions are changed, the permissions of an employee associated with the role change. We cannot change the permissions of the entire role because of the change of the individual employee permissions, because the role is also associated with other permissions. Staff. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements.
- the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
- the role since the role is an independent individual, the role permission can be changed to achieve the goal.
- the method of the present application seems to increase the workload when the system is initialized, it can be made by copying and the like to make the role or authorization more efficient than the traditional group-based role, because the role of the group is not considered.
- the application scheme will make the permission setting clear and clear; especially after the system is used for a period of time (the user/role authority changes dynamically), the application scheme can greatly improve the system usage for the system user.
- the efficiency of the rights management makes the dynamic authorization simpler, more convenient, clearer and clearer, and improves the efficiency and reliability of the permission setting.
- the traditional group-based role authorization method is easy to make mistakes.
- the method of the present application greatly reduces the probability of authorization errors, because the method of the present application only needs to consider the role as an independent individual, without considering the traditional method to associate the role of the group. What are the commonalities of multiple users? Even if the authorization error occurs, it only affects the user associated with the role, while the traditional group-based role affects all users associated with the role. Even if a permission authorization error occurs, the correction method of the present application is simple and short, and the traditional group-type role needs to consider the commonality of all users associated with the role when correcting the error, and not only the modification when there are many function points. Troublesome, complicated, very error-prone, and in many cases only new roles can be created.
- the method of the present application is as follows: the transferred user associates several roles.
- the user When adjusting the post, the user is first unlinked from the role in the original department (the canceled roles can be re-associated to other users), and then Associate users with roles in the new department. The operation is simple and will not go wrong.
- FIG. 1 is a schematic diagram of a manner in which a system directly authorizes a user in the background art
- FIG. 2 is a schematic diagram of a manner in which a system authorizes a group/class role in the background art
- FIG. 3 is a schematic diagram of a manner in which a system directly authorizes a user and authorizes a group/class role role in the background art
- FIG. 4 is a schematic diagram of a manner in which a system authorizes a user through an independent individual role
- Figure 5 is a flow chart of the authorization method of the present invention.
- a one-to-one authority authorization method based on a role to a user includes the following sequential steps: S1: establishing a role, each role being an independent individual, not a group/class; S2: Authorize the roles established by S1 separately; S3: Associate users to roles, in which one role can only associate with a unique user, and one user associates one or more roles. The user can only determine the permission through its association with the role. If the user's permission is to be modified, the permission of the user associated with the role can be changed by adjusting the permissions owned by the role. The user is not directly authorized, but the user is authorized by the role associated with it. Once the user associates the role, the user has all the operation rights of the role.
- the role of the role to the user is one-to-one (when the role is associated with a user, other users can no longer associate the role; if the role is not associated with the user, it can be associated with other users).
- a user's relationship to a role is one-to-many (one user can associate multiple roles at the same time).
- Role definition The role does not have the nature of group/class/category/post/job/work, but a non-collection nature, the role is unique, the role is an independent independent entity; in the enterprise application is equivalent Job number (The job number here is not a post, one post may have multiple employees at the same time, and one job number can only correspond to one employee at the same time).
- a company system can create the following roles: general manager, deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
- general manager deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
- Zhang San serves as the company's deputy general manager 2, and also serves as a sales manager in Beijing, then Zhang The three roles to be associated are Deputy General Manager 2 and Beijing Sales Manager. Zhang San has the rights to these two roles.
- the system's authorization for a role includes, but is not limited to, authorization of a form, authorization of a menu, or authorization of a function.
- Authorization for the operation of the form includes but is not limited to additions and deletions.
- roles are group/class/post/position/work type, and one role can correspond to multiple users.
- the concept of "role" in this application is equivalent to the post number/station number, and is similar to the role in the film and television drama: a character can only be played by one actor at the same time (childhood, juvenile, middle-aged). And an actor may be decorated with multiple angles.
- Authorization for a role includes, but is not limited to, authorization of a form, authorization of a menu, or authorization of a function.
- a role When a role is created, a department must be selected. Once the role is created, the role belongs to the department, and the role is unique under the department, and the role is authorized according to the work content of the role.
- the specific operation process includes: (1) canceling the association between the user and the role in the original department; and (2) associating the user with the role in the new department.
- the role After the role is created, you can associate the role in the process of creating the user, or you can associate it at any time after the user is created. After the user associates the role, the relationship with the role can be released at any time, and the relationship with other roles can be established at any time.
- a one-to-one authority authorization method based on a role to a user includes the following sequential steps: S1: establishing a role, each role being an independent individual, not a group/class; S2: associating a user to a role, In the same period, one role can only associate with a unique user, and one user associates one or more roles; S3: authorizes the roles established by S1 separately.
- a one-to-one authority authorization system based on a role to a user should at least include a role establishment unit, a role authorization unit, and a user-role association unit; the role establishment unit is used for According to the role layout, establish system roles, each role is an independent individual, not a group/class; the system role is composed of: job name + post number; for example: workshop production worker 1, workshop production worker 2 Workshop production workers 3...The role is an independent individual, which is equivalent to the concept of job number and station number. It is different from the role in the traditional authority management system. The concept of role in the traditional system is the group/class nature of position/position/work type. .
- the role authorization unit is configured to assign a role to the role according to the work content of the role; the user-role association unit is configured to associate the user to the role, ensuring that one role can only associate with the unique user in the same time period, and one user associates one Or multiple roles.
- Zhang also arranged for Zhang San to be responsible for the sales of regional TV products in Beijing (the corresponding role is to sell the role of “Sales Engineer 8” under the Ministry of Sales) and concurrently as the head of the after-sales department (corresponding to the after-sales department)
- the three users added the roles of “sales engineer 8” under the sales department and “sales department supervisor 1” under the after-sales department.
- Zhang San employees associated three roles, respectively.
- Zhang San users have the authority of these three roles.
- Zhang San serves as the post-sales manager (corresponding to the role of “after-sales manager” in the after-sales department) and no longer take up other jobs. Then Zhang San user is associated with the role of “after-sales manager” in the after-sales department, and cancels the three roles previously associated (Sales Engineer 5 under Sales, Sales Engineer 8 and “After Sales Manager 1” under the after-sales department) At this time, Zhang San users only have the authority of the role of “after-sales manager” under the after-sales department.
- This application authorizes the role of the nature of the post number/station number, and the user associates the role to determine the authority, then the control of the user right is achieved through a simple user-role relationship, allowing the authority Control is simple, easy to operate, clear and clear, and greatly enhances the efficiency of authorization and the reliability of authorization.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
Description
Claims (10)
- 基于角色对用户的一对一的权限授权方法,其特征在于,包括以下顺序步骤:S1:建立角色,每个角色是独立的个体,而非组/类;S2:对S1所建立的角色分别进行授权;S3:将用户关联到角色,其中,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。
- 根据权利要求1所述的基于角色对用户的一对一的权限授权方法,其特征在于:所述的角色创建时必须选择一个部门,角色一旦创建后则该角色归属于该部门,且该角色在该部门下唯一,根据角色的工作内容对角色进行授权。
- 根据权利要求2所述的基于角色对用户的一对一的权限授权方法,其特征在于:还包括一个用户跨部门调岗管理步骤,具体包括:(1)取消用户与原部门内的角色的关联;(2)将用户与新部门内的角色进行关联。
- 根据权利要求1所述的基于角色对用户的一对一的权限授权方法,其特征在于:所述的用户能且只能通过其与角色的关联确定权限。
- 基于角色对用户的一对一的权限授权方法,其特征在于,包括以下顺序步骤:S1:建立角色,每个角色是独立的个体,而非组/类;S2:将用户关联到角色,其中,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;S3:对S1所建立的角色分别进行授权。
- 根据权利要求5所述的基于角色对用户的一对一的权限授权方法,其特征在于:所述的角色创建时必须选择一个部门,角色一旦创建后则该角色归属于该部门,且该角色在该部门下唯一,根据角色的工作内容对角色进行授权。
- 根据权利要求5所述的基于角色对用户的一对一的权限授权方法,其特征在于:还包括一个用户跨部门调岗管理步骤,具体包括:(1)取消用户与原部门内的角色的关联;(2)将用户与新部门内的角色进行关联。
- 根据权利要求5所述的基于角色对用户的一对一的权限授权方法,其特征在于:所述的用户能且只能通过其与角色的关联确定权限。
- 基于角色对用户的一对一的权限授权系统,其特征在于:包括角色建立单元、角色授权单元和用户-角色关联单元;所述的角色建立单元用于根据岗位进行角色布局,建立系统角色,每个角色是独立个体,而非组/类;所述的角色授权单元用于根据角色的工作内容对角色赋予权限;所述的用户-角色关联单元用于将用户关联到角色,确保同一时段一个角色只能关联唯一的用户,一个用户关联一个或多个角色。
- 根据权利要求9所述的基于角色对用户的一对一的权限授权系统,其特征在于:所述系统角色的构成为:岗位名+岗内编号。
Priority Applications (13)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA3061130A CA3061130A1 (en) | 2017-04-22 | 2018-04-19 | Permission granting method and system based on one-to-one correspondence between roles and users |
KR1020197031157A KR20190131085A (ko) | 2017-04-22 | 2018-04-19 | 사용자에 대한 역할의 일대일 매칭을 기반으로 하는 권한 부여 방법과 시스템 |
AU2018255463A AU2018255463A1 (en) | 2017-04-22 | 2018-04-19 | Permission granting method and system based on one-to-one correspondence between roles and users |
PE2019002039A PE20191750A1 (es) | 2017-04-22 | 2018-04-19 | Metodo y sistema individual basados en roles para otorgar permiso a un usuario |
EA201992218A EA201992218A1 (ru) | 2017-04-22 | 2018-04-19 | Способ и система для предоставления прав на основе взаимно однозначной связи роли с пользователем |
US16/607,095 US20200389463A1 (en) | 2017-04-22 | 2018-04-19 | Permission granting method and system based on one-to-one correspondence between roles and users |
EP18787382.3A EP3614283A4 (en) | 2017-04-22 | 2018-04-19 | PROCESS AND SYSTEM FOR GRANTING AUTHORIZATION BASED ON BIUNIVOCAL CORRESPONDENCE BETWEEN ROLES AND USERS |
BR112019021888-2A BR112019021888A2 (pt) | 2017-04-22 | 2018-04-19 | Método e sistema de concessão de permissões com base na correspondência individual entre funções e usuários |
MX2019012442A MX2019012442A (es) | 2017-04-22 | 2018-04-19 | Metodo y sistema individual basados en roles para otorgar permiso a un usuario. |
JP2020507734A JP2020520034A (ja) | 2017-04-22 | 2018-04-19 | ロール対ユーザーに基づく1対1の権限承認方法とシステム |
ZA2019/06776A ZA201906776B (en) | 2017-04-22 | 2019-10-14 | Permission granting method and system based on one-to-one correspondence between roles and users |
PH12019502371A PH12019502371A1 (en) | 2017-04-22 | 2019-10-18 | Permission granting method and system based on one-to-one correspondence between roles and users |
CONC2019/0011620A CO2019011620A2 (es) | 2017-04-22 | 2019-10-29 | Método y sistema individual basados en roles para otorgar permiso a un usuario |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710268338.9A CN107103228B (zh) | 2017-04-22 | 2017-04-22 | 基于角色对用户的一对一的权限授权方法和系统 |
CN201710268338.9 | 2017-04-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018192557A1 true WO2018192557A1 (zh) | 2018-10-25 |
Family
ID=59657107
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2018/083812 WO2018192557A1 (zh) | 2017-04-22 | 2018-04-19 | 基于角色对用户的一对一的权限授权方法和系统 |
Country Status (14)
Country | Link |
---|---|
EP (1) | EP3614283A4 (zh) |
JP (1) | JP2020520034A (zh) |
KR (1) | KR20190131085A (zh) |
CN (1) | CN107103228B (zh) |
AU (1) | AU2018255463A1 (zh) |
BR (1) | BR112019021888A2 (zh) |
CA (1) | CA3061130A1 (zh) |
CO (1) | CO2019011620A2 (zh) |
EA (1) | EA201992218A1 (zh) |
MX (1) | MX2019012442A (zh) |
PE (1) | PE20191750A1 (zh) |
PH (1) | PH12019502371A1 (zh) |
WO (1) | WO2018192557A1 (zh) |
ZA (1) | ZA201906776B (zh) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107103228B (zh) * | 2017-04-22 | 2021-02-02 | 成都牵牛草信息技术有限公司 | 基于角色对用户的一对一的权限授权方法和系统 |
CN107203870A (zh) * | 2017-05-23 | 2017-09-26 | 成都牵牛草信息技术有限公司 | 工作流审批节点按部门设置审批角色的方法 |
CN107045675A (zh) * | 2017-05-23 | 2017-08-15 | 成都牵牛草信息技术有限公司 | 工作流审批节点按角色设置审批角色的方法 |
CN107644171A (zh) * | 2017-09-28 | 2018-01-30 | 深圳市金蝶精斗云网络科技有限公司 | 一种角色权限的老用户升级方法及相关设备 |
CN107657169B (zh) * | 2017-10-10 | 2020-02-21 | 泰康保险集团股份有限公司 | 权限管理方法、装置、介质和电子设备 |
CN107633184A (zh) * | 2017-10-19 | 2018-01-26 | 上海砾阳软件有限公司 | 一种用于管理用户权限的数据库及方法与设备 |
CN110457529B (zh) * | 2019-07-05 | 2022-07-12 | 中国平安财产保险股份有限公司 | 岗位数据处理方法、装置、计算机设备及存储介质 |
CN110363018A (zh) * | 2019-07-16 | 2019-10-22 | 北京明略软件系统有限公司 | 权限的控制方法及装置 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1479232A (zh) * | 2002-08-30 | 2004-03-03 | 英业达股份有限公司 | 人力资源管理系统以及方法 |
CN101667268A (zh) * | 2009-09-22 | 2010-03-10 | 浪潮集团山东通用软件有限公司 | 一种支持一人多岗位工资及费用分摊的计算方法 |
CN103632082A (zh) * | 2013-12-10 | 2014-03-12 | 惠州华阳通用电子有限公司 | 一种通用权限管理系统及方法 |
CN104919414A (zh) * | 2012-11-06 | 2015-09-16 | 甲骨文国际公司 | 使用权限簇分析的角色发现 |
CN107103228A (zh) * | 2017-04-22 | 2017-08-29 | 成都牵牛草信息技术有限公司 | 基于角色对用户的一对一的权限授权方法和系统 |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101093524A (zh) * | 2006-06-22 | 2007-12-26 | 上海新纳广告传媒有限公司 | 基于层次结构的权限处理系统 |
CN101373527A (zh) * | 2007-08-24 | 2009-02-25 | 上海全成通信技术有限公司 | 系统参与人的权限控制方法 |
JP2009238191A (ja) * | 2008-03-28 | 2009-10-15 | Mitsubishi Electric Corp | Webアプリケーションシステム |
CN102004868A (zh) * | 2009-09-01 | 2011-04-06 | 上海杉达学院 | 一种基于角色访问控制的信息系统数据存储层及组建方法 |
CN101714196A (zh) * | 2009-11-20 | 2010-05-26 | 上海电机学院 | 基于周期时间的权限委托方法 |
JP5814639B2 (ja) * | 2011-06-09 | 2015-11-17 | キヤノン株式会社 | クラウドシステム、クラウドサービスのライセンス管理方法、およびプログラム |
CN102354356B (zh) * | 2011-09-29 | 2014-06-04 | 用友软件股份有限公司 | 数据权限管理装置和方法 |
CN102567675B (zh) * | 2012-02-15 | 2015-09-30 | 合一网络技术(北京)有限公司 | 一种业务系统下的用户权限管理方法和系统 |
CN104463005A (zh) * | 2013-09-25 | 2015-03-25 | 天津书生投资有限公司 | 一种控制电子文档的访问权限的方法 |
CN103500297A (zh) * | 2013-10-11 | 2014-01-08 | 济钢集团有限公司 | 信息系统中细粒度权限管理方法 |
CN104751573B (zh) * | 2014-10-28 | 2019-02-12 | 郑利红 | 用于物品/快递投递的安全智能柜系统及其用途 |
CN104484617B (zh) * | 2014-12-05 | 2017-09-26 | 中国航空工业集团公司第六三一研究所 | 一种基于多策略融合的数据库访问控制方法 |
CN104392159B (zh) * | 2014-12-17 | 2018-02-06 | 中国人民解放军国防科学技术大学 | 一种支持最小特权的用户按需授权方法 |
CN105005730A (zh) * | 2015-08-13 | 2015-10-28 | 杭州杉石科技有限公司 | 一种基于app应用的权限设计方法 |
CN105653977B (zh) * | 2015-12-28 | 2019-07-05 | 上海瀚银信息技术有限公司 | 一种菜单权限配置方法及系统 |
CN106384057B (zh) * | 2016-04-27 | 2017-09-15 | 平安科技(深圳)有限公司 | 数据访问权限识别方法和装置 |
CN106407717A (zh) * | 2016-10-24 | 2017-02-15 | 深圳市前海安测信息技术有限公司 | 医疗信息化系统中电子病历电子签章审核系统及方法 |
CN106779619B (zh) * | 2016-12-30 | 2024-02-02 | 全民互联科技(天津)有限公司 | 一种完善业务审批的审核加签方法及系统 |
-
2017
- 2017-04-22 CN CN201710268338.9A patent/CN107103228B/zh active Active
-
2018
- 2018-04-19 KR KR1020197031157A patent/KR20190131085A/ko not_active Application Discontinuation
- 2018-04-19 EP EP18787382.3A patent/EP3614283A4/en active Pending
- 2018-04-19 JP JP2020507734A patent/JP2020520034A/ja active Pending
- 2018-04-19 EA EA201992218A patent/EA201992218A1/ru unknown
- 2018-04-19 CA CA3061130A patent/CA3061130A1/en not_active Abandoned
- 2018-04-19 BR BR112019021888-2A patent/BR112019021888A2/pt unknown
- 2018-04-19 WO PCT/CN2018/083812 patent/WO2018192557A1/zh active Application Filing
- 2018-04-19 PE PE2019002039A patent/PE20191750A1/es unknown
- 2018-04-19 MX MX2019012442A patent/MX2019012442A/es unknown
- 2018-04-19 AU AU2018255463A patent/AU2018255463A1/en not_active Abandoned
-
2019
- 2019-10-14 ZA ZA2019/06776A patent/ZA201906776B/en unknown
- 2019-10-18 PH PH12019502371A patent/PH12019502371A1/en unknown
- 2019-10-29 CO CONC2019/0011620A patent/CO2019011620A2/es unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1479232A (zh) * | 2002-08-30 | 2004-03-03 | 英业达股份有限公司 | 人力资源管理系统以及方法 |
CN101667268A (zh) * | 2009-09-22 | 2010-03-10 | 浪潮集团山东通用软件有限公司 | 一种支持一人多岗位工资及费用分摊的计算方法 |
CN104919414A (zh) * | 2012-11-06 | 2015-09-16 | 甲骨文国际公司 | 使用权限簇分析的角色发现 |
CN103632082A (zh) * | 2013-12-10 | 2014-03-12 | 惠州华阳通用电子有限公司 | 一种通用权限管理系统及方法 |
CN107103228A (zh) * | 2017-04-22 | 2017-08-29 | 成都牵牛草信息技术有限公司 | 基于角色对用户的一对一的权限授权方法和系统 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3614283A4 * |
Also Published As
Publication number | Publication date |
---|---|
MX2019012442A (es) | 2019-12-11 |
CA3061130A1 (en) | 2019-10-16 |
EP3614283A1 (en) | 2020-02-26 |
PE20191750A1 (es) | 2019-12-12 |
ZA201906776B (en) | 2020-06-24 |
AU2018255463A1 (en) | 2019-10-31 |
CN107103228A (zh) | 2017-08-29 |
CO2019011620A2 (es) | 2020-01-17 |
BR112019021888A2 (pt) | 2020-05-26 |
CN107103228B (zh) | 2021-02-02 |
EA201992218A1 (ru) | 2020-06-05 |
PH12019502371A1 (en) | 2020-07-13 |
KR20190131085A (ko) | 2019-11-25 |
JP2020520034A (ja) | 2020-07-02 |
EP3614283A4 (en) | 2021-01-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018196876A1 (zh) | 基于角色对用户一对一的工作流控制方法和系统 | |
WO2018192557A1 (zh) | 基于角色对用户的一对一的权限授权方法和系统 | |
WO2018214891A1 (zh) | 工作流审批节点按部门设置审批角色的方法 | |
WO2019007292A1 (zh) | 基于角色的表单操作权限授权方法 | |
WO2018214890A1 (zh) | 工作流审批节点按角色设置审批角色的方法 | |
WO2019007260A1 (zh) | 表单字段值操作权限授权方法 | |
WO2018210248A1 (zh) | 基于表单字段的工作流审批节点设置审批角色的方法 | |
WO2019011220A1 (zh) | 基于依据字段设置审批流程的方法 | |
US20200389463A1 (en) | Permission granting method and system based on one-to-one correspondence between roles and users | |
WO2019029650A1 (zh) | 表单数据操作的审核方法 | |
WO2019020118A1 (zh) | 管理系统中即时通讯账号的管理方法 | |
WO2018205942A1 (zh) | 工作流审批节点按部门级别设置审批角色的方法 | |
WO2019011304A1 (zh) | 基于角色获取的表单数据的授权方法 | |
WO2019029648A1 (zh) | 基于改进型rbac权限控制机制的审批任务转交方法 | |
WO2019015539A1 (zh) | 一种表单数据操作权限授权方法 | |
WO2019029501A1 (zh) | 统计列表操作权限授权方法 | |
WO2019019981A1 (zh) | 系统中用户在信息交流单元的权限的设置方法 | |
WO2019007210A1 (zh) | 一种表单的关联信息授权方法 | |
WO2019011162A1 (zh) | 快捷功能设置方法 | |
WO2019034022A1 (zh) | 基于时间段的操作记录查看权限的设置方法 | |
WO2018224023A1 (zh) | 系统中员工登录其账户后的权限显示方法 | |
WO2019029649A1 (zh) | 对使用者进行审批流程及其审批节点授权的方法 | |
WO2018205940A1 (zh) | 基于角色对用户的一对一的组织结构图生成及应用方法 | |
WO2019029502A1 (zh) | 系统中对授权操作者进行授权的方法 | |
WO2019024899A1 (zh) | 监察审批操作、授权操作及表单操作的方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18787382 Country of ref document: EP Kind code of ref document: A1 |
|
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
ENP | Entry into the national phase |
Ref document number: 2020507734 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 20197031157 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112019021888 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: 2018255463 Country of ref document: AU Date of ref document: 20180419 Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2018787382 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 112019021888 Country of ref document: BR Kind code of ref document: A2 Effective date: 20191018 |