WO2019007260A1 - 表单字段值操作权限授权方法 - Google Patents

表单字段值操作权限授权方法 Download PDF

Info

Publication number
WO2019007260A1
WO2019007260A1 PCT/CN2018/093432 CN2018093432W WO2019007260A1 WO 2019007260 A1 WO2019007260 A1 WO 2019007260A1 CN 2018093432 W CN2018093432 W CN 2018093432W WO 2019007260 A1 WO2019007260 A1 WO 2019007260A1
Authority
WO
WIPO (PCT)
Prior art keywords
role
field value
authorization
operation authority
authorized
Prior art date
Application number
PCT/CN2018/093432
Other languages
English (en)
French (fr)
Inventor
陈达志
Original Assignee
成都牵牛草信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CA3068903A priority Critical patent/CA3068903A1/en
Priority to BR112020000169-4A priority patent/BR112020000169A2/pt
Priority to MX2019015913A priority patent/MX2019015913A/es
Priority to EP18828217.2A priority patent/EP3651036A4/en
Application filed by 成都牵牛草信息技术有限公司 filed Critical 成都牵牛草信息技术有限公司
Priority to PE2019002676A priority patent/PE20200286A1/es
Priority to US16/628,551 priority patent/US11507651B2/en
Priority to AU2018296471A priority patent/AU2018296471A1/en
Priority to KR1020207001594A priority patent/KR20200017512A/ko
Priority to UAA202000674A priority patent/UA127351C2/uk
Priority to JP2019571525A priority patent/JP7540660B2/ja
Priority to EA202090222A priority patent/EA202090222A1/ru
Publication of WO2019007260A1 publication Critical patent/WO2019007260A1/zh
Priority to CONC2019/0015066A priority patent/CO2019015066A2/es
Priority to PH12020500010A priority patent/PH12020500010A1/en
Priority to ZA2020/00579A priority patent/ZA202000579B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/166Editing, e.g. inserting or deleting
    • G06F40/174Form filling; Merging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/105Human resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Definitions

  • the invention relates to a management software form authorization method such as ERP, in particular to a form field value operation authority authorization method.
  • the authorization of the form view authority based on the form field value can be realized.
  • the selected form type is “order”
  • the fields in the form for authorization control are “order number”, “customer name”, “ Customer address, “telephone”, “contact”, “customer's industry”, “product model”, “product quantity”, “product unit price”, etc., can realize the permission of a system user to view different order information in the order form.
  • Separate controls such as allowing viewing of customer names in the order form, and not allowing viewing of calls in the order form.
  • the defects of the traditional software system are: (1) When the form field value authorization is performed, the recently authorized operator and operation time cannot be displayed, and the file authority authorization cannot be responsible when the file authority authorization is wrong, and the current authorization operation cannot be performed. Provide a reference for the authorization time, which is not convenient to use. (2) The authorization of the form field value operation authority cannot be performed in batches for multiple roles, and the template authorization function is not supported. Each authorization must set each field one by one, and the authorization efficiency is low. The fields of the form in the large software system are often very Many, the traditional authorization method has a lot of work.
  • role-based access control is one of the most researched and matured database rights management mechanisms in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and autonomous access control (DAC). .
  • Traditional autonomous access control has high flexibility but low security. Forced access control is highly secure but too restrictive.
  • Role-based access control combines both ease of management and reduces the complexity, cost, and probability of errors. Therefore, it has been greatly developed in recent years.
  • the basic idea of role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and indirectly access database resources by being assigned different roles.
  • the role-based permission control mechanism can manage the access rights of the system simply and efficiently, which greatly reduces the burden and cost of the system rights management, and makes the system rights management more in line with the business management specifications of the application system.
  • the traditional role-based user rights management adopts the "role-to-user one-to-many" association mechanism, and the "role” is group/class nature, that is, one role can simultaneously correspond to/associate multiple users, and the role is similar to the post/
  • the concept of position/work type the authorization of user rights under this association mechanism is basically divided into the following three forms: 1. As shown in Figure 1, the user is authorized directly, the disadvantage is that the workload is large, the operation is frequent and troublesome; Employee changes (such as transfer, resignation, etc.), all the form operation rights involved in the employee must be adjusted accordingly, especially for company management personnel, the form permissions involved, the task of authority adjustment is large and complicated. It is easy to make mistakes or omissions, affecting the normal operation of the company and even causing unpredictable losses.
  • the role (class/group/post/work type) is authorized (a role can be associated with multiple users), the user obtains the permission through the role, and the approval operation subject is the group/class nature role; As shown in Figure 3, the above two methods are combined.
  • both 2 and 3 need to authorize the role of the class/group nature, and the way of authorization and workflow control through the role of class/group/post/work type has the following disadvantages: 1.
  • Difficulties in operation In the actual system use process, it is often necessary to adjust the user's authority during the operation process. For example, when dealing with employee permission changes, the employee rights associated with the role change, we cannot because of this Changes in employee permissions change the permissions of the entire role, because the role is also associated with other employees whose permissions have not changed. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements.
  • the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
  • the employee/user's form operation permissions change either the employee/user is removed from the role or the role is added to meet the job requirements.
  • the defect of the first method is the same as the above-mentioned "direct authorization to the user" method.
  • the new role involves the creation, association, and authorization of the role. Especially in the case of a large number of roles and a large number of users associated with the role, it is difficult to remember which users are associated with the role.
  • the object of the present invention is to overcome the deficiencies of the prior art, and provide a form field value operation authority authorization method, which realizes separate authorization of form field value operation authority and improves system management fineness; a role can only be associated with a unique one at a time. Users greatly improve the efficiency of rights management in the use of the system, making dynamic authorization simpler, more convenient, clearer and clearer, and improving the efficiency and reliability of authority authorization.
  • a form field value operation authority authorization method an operation authority authorization step of a form field value, a step of selecting an authorized person, an operation authority authorization step and selection of a form field value
  • the sequence of steps of the authorized person is in no particular order;
  • the operation authority authorization step of the form field value includes the following steps: S1: selecting a form to be authorized, and displaying a field in the form that requires operation authority control;
  • the authorized person is one or more roles, the role is an independent individual, not a group/class, and a role can only associate with a unique user in the same time period. And a user associates one or more roles.
  • the operation authority includes one or two of viewing and modification.
  • the display mode includes: (1) displaying the field corresponding to the field value, but hiding the field value with the concealer; (2) the field value and the field corresponding to the field value are not displayed.
  • the role belongs to the department, and the role is unique under the department.
  • the role is authorized according to the work content of the role, and the user obtains the permission by associating the role.
  • the name of the role is unique under the department, and the number of the role is unique in the system.
  • the user When a user moves across departments, the user is first associated with the role in the original department, and then the user is associated with the role in the new department.
  • the form field value operation authority authorization method further includes a template authorization step, which specifically includes: (1) selecting an authorized person and an authorization form, selecting one or more roles as the authorized person; and (2) authorizing the authorized person: Select an existing role or created template as the authorization template, and assign the form field value operation authority of the authorization template to the authorized person; (3) save or not modify and save the form field value operation authority of the authorized person.
  • a template authorization step specifically includes: (1) selecting an authorized person and an authorization form, selecting one or more roles as the authorized person; and (2) authorizing the authorized person: Select an existing role or created template as the authorization template, and assign the form field value operation authority of the authorization template to the authorized person; (3) save or not modify and save the form field value operation authority of the authorized person.
  • a form field value operation authority authorization method including an operation authority authorization step of a form field value and a step of selecting an authorized person, an operation authority authorization step of the form field value, and an order of selecting the authorized person in no order;
  • the operation authority authorization step of the field value includes the following steps: S1: selecting a form to be authorized; S2: selecting an operation authority to be authorized; S3: setting a field in the form having the selected operation authority, the set
  • the field has the selected operational authority (ie, has the corresponding operational authority for the field value of the field);
  • the authorized person is one or more roles, the role is an independent individual, not a group/class A role can only be associated with a unique user at the same time, and a user is associated with one or more roles.
  • the invention has the following advantages: 1) The invention can realize the separate authorization of the operation authority of the form field value, and improves the fineness of the system management; the operation authority includes the viewing and modification, and is particularly suitable for the field values of the fields of the form to be separately authorized.
  • the situation For example, in the order form, a system role is allowed to view the "order number", "customer name”, “customer address”, “customer industry”, “product model”, “product quantity”, “product unit price”, but not allowed View the contents of the "Phone” and "Contact” sensitive fields (ie, field values).
  • This method can be used to quickly implement separate authorization.
  • a system role is allowed to view the content of the “product unit price” field, but the content of the “product unit price” field is not allowed to be modified, and the method can also quickly implement the permission setting.
  • the authorized person Zhang San's latest contract form field value operation authority authorization operation is completed by Li Si at 11:00 on May 21, 2015.
  • the authorized person chooses Zhang San and the authorization form is selected as the contract
  • the authorized operator showed that Li Si had authorized the contract form for Zhang San at 11:00 on May 21, 2015.
  • Zhang San should not have the right to view the contents of a confidential field, and the last time he authorized Zhang San, Zhang San has the right to view the contents of the confidential field. In the process of subsequent accountability, you can find the last time. Authorize the operator to find the responsible person.
  • an operator needs to authorize the contract form field value for 100 authorized persons, but the operator only completes the authorization of 70 authorized persons on the same day, and the operator can pass the authorization when the operator continues the authorization the next day.
  • View the last authorized time of each authorized person to determine if the authorized person requires authorization. It is also possible to search through the authorized time interval for all authorized persons authorized within the specified time interval. By looking at the authorized person's last authorized time, it is possible to know how long the authorized person's authority has not changed, which is helpful for visually determining whether it is necessary to re-authorize it.
  • This method can select multiple authorized roles for batch authorization at the same time, which improves the authorization efficiency.
  • this method supports template authorization, that is, selects an existing role or created a template as an authorization template, and forms the authorization template.
  • the field value operation authority directly grants (updates) the authorized person (and saves it after simple modification), and the authorization operation is simple and efficient. The combination of the two methods greatly improves the authorization efficiency of the system form field value operation authority.
  • the role of the application is a one-to-one relationship to the user.
  • One role can only be associated with a unique user at the same time, and one user is associated with one or more roles.
  • the advantage of this is that as long as the user is associated with the role, the permission can be obtained. (ie, the user gains access to their associated role), and the role's permission changes are much less than the user permissions in the traditional mechanism.
  • the number of roles of the nature of the independent body (the nature of the post number/station number) is small. Although the employee turnover is large, the change of the post number/station number is small (even if there is no change in a certain period of time, that is, the role does not change), This will greatly simplify the user's rights management and reduce the overhead of the system.
  • the traditional rights management mechanism defines roles as groups, types of work, classes, etc.
  • the role is a one-to-many relationship with the user. In the actual system use process, it is often necessary to adjust the user's rights during the operation process. For example, when dealing with employee permission changes, the permissions of an employee associated with the role change. We cannot change the permissions of the entire role because of the change of the individual employee permissions, because the role is also associated with other employees whose permissions have not changed. . So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements.
  • the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
  • the role since the role is an independent individual, the role permission can be changed to achieve the goal.
  • the method of the present application seems to increase the workload when the system is initialized, it can be made by copying or the like to make the role or authorization more efficient than the traditional group/class nature, because the group/class role is not considered.
  • the application scheme will make the permission setting clear and clear; especially after the system is used for a period of time (the user/role authority changes dynamically), the application scheme can greatly improve the system usage for the system user.
  • the efficiency of the rights management makes the dynamic authorization simpler, more convenient, clearer and clearer, and improves the efficiency and reliability of the permission setting.
  • the traditional group/class role authorization method is error-prone, and the method of the present application greatly reduces the probability of authorization errors, because the method of the present application only needs to consider the role as an independent individual, without considering the traditional method to associate the role of the group. What are the commonalities of multiple users? Even if the authorization error occurs, it only affects the user associated with the role, while the traditional group-based role affects all users associated with the role. Even if a permission authorization error occurs, the correction method of the present application is simple and short, and the traditional group-type role needs to consider the commonality of all users associated with the role when correcting the error, and not only the modification when there are many function points. Troublesome, complicated, very error-prone, and in many cases only new roles can be created.
  • the method of the present application is as follows: the transferred user associates several roles.
  • the user When adjusting the post, the user is first unlinked from the role in the original department (the canceled roles can be re-associated to other users), and then Associate users with roles in the new department. The operation is simple and will not go wrong.
  • FIG. 1 is a schematic diagram of a manner in which a system directly authorizes a user in the background art
  • FIG. 2 is a schematic diagram of a manner in which a system authorizes a group/class role in the background art
  • FIG. 3 is a schematic diagram of a manner in which a system directly authorizes a user and authorizes a group/class role role in the background art
  • FIG. 4 is a schematic diagram of a manner in which a system authorizes a user through an independent individual role
  • Figure 5 is a schematic diagram of the selected author in the present invention when one is selected and the form is selected;
  • FIG. 6 is a schematic diagram of a selected one of the selected persons in the present invention and a selected form
  • FIG. 7 is a schematic diagram of an authorization template used for authorizing a licensee in the present invention.
  • FIG. 8 is a schematic diagram of an order form in an embodiment of the present invention.
  • a form field value operation authority authorization method including an operation authority authorization step of a form field value and a step of selecting an authorized person, an operation authority authorization step of the form field value, and an order of selecting the authorized person in no order;
  • the operation authority authorization step of the field value includes the following steps: S1: selecting a form to be authorized, displaying a field in the form that needs to be controlled by the operation authority; S2: authorizing the operation authority of the field value of each field separately (right The field displayed by S1 that needs to perform operation authority control is authorized; and the field that does not need to perform permission control for the field value not displayed by S1 may have the view value and/or the modification authority by default, and the operation authority includes View one or both of them.
  • the authorized person can determine the permission to view and modify the content (field value) of each field in the form.
  • the invention can realize the separate authorization of the operation authority of the form field value, and improves the fineness of the system management; the operation authority includes the viewing and modification, and is particularly suitable for the case where the field values of the fields of the form need to be separately authorized.
  • the system role clerk 1 Zhang San
  • This method can be used to quickly implement separate authorization.
  • the clerk 1 (Zhang San) is allowed to view the content of the “product unit price” field, but the content of the “product unit price” field is not allowed to be modified, and the method can also quickly implement the permission setting.
  • the effect chart is shown in Figure 5.
  • the authorized person is one or more roles, and the role is an independent individual, not a group/class, and a role can only associate with a unique user in the same period.
  • a user is associated with one or more roles.
  • the role belongs to the department, and the role is unique under the department.
  • the role is authorized according to the work content of the role, and the user obtains the permission by associating the role.
  • the name of the role is unique under the department, and the number of the role is unique in the system.
  • the user determines (acquires) the permission through the association with the role, and if the user's permission is to be modified, the authority of the role is adjusted. In order to achieve the purpose of changing the permissions of the user associated with the role. Once a user associates a role, that user has all the operational privileges for that role.
  • the role of the role to the user is one-to-one (when the role is associated with a user, other users can no longer associate the role; if the role is not associated with the user, it can be selected by other users; that is, a role can be And can only be associated by one user).
  • a user's relationship to a role is one-to-many (one user can associate multiple roles at the same time).
  • Role definition The role does not have the nature of group/class/category/post/job/work, but a non-collection nature, the role is unique, the role is an independent independent entity; in the enterprise application is equivalent Job number (The job number here is not a post, one post may have multiple employees at the same time, and one job number can only correspond to one employee at the same time).
  • a company system can create the following roles: general manager, deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
  • general manager deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
  • Zhang San serves as the company's deputy general manager 2, and also serves as a sales manager in Beijing, then Zhang The three roles to be associated are Deputy General Manager 2 and Beijing Sales Manager. Zhang San has the rights to these two roles.
  • roles are group/class/post/position/work type, and one role can correspond to multiple users.
  • the concept of "role" in this application is equivalent to the post number/station number, and is similar to the role in the film and television drama: a character can only be played by one actor at the same time (childhood, juvenile, middle-aged). And an actor may be decorated with multiple angles.
  • the role After the role is created, you can associate the role in the process of creating the user, or you can associate it at any time after the user is created. After the user associates the role, the relationship with the role can be released at any time, and the relationship with other roles can be established at any time.
  • the composition of the character is: post name + post number.
  • workshop production workers 1, workshop production workers 2, workshop production workers 3... roles are independent individuals, equivalent to the concept of job number and station number, different from the role in the traditional authority management system, the concept of role in the traditional system It is the group/class nature of the position/position/work type.
  • the following example shows the relationship between employees, users and roles after the employee Zhang San enters a company: 1. New entry: The employee is newly hired, and directly associates the role of the corresponding job number/station number for the user (employee). Yes, for example: Zhang San joined the company (the company assigned a three-user for Zhang San), the job content is in the sales department, responsible for the sales of refrigerator products in Beijing area (the corresponding role is to sell the sales engineer under the 5 "This role", Zhang San users directly select the "sales engineer 5" role association.
  • Zhang also arranged for Zhang San to be responsible for the sales of regional TV products in Beijing (the corresponding role is to sell the role of “Sales Engineer 8” under the Ministry of Sales) and concurrently as the head of the after-sales department (corresponding to the after-sales department)
  • the three users added the roles of “sales engineer 8” under the sales department and “sales department supervisor 1” under the after-sales department.
  • Zhang San employees associated three roles, respectively.
  • Zhang San users have the authority of these three roles.
  • Zhang San serves as the post-sales manager (corresponding to the role of “after-sales manager” in the after-sales department) and no longer take up other jobs. Then Zhang San user is associated with the role of “after-sales manager” in the after-sales department, and cancels the three roles previously associated (Sales Engineer 5 under Sales, Sales Engineer 8 and “After Sales Manager 1” under the after-sales department) At this time, Zhang San users only have the authority of the role of “after-sales manager” under the after-sales department.
  • This application authorizes the role of the nature of the post number/station number, and the user determines the (acquired) authority by associating the role, and the control of the user authority is realized by a simple user-role relationship. It makes the permission control simple, easy to operate, clear and clear, and greatly improves the authorization efficiency and authorization reliability.
  • one or more of the licenseees may be selected, and only one of the forms to be authorized may be selected.
  • the authorized person selects one and only one, and the form to be authorized is selected, the operator who has recently authorized the form field value authorization for the authorized person and the operation time are displayed.
  • the recent form field value operation authority authorization operator and operation time are displayed, and the field value of the current authorized person to the form is also displayed.
  • the operation authority status is modified and saved to obtain its new field value operation authority.
  • Displaying the recent operator is convenient for responsibility when the form field value authority authorization error occurs, and displaying the latest operation time is convenient for visually determining whether the form field value authorization needs to be re-executed.
  • the authorized person Zhang San's latest contract form field value operation authority authorization operation is completed by Li Si at 11:00 on May 21, 2015.
  • the authorized person chooses Zhang San and the authorization form is selected as the contract
  • the authorized operator showed that Li Si had authorized the contract form for Zhang San at 11:00 on May 21, 2015.
  • Zhang San should not have the right to view the contents of a confidential field, and the last time he authorized Zhang San, Zhang San has the right to view the contents of the confidential field. In the process of subsequent accountability, you can find the last time. Authorize the operator to find the responsible person.
  • an operator needs to authorize the contract form field value for 100 authorized persons, but the operator only completes the authorization of 70 authorized persons on the same day, and the operator can pass the authorization when the operator continues the authorization the next day.
  • View the last authorized time of each authorized person to determine if the authorized person requires authorization. It is also possible to search through the authorized time interval for all authorized persons authorized within the specified time interval. By looking at the authorized person's last authorized time, it is possible to know how long the authorized person's authority has not changed, which is helpful for visually determining whether it is necessary to re-authorize it.
  • the display manner includes: (1) displaying a field corresponding to the field value, but hiding the field value with a concealer, as shown in FIG. Fields "telephone”, “contact”, but hide the field content with *; (2) the field value and the field corresponding to the field value are not displayed.
  • the difference display is also required.
  • the field value with no modification permission is displayed as a gray shading, as shown in Figure 8.
  • a form contains basic fields and detail fields, and the detail fields are the column names on the detail list in the form.
  • the basic fields include the order number, customer name, customer address, phone number, contact, customer's industry, etc.; the detail field contains the product model, product quantity, product unit price, and so on.
  • the basic field and the detail field are distinguishable and displayed, so that the operator can distinguish at the time of authorization.
  • the basic fields order number, customer name, customer address, phone number, contact, and the normal font of the customer's industry can be displayed.
  • the detailed fields product model, product quantity, and product unit price are in italics. display.
  • the form field value operation authority authorization method further includes a template authorization step, which specifically includes: (1) selecting an authorized person and an authorization form, and selecting one or more roles as the authorized person; (2) Authorize the authorized person: select an existing role or created a template as an authorization template, and assign the form field value operation authority of the authorization template to the authorized person; (3) save the modified or not modified Authorized person's form field value operation permission.
  • a template authorization step specifically includes: (1) selecting an authorized person and an authorization form, and selecting one or more roles as the authorized person; (2) Authorize the authorized person: select an existing role or created a template as an authorization template, and assign the form field value operation authority of the authorization template to the authorized person; (3) save the modified or not modified Authorized person's form field value operation permission.
  • the template authorization method first select the authorized clerk 1 (Zhang San), select the authorization form "Order Form”, select the created template 1 as the authorization template, and create the template field value operation permission of the template 1.
  • the clerk 1 (Zhang San) field value operation authority modify or not modify and save the clerk 1 (Zhang San) form field value operation authority.
  • the method can select multiple authorized roles for batch authorization at the same time, and improve the authorization efficiency.
  • the method supports template authorization, that is, selecting an existing role or a created template as an authorization template, and the form field value of the authorization template.
  • the operation authority directly grants (updates) the authorized person (and then saves it after simple modification), and the authorization operation is simple and efficient.
  • the combination of the two methods greatly improves the authorization efficiency of the system form field value operation authority.
  • an operation authority is first selected, and a field having the operation authority is set.
  • a form field value operation authority authorization method including an operation authority authorization step of a form field value and a step of selecting an authorized person, an operation authority authorization step of the form field value, and an order of selecting the authorized person in no order;
  • the operation authority authorization step of the field value includes the following steps: S1: selecting a form to be authorized; S2: selecting an operation authority to be authorized; S3: setting a field in the form having the selected operation authority, the set
  • the field has the selected operational authority (ie, has the corresponding operational authority for the field value of the field);
  • the authorized person is one or more roles, the role is an independent individual, not a group/class A role can only be associated with a unique user at the same time, and a user is associated with one or more roles.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Human Resources & Organizations (AREA)
  • Software Systems (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Data Mining & Analysis (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Artificial Intelligence (AREA)
  • Computational Linguistics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)

Abstract

本发明公开了一种表单字段值操作权限授权方法,包括一个表单字段值的操作权限授权步骤和一个选择被授权者的步骤;表单字段值的操作权限授权步骤包括:S1:选择一个要进行授权的表单,显示出该表单中需要进行操作权限控制的字段;S2:对各字段的字段值的操作权限分别进行授权;被授权者为一个或多个角色,角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。本发明能够实现对表单字段值操作权限的分别授权,提高了系统管理的精细度。本方法可同时选择多个被授权角色进行批量授权,提高了授权效率;另外,本方法支持模板授权,两种方式结合,大大提高了系统表单字段值操作权限授权效率。

Description

表单字段值操作权限授权方法 技术领域
本发明涉及一种ERP等管理软件表单授权方法,特别是涉及一种表单字段值操作权限授权方法。
背景技术
传统软件系统中,能够实现基于表单字段值对表单查看权限的分别授权,例如,所选表单类型为“订单”,表单中需进行授权控制的字段为“订单编号”、“客户名称”、“客户地址”、“电话”、“联系人”、“客户所属行业”、“产品型号”、“产品数量”、“产品单价”等,能够实现某系统用户对订单表单中不同订单信息的查看权限的分别控制,如允许查看订单表单中的客户名称、不允许查看订单表单中的电话。然而,传统软件系统存在的缺陷是:(1)在进行表单字段值授权时,无法显示最近授权的操作者及操作时间,在表单权限授权出现错误时无法实现追责,也无法为当前授权操作者提供授权时间的参考,使用不太方便。(2)无法批量对多个角色进行表单字段值操作权限的授权,也不支持模板授权功能,每次授权都必须逐个设置每个字段,授权效率较低,大型软件系统中表单的字段往往非常多,传统授权方式工作量很大。
此外,基于角色的访问控制(RBAC)是近年来研究最多、思想最成熟的一种数据库权限管理机制,它被认为是替代传统的强制访问控制(MAC)和自主访问控制(DAC)的理想候选。传统的自主访问控制的灵活性高但是安全性低,强制访问控制安全性高但是限制太强;基于角色的访问控制两者兼具,不仅易于管理而且降低了复杂性、成本和发生错误的概率,因而近年来得到了极大的发展。基于角色的访问控制(RBAC)的基本思想是根据企业组织视图中不同的职能岗位划分不同的角色,将数据库资源的访问权限封装在角色中,用户通过被赋予不同的角色来间接访问数据库资源。
在大型应用系统中往往都建有大量的表和视图,这使得对数据库资源的管理和授权变得十分复杂。由用户直接管理数据库资源的存取和权限的收授是十分困难的,它需要用户对数据库结构的了解非常透彻,并且熟悉SQL语言的使用,而且一旦应用系统结构或安全需求有所变动,都要进行大量复杂而繁琐的授权变动,非常容易出现一些意想不到的授权失误而引起的安全漏洞。因此,为大型应用系统设计一种简单、高效的权限管理方法已成为系统和系统用户的普遍需求。
基于角色的权限控制机制能够对系统的访问权限进行简单、高效的管理,极大地降低了系统权限管理的负担和代价,而且使得系统权限管理更加符合应用系统的业务管理规范。
然而,传统基于角色的用户权限管理均采用“角色对用户一对多”的关联机制,其“角色”为组/类性质,即一个角色可以同时对应/关联多个用户,角色类似于岗位/职位/工种等概念,这种关联机制下对用户权限的授权基本分为以下三种形式:1、如图1所示,直接对用户授权,缺点是工作量大、操作频繁且麻烦;当发生员工变动(如调岗、离职等),该员工涉及到的所有表单操作权限必须要作相应调整,特别是对于公司管理人员,其涉及到的表单权限多,权限调整的工作量大、繁杂,容易出错或遗漏,影响企业的正常运营,甚至造成不可预估的损失。
2、如图2所示,对角色(类/组/岗位/工种性质)进行授权(一个角色可以关联多个用户),用户通过角色获得权限,审批操作主体是组/类性质角色;3、如图3所示,以上两种方式结合。
以上的表述中,2、3均需要对类/组性质的角色进行授权,而通过类/组/岗位/工种性质的角色进行授权和工作流控制的方式有以下缺点:1、用户权限变化时的操作难:在实际的系统使用过程中,经常因为在运营过程中需要对用户的权限进行调整,比如:在处理员工权限变化时,角色关联的某个员工权限发生变化,我们不能因该个别员工权限的变化而改变整个角色的权限,因为该角色还关联了其他权限未变的员工。因此为了应对该种情况,要么创建新角色来满足该权限发生变化的员工,要么对该员工根据权限需求直接授权(脱离角色)。以上两种处理方式,在角色权限较多的情况下对角色授权不仅所需时间长,而且容易犯错,使用方操作起来繁琐又麻烦,也容易出错导致对系统使用方的损失。
员工/用户的表单操作权限发生变化时,要么员工/用户脱离角色,要么新增角色来满足工作要求。第一种方式的缺陷同上述“直接对用户授权”方式的缺陷。第二种方式,新增角色便涉及到角色的新建、关联、授权工作,特别在角色多、角色关联的用户也多的情况下,角色具体关联了哪些用户是很难记住的。
2、要长期记住角色包含的具体权限难:若角色的权限功能点比较多,时间一长,很难记住角色的具体权限,更难记住权限相近的角色之间的权限差别,相近角色的权限也很容易混淆;若要关联新的用户,无法准确判断应当如何选择关联。
3、因为用户权限变化,则会造成角色创建越来越多(若不创建新角色,则会大幅增加直接对用户的授权),更难分清各角色权限的具体差别。
4、调岗时,若要将被调岗用户的很多个权限分配给另外几个用户承担,则处理时必须将被调岗用户的这些权限区分开来,分别再创建角色来关联另外几个用户,这样的操作不仅复杂耗时,而且还很容易发生错误。
技术问题
本发明的目的在于克服现有技术的不足,提供一种表单字段值操作权限授权方法,实现对表单字段值操作权限的分别授权,提高系统管理的精细度;同一时段一个角色只能关联唯一的用户,大幅度提高系统使用中的权限管理效率,使动态授权更简单,更方便,更清晰、明了,提高权限授权的效率和可靠性。
技术解决方案
本发明的目的是通过以下技术方案来实现的:表单字段值操作权限授权方法,包括一个表单字段值的操作权限授权步骤和一个选择被授权者的步骤,表单字段值的操作权限授权步骤和选择被授权者的步骤顺序不分先后;所述表单字段值的操作权限授权步骤包括以下步骤:S1:选择一个要进行授权的表单,显示出该表单中需要进行操作权限控制的字段;S2:对各字段的字段值的操作权限分别进行授权;所述的被授权者为一个或多个角色,所述的角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。
所述的操作权限包括查看和修改中的一种或两种。
对于不具备查看权限的字段值,其显示方式包括:(1)显示该字段值对应的字段,但以隐藏符隐藏字段值;(2)该字段值及该字段值对应的字段均不显示。
被授权者选为有且只有一个,且要授权的表单选定时,显示最近对该被授权者进行该表单字段值授权的操作者和操作时间。
所述角色归属于部门,该角色在该部门下唯一,根据角色的工作内容对角色进行授权,用户通过关联角色获得权限。
所述角色的名称在部门下唯一,角色的编号在系统中唯一。
用户跨部门调岗时,先取消用户与原部门内的角色的关联,再将用户与新部门内的角色进行关联。
表单字段值操作权限授权方法,还包括一个模板授权步骤,具体包括:(1)选择被授权者和授权表单,选择一个或多个角色作为被授权者;(2)对被授权者进行授权:选择一个现有角色或已创建模板作为授权模板,将该授权模板的表单字段值操作权限赋予该被授权者;(3)修改或不修改后保存得到该被授权者的表单字段值操作权限。
表单字段值操作权限授权方法,包括一个表单字段值的操作权限授权步骤和一个选择被授权者的步骤,表单字段值的操作权限授权步骤和选择被授权者的步骤顺序不分先后;所述表单字段值的操作权限授权步骤包括以下步骤:S1:选择一个要进行授权的表单;S2:选择要进行授权的操作权限;S3:设置具有该所选操作权限的表单中的字段,则所设置的字段具有了该所选操作权限(即具有了对该字段字段值的相应操作权限);所述的被授权者为一个或多个角色,所述的角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。
有益效果
本发明的有益效果是:1)本发明能够实现对表单字段值操作权限的分别授权,提高了系统管理的精细度;操作权限包括查看和修改,特别适用于表单各字段的字段值需要分别授权的情形。例如:订单表单中,允许某系统角色查看“订单编号”、“客户名称”、“客户地址”、“客户所属行业”、“产品型号”、“产品数量”、“产品单价”,但不允许查看“电话”和“联系人”敏感字段的内容(即字段值),通过本方法可快速实现分别授权。又如,允许某系统角色查看“产品单价”字段的内容,但“产品单价”字段内容不允许修改,本方法也可快速实现权限设置。
2)当被授权者选为有且只有一个,且要授权的表单选定时,可显示最近对该被授权者进行该表单字段值操作权限授权的操作者及操作时间,显示最近操作者便于在表单字段值权限授权出现错误时进行追责,显示最近操作时间便于直观判断是否需要重新进行表单字段值授权。
例如:被授权者张三最近一次合同表单字段值操作权限授权操作由李四于2015年5月21日11:00完成,当被授权者选为张三且授权表单选为合同时,则为本次的授权操作者显示最近一次是李四在2015年5月21日11:00为张三进行了合同表单授权。
如果张三不应具备查看某机密字段内容的权限,而在最近一次对张三进行授权时使得张三具有了查看该机密字段内容的权限,在后续追责的过程中,可以通过查找最近一次授权操作者来找到责任人。
又如,某操作者需要对100个被授权者进行合同表单字段值授权,但是当天该操作者只完成了70个被授权者的授权,在该操作者第二天继续进行授权时,可以通过查看每个被授权者的最近一次被授权时间来判断该被授权者是否需要授权。也可以通过授权时间区间搜索出指定时间区间内被授权的所有被授权者。通过查看被授权者的最近一次被授权时间可以知道该被授权者的权限有多长时间没有更改,有利于直观判断是否需要再次对其进行重新授权。
3)本方法可同时选择多个被授权角色进行批量授权,提高了授权效率;另外,本方法支持模板授权,即选定一个现有角色或已创建模板作为授权模板,将该授权模板的表单字段值操作权限直接赋予(更新)该被授权者(再经过简单修改后保存),授权操作简单高效。两种方式结合,大大提高了系统表单字段值操作权限授权效率。
4)本申请角色对用户是一对一的关系,同一时段一个角色只能关联唯一的用户,一个用户关联一个或多个角色,这样做的好处是,只要将用户关联到角色即可获得权限(即用户获得其关联的角色的权限),而且角色的权限变更比传统机制中的用户权限变更要少得多。独立体性质(岗位号/工位号性质)的角色数量变化小,虽然员工流动大,但岗位号/工位号的变化小(甚至在一定时段内是没有变化的,即角色没有变化),这样将极大简化用户的权限管理,减少系统的开销。
5)动态管理、入职调岗等的操作简单方便,效率高,可靠性高:入职/离职/调岗在权限管理中的应用简单,当员工/用户发生变化时不用重新设置权限,用户只需取消或关联角色即可:不再任职该角色的用户就取消该角色关联,接手任职该角色的用户关联该岗位号的角色,关联该角色的用户自动就获得了该角色的相关任务和操作权限,无需对角色进行重新授权,极大地提高了系统设置的效率、安全性和可靠性。
举例:因张三用户离职或调岗等原因,张三不再做“采购员3”这个角色的工作,则将张三取消与“采购员3”的关联;另外李四接手做“采购员3”这个角色的工作,只需将李四关联该角色,则李四自动获得了“采购员3”这个角色的表单字段值操作权限。
6)传统的权限管理机制将角色定义为组、工种、类等性质,角色对用户是一对多的关系,在实际的系统使用过程中,因为在运营过程中经常需要对用户的权限进行调整,比如:在处理员工权限变化的时候,角色关联的某个员工的权限发生变化,我们不能因该个别员工权限的变化而改变整个角色的权限,因为该角色还关联了其他权限未变的员工。因此为了应对该种情况,要么创建新角色来满足该权限发生变化的员工,要么对该员工根据权限需求直接授权(脱离角色)。以上两种处理方式,在角色权限较多的情况下对角色授权不仅所需时间长,而且容易犯错,使用方操作起来繁琐又麻烦,也容易出错导致对系统使用方的损失。
但在本申请的方法下,因为角色是一个独立的个体,则可以选择改变角色权限即可达到目的。本申请的方法,虽然看起来在系统初始化时会增加工作量,但可以通过复制等方法,使其创建角色或授权的效率高于传统组/类性质的角色,因为不用考虑组/类性质角色在满足关联用户时的共通性,本申请方案会让权限设置清晰,明了;尤其是在系统使用一段时间后(用户/角色权限动态变化),该申请方案能为系统使用方大幅度提高系统使用中的权限管理效率,使动态授权更简单,更方便,更清晰、明了,提高权限设置的效率和可靠性。
7)传统组/类性质的角色授权方法容易出错,本申请方法大幅降低了授权出错的几率,因为本申请方法只需考虑作为独立个体的角色,而不用考虑传统方法下关联该组性质角色的多个用户有哪些共通性。即使授权出错也只影响关联到该角色的那一个用户,而传统以组性质的角色则会影响关联到该角色的所有用户。即使出现权限授权错误,本申请的修正方法简单、时间短,而传统以组性质的角色在修正错误时需要考虑关联到该角色的所有用户的权限共通性,在功能点多的情况下不仅修改麻烦、复杂,非常容易出错,且很多情况下只能新创建角色才能解决。
8)在传统以组为性质的角色授权方法下,若角色的权限功能点比较多,时间一长,很难记住角色的具体权限,更难记住权限相近的角色之间的权限差别,若要关联新的用户,无法准确判断应当如何选择关联。本申请方法的角色本身就具有岗位号/工位号的性质,选择一目了然。
9)调岗时,若要将被调岗用户的很多个权限分配给另外几个用户承担,则处理时必须将被调岗用户的这些权限区分开来,分别再创建角色来关联另外几个用户,这样的操作不仅复杂耗时,而且还很容易发生错误。
本申请方法则为:被调岗用户关联了几个角色,在调岗时,首先取消用户与原部门内的角色的关联(被取消的这几个角色可以被重新关联给其他用户),然后将用户与新部门内的角色进行关联即可。操作简单,不会出错。
附图说明
图1为背景技术中系统直接对用户进行授权的方式示意图;
图2为背景技术中系统对组/类性质角色进行授权的方式示意图;
图3为背景技术中系统对用户直接授权和对组/类性质角色授权相结合的方式示意图;
图4为本发明系统通过独立个体性质角色对用户进行授权的方式示意图;
图5为本发明中所选被授权者为一个且选定表单时的示意图;
图6为本发明中所选被授权者为多个且选定表单时的示意图;
图7为本发明中采用授权模板为被授权者授权时的示意图;
图8为本发明实施例中订单表单示意图。
本发明的实施方式
下面结合附图进一步详细描述本发明的技术方案,但本发明的保护范围不局限于以下所述。
【实施例1】本实施例中,先设置要进行操作权限控制的字段,再设置相应的操作权限。
表单字段值操作权限授权方法,包括一个表单字段值的操作权限授权步骤和一个选择被授权者的步骤,表单字段值的操作权限授权步骤和选择被授权者的步骤顺序不分先后;所述表单字段值的操作权限授权步骤包括以下步骤:S1:选择一个要进行授权的表单,显示出该表单中需要进行操作权限控制的字段;S2:对各字段的字段值的操作权限分别进行授权(对S1显示出的需要进行操作权限控制的字段进行授权;而对S1未显示出的字段值不需要进行权限控制的字段可以默认其字段值具有查看和/或修改权限),所述的操作权限包括查看和修改中的一种或两种。
设置完成后,该被授权者对于该表单中各字段的内容(字段值)的查看、修改权限则得以确定。
本发明能够实现对表单字段值操作权限的分别授权,提高了系统管理的精细度;操作权限包括查看和修改,特别适用于表单各字段的字段值需要分别授权的情形。例如:订单表单中,允许系统角色文员1(张三)查看“订单编号”、“客户名称”、“客户地址”、“客户所属行业”、“产品型号”、“产品数量”、“产品单价”,但不允许查看“电话”和“联系人”敏感字段的内容(即字段值),通过本方法可快速实现分别授权。又如,允许文员1(张三)查看“产品单价”字段的内容,但“产品单价”字段内容不允许修改,本方法也可快速实现权限设置。设置效果图如图5所示。
本实施例中,如图4所示,所述的被授权者为一个或多个角色,所述的角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。所述角色归属于部门,该角色在该部门下唯一,根据角色的工作内容对角色进行授权,用户通过关联角色获得权限。所述角色的名称在部门下唯一,角色的编号在系统中唯一。用户跨部门调岗时,先取消用户与原部门内的角色的关联,再将用户与新部门内的角色进行关联。
以下对通过独立个体性质角色对用户进行字段值操作权限授权方式所具备的优势进行分析:用户通过其与角色的关联确定(获得)权限,如果要修改用户的权限,通过调整角色所拥有的权限以达到改变关联了该角色的用户的权限的目的。一旦用户关联角色后,该用户就拥有了该角色的所有操作权限。
角色对用户的关系为一对一(该角色与一个用户关联时,其他用户则不能再关联该角色;若该角色未被用户关联,则可以被其他用户选择关联;即同一时段,一个角色能且只能被一个用户关联)。用户对角色的关系为一对多(一个用户可以同时关联多个角色)。
角色的定义:角色不具有组/类/类别/岗位/职位/工种等性质,而是一个非集合的性质,角色具有唯一性,角色是独立存在的独立个体;在企事业单位应用中相当于岗位号(此处的岗位号非岗位,一个岗位同时可能有多个员工,而同一时段一个岗位号只能对应一个员工)。
举例:某个公司系统中可创建如下角色:总经理、副总经理1、副总经理2、北京销售一部经理、北京销售二部经理、北京销售三部经理、上海销售工程师1、上海销售工程师2、上海销售工程师3、上海销售工程师4、上海销售工程师5……用户与角色的关联关系:若该公司员工张三任职该公司副总经理2,同时任职北京销售一部经理,则张三需要关联的角色为副总经理2和北京销售一部经理,张三拥有了这两个角色的权限。
传统角色的概念是组/类/岗位/职位/工种性质,一个角色能够对应多个用户。而本申请“角色”的概念相当于岗位号/工位号,也类同于影视剧中的角色:一个角色在同一时段(童年、少年、中年……)只能由一个演员来饰演,而一个演员可能会分饰多角。
在创建角色之后,可以在创建用户的过程中关联角色,也可以在用户创建完成后随时进行关联。用户关联角色后可以随时解除与角色的关联关系,也可以随时建立与其他角色的关联关系。
所述角色的构成为:岗位名+岗内编号。例如:车间生产工人1、车间生产工人2、车间生产工人3……角色是独立个体,相当于岗位号、工位号的概念,不同于传统权限管理体系中的角色,传统体系中角色的概念是岗位/职位/工种等的组/类性质。
以下举例员工张三进入某公司后,员工、用户与角色之间的关系为:1、新入职:员工新入职,直接为该用户(员工)选择相应的岗位号/工位号的角色进行关联即可,例:张三入职公司(公司为张三分配了一个张三用户),工作内容是在销售一部,负责北京区域冰箱产品的销售(对应的角色是销售一部下的“销售工程师5”这个角色),则张三用户直接选择“销售工程师5”这个角色关联即可。
2、增加职位:张三工作一段时间后,公司还安排张三负责北京区域电视产品的销售(对应的角色是销售一部下的“销售工程师8”这个角色)并兼任售后部主管(对应售后部主管1这个角色),则张三用户再增加关联销售一部下的“销售工程师8”和售后部下的“售后部主管1”这两个角色,此时,张三员工关联了三个角色,分别为销售一部下的“销售工程师5”、“销售工程师8”和售后部下的“售后部主管1”,张三用户则拥有了这三个角色的权限。
3、减少职位:又过了一段时间,公司决定让张三任职售后部经理(对应售后部下“售后部经理”这个角色),且不再兼任其他工作。则张三用户关联售后部下“售后部经理”这个角色,同时取消此前关联的三个角色(销售一部下的“销售工程师5”、“销售工程师8”和售后部下的“售后部主管1”),此时,张三用户只拥有售后部下“售后部经理”这个角色的权限。
4、角色权限的调整(针对角色本身所拥有的权限的调整):如公司决定增加售后部经理的权限,则只需增加对售后部经理这个角色的授权即可,则张三用户因为售后部经理这个角色的权限增加了,张三用户的权限也增加了。
5、离职:一年后,张三离职了,则取消张三用户与售后部下“售后部经理”这个角色的关联即可。
举例:公司在动态的经营中,职员的入职、离职是经常持续发生的,但岗位号/工位号的变化非常少(甚至在一定时期内是没有变化的)。
传统授权方法:在系统功能点多的情况下,以传统的组/类性质的角色进行授权,不仅授权工作量大,繁杂,而且很容易出错,甚至出错了在短时间内都不容易发现,容易对系统使用方造成损失。
本申请授权方法:本申请是对岗位号/工位号性质的角色进行授权,用户关联角色而确定(获得)权限,则对用户权限的控制,通过简单的用户-角色的关联关系来实现,让权限控制变得简单、易操作,清晰明了,大幅度提高了授权效率和授权可靠性。
【实施例2】本实施例中,选择被授权者时可选一个或多个,选择要进行授权的表单时能且只能选择一个。被授权者选为有且只有一个,且要授权的表单选定时,显示最近对该被授权者进行该表单字段值授权的操作者和操作时间。
如图5所示,当选定一个被授权者且选定授权表单时,显示出最近表单字段值操作权限授权操作者和操作时间,也会显示出当前该被授权者对该表单的字段值操作权限状态,对其进行修改保存后得到其新的字段值操作权限。
如图6所示,当选定多个被授权者且选定授权表单时,最近表单字段值操作权限授权操作者和操作时间处显示为空,也无法显示所选被授权者对该表单的字段值操作权限状态。
显示最近操作者便于在表单字段值权限授权出现错误时进行追责,显示最近操作时间便于直观判断是否需要重新进行表单字段值授权。
例如:被授权者张三最近一次合同表单字段值操作权限授权操作由李四于2015年5月21日11:00完成,当被授权者选为张三且授权表单选为合同时,则为本次的授权操作者显示最近一次是李四在2015年5月21日11:00为张三进行了合同表单授权。
如果张三不应具备查看某机密字段内容的权限,而在最近一次对张三进行授权时使得张三具有了查看该机密字段内容的权限,在后续追责的过程中,可以通过查找最近一次授权操作者来找到责任人。
又如,某操作者需要对100个被授权者进行合同表单字段值授权,但是当天该操作者只完成了70个被授权者的授权,在该操作者第二天继续进行授权时,可以通过查看每个被授权者的最近一次被授权时间来判断该被授权者是否需要授权。也可以通过授权时间区间搜索出指定时间区间内被授权的所有被授权者。通过查看被授权者的最近一次被授权时间可以知道该被授权者的权限有多长时间没有更改,有利于直观判断是否需要再次对其进行重新授权。
【实施例3】本实施例中,对于不具备查看权限的字段值,其显示方式包括:(1)显示该字段值对应的字段,但以隐藏符隐藏字段值,如图8所示,显示字段“电话”、“联系人”,但以*号隐藏字段内容;(2)该字段值及该字段值对应的字段均不显示。
对于有无修改权限,也要进行区别显示。比如,将无修改权限的字段值显示为灰色底纹,如图8所示。
具体的,一个表单中包含基本字段和明细字段,明细字段是表单中明细列表上的列名。如订单表单中,基本字段包含了订单编号、客户名称、客户地址、电话、联系人、客户所属行业等;明细字段包含了产品型号、产品数量、产品单价等。
优选的,在操作者进行表单字段值操作权限授权时,基本字段和明细字段可区别显示,便于操作者在授权时分辨。如图5-7所示,可将基本字段:订单编号、客户名称、客户地址、电话、联系人、客户所属行业正常字体显示,将明细字段:产品型号、产品数量、产品单价以斜体字区别显示。
【实施例4】本实施例中,表单字段值操作权限授权方法,还包括一个模板授权步骤,具体包括:(1)选择被授权者和授权表单,选择一个或多个角色作为被授权者;(2)对被授权者进行授权:选择一个现有角色或已创建模板作为授权模板,将该授权模板的表单字段值操作权限赋予该被授权者;(3)修改或不修改后保存得到该被授权者的表单字段值操作权限。
如图7所示,模板授权方式:首先选择被授权者文员1(张三),选择授权表单“订单表单”,选择已创建模板1作为授权模板,以已创建模板1的表单字段值操作权限作为该文员1(张三)的字段值操作权限,修改或不修改后保存得到文员1(张三)的表单字段值操作权限。
本方法可同时选择多个被授权角色进行批量授权,提高了授权效率;另外,本方法支持模板授权,即选定一个现有角色或已创建模板作为授权模板,将该授权模板的表单字段值操作权限直接赋予(更新)该被授权者(再经过简单修改后保存),授权操作简单高效。两种方式结合,大大提高了系统表单字段值操作权限授权效率。
【实施例5】本实施例中,先选择操作权限,再设置具有该操作权限的字段。
表单字段值操作权限授权方法,包括一个表单字段值的操作权限授权步骤和一个选择被授权者的步骤,表单字段值的操作权限授权步骤和选择被授权者的步骤顺序不分先后;所述表单字段值的操作权限授权步骤包括以下步骤:S1:选择一个要进行授权的表单;S2:选择要进行授权的操作权限;S3:设置具有该所选操作权限的表单中的字段,则所设置的字段具有了该所选操作权限(即具有了对该字段字段值的相应操作权限);所述的被授权者为一个或多个角色,所述的角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。
以上所述仅是本发明的优选实施方式,应当理解本发明并非局限于本文所披露的形式,不应看作是对其他实施例的排除,而可用于各种其他组合、修改和环境,并能够在本文所述构想范围内,通过上述教导或相关领域的技术或知识进行改动。而本领域人员所进行的改动和变化不脱离本发明的精神和范围,则都应在本发明所附权利要求的保护范围内。

Claims (9)

  1. 表单字段值操作权限授权方法,其特征在于,包括一个表单字段值的操作权限授权步骤和一个选择被授权者的步骤,表单字段值的操作权限授权步骤和选择被授权者的步骤顺序不分先后;
    所述表单字段值的操作权限授权步骤包括以下步骤:
    S1:选择一个要进行授权的表单,显示出该表单中需要进行操作权限控制的字段;
    S2:对各字段的字段值的操作权限分别进行授权;
    所述的被授权者为一个或多个角色,所述的角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。
  2. 根据权利要求1所述的表单字段值操作权限授权方法,其特征在于:所述的操作权限包括查看和修改中的一种或两种。
  3. 根据权利要求2所述的表单字段值操作权限授权方法,其特征在于:对于不具备查看权限的字段值,其显示方式包括:
    (1)显示该字段值对应的字段,但以隐藏符隐藏字段值;
    (2)该字段值及该字段值对应的字段均不显示。
  4. 根据权利要求1所述的表单字段值操作权限授权方法,其特征在于:被授权者选为有且只有一个,且要授权的表单选定时,显示最近对该被授权者进行该表单字段值授权的操作者和操作时间。
  5. 根据权利要求1所述的表单字段值操作权限授权方法,其特征在于:所述角色归属于部门,该角色在该部门下唯一,根据角色的工作内容对角色进行授权,用户通过关联角色获得权限。
  6. 根据权利要求5所述的表单字段值操作权限授权方法,其特征在于:所述角色的名称在部门下唯一,角色的编号在系统中唯一。
  7. 根据权利要求5或6所述的表单字段值操作权限授权方法,其特征在于:用户跨部门调岗时,先取消用户与原部门内的角色的关联,再将用户与新部门内的角色进行关联。
  8. 根据权利要求1所述的表单字段值操作权限授权方法,其特征在于:还包括一个模板授权步骤,具体包括:
    (1)选择被授权者和授权表单,选择一个或多个角色作为被授权者;
    (2)对被授权者进行授权:选择一个现有角色或已创建模板作为授权模板,将该授权模板的表单字段值操作权限赋予该被授权者;
    (3)修改或不修改后保存得到该被授权者的表单字段值操作权限。
  9. 表单字段值操作权限授权方法,其特征在于,包括一个表单字段值的操作权限授权步骤和一个选择被授权者的步骤,表单字段值的操作权限授权步骤和选择被授权者的步骤顺序不分先后;
    所述表单字段值的操作权限授权步骤包括以下步骤:
    S1:选择一个要进行授权的表单;
    S2:选择要进行授权的操作权限;
    S3:设置具有该所选操作权限的表单中的字段,则所设置的字段具有了该所选操作权限;
    所述的被授权者为一个或多个角色,所述的角色是独立的个体,而非组/类,同一时段一个角色只能关联唯一的用户,而一个用户关联一个或多个角色。
PCT/CN2018/093432 2017-07-05 2018-06-28 表单字段值操作权限授权方法 WO2019007260A1 (zh)

Priority Applications (14)

Application Number Priority Date Filing Date Title
US16/628,551 US11507651B2 (en) 2017-07-05 2018-06-28 Method for authorizing operation permissions of form-field values
MX2019015913A MX2019015913A (es) 2017-07-05 2018-06-28 Procedimiento para autorizar permisos de operaciones de valores de campo de formulario.
EP18828217.2A EP3651036A4 (en) 2017-07-05 2018-06-28 PROCESS FOR AUTHORIZING PERMISSIONS TO EXPLOIT FORM FIELD VALUES
KR1020207001594A KR20200017512A (ko) 2017-07-05 2018-06-28 폼 필드값의 조작 권한을 권한부여하는 방법
PE2019002676A PE20200286A1 (es) 2017-07-05 2018-06-28 Procedimiento para autorizar permisos de operaciones de valores de campo de formulario
BR112020000169-4A BR112020000169A2 (pt) 2017-07-05 2018-06-28 método para autorizar permissões de operação de valores de campo de formulário
AU2018296471A AU2018296471A1 (en) 2017-07-05 2018-06-28 Method for authorizing operation permissions of form field values
CA3068903A CA3068903A1 (en) 2017-07-05 2018-06-28 Method for authorizing operation permissions of form-field values
UAA202000674A UA127351C2 (uk) 2017-07-05 2018-06-28 Спосіб надання прав стосовно прав на роботу для значень поля форми
JP2019571525A JP7540660B2 (ja) 2017-07-05 2018-06-28 フォームフィールド値の操作権限承認方法
EA202090222A EA202090222A1 (ru) 2017-07-05 2018-06-28 Способ предоставления прав на выполнение операций со значением поля формы
CONC2019/0015066A CO2019015066A2 (es) 2017-07-05 2019-12-30 Procedimiento para autorizar permisos de operaciones de valores de campo de formulario
PH12020500010A PH12020500010A1 (en) 2017-07-05 2020-01-02 Method for authorizing operation permissions of form-field values
ZA2020/00579A ZA202000579B (en) 2017-07-05 2020-01-28 Method for authorizing operation permissions of form field values

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710543859.0A CN107315931A (zh) 2017-07-05 2017-07-05 表单字段值操作权限授权方法
CN201710543859.0 2017-07-05

Publications (1)

Publication Number Publication Date
WO2019007260A1 true WO2019007260A1 (zh) 2019-01-10

Family

ID=60180698

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/093432 WO2019007260A1 (zh) 2017-07-05 2018-06-28 表单字段值操作权限授权方法

Country Status (16)

Country Link
US (1) US11507651B2 (zh)
EP (1) EP3651036A4 (zh)
JP (1) JP7540660B2 (zh)
KR (1) KR20200017512A (zh)
CN (2) CN107315931A (zh)
AU (1) AU2018296471A1 (zh)
BR (1) BR112020000169A2 (zh)
CA (1) CA3068903A1 (zh)
CO (1) CO2019015066A2 (zh)
EA (1) EA202090222A1 (zh)
MX (1) MX2019015913A (zh)
PE (1) PE20200286A1 (zh)
PH (1) PH12020500010A1 (zh)
UA (1) UA127351C2 (zh)
WO (1) WO2019007260A1 (zh)
ZA (1) ZA202000579B (zh)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107315931A (zh) 2017-07-05 2017-11-03 成都牵牛草信息技术有限公司 表单字段值操作权限授权方法
CN107358093A (zh) * 2017-07-11 2017-11-17 成都牵牛草信息技术有限公司 通过第三方字段对表单字段的字段值进行授权的方法
CN107330307A (zh) * 2017-07-16 2017-11-07 成都牵牛草信息技术有限公司 一种表单数据操作权限授权方法
CN107480556A (zh) 2017-08-07 2017-12-15 成都牵牛草信息技术有限公司 基于列值对统计列表操作权限进行分别授权的方法
CN107895249B (zh) * 2017-11-25 2021-02-09 深圳市易达云科技有限公司 一种订单状态呈现方法及系统
CN109977697A (zh) * 2019-04-03 2019-07-05 陕西医链区块链集团有限公司 一种区块链的数据授权方法
CN110046205B (zh) * 2019-04-22 2021-04-09 瀚高基础软件股份有限公司 一种关系型数据库行安全访问控制方法及系统
CN110197051A (zh) * 2019-06-13 2019-09-03 浪潮软件股份有限公司 一种权限控制的方法、终端及计算机可读存储介质
CN110457529B (zh) * 2019-07-05 2022-07-12 中国平安财产保险股份有限公司 岗位数据处理方法、装置、计算机设备及存储介质
CN110533385A (zh) * 2019-08-08 2019-12-03 国云科技股份有限公司 一种基于角色的多表多字段的数据权限控制方法
CN111177252B (zh) * 2019-11-26 2023-07-25 腾讯云计算(北京)有限责任公司 一种业务数据的处理方法及装置
CN112632492B (zh) * 2020-12-18 2021-08-13 杭州新中大科技股份有限公司 一种用于矩阵化管理的多维权限模型设计方法
CN112749537A (zh) * 2021-01-14 2021-05-04 浙江红极互联网科技有限公司 一种基于角色的电子工程文档管理方法
CN114840521B (zh) * 2022-04-22 2023-03-21 北京友友天宇系统技术有限公司 数据库的权限管理和数据保护方法、装置、设备和存储介质
CN115828222B (zh) * 2022-11-02 2023-09-29 广州宏天软件股份有限公司 一种集中分配自定义引擎权限的方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103699565A (zh) * 2013-10-31 2014-04-02 于丽珠 一种分布式数据库的建立
CN104091130A (zh) * 2014-07-01 2014-10-08 中国北方发动机研究所(天津) 企业数据管理平台中的权限控制方法
CN107315931A (zh) * 2017-07-05 2017-11-03 成都牵牛草信息技术有限公司 表单字段值操作权限授权方法

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040006594A1 (en) 2001-11-27 2004-01-08 Ftf Technologies Inc. Data access control techniques using roles and permissions
US7703021B1 (en) 2002-05-24 2010-04-20 Sparta Systems, Inc. Defining user access in highly-configurable systems
JP4292342B2 (ja) * 2003-07-14 2009-07-08 レーザーテック株式会社 電子承認システムにおける承認ルート決定方法及びプログラム
US7734999B2 (en) * 2005-01-03 2010-06-08 Emergis Inc. System and method for providing forms on a user interface
US8336078B2 (en) * 2006-07-11 2012-12-18 Fmr Corp. Role-based access in a multi-customer computing environment
CN101299694B (zh) 2007-04-30 2012-04-25 华为技术有限公司 家庭网络中访客管理的方法及系统、家庭网关
JP2008299702A (ja) * 2007-06-01 2008-12-11 Fuji Xerox Co Ltd 情報処理プログラム及び情報処理システム
JP2010020525A (ja) 2008-07-10 2010-01-28 Mitsubishi Electric Corp 検索装置及びコンピュータプログラム及び検索方法
CN101520875A (zh) * 2009-04-07 2009-09-02 金蝶软件(中国)有限公司 对用户数据进行权限控制的方法及信息管理系统
CN102004868A (zh) 2009-09-01 2011-04-06 上海杉达学院 一种基于角色访问控制的信息系统数据存储层及组建方法
US8332917B2 (en) 2009-12-29 2012-12-11 International Business Machines Corporation Providing secure dynamic role selection and managing privileged user access from a client device
EP2529300A4 (en) * 2010-01-27 2017-05-03 Varonis Systems, Inc. Time dependent access permissions
US20110231322A1 (en) * 2010-03-16 2011-09-22 Copyright Clearance Center, Inc. Automated rules-based rights resolution
JP5538981B2 (ja) * 2010-03-31 2014-07-02 キヤノン株式会社 帳票生成装置、帳票生成装置の制御方法、プログラム
US20120036263A1 (en) 2010-05-21 2012-02-09 Open Subnet Inc. System and Method for Monitoring and Controlling Access to Web Content
WO2012126528A1 (en) * 2011-03-24 2012-09-27 Atos It Solutions And Services Gmbh System and method for user access management
JP5814639B2 (ja) 2011-06-09 2015-11-17 キヤノン株式会社 クラウドシステム、クラウドサービスのライセンス管理方法、およびプログラム
JP2013007708A (ja) * 2011-06-27 2013-01-10 Hitachi High-Technologies Corp 検査装置及び検査レシピの隠蔽方法
CN102316216A (zh) * 2011-09-07 2012-01-11 宇龙计算机通信科技(深圳)有限公司 一种终端自适应角色的方法及终端
JP5723338B2 (ja) * 2011-09-19 2015-05-27 株式会社東芝 データ共有システム
CN102567675B (zh) 2012-02-15 2015-09-30 合一网络技术(北京)有限公司 一种业务系统下的用户权限管理方法和系统
US20130263237A1 (en) 2012-03-30 2013-10-03 Ebay Inc. User authentication and authorization using personas
CN102779040B (zh) 2012-06-21 2015-11-18 东莞市微模式软件有限公司 一种生成自定义表单的方法和装置
CN102902767A (zh) 2012-09-25 2013-01-30 北京科东电力控制系统有限责任公司 一种表格快速搭建的方法及系统
CN102932340A (zh) 2012-10-25 2013-02-13 上海电机学院 基于角色的访问控制系统及方法
CN103971036B (zh) * 2013-01-28 2017-03-01 深圳学无国界教育科技有限公司 页面栏位权限控制系统及方法
US20140258226A1 (en) * 2013-03-11 2014-09-11 Southpaw Technology, Inc. Asynchronous transaction management, systems and methods
CN104463005A (zh) 2013-09-25 2015-03-25 天津书生投资有限公司 一种控制电子文档的访问权限的方法
KR101668550B1 (ko) 2015-01-07 2016-10-21 충북대학교 산학협력단 비밀번호 기반 역할 및 권한 부여 장치 및 방법
CN105303084A (zh) * 2015-09-24 2016-02-03 北京奇虎科技有限公司 权限管理系统及方法
CN105630759A (zh) 2015-12-28 2016-06-01 北京致远协创软件有限公司 一种数据引用的装置及方法
CN105653977B (zh) 2015-12-28 2019-07-05 上海瀚银信息技术有限公司 一种菜单权限配置方法及系统
CN105868357B (zh) 2016-03-29 2019-02-22 凯里供电局 文件管控系统及方法
US9705931B1 (en) * 2016-07-13 2017-07-11 Lifetrack Medical Systems Inc. Managing permissions
CN106570406A (zh) * 2016-10-27 2017-04-19 深圳前海微众银行股份有限公司 数据级权限配置方法及装置
CN107292588A (zh) 2017-07-01 2017-10-24 成都牵牛草信息技术有限公司 根据表单字段值对表单操作权限进行分别授权的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103699565A (zh) * 2013-10-31 2014-04-02 于丽珠 一种分布式数据库的建立
CN104091130A (zh) * 2014-07-01 2014-10-08 中国北方发动机研究所(天津) 企业数据管理平台中的权限控制方法
CN107315931A (zh) * 2017-07-05 2017-11-03 成都牵牛草信息技术有限公司 表单字段值操作权限授权方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3651036A4 *

Also Published As

Publication number Publication date
CN108920915A (zh) 2018-11-30
CO2019015066A2 (es) 2020-04-24
JP2020528174A (ja) 2020-09-17
PE20200286A1 (es) 2020-02-05
MX2019015913A (es) 2020-08-20
CA3068903A1 (en) 2019-01-10
PH12020500010A1 (en) 2020-12-07
EP3651036A4 (en) 2021-04-21
EA202090222A1 (ru) 2020-08-25
AU2018296471A1 (en) 2020-01-30
UA127351C2 (uk) 2023-07-26
US11507651B2 (en) 2022-11-22
CN108920915B (zh) 2021-10-29
CN107315931A (zh) 2017-11-03
US20200218796A1 (en) 2020-07-09
ZA202000579B (en) 2021-01-27
JP7540660B2 (ja) 2024-08-27
EP3651036A1 (en) 2020-05-13
BR112020000169A2 (pt) 2020-07-07
KR20200017512A (ko) 2020-02-18

Similar Documents

Publication Publication Date Title
WO2019007260A1 (zh) 表单字段值操作权限授权方法
WO2018196876A1 (zh) 基于角色对用户一对一的工作流控制方法和系统
CN108764833B (zh) 工作流审批节点按部门设置审批角色的方法
WO2019007292A1 (zh) 基于角色的表单操作权限授权方法
CN108984715B (zh) 基于依据字段设置审批流程的方法
WO2018210245A1 (zh) 工作流及其审批节点的表单字段操作权限的设定方法
WO2018214890A1 (zh) 工作流审批节点按角色设置审批角色的方法
WO2018210248A1 (zh) 基于表单字段的工作流审批节点设置审批角色的方法
WO2018224024A1 (zh) 工作流审批节点高效审批方法
CN108550029B (zh) 工作流审批节点按部门级别设置审批角色的方法
JP7318894B2 (ja) 統計列表の操作権限の承認方法
JP7231910B2 (ja) フォームデータの操作権限を承認する方法
WO2018192557A1 (zh) 基于角色对用户的一对一的权限授权方法和系统
WO2019015656A1 (zh) 一种系统派工方法
WO2019007291A1 (zh) 根据表单字段值对表单操作权限进行分别授权的方法
WO2019007210A1 (zh) 一种表单的关联信息授权方法
WO2019011162A1 (zh) 快捷功能设置方法
WO2018224023A1 (zh) 系统中员工登录其账户后的权限显示方法
WO2019029649A1 (zh) 对使用者进行审批流程及其审批节点授权的方法
WO2019011255A1 (zh) 通过第三方字段对表单字段的字段值进行授权的方法
WO2018205940A1 (zh) 基于角色对用户的一对一的组织结构图生成及应用方法
WO2019029500A1 (zh) 基于列值对统计列表操作权限进行分别授权的方法
WO2019001322A1 (zh) 基于角色的菜单授权方法
WO2019029502A1 (zh) 系统中对授权操作者进行授权的方法
WO2019024832A1 (zh) 管理系统中事务处理的管理方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18828217

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
ENP Entry into the national phase

Ref document number: 2019571525

Country of ref document: JP

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 3068903

Country of ref document: CA

NENP Non-entry into the national phase

Ref country code: DE

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112020000169

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 20207001594

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2018296471

Country of ref document: AU

Date of ref document: 20180628

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2018828217

Country of ref document: EP

Effective date: 20200205

ENP Entry into the national phase

Ref document number: 112020000169

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20200103