WO2018214890A1 - Role-based method for setting approval role for workflow approval node - Google Patents

Role-based method for setting approval role for workflow approval node Download PDF

Info

Publication number
WO2018214890A1
WO2018214890A1 PCT/CN2018/087920 CN2018087920W WO2018214890A1 WO 2018214890 A1 WO2018214890 A1 WO 2018214890A1 CN 2018087920 W CN2018087920 W CN 2018087920W WO 2018214890 A1 WO2018214890 A1 WO 2018214890A1
Authority
WO
WIPO (PCT)
Prior art keywords
role
approval
workflow
user
roles
Prior art date
Application number
PCT/CN2018/087920
Other languages
French (fr)
Chinese (zh)
Inventor
陈达志
Original Assignee
成都牵牛草信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 成都牵牛草信息技术有限公司 filed Critical 成都牵牛草信息技术有限公司
Publication of WO2018214890A1 publication Critical patent/WO2018214890A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0633Workflow analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management

Definitions

  • the invention relates to a method for setting and managing an approval node approval role in a workflow of a management software system such as an ERP, in particular to a method for setting an approval role by a workflow approval node according to a role.
  • Role-based access control is one of the most researched and matured database rights management mechanisms in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and autonomous access control (DAC). Traditional autonomous access control has high flexibility but low security. Forced access control is highly secure but too restrictive. Role-based access control combines both ease of management and reduces the complexity, cost, and probability of errors. Therefore, it has been greatly developed in recent years.
  • the basic idea of role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and indirectly access database resources by being assigned different roles.
  • the role-based permission control mechanism can manage the access rights of the system simply and efficiently, which greatly reduces the burden and cost of the system rights management, and makes the system rights management more in line with the business management specifications of the application system.
  • the traditional role-based user rights management and workflow control methods adopt the "role-to-user one-to-many" association mechanism, and the "role” is group/class nature, that is, one role can simultaneously correspond to/associate multiple users.
  • the role is similar to the concept of position/position/work type.
  • the authorization of user rights under this association mechanism is basically divided into the following three forms: 1. As shown in Figure 1, the user is authorized directly. The disadvantage is that the workload is large and the operation is frequent. And trouble; the approval operation subject of the approval node in the approval process is the user, and the workflow approval node directly selects the employee/user as the approval subject.
  • the role (class/group/post/work type) is authorized (a role can be associated with multiple users), the user obtains the permission through the role, and the approval operation subject is the group/class nature role; As shown in Figure 3, the above two methods are combined.
  • both 2 and 3 need to authorize the role of the class/group nature, and the way of authorization and workflow control through the role of class/group/post/work type has the following disadvantages: 1.
  • Difficulties in operation In the actual system use process, it is often necessary to adjust the user's authority during the operation process. For example, when dealing with employee permission changes, the employee rights associated with the role change, we cannot because of this Changes in employee permissions change the permissions of the entire role, because the role is also associated with other employees whose permissions have not changed. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements.
  • the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
  • the workflow approval node directly selects the employee/user as the approval subject, or the new role is added to meet the requirements of the approval process.
  • employee changes such as transfer, resignation, etc.
  • all the processes involved in the employee must be adjusted accordingly, especially for company management personnel, which involves more approval processes and process adjustments. Large amount, complicated, easy to make mistakes or omissions, affecting the normal operation of the company, and even causing unpredictable losses.
  • the new role involves the creation, association, and authorization of the role. Especially in the case of a large number of roles and a large number of users associated with the role, it is difficult to remember which users are associated with the role.
  • the purpose of the present invention is to overcome the deficiencies of the prior art, and to provide a method for setting an approval role by a workflow approval node according to a role, and only need to select a corresponding role when setting an approval role, and the operation is convenient.
  • the workflow approval node sets the role of the approval role by role, including: creating a role included in the system organization structure; displaying the candidate role when setting the workflow approval node; One or more roles are selected from the candidate roles as an approval role for the node.
  • each role is an independent individual, not a group/class.
  • One role can only associate a unique user at a time, and one user associates one or more roles.
  • the method for generating the workflow includes: constructing a three-layer mechanism model of user-role-permission, wherein: a role layer: an operation subject of process approval in a workflow is a role, and each role is an independent individual, instead Group/class, a role can only be associated with a unique user in the same period, and a user is associated with one or more roles; privilege layer: consists of the permissions required for workflow execution, permissions are directly delegated to the role; user layer: user The approval task in the workflow is determined by the associated role, and the approval operation is performed with the permission of the associated role; the workflow is controlled by the three-layer structure model, and an approval process includes a start node, at least one approval node, and an end node.
  • start node approval process start
  • approval node approval authority authorization (or setting) for the corresponding approval role
  • end node approval process end
  • user determines the approval task to be processed according to its associated role, and according to The permissions of the associated role are approved.
  • a role with workflow initiating permissions can initiate/apply/submit a workflow as a submitting role.
  • the role belongs to a department, and the role is authorized according to the working content of the role.
  • the name of the role is unique under the department, and the number of the role is unique in the system.
  • the user when the user moves across the department, the user is associated with the role in the original department, and the user is associated with the role in the new department.
  • the user determines the authority by its association with the role, one employee corresponds to one user account, and one user account corresponds to one employee.
  • the display form of the candidate character includes one or more of a list, an organizational structure tree diagram, and an organizational structure diagram.
  • the workflow approval node sets the role of the approval role by role, including: creating the role contained in the system organization structure; selecting (or setting) to set the approval role by role; displaying candidates when setting the workflow approval node Role; select one or more roles from the candidate roles as the approval role for the node.
  • the beneficial effects of the present invention are as follows: (1) The system workflow setting personnel only need to select the corresponding role as the approval role when setting the approval role, and it is not necessary to select a specific user, even if the user associated with the role changes, it is not required. Resetting the approval role is easy and error-free.
  • the administrative department of the company has role A and role B. If role A is the department supervisor role of the administrative department, when performing the workflow approval setting for leave, simply select role A as the approval role instead of selecting role A. The user, even if the user associated with role A is changed from Zhang San to Li Si, does not need to re-approve the role setting.
  • the main body of the approval operation in the workflow is the role, and the role is an independent individual rather than a traditional group/class role. Even if employee/user changes occur (such as transfer, separation, etc.), only new employees are required. Re-associate to the role in the approval process; or change the employee approval authority, adjust the role approval authority in a targeted manner, no need to reset/adjust the process, easy to set up, no mistakes or omissions, no impact on the enterprise Normal operation greatly improves the reliability of the workflow.
  • the role of the nature of the post number is the approval authority of the approval link node. The user determines which approval tasks are available through the role. The user can approve the operation by associating the role permissions; the understanding is clear and simple, and the nature of each post number/station number
  • the role is the smallest unit of the work subject, and this application can be well satisfied for each role's different requirements for approval.
  • the role of the application is a one-to-one relationship to the user.
  • a role can only be associated with a unique user at the same time. The advantage of this is that as long as the user is associated with the role, the user can obtain the associated role (ie, the user obtains the associated role). Permissions), and the role's permission changes are much less than the user permissions in the traditional mechanism.
  • the number of roles of the nature of the independent body (the nature of the post number/station number) is small. Although the employee turnover is large, the change of the post number/station number is small (even if there is no change in a certain period of time, that is, the role does not change), This will greatly simplify the user's rights management and reduce the overhead of the system.
  • the operation of dynamic management, on-the-job adjustment, etc. is simple and convenient, high in efficiency and high in reliability: the application of the entry/departure/admission in the approval process is simple, and the operation subject of the approval of the workflow is the role, when the employee/user There is no need to reset the approval process when the change occurs (the user only needs to cancel or associate the role: the user who is no longer in the role of the job number/station number cancels the role association and takes over the role of the job number/station number. If the user is associated with the role of the job number, the user associated with the role automatically obtains the related tasks and permissions of the role in the approval workflow, without resetting the approval workflow or reauthorizing the roles in the workflow. , greatly improving the efficiency, security and reliability of process settings.
  • Zhang San is no longer working as a “buyer 3”, Zhang San cancels the association with the role; Li Si took over as “Purchaser 3”
  • Li Si is associated with the role, and Li Si automatically obtains the approval task and approval authority for the role of “Purchase 3” in the approval process.
  • the traditional rights management mechanism defines the role as a group, a job type, a class, etc.
  • the role is a one-to-many relationship with the user. In the actual system use process, it is often necessary to perform the user's authority during the operation process. Adjustments, for example, when the employee permissions are changed, the permissions of an employee associated with the role change. We cannot change the permissions of the entire role because of the change of the individual employee permissions, because the role is also associated with other permissions. Staff. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements.
  • the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
  • the role since the role is an independent individual, the role permission can be changed to achieve the goal.
  • the method of the present application seems to increase the workload when the system is initialized, it can be made by copying and the like to make the role or authorization more efficient than the traditional group-based role, because the role of the group is not considered.
  • the application scheme will make the permission setting clear and clear; especially after the system is used for a period of time (the user/role authority changes dynamically), the application scheme can greatly improve the system usage for the system user.
  • the efficiency of the rights management makes the dynamic authorization simpler, more convenient, clearer and clearer, and improves the efficiency and reliability of the permission setting.
  • the traditional group-based role authorization method is error-prone, and the method of the present application greatly reduces the probability of authorization errors, because the method of the present application only needs to consider the role as an independent individual, without considering the traditional method to associate the role of the group. What are the commonalities of multiple users? Even if the authorization error occurs, it only affects the user associated with the role, while the traditional group-based role affects all users associated with the role. Even if a permission authorization error occurs, the correction method of the present application is simple and short, and the traditional group-type role needs to consider the commonality of all users associated with the role when correcting the error, and not only the modification when there are many function points. Troublesome, complicated, very error-prone, and in many cases only new roles can be created.
  • the method of the present application is as follows: the transferred user associates several roles.
  • the user When adjusting the post, the user is first unlinked from the role in the original department (the canceled roles can be re-associated to other users), and then Associate users with roles in the new department. The operation is simple and will not go wrong.
  • FIG. 1 is a schematic diagram of a manner in which a system directly authorizes a user in the background art
  • FIG. 2 is a schematic diagram of a manner in which a system authorizes a group/class role in the background art
  • FIG. 3 is a schematic diagram of a manner in which a system directly authorizes a user and authorizes a group/class role role in the background art
  • FIG. 4 is a flow chart of a method for setting an approval role by a workflow approval node according to a role in the present invention
  • Figure 5 is a schematic view of a workflow in the present invention.
  • FIG. 6 is still another flow chart of a method for setting an approval role by a workflow approval node according to a role in the present invention.
  • the workflow approval node sets the role of the approval role by role, including: creating a role included in the system organization structure. For example, create role a, role b, role c, and role d.
  • Role definition The role does not have the nature of group/class/category/post/job/work, but a non-collection nature, the role is unique, the role is an independent independent entity; in the enterprise application is equivalent Job number (The job number here is not a post, one post may have multiple employees at the same time, and one job number can only correspond to one employee at the same time).
  • a company system can create the following roles: general manager, deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
  • general manager deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
  • Zhang San serves as the company's deputy general manager 2, and also serves as a sales manager in Beijing, then Zhang The three roles to be associated are Deputy General Manager 2 and Beijing Sales Manager. Zhang San has the rights to these two roles.
  • roles are group/class/post/position/work type, and one role can correspond to multiple users.
  • the concept of "role" in this application is equivalent to the post number/station number, and is similar to the role in the film and television drama: a character can only be played by one actor at the same time (childhood, juvenile, middle-aged). And an actor may be decorated with multiple angles.
  • Each role is a separate entity, not a group/class.
  • a role can only be associated with a unique user at the same time, and a user is associated with one or more roles.
  • the role belongs to the department, and the role is authorized according to the work content of the role; the role is composed of a name and a number, the name of the role is unique under the department, and the number of the role is unique in the system.
  • the user When the user moves across departments, the user is associated with the role in the original department, and the user is associated with the role in the new department. After the role is created, you can associate the role in the process of creating the user, or you can associate it at any time after the user is created. After the user associates the role, the relationship with the role can be released at any time, and the relationship with other roles can be established at any time.
  • the user determines the authority through its association with the role, one employee corresponds to one user account, and one user account corresponds to one employee.
  • the candidate role is displayed when the workflow's approval node is set.
  • the display form of the candidate character includes one or more of a list, an organizational structure tree diagram, and an organizational structure diagram. For example, when selecting an approval node, role a, role b, role c, and role d are displayed for selection.
  • the method for generating the workflow includes: constructing a three-layer mechanism model of user-role-permission, wherein: a role layer: an operation subject of process approval in a workflow is a role, and each role is an independent individual. Instead of a group/class, a role can only be associated with a unique user at the same time, and a user is associated with one or more roles; the privilege layer: consists of the permissions required for workflow execution, and the permissions are directly delegated to the role; the user Layer: The user determines the approval task in the workflow through the associated role, and performs the approval operation with the permission of the associated role.
  • the workflow is controlled by the three-layer structure model.
  • One approval process includes a start node and at least one approval node.
  • start node initiate/subscribe/submit workflow as the start node, or start node as the first approval node
  • approve node approve authority (or set) for the corresponding approval role
  • end node The approval process flow ends when the approval process flow goes to this node, and the end node does not approve For; or approval to a node as the last end node, the end node requires approval operation; user to determine the required approval tasks associated with processing according to its role and operating under the authority of the role approval associated.
  • One or more roles are selected from the candidate roles as approval roles. For example, if you select role a as the approval role, you can directly select role a as the approval role.
  • the administrative department of a company has role A, role B, role C, role D, role E, and role F. All company leave requires role A to approve.
  • the setting of the approval node of the leave workflow includes the following steps: creating a role A, role B, role C, role D, role E, and role F.
  • the candidate roles include role A, role B, role C, role D, role E, and role F (if there are other roles in the system organization structure, Show these roles).
  • Zhang San obtains the approval task and approves it.
  • the workflow approval node sets the role of the approval role by role, including: creating a role included in the system organization structure; selecting (or setting) to perform the role setting by the role mode; The candidate role is displayed when the approval node of the workflow is set; one or more roles are selected from the candidate roles as the approval role of the node.

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Game Theory and Decision Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Disclosed is a role-based method for setting an approval role for a workflow approval node. The method comprises: creating roles included by a system organization structure; displaying candidate roles when setting a workflow approval node; and selecting one or more roles from the candidate roles as an approval role of the node. According to the present invention, a system workflow setting staff only needs to select a particular role when setting an approval role, without paying attention to concrete users; there is no need to set an approval role again even if the user associated with the role is changed, operation is convenient, and it is not likely to make errors. The roles which are independent individuals serve as the main body of a workflow approval operation; a new employee is associated to a role in the approval flow if there is a change in the employee/user; or if the approval authority of a certain employee is changed, it is only required to adjust the approval authority of the role in a targeted way instead of resetting/adjusting the flow; and setting is convenient, and the workflow reliability is improved greatly.

Description

工作流审批节点按角色设置审批角色的方法Workflow Approval Node Method for Setting Approval Roles by Role 技术领域Technical field
本发明涉及一种ERP等管理软件系统的工作流中审批节点审批角色的设置和管理方法,特别是涉及一种工作流审批节点按角色设置审批角色的方法。The invention relates to a method for setting and managing an approval node approval role in a workflow of a management software system such as an ERP, in particular to a method for setting an approval role by a workflow approval node according to a role.
背景技术Background technique
基于角色的访问控制(RBAC)是近年来研究最多、思想最成熟的一种数据库权限管理机制,它被认为是替代传统的强制访问控制(MAC)和自主访问控制(DAC)的理想候选。传统的自主访问控制的灵活性高但是安全性低,强制访问控制安全性高但是限制太强;基于角色的访问控制两者兼具,不仅易于管理而且降低了复杂性、成本和发生错误的概率,因而近年来得到了极大的发展。基于角色的访问控制(RBAC)的基本思想是根据企业组织视图中不同的职能岗位划分不同的角色,将数据库资源的访问权限封装在角色中,用户通过被赋予不同的角色来间接访问数据库资源。Role-based access control (RBAC) is one of the most researched and matured database rights management mechanisms in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and autonomous access control (DAC). Traditional autonomous access control has high flexibility but low security. Forced access control is highly secure but too restrictive. Role-based access control combines both ease of management and reduces the complexity, cost, and probability of errors. Therefore, it has been greatly developed in recent years. The basic idea of role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and indirectly access database resources by being assigned different roles.
在大型应用系统中往往都建有大量的表和视图,这使得对数据库资源的管理和授权变得十分复杂。由用户直接管理数据库资源的存取和权限的收授是十分困难的,它需要用户对数据库结构的了解非常透彻,并且熟悉SQL语言的使用,而且一旦应用系统结构或安全需求有所变动,都要进行大量复杂而繁琐的授权变动,非常容易出现一些意想不到的授权失误而引起的安全漏洞。因此,为大型应用系统设计一种简单、高效的权限管理方法已成为系统和系统用户的普遍需求。A large number of tables and views are often built in large application systems, which makes the management and authorization of database resources very complicated. It is very difficult for the user to directly manage the access and permissions of the database resources. It requires the user to have a very thorough understanding of the database structure and is familiar with the use of the SQL language, and once the application system structure or security requirements have changed, To carry out a large number of complex and cumbersome authorization changes, it is very easy to have some security vulnerabilities caused by unexpected authorization errors. Therefore, designing a simple and efficient rights management method for large-scale application systems has become a common requirement for system and system users.
基于角色的权限控制机制能够对系统的访问权限进行简单、高效的管理,极大地降低了系统权限管理的负担和代价,而且使得系统权限管理更加符合应用系统的业务管理规范。The role-based permission control mechanism can manage the access rights of the system simply and efficiently, which greatly reduces the burden and cost of the system rights management, and makes the system rights management more in line with the business management specifications of the application system.
然而,传统基于角色的用户权限管理和工作流控制方法均采用“角色对用户一对多”的关联机制,其“角色”为组/类性质,即一个角色可以同时对应/关联多个用户,角色类似于岗位/职位/工种等概念,这种关联机制下对用户权限的授权基本分为以下三种形式:1、如图1所示,直接对用户授权,缺点是工作量大、操作频繁且麻烦;审批流程中审批节点的审批操作主体是用户,工作流审批节点直接选择员工/用户作为审批主体,当发生员工变动(如调岗、离职等),该员工涉及到的所有流程必须要作相应调整,特别是对于公司管理人员,其涉及到的审批流程多,流程调整的工作量大、繁杂,容易出错或遗漏,影响企业的正常运营,甚至造成不可预估的损失。However, the traditional role-based user rights management and workflow control methods adopt the "role-to-user one-to-many" association mechanism, and the "role" is group/class nature, that is, one role can simultaneously correspond to/associate multiple users. The role is similar to the concept of position/position/work type. The authorization of user rights under this association mechanism is basically divided into the following three forms: 1. As shown in Figure 1, the user is authorized directly. The disadvantage is that the workload is large and the operation is frequent. And trouble; the approval operation subject of the approval node in the approval process is the user, and the workflow approval node directly selects the employee/user as the approval subject. When an employee change occurs (such as transfer, resignation, etc.), all processes involved in the employee must be Corresponding adjustments, especially for company management personnel, involve many approval processes, and the workload of process adjustment is large and complicated, which is prone to errors or omissions, affecting the normal operation of the enterprise and even causing unpredictable losses.
即使只是员工审批权限发生变化,也需要对该员工涉及到的流程作出相应调整,也存在以上类似问题。Even if only the employee approval authority changes, it is necessary to adjust the process involved in the employee. There are similar problems.
2、如图2所示,对角色(类/组/岗位/工种性质)进行授权(一个角色可以关联多个用户),用户通过角色获得权限,审批操作主体是组/类性质角色;3、如图3所示,以上两种方式结合。2. As shown in Figure 2, the role (class/group/post/work type) is authorized (a role can be associated with multiple users), the user obtains the permission through the role, and the approval operation subject is the group/class nature role; As shown in Figure 3, the above two methods are combined.
以上的表述中,2、3均需要对类/组性质的角色进行授权,而通过类/组/岗位/工种性质的角色进行授权和工作流控制的方式有以下缺点:1、用户权限变化时的操作难:在实际的系统使用过程中,经常因为在运营过程中需要对用户的权限进行调整,比如:在处理员工权限变化时,角色关联的某个员工权限发生变化,我们不能因该个别员工权限的变化而改变整个角色的权限,因为该角色还关联了其他权限未变的员工。因此为了应对该种情况,要么创建新角色来满足该权限发生变化的员工,要么对该员工根据权限需求直接授权(脱离角色)。以上两种处理方式,在角色权限较多的情况下对角色授权不仅所需时间长,而且容易犯错,使用方操作起来繁琐又麻烦,也容易出错导致对系统使用方的损失。In the above expressions, both 2 and 3 need to authorize the role of the class/group nature, and the way of authorization and workflow control through the role of class/group/post/work type has the following disadvantages: 1. When the user rights change Difficulties in operation: In the actual system use process, it is often necessary to adjust the user's authority during the operation process. For example, when dealing with employee permission changes, the employee rights associated with the role change, we cannot because of this Changes in employee permissions change the permissions of the entire role, because the role is also associated with other employees whose permissions have not changed. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements. The above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
员工/用户的审批权限发生变化时,要么员工/用户脱离角色,工作流审批节点直接选择员工/用户作为审批主体,要么新增角色来满足审批流程的要求。第一种方式,当发生员工变动(如调岗、离职等),该员工涉及到的所有流程必须要作相应调整,特别是对于公司管理人员,其涉及到的审批流程多,流程调整的工作量大、繁杂,容易出错或遗漏,影响企业的正常运营,甚至造成不可预估的损失。即使只是员工审批权限发生变化,也需要对该员工涉及到的流程作出相应调整,也存在以上类似问题。第二种方式,新增角色便涉及到角色的新建、关联、授权工作,特别在角色多、角色关联的用户也多的情况下,角色具体关联了哪些用户是很难记住的。When the employee/user's approval authority changes, either the employee/user is removed from the role, the workflow approval node directly selects the employee/user as the approval subject, or the new role is added to meet the requirements of the approval process. In the first way, when employee changes occur (such as transfer, resignation, etc.), all the processes involved in the employee must be adjusted accordingly, especially for company management personnel, which involves more approval processes and process adjustments. Large amount, complicated, easy to make mistakes or omissions, affecting the normal operation of the company, and even causing unpredictable losses. Even if only the employee approval authority changes, it is necessary to adjust the process involved in the employee. There are similar problems. In the second way, the new role involves the creation, association, and authorization of the role. Especially in the case of a large number of roles and a large number of users associated with the role, it is difficult to remember which users are associated with the role.
2、要长期记住角色包含的具体权限难:若角色的权限功能点比较多,时间一长,很难记住角色的具体权限,更难记住权限相近的角色之间的权限差别,相近角色的权限也很容易混淆;若要关联新的用户,无法准确判断应当如何选择关联。2. It is difficult to remember the specific permissions contained in the role for a long time: if the role has more permission functions, it will be difficult to remember the specific permissions of the roles, and it is more difficult to remember the difference in permissions between the roles with similar permissions. The permissions of a role are also easily confused; if you want to associate a new user, you cannot accurately determine how the association should be selected.
3、因为用户权限变化,则会造成角色创建越来越多(若不创建新角色,则会大幅增加直接对用户的授权),更难分清各角色权限的具体差别。3, because the user permissions change, it will cause more and more role creation (if you do not create a new role, it will greatly increase the authorization of the user directly), it is more difficult to distinguish the specific differences of the roles of each role.
4、调岗时,若要将被调岗用户的很多个权限分配给另外几个用户承担,则处理时必须将被调岗用户的这些权限区分开来,分别再创建角色来关联另外几个用户,这样的操作不仅复杂耗时,而且还很容易发生错误。4. When adjusting the post, if you want to assign a lot of rights of the transferred users to other users, you must separate the rights of the transferred users and create roles to associate with others. Users, such an operation is not only complicated and time consuming, but also prone to errors.
现有的工作流的审批节点设置时,通常是选择对应的人,但是每个人的工作职责通常都会发生变化,在人员职责调整时,又需要选择新的负责人员,容易出错。When the existing workflow's approval node is set, the corresponding person is usually selected, but each person's job responsibilities usually change. When the personnel responsibility is adjusted, the new responsible person needs to be selected, which is easy to make mistakes.
技术问题technical problem
本发明的目的在于克服现有技术的不足,提供一种工作流审批节点按角色设置审批角色的方法,在设置审批角色时只需选择相应的角色即可,操作便捷。The purpose of the present invention is to overcome the deficiencies of the prior art, and to provide a method for setting an approval role by a workflow approval node according to a role, and only need to select a corresponding role when setting an approval role, and the operation is convenient.
技术解决方案Technical solution
本发明的目的是通过以下技术方案来实现的: 工作流审批节点按角色设置审批角色的方法,包括:创建系统组织结构中所包含的角色;对工作流的审批节点进行设置时显示候选角色;从所述候选角色中选择一个或多个角色作为该节点的审批角色。The object of the present invention is achieved by the following technical solutions: The workflow approval node sets the role of the approval role by role, including: creating a role included in the system organization structure; displaying the candidate role when setting the workflow approval node; One or more roles are selected from the candidate roles as an approval role for the node.
优选的,每个角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。Preferably, each role is an independent individual, not a group/class. One role can only associate a unique user at a time, and one user associates one or more roles.
优选的,所述工作流的生成方法包括:构建用户-角色-权限的三层机构模型,其中:角色层:工作流中流程审批的操作主体为角色,每个角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;权限层:由工作流执行中所需要使用的权限构成,权限直接授权给角色;用户层:用户通过关联的角色确定工作流中的审批任务,并以关联角色的权限进行审批操作;利用三层结构模型对工作流进行控制,一个审批流程中包括一个开始节点、至少一个审批节点、一个结束节点,其中:开始节点:审批流程开始;审批节点:对相应的审批角色进行审批权限授权(或设置);结束节点:审批流程结束;用户根据其关联的角色确定所需处理的审批任务,并根据关联的角色的权限进行审批操作。Preferably, the method for generating the workflow includes: constructing a three-layer mechanism model of user-role-permission, wherein: a role layer: an operation subject of process approval in a workflow is a role, and each role is an independent individual, instead Group/class, a role can only be associated with a unique user in the same period, and a user is associated with one or more roles; privilege layer: consists of the permissions required for workflow execution, permissions are directly delegated to the role; user layer: user The approval task in the workflow is determined by the associated role, and the approval operation is performed with the permission of the associated role; the workflow is controlled by the three-layer structure model, and an approval process includes a start node, at least one approval node, and an end node. , where: start node: approval process start; approval node: approval authority authorization (or setting) for the corresponding approval role; end node: approval process end; user determines the approval task to be processed according to its associated role, and according to The permissions of the associated role are approved.
优选的,有工作流发起权限的角色才能作为提交角色发起/申请/提交工作流。Preferably, a role with workflow initiating permissions can initiate/apply/submit a workflow as a submitting role.
优选的,所述角色归属于部门,根据角色的工作内容对角色进行授权。Preferably, the role belongs to a department, and the role is authorized according to the working content of the role.
优选的,所述角色的名称在该部门下唯一,该角色的编号在系统中唯一。Preferably, the name of the role is unique under the department, and the number of the role is unique in the system.
优选的,所述用户跨部门调岗时,取消用户与原部门内的角色的关联,将用户与新部门内的角色进行关联。Preferably, when the user moves across the department, the user is associated with the role in the original department, and the user is associated with the role in the new department.
优选的,所述用户通过其与角色的关联确定权限,一个员工对应一个用户账号,一个用户账号对应一个员工。Preferably, the user determines the authority by its association with the role, one employee corresponds to one user account, and one user account corresponds to one employee.
优选的,所述候选角色的显示形式包括列表、组织结构树形图、组织结构架构图中的一种或多种。Preferably, the display form of the candidate character includes one or more of a list, an organizational structure tree diagram, and an organizational structure diagram.
工作流审批节点按角色设置审批角色的方法,包括:创建系统组织结构中所包含的角色;选择(或设置)以按角色方式进行审批角色的设置;对工作流的审批节点进行设置时显示候选角色;从所述候选角色中选择一个或多个角色作为该节点的审批角色。The workflow approval node sets the role of the approval role by role, including: creating the role contained in the system organization structure; selecting (or setting) to set the approval role by role; displaying candidates when setting the workflow approval node Role; select one or more roles from the candidate roles as the approval role for the node.
有益效果Beneficial effect
本发明的有益效果是:(1)系统工作流设置人员在设置审批角色时只需选择相应的角色作为审批角色即可,无需选择具体的用户,即使该角色关联的用户发生变化,也不需要重新设置审批角色,操作便捷、不容易出错。The beneficial effects of the present invention are as follows: (1) The system workflow setting personnel only need to select the corresponding role as the approval role when setting the approval role, and it is not necessary to select a specific user, even if the user associated with the role changes, it is not required. Resetting the approval role is easy and error-free.
举例:公司的行政部有角色A、角色B,若角色A为行政部的部门主管角色,在进行请假的工作流审批设置时,只需选择角色A作为审批角色,而不用选择角色A关联的用户,即使角色A关联的用户由张三变为李四,也不需要重新进行审批角色的设置。For example, the administrative department of the company has role A and role B. If role A is the department supervisor role of the administrative department, when performing the workflow approval setting for leave, simply select role A as the approval role instead of selecting role A. The user, even if the user associated with role A is changed from Zhang San to Li Si, does not need to re-approve the role setting.
(2)工作流中审批操作的主体是角色,而且这个角色是独立的个体而不是传统组/类性质的角色,即使发生员工/用户变动(如调岗、离职等),只需将新员工重新关联到审批流程中的角色即可;或者是员工审批权限发生变化,针对性调整该角色审批权限即可,无需重新设置/调整流程,设置方便,不会出错或遗漏,不会影响企业的正常运营,极大提高了工作流的可靠性。以岗位号性质的角色为审批环节节点的审批授权主体,用户通过角色确定其有哪些审批任务,用户通过关联角色的权限进行审批操作即可;理解清晰简单,每个岗位号/工位号性质的角色是工作主体的最小单位,针对每个角色对审批的不同需求,本申请均能够很好满足。(2) The main body of the approval operation in the workflow is the role, and the role is an independent individual rather than a traditional group/class role. Even if employee/user changes occur (such as transfer, separation, etc.), only new employees are required. Re-associate to the role in the approval process; or change the employee approval authority, adjust the role approval authority in a targeted manner, no need to reset/adjust the process, easy to set up, no mistakes or omissions, no impact on the enterprise Normal operation greatly improves the reliability of the workflow. The role of the nature of the post number is the approval authority of the approval link node. The user determines which approval tasks are available through the role. The user can approve the operation by associating the role permissions; the understanding is clear and simple, and the nature of each post number/station number The role is the smallest unit of the work subject, and this application can be well satisfied for each role's different requirements for approval.
(3)本申请角色对用户是一对一的关系,同一时段一个角色只能关联唯一的用户,这样做的好处是,只要将用户关联到角色即可获得权限(即用户获得其关联的角色的权限),而且角色的权限变更比传统机制中的用户权限变更要少得多。独立体性质(岗位号/工位号性质)的角色数量变化小,虽然员工流动大,但岗位号/工位号的变化小(甚至在一定时段内是没有变化的,即角色没有变化),这样将极大简化用户的权限管理,减少系统的开销。(3) The role of the application is a one-to-one relationship to the user. A role can only be associated with a unique user at the same time. The advantage of this is that as long as the user is associated with the role, the user can obtain the associated role (ie, the user obtains the associated role). Permissions), and the role's permission changes are much less than the user permissions in the traditional mechanism. The number of roles of the nature of the independent body (the nature of the post number/station number) is small. Although the employee turnover is large, the change of the post number/station number is small (even if there is no change in a certain period of time, that is, the role does not change), This will greatly simplify the user's rights management and reduce the overhead of the system.
(4)动态管理、入职调岗等的操作简单方便,效率高,可靠性高:入职/离职/调岗在审批流程中的应用简单,工作流程的审批的操作主体是角色,当员工/用户发生变化时不用重新设置审批流程(用户只需取消或关联角色即可:不再任职该岗位号/工位号的角色的用户就取消该角色关联,接手任职该岗位号/工位号的角色的用户关联该岗位号的角色,则关联该角色的用户自动就获得了该角色在审批工作流中的相关任务和权限,无需对审批工作流进行重新设置或对工作流中的角色进行重新授权,极大地提高了流程设置的效率、安全性和可靠性。(4) The operation of dynamic management, on-the-job adjustment, etc. is simple and convenient, high in efficiency and high in reliability: the application of the entry/departure/admission in the approval process is simple, and the operation subject of the approval of the workflow is the role, when the employee/user There is no need to reset the approval process when the change occurs (the user only needs to cancel or associate the role: the user who is no longer in the role of the job number/station number cancels the role association and takes over the role of the job number/station number. If the user is associated with the role of the job number, the user associated with the role automatically obtains the related tasks and permissions of the role in the approval workflow, without resetting the approval workflow or reauthorizing the roles in the workflow. , greatly improving the efficiency, security and reliability of process settings.
举例:因张三用户离职或调岗等原因,张三不再做“采购员3”这个角色的工作,则张三取消了与该角色的关联;另外李四接手做“采购员3”这个角色的工作,则将李四关联该角色,则李四自动获得了审批流程中“采购员3”这个角色的审批任务和审批权限。For example: due to Zhang San’s resignation or transfer, Zhang San is no longer working as a “buyer 3”, Zhang San cancels the association with the role; Li Si took over as “Purchaser 3” For the role work, Li Si is associated with the role, and Li Si automatically obtains the approval task and approval authority for the role of “Purchase 3” in the approval process.
(5)传统的权限管理机制将角色定义为组、工种、类等性质,角色对用户是一对多的关系,在实际的系统使用过程中,经常因为在运营过程中需要对用户的权限进行调整,比如:在处理员工权限变化的时候,角色关联的某个员工的权限发生变化,我们不能因该个别员工权限的变化而改变整个角色的权限,因为该角色还关联了其他权限未变的员工。因此为了应对该种情况,要么创建新角色来满足该权限发生变化的员工,要么对该员工根据权限需求直接授权(脱离角色)。以上两种处理方式,在角色权限较多的情况下对角色授权不仅所需时间长,而且容易犯错,使用方操作起来繁琐又麻烦,也容易出错导致对系统使用方的损失。(5) The traditional rights management mechanism defines the role as a group, a job type, a class, etc. The role is a one-to-many relationship with the user. In the actual system use process, it is often necessary to perform the user's authority during the operation process. Adjustments, for example, when the employee permissions are changed, the permissions of an employee associated with the role change. We cannot change the permissions of the entire role because of the change of the individual employee permissions, because the role is also associated with other permissions. Staff. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements. The above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
但在本申请的方法下,因为角色是一个独立的个体,则可以选择改变角色权限即可达到目的。本申请的方法,虽然看起来在系统初始化时会增加工作量,但可以通过复制等方法,使其创建角色或授权的效率高于传统以组为性质的角色,因为不用考虑性质为组的角色在满足关联用户时的共通性,本申请方案会让权限设置清晰,明了;尤其是在系统使用一段时间后(用户/角色权限动态变化),该申请方案能为系统使用方大幅度提高系统使用中的权限管理效率,使动态授权更简单,更方便,更清晰、明了,提高权限设置的效率和可靠性。However, under the method of the present application, since the role is an independent individual, the role permission can be changed to achieve the goal. Although the method of the present application seems to increase the workload when the system is initialized, it can be made by copying and the like to make the role or authorization more efficient than the traditional group-based role, because the role of the group is not considered. In the commonality of the related users, the application scheme will make the permission setting clear and clear; especially after the system is used for a period of time (the user/role authority changes dynamically), the application scheme can greatly improve the system usage for the system user. The efficiency of the rights management makes the dynamic authorization simpler, more convenient, clearer and clearer, and improves the efficiency and reliability of the permission setting.
(6)传统以组为性质的角色授权方法容易出错,本申请方法大幅降低了授权出错的几率,因为本申请方法只需考虑作为独立个体的角色,而不用考虑传统方法下关联该组性质角色的多个用户有哪些共通性。即使授权出错也只影响关联到该角色的那一个用户,而传统以组性质的角色则会影响关联到该角色的所有用户。即使出现权限授权错误,本申请的修正方法简单、时间短,而传统以组性质的角色在修正错误时需要考虑关联到该角色的所有用户的权限共通性,在功能点多的情况下不仅修改麻烦、复杂,非常容易出错,且很多情况下只能新创建角色才能解决。(6) The traditional group-based role authorization method is error-prone, and the method of the present application greatly reduces the probability of authorization errors, because the method of the present application only needs to consider the role as an independent individual, without considering the traditional method to associate the role of the group. What are the commonalities of multiple users? Even if the authorization error occurs, it only affects the user associated with the role, while the traditional group-based role affects all users associated with the role. Even if a permission authorization error occurs, the correction method of the present application is simple and short, and the traditional group-type role needs to consider the commonality of all users associated with the role when correcting the error, and not only the modification when there are many function points. Troublesome, complicated, very error-prone, and in many cases only new roles can be created.
(7)在传统以组为性质的角色授权方法下,若角色的权限功能点比较多,时间一长,很难记住角色的具体权限,更难记住权限相近的角色之间的权限差别,若要关联新的用户,无法准确判断应当如何选择关联。本申请方法的角色本身就具有岗位号/工位号的性质,选择一目了然。(7) Under the traditional group-based role authorization method, if the role has more privilege function points, it takes a long time to remember the specific privilege of the role, and it is more difficult to remember the privilege difference between the roles with similar privilege. If you want to associate a new user, you cannot accurately determine how to select the association. The role of the method of the present application itself has the nature of the job number/station number, and the choice is clear at a glance.
(8)调岗时,若要将被调岗用户的很多个权限分配给另外几个用户承担,则处理时必须将被调岗用户的这些权限区分开来,分别再创建角色来关联另外几个用户,这样的操作不仅复杂耗时,而且还很容易发生错误。(8) When adjusting the post, if you want to assign a lot of rights of the transferred users to other users, you must separate the rights of the transferred users and create roles to associate with others. Users, such an operation is not only complicated and time consuming, but also prone to errors.
本申请方法则为:被调岗用户关联了几个角色,在调岗时,首先取消用户与原部门内的角色的关联(被取消的这几个角色可以被重新关联给其他用户),然后将用户与新部门内的角色进行关联即可。操作简单,不会出错。The method of the present application is as follows: the transferred user associates several roles. When adjusting the post, the user is first unlinked from the role in the original department (the canceled roles can be re-associated to other users), and then Associate users with roles in the new department. The operation is simple and will not go wrong.
(9)角色归属于部门,则该角色的部门不能被更换,角色为什么不能更换部门:理由1:因为本申请的角色性质等同于一个工位号/岗位号,不同的工位号/岗位号的工作内容/权限是不一样的,如销售部门下的销售员1角色和技术部门的开发人员1角色是完全不同的两个工位号/岗位号,其权限是不同的;理由2:若将销售员1角色的所属部门(销售部)更换为技术部,其销售人员1这个角色的权限不变,则在技术部存在拥有销售部权限的一个角色,这样会导致管理混乱及安全漏洞。(9) If the role belongs to the department, the department of the role cannot be replaced, and the role cannot be changed. Reason 1: Because the role of this application is equivalent to a station number/post number, different station number/post number The work content/permissions are different. For example, the salesperson 1 role under the sales department and the developer 1 role of the technical department are completely different two station numbers/post numbers, and their permissions are different; Reason 2: If the department (sales department) of the salesperson 1 role is replaced with the technical department, and the role of the salesperson 1 is unchanged, there is a role in the technical department that has the authority of the sales department, which may lead to management confusion and security loopholes.
附图说明DRAWINGS
图1为背景技术中系统直接对用户进行授权的方式示意图;1 is a schematic diagram of a manner in which a system directly authorizes a user in the background art;
图2为背景技术中系统对组/类性质角色进行授权的方式示意图;2 is a schematic diagram of a manner in which a system authorizes a group/class role in the background art;
图3为背景技术中系统对用户直接授权和对组/类性质角色授权相结合的方式示意图;3 is a schematic diagram of a manner in which a system directly authorizes a user and authorizes a group/class role role in the background art;
图4为本发明中工作流审批节点按角色设置审批角色的方法的一种流程图;4 is a flow chart of a method for setting an approval role by a workflow approval node according to a role in the present invention;
图5为本发明中工作流的示意图;Figure 5 is a schematic view of a workflow in the present invention;
图6为本发明中工作流审批节点按角色设置审批角色的方法的又一种流程图。FIG. 6 is still another flow chart of a method for setting an approval role by a workflow approval node according to a role in the present invention.
本发明的实施方式Embodiments of the invention
下面结合附图进一步详细描述本发明的技术方案,但本发明的保护范围不局限于以下所述。The technical solution of the present invention will be described in further detail below with reference to the accompanying drawings, but the scope of protection of the present invention is not limited to the following.
【实施例1】如图4所示,工作流审批节点按角色设置审批角色的方法,包括:创建系统组织结构中所包含的角色。例如创建角色a、角色b、角色c和角色d等。[Embodiment 1] As shown in FIG. 4, the workflow approval node sets the role of the approval role by role, including: creating a role included in the system organization structure. For example, create role a, role b, role c, and role d.
角色的定义:角色不具有组/类/类别/岗位/职位/工种等性质,而是一个非集合的性质,角色具有唯一性,角色是独立存在的独立个体;在企事业单位应用中相当于岗位号(此处的岗位号非岗位,一个岗位同时可能有多个员工,而同一时段一个岗位号只能对应一个员工)。Role definition: The role does not have the nature of group/class/category/post/job/work, but a non-collection nature, the role is unique, the role is an independent independent entity; in the enterprise application is equivalent Job number (The job number here is not a post, one post may have multiple employees at the same time, and one job number can only correspond to one employee at the same time).
举例:某个公司系统中可创建如下角色:总经理、副总经理1、副总经理2、北京销售一部经理、北京销售二部经理、北京销售三部经理、上海销售工程师1、上海销售工程师2、上海销售工程师3、上海销售工程师4、上海销售工程师5……用户与角色的关联关系:若该公司员工张三任职该公司副总经理2,同时任职北京销售一部经理,则张三需要关联的角色为副总经理2和北京销售一部经理,张三拥有了这两个角色的权限。For example: a company system can create the following roles: general manager, deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5... User-role relationship: If the company employee Zhang San serves as the company's deputy general manager 2, and also serves as a sales manager in Beijing, then Zhang The three roles to be associated are Deputy General Manager 2 and Beijing Sales Manager. Zhang San has the rights to these two roles.
传统角色的概念是组/类/岗位/职位/工种性质,一个角色能够对应多个用户。而本申请“角色”的概念相当于岗位号/工位号,也类同于影视剧中的角色:一个角色在同一时段(童年、少年、中年……)只能由一个演员来饰演,而一个演员可能会分饰多角。The concept of traditional roles is group/class/post/position/work type, and one role can correspond to multiple users. The concept of "role" in this application is equivalent to the post number/station number, and is similar to the role in the film and television drama: a character can only be played by one actor at the same time (childhood, juvenile, middle-aged...). And an actor may be decorated with multiple angles.
每个角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。Each role is a separate entity, not a group/class. A role can only be associated with a unique user at the same time, and a user is associated with one or more roles.
所述角色归属于部门,根据角色的工作内容对角色进行授权;所述角色由名称和编号构成,所述角色的名称在该部门下唯一,该角色的编号在系统中唯一。The role belongs to the department, and the role is authorized according to the work content of the role; the role is composed of a name and a number, the name of the role is unique under the department, and the number of the role is unique in the system.
所述用户跨部门调岗时,取消用户与原部门内的角色的关联,将用户与新部门内的角色进行关联。在创建角色之后,可以在创建用户的过程中关联角色,也可以在用户创建完成后随时进行关联。用户关联角色后可以随时解除与角色的关联关系,也可以随时建立与其他角色的关联关系。When the user moves across departments, the user is associated with the role in the original department, and the user is associated with the role in the new department. After the role is created, you can associate the role in the process of creating the user, or you can associate it at any time after the user is created. After the user associates the role, the relationship with the role can be released at any time, and the relationship with other roles can be established at any time.
所述用户通过其与角色的关联确定权限,一个员工对应一个用户账号,一个用户账号对应一个员工。The user determines the authority through its association with the role, one employee corresponds to one user account, and one user account corresponds to one employee.
对工作流的审批节点进行设置时显示候选角色。所述候选角色的显示形式包括列表、组织结构树形图、组织结构架构图中的一种或多种。例如选择一个审批节点时显示角色a、角色b、角色c和角色d以供选择。The candidate role is displayed when the workflow's approval node is set. The display form of the candidate character includes one or more of a list, an organizational structure tree diagram, and an organizational structure diagram. For example, when selecting an approval node, role a, role b, role c, and role d are displayed for selection.
如图5所示,所述工作流的生成方法包括:构建用户-角色-权限的三层机构模型,其中:角色层:工作流中流程审批的操作主体为角色,每个角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;权限层:由工作流执行中所需要使用的权限构成,权限直接授权给角色;用户层:用户通过关联的角色确定工作流中的审批任务,并以关联角色的权限进行审批操作;利用三层结构模型对工作流进行控制,一个审批流程中包括一个开始节点、至少一个审批节点、一个结束节点,其中:开始节点:发起/申请/提交工作流作为开始节点,或者由第一个审批节点作为开始节点;审批节点:对相应的审批角色进行审批权限授权(或设置);结束节点:审批流程流转到此节点时该审批流程结束,该结束节点不进行审批操作;或者以最后一个审批节点作为结束节点,该结束节点需要进行审批操作;用户根据其关联的角色确定所需处理的审批任务,并根据关联的角色的权限进行审批操作。As shown in FIG. 5, the method for generating the workflow includes: constructing a three-layer mechanism model of user-role-permission, wherein: a role layer: an operation subject of process approval in a workflow is a role, and each role is an independent individual. Instead of a group/class, a role can only be associated with a unique user at the same time, and a user is associated with one or more roles; the privilege layer: consists of the permissions required for workflow execution, and the permissions are directly delegated to the role; the user Layer: The user determines the approval task in the workflow through the associated role, and performs the approval operation with the permission of the associated role. The workflow is controlled by the three-layer structure model. One approval process includes a start node and at least one approval node. An end node, where: start node: initiate/subscribe/submit workflow as the start node, or start node as the first approval node; approve node: approve authority (or set) for the corresponding approval role; end node : The approval process flow ends when the approval process flow goes to this node, and the end node does not approve For; or approval to a node as the last end node, the end node requires approval operation; user to determine the required approval tasks associated with processing according to its role and operating under the authority of the role approval associated.
从所述候选角色中选择一个或多个角色作为审批角色。以选择角色a为审批角色为例,直接选择角色a作为审批角色即可。One or more roles are selected from the candidate roles as approval roles. For example, if you select role a as the approval role, you can directly select role a as the approval role.
【实施例2】本实施例以一个请假工作流的审批节点设置对本发明进行说明。[Embodiment 2] This embodiment describes the present invention with an approval node setting of a leave workflow.
某公司的行政部下面有角色A、角色B、角色C、角色D、角色E和角色F,公司所有请假都需要角色A进行审批,请假工作流的审批节点的设置具体包括以下步骤:创建角色A、角色B、角色C、角色D、角色E和角色F。The administrative department of a company has role A, role B, role C, role D, role E, and role F. All company leave requires role A to approve. The setting of the approval node of the leave workflow includes the following steps: creating a role A, role B, role C, role D, role E, and role F.
在请假工作流中选择一个审批节点,此时显示出候选角色,候选角色包括角色A、角色B、角色C、角色D、角色E和角色F(若系统组织结构中还有其它角色,则也显示这些角色)。Select an approval node in the leave workflow, and the candidate role is displayed. The candidate roles include role A, role B, role C, role D, role E, and role F (if there are other roles in the system organization structure, Show these roles).
从候选角色中选择角色A作为审批角色。Select role A as the approval role from the candidate roles.
假设角色A关联的用户为张三,则张三获取审批任务并进行审批。Assuming that the user associated with role A is Zhang San, Zhang San obtains the approval task and approves it.
假设角色A关联的用户由张三变为李四,由于审批角色由角色A担任,虽然角色A关联的用户发生了变化,但是在请假工作流中仍然是角色A担任审批角色,无需重新设置审批角色,减少了工作量,同时降低了出错的可能性。Assume that the user associated with role A changes from Zhang San to Li Si. Since the approval role is held by role A, although the user associated with role A has changed, role A is still in the approval role in the leave workflow, and there is no need to reset the approval. Roles reduce workload and reduce the possibility of errors.
【实施例3】如图6所示,工作流审批节点按角色设置审批角色的方法,包括:创建系统组织结构中所包含的角色;选择(或设置)以按角色方式进行审批角色的设置;对工作流的审批节点进行设置时显示候选角色;从所述候选角色中选择一个或多个角色作为该节点的审批角色。[Embodiment 3] As shown in FIG. 6, the workflow approval node sets the role of the approval role by role, including: creating a role included in the system organization structure; selecting (or setting) to perform the role setting by the role mode; The candidate role is displayed when the approval node of the workflow is set; one or more roles are selected from the candidate roles as the approval role of the node.
以上所述仅是本发明的优选实施方式,应当理解本发明并非局限于本文所披露的形式,不应看作是对其他实施例的排除,而可用于各种其他组合、修改和环境,并能够在本文所述构想范围内,通过上述教导或相关领域的技术或知识进行改动。而本领域人员所进行的改动和变化不脱离本发明的精神和范围,则都应在本发明所附权利要求的保护范围内。The above is only a preferred embodiment of the present invention, and it should be understood that the present invention is not limited to the forms disclosed herein, and is not to be construed as being limited to the other embodiments, but may be used in various other combinations, modifications and environments. Modifications can be made by the techniques or knowledge of the above teachings or related art within the scope of the teachings herein. All changes and modifications made by those skilled in the art are intended to be within the scope of the appended claims.

Claims (10)

  1. 工作流审批节点按角色设置审批角色的方法,其特征在于,包括:创建系统组织结构中所包含的角色;The workflow approval node sets the role of the approval role by role, and is characterized by: creating a role included in the system organization structure;
    对工作流的审批节点进行设置时显示候选角色;Display candidate roles when setting up workflow approval nodes;
    从所述候选角色中选择一个或多个角色作为该节点的审批角色。One or more roles are selected from the candidate roles as an approval role for the node.
  2. 根据权利要求1所述的工作流审批节点按角色设置审批角色的方法,其特征在于,每个角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。The method for setting an approval role by a workflow approval node according to claim 1, wherein each role is an independent individual, not a group/class, and a role can only associate a unique user in the same period, and one A user associates one or more roles.
  3. 根据权利要求2所述的工作流审批节点按角色设置审批角色的方法,其特征在于,所述工作流的生成方法包括:The method for generating an approval role by a workflow approval node according to claim 2, wherein the method for generating the workflow includes:
    构建用户-角色-权限的三层机构模型,其中:角色层:工作流中流程审批的操作主体为角色,每个角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;Construct a three-tiered model of user-role-permission, where: role layer: the main body of the process approval in the workflow is the role, each role is an independent individual, not a group/class, and one role can only be uniquely associated in the same time period. Users, while one user is associated with one or more roles;
    权限层:由工作流执行中所需要使用的权限构成,权限直接授权给角色;Privilege layer: consists of the privilege required to be used in the execution of the workflow, and the privilege is directly delegated to the role;
    用户层:用户通过关联的角色确定工作流中的审批任务,并以关联角色的权限进行审批操作;User layer: The user determines the approval task in the workflow through the associated role, and performs the approval operation with the permission of the associated role;
    利用三层结构模型对工作流进行控制,一个审批流程中包括一个开始节点、至少一个审批节点、一个结束节点,其中:开始节点:审批流程开始;The workflow is controlled by a three-layer structure model. One approval process includes a start node, at least one approval node, and an end node, wherein: the start node: the approval process starts;
    审批节点:对相应的审批角色进行审批权限授权;Approval node: Authorize authority for the corresponding approval role;
    结束节点:审批流程结束;End node: the approval process ends;
    用户根据其关联的角色确定所需处理的审批任务,并根据关联的角色的权限进行审批操作。The user determines the approval tasks to be processed according to their associated roles and performs approval operations based on the permissions of the associated roles.
  4. 根据权利要求3所述的工作流审批节点按角色设置审批角色的方法,其特征在于,有工作流发起权限的角色才能作为提交角色发起/申请/提交工作流。The method for setting an approval role by a workflow approval node according to claim 3, wherein a role having a workflow initiation authority can be used as a submission role to initiate/apply/submit a workflow.
  5. 根据权利要求2所述的工作流审批节点按角色设置审批角色的方法,其特征在于,所述角色归属于部门,根据角色的工作内容对角色进行授权。The method for setting an approval role by a workflow approval node according to claim 2, wherein the role belongs to a department, and the role is authorized according to the work content of the role.
  6. 根据权利要求5所述的工作流审批节点按角色设置审批角色的方法,其特征在于,所述角色的名称在该部门下唯一,该角色的编号在系统中唯一。The method for setting an approval role by a workflow approval node according to claim 5, wherein the name of the role is unique under the department, and the number of the role is unique in the system.
  7. 根据权利要求5所述的工作流审批节点按角色设置审批角色的方法,其特征在于,所述用户跨部门调岗时,取消用户与原部门内的角色的关联,将用户与新部门内的角色进行关联。The method for setting an approval role by a workflow approval node according to claim 5, wherein when the user moves across the department, the user is disconnected from the role in the original department, and the user and the new department are Roles are associated.
  8. 根据权利要求2所述的工作流审批节点按角色设置审批角色的方法,其特征在于,所述用户通过其与角色的关联确定权限,一个员工对应一个用户账号,一个用户账号对应一个员工。The method for setting an approval role by a workflow approval node according to claim 2, wherein the user determines the authority by its association with the role, one employee corresponds to one user account, and one user account corresponds to one employee.
  9. 根据权利要求1所述的工作流审批节点按角色设置审批角色的方法,其特征在于,所述候选角色的显示形式包括列表、组织结构树形图、组织结构架构图。The method for setting an approval role by a workflow approval node according to claim 1, wherein the display form of the candidate role comprises a list, an organizational structure tree diagram, and an organizational structure diagram.
  10. 工作流审批节点按角色设置审批角色的方法,其特征在于,包括:创建系统组织结构中所包含的角色;The workflow approval node sets the role of the approval role by role, and is characterized by: creating a role included in the system organization structure;
    选择以按角色方式进行审批角色的设置;Select to set the approval role by role;
    对工作流的审批节点进行设置时显示候选角色;Display candidate roles when setting up workflow approval nodes;
    从所述候选角色中选择一个或多个角色作为该节点的审批角色。One or more roles are selected from the candidate roles as an approval role for the node.
PCT/CN2018/087920 2017-05-23 2018-05-22 Role-based method for setting approval role for workflow approval node WO2018214890A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710369876.7 2017-05-23
CN201710369876.7A CN107045675A (en) 2017-05-23 2017-05-23 The method that workflow approval node is set examination & approval role by role

Publications (1)

Publication Number Publication Date
WO2018214890A1 true WO2018214890A1 (en) 2018-11-29

Family

ID=59546636

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/087920 WO2018214890A1 (en) 2017-05-23 2018-05-22 Role-based method for setting approval role for workflow approval node

Country Status (2)

Country Link
CN (2) CN107045675A (en)
WO (1) WO2018214890A1 (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107045675A (en) * 2017-05-23 2017-08-15 成都牵牛草信息技术有限公司 The method that workflow approval node is set examination & approval role by role
CN107665421A (en) * 2017-09-08 2018-02-06 金蝶软件(中国)有限公司 The document measures and procedures for the examination and approval, device, storage medium and computer equipment
CN107493304B (en) * 2017-09-30 2020-06-30 新奥(中国)燃气投资有限公司 Authorization management platform and method
CN109523444A (en) * 2018-10-11 2019-03-26 昆山信高圣信息科技有限公司 A kind of information processing method and device combining university students' innovative undertaking
CN109492989A (en) * 2018-10-11 2019-03-19 平安科技(深圳)有限公司 Approval process construction method, device, computer equipment and storage medium
CN109740834A (en) * 2018-11-13 2019-05-10 平安科技(深圳)有限公司 Workflow engine control method, device, computer equipment and storage medium
CN109615333A (en) * 2018-12-13 2019-04-12 普元信息技术股份有限公司 The system and method examined step by step in cloud platform based on drawer model realization process
CN109829700A (en) * 2019-02-26 2019-05-31 广东启动子信息科技有限公司 A kind of right management method and system
CN109903016A (en) * 2019-02-26 2019-06-18 广东启动子信息科技有限公司 A kind of implementation method and flow engine system of the flow engine of combination rights management
CN109995768A (en) * 2019-03-18 2019-07-09 网宿科技股份有限公司 A kind of method and device of server rights management
CN110110976A (en) * 2019-04-19 2019-08-09 一起住好房(北京)网络科技有限公司 A method of improving the workflow examination and approval system actor efficiency of management
CN110648111A (en) * 2019-09-09 2020-01-03 杭州博联智能科技股份有限公司 Workflow-based approval task processing method and device, electronic equipment and medium
CN112907013A (en) * 2019-12-04 2021-06-04 广州凡科互联网科技股份有限公司 Executor selection method based on custom circulation
CN110990856A (en) * 2019-12-06 2020-04-10 广东联晟通信科技有限公司 Authority auditing method and system
CN113128942A (en) * 2019-12-30 2021-07-16 北京国双科技有限公司 Visual workflow processing method and device
CN111414591B (en) * 2020-03-02 2024-02-20 中国建设银行股份有限公司 Workflow management method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140180754A1 (en) * 2005-07-12 2014-06-26 Open Text S.A. Workflow System and Method for Single Call Batch Processing of Collections of Database Records
CN105096030A (en) * 2015-06-16 2015-11-25 阿里巴巴集团控股有限公司 Enterprise approval event processing method and apparatus
CN106485389A (en) * 2015-09-01 2017-03-08 北京奇虎科技有限公司 The dynamic updating method of examination & approval stream and device
CN107045675A (en) * 2017-05-23 2017-08-15 成都牵牛草信息技术有限公司 The method that workflow approval node is set examination & approval role by role

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030220824A1 (en) * 2002-05-21 2003-11-27 Shou-Min Tseng Enterprise organization operational flow management system
US20090157463A1 (en) * 2007-12-14 2009-06-18 Morinville Paul V Approver Identification Using Multiple Hierarchical Role Structures
US20090182570A1 (en) * 2008-01-16 2009-07-16 Morinville Paul V Automated Execution of Business Processes Using Two Stage State
CN102468971A (en) * 2010-11-04 2012-05-23 北京北方微电子基地设备工艺研究中心有限责任公司 Authority management method and device, and authority control method and device
CN102708428A (en) * 2011-03-28 2012-10-03 祖东锋 Method for controlling enterprise management system
CN107103228B (en) * 2017-04-22 2021-02-02 成都牵牛草信息技术有限公司 Role-based one-to-one authorization method and system for user permission
CN107180334A (en) * 2017-04-29 2017-09-19 成都牵牛草信息技术有限公司 Based role is to the man-to-man Work-flow control method and system of user

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140180754A1 (en) * 2005-07-12 2014-06-26 Open Text S.A. Workflow System and Method for Single Call Batch Processing of Collections of Database Records
CN105096030A (en) * 2015-06-16 2015-11-25 阿里巴巴集团控股有限公司 Enterprise approval event processing method and apparatus
CN106485389A (en) * 2015-09-01 2017-03-08 北京奇虎科技有限公司 The dynamic updating method of examination & approval stream and device
CN107045675A (en) * 2017-05-23 2017-08-15 成都牵牛草信息技术有限公司 The method that workflow approval node is set examination & approval role by role

Also Published As

Publication number Publication date
CN108734400A (en) 2018-11-02
CN107045675A (en) 2017-08-15

Similar Documents

Publication Publication Date Title
WO2018214890A1 (en) Role-based method for setting approval role for workflow approval node
WO2018214891A1 (en) Method for setting up approval role according to department by approval node in workflow
WO2018196876A1 (en) Workflow control method and system based on one-to-one correspondence between roles and users
WO2018210248A1 (en) Method based on form fields for arranging examination and approval roles at workflow examination and approval nodes
WO2019011220A1 (en) Method for setting approval procedure based on base fields
WO2018210245A1 (en) Method for setting form field operation authority of workflow, and method for setting form field operation authority of approval node
WO2018224024A1 (en) Efficient approval method for workflow approval node
WO2018205942A1 (en) Method for setting approval roles according to department levels on workflow approval nodes
WO2018214889A1 (en) Countersign-based method for setting up approval node in approval process
WO2019029650A1 (en) Form data operation auditing method
WO2019007260A1 (en) Method for authorizing operation permissions of form field values
WO2019007292A1 (en) Role-based form operation authority granting method
WO2018219230A1 (en) Approval workflow entrusting and re-entrusting method
WO2019011304A1 (en) Role acquisition-based method for authorizing form data
WO2018192557A1 (en) Permission granting method and system based on one-to-one correspondence between roles and users
WO2019029648A1 (en) Improved rbac right mechanism-based approval task transfer method
WO2019015539A1 (en) Method for authorizing form data operation authority
WO2019034022A1 (en) Method for setting operating record viewing right based on time period
WO2018224023A1 (en) Method for displaying permission after employee logs into account thereof in system
WO2019011162A1 (en) Shortcut function setting method
WO2019029649A1 (en) Method for authorizing approval processes and approval nodes thereof for user
WO2018205940A1 (en) Organizational structure chart generation method based on one-to-one correspondence between roles and users, and application method
WO2019029502A1 (en) Method for authorizing authorization operator in system
WO2019001322A1 (en) Role-based menu authorization method
WO2019007261A1 (en) Method for obtaining field value of character property field in form

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18806321

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18806321

Country of ref document: EP

Kind code of ref document: A1