WO2019015539A1 - 一种表单数据操作权限授权方法 - Google Patents

一种表单数据操作权限授权方法 Download PDF

Info

Publication number
WO2019015539A1
WO2019015539A1 PCT/CN2018/095700 CN2018095700W WO2019015539A1 WO 2019015539 A1 WO2019015539 A1 WO 2019015539A1 CN 2018095700 W CN2018095700 W CN 2018095700W WO 2019015539 A1 WO2019015539 A1 WO 2019015539A1
Authority
WO
WIPO (PCT)
Prior art keywords
form data
role
operation authority
authorization
authorized person
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/095700
Other languages
English (en)
French (fr)
Chinese (zh)
Inventor
陈达志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Qianniucao Information Technology Co Ltd
Original Assignee
Chengdu Qianniucao Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to EA202090305A priority Critical patent/EA202090305A1/ru
Priority to EP18835429.4A priority patent/EP3657365A4/en
Priority to US16/631,359 priority patent/US11599656B2/en
Priority to BR112020000938-5A priority patent/BR112020000938A2/pt
Priority to CA3070011A priority patent/CA3070011A1/en
Priority to PE2020000072A priority patent/PE20200328A1/es
Priority to AU2018302991A priority patent/AU2018302991A1/en
Priority to MX2020000526A priority patent/MX2020000526A/es
Priority to KR1020207003240A priority patent/KR20200022494A/ko
Application filed by Chengdu Qianniucao Information Technology Co Ltd filed Critical Chengdu Qianniucao Information Technology Co Ltd
Priority to MYPI2020000209A priority patent/MY203858A/en
Priority to JP2020501265A priority patent/JP7231910B2/ja
Publication of WO2019015539A1 publication Critical patent/WO2019015539A1/zh
Priority to PH12020500090A priority patent/PH12020500090A1/en
Priority to CONC2020/0000430A priority patent/CO2020000430A2/es
Priority to ZA2020/00279A priority patent/ZA202000279B/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/0482Interaction with lists of selectable items, e.g. menus
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/166Editing, e.g. inserting or deleting
    • G06F40/174Form filling; Merging
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/105Human resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the invention relates to a method for authorizing authorization of form data operation authority such as ERP.
  • the control of the operation authority of the form data through the form is the basic authorization method of the system, but the entire form can only be authorized as a whole, and the specific operation of one (one or more) form data cannot be performed. Permission to authorize.
  • the form data refers to a certain range of data belonging to the form, and it is not required to determine whether the form field on the form has obtained the field value during authorization, and whether the form field obtains the field value and the authorization mode. None.
  • the traditional form authorization method can be implemented: Authorize Li Si to view (modify and delete) all customers in the electrical industry (such as 10,000 customers in the electrical industry, one of which is Haier Electric Company), and authorized Wang Wu to view ( Modify, delete) all customers in the construction industry (such as the construction industry has 5,000 customers, one of which is Haitian Construction Company).
  • Authorize Li Si to view (modify and delete) all customers in the electrical industry such as 10,000 customers in the electrical industry, one of which is Haier Electric Company
  • authorized Wang Wu to view ( Modify, delete) all customers in the construction industry such as the construction industry has 5,000 customers, one of which is Haitian Construction Company.
  • the traditional way of authorizing the form data operation authority through the form cannot be authorized only for Haier Electric or Haitian Construction Company, and there are certain limitations in authorization.
  • the traditional form authorization method cannot implement separate authorization for a specific piece (one or more) of form data. Once the form is granted permissions according to a rule, all data under the form that conforms to the rule is granted the right, the enterprise's Information security is worrying, which may cause some confidential form data of the enterprise to leak out, posing risks to the enterprise.
  • role-based access control is one of the most researched and matured database rights management mechanisms in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and autonomous access control (DAC). .
  • Traditional autonomous access control has high flexibility but low security. Forced access control is highly secure but too restrictive.
  • Role-based access control combines both ease of management and reduces the complexity, cost, and probability of errors. Therefore, it has been greatly developed in recent years.
  • the basic idea of role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and indirectly access database resources by being assigned different roles.
  • the role-based permission control mechanism can manage the access rights of the system simply and efficiently, which greatly reduces the burden and cost of the system rights management, and makes the system rights management more in line with the business management specifications of the application system.
  • the traditional role-based user rights management adopts the "role-to-user one-to-many" association mechanism, and the "role” is group/class nature, that is, one role can simultaneously correspond to/associate multiple users, and the role is similar to the post/
  • the concept of position/work type the authorization of user rights under this association mechanism is basically divided into the following three forms: 1. As shown in Figure 1, the user is authorized directly, the disadvantage is that the workload is large, the operation is frequent and troublesome; Employee changes (such as transfer, resignation, etc.), all the form operation rights involved in the employee must be adjusted accordingly, especially for company management personnel, the form permissions involved, the task of authority adjustment is large and complicated. It is easy to make mistakes or omissions, affecting the normal operation of the company and even causing unpredictable losses.
  • the role (class/group/post/work type) is authorized (a role can be associated with multiple users), the user obtains the permission through the role, and the approval operation subject is the group/class nature role; As shown in Figure 3, the above two methods are combined.
  • both 2 and 3 need to authorize the role of the class/group nature, and the way of authorization and workflow control through the role of class/group/post/work type has the following disadvantages: 1.
  • Difficulties in operation In the actual system use process, it is often necessary to adjust the user's authority during the operation process. For example, when dealing with employee permission changes, the employee rights associated with the role change, we cannot because of this Changes in employee permissions change the permissions of the entire role, because the role is also associated with other employees whose permissions have not changed. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements.
  • the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
  • the employee/user's form operation permissions change either the employee/user is removed from the role or the role is added to meet the job requirements.
  • the defect of the first method is the same as the above-mentioned "direct authorization to the user" method.
  • the new role involves the creation, association, and authorization of the role. Especially in the case of a large number of roles and a large number of users associated with the role, it is difficult to remember which users are associated with the role.
  • the object of the present invention is to overcome the deficiencies of the prior art, and provide a form data operation authority authorization method, which realizes separate authorization of specific form data operation authority and improves system management fineness.
  • a form data operation authority authorization method including a step of selecting form data, a step of selecting an authorized person, an operation authority authorization step, a step of selecting form data, and The order of selecting the authorized person is in no particular order; the step of selecting the form data: selecting one or more form data that requires authorization of the operation authority; the step of selecting the authorized person: selecting one or more of the required authorizations for the operation authority Authorizer; Operation Authority Authorization Step: Authorizes the selected licensee to perform the operation authority of the selected form data.
  • It also includes a step of authorizing the viewing and/or modifying permissions of the field values for each form field of each selected form data.
  • the operation authority authorization step includes the following two authorization methods: (1) performing operation authority authorization on each selected form data separately; and (2) authorizing operation authority on all selected form data as a whole.
  • the operation authority includes a combination of one or more of viewing, modifying, deleting, printing, and viewing rights of the associated information.
  • the authorized person includes a combination of one or more of a person, a user, a group/class nature role, and an independent individual nature role.
  • the authorized person is an independent individual character, and the independent individual nature role is different from the group/class nature role.
  • an independent individual nature role can only be associated with a unique user, and one user is associated with one or more independent individual nature roles. .
  • the independent individual role belongs to the department, the name of the role is unique under the department, the number of the role is unique in the system, the role is authorized according to the working content of the role, and the user obtains the right by the associated role.
  • a form data operation authority authorization method includes the following sequential steps: S1: selecting form data: the authorizer selects one or more form data that needs authorization for operation authority; S2: selects the authorized person: the authorizer selects one or more An authorized person who needs authorization for operation authority, the authorized authority of the authorized form should have less than or equal to the operation authority of the authorized person to the selected form data; S3: operation authority authorization step: for the selected The authorized person authorizes the operation authority of the selected form data.
  • a form data operation authority authorization method includes the following sequential steps: SS1: Step of selecting an authorized person: the authorized person selects one or more authorized persons who need to perform operation authority authorization; SS2: Step of selecting form data: Authorizer Select one or more form data that needs to be authorized for operation authority; the operation authority of the selected authorized person to the form data should be less than or equal to the authority of the authorized person to operate the form data; SS3: operation authority authorization step: Authorization of the selected licensee to authorize the operation of the selected form data.
  • the beneficial effects of the present invention are as follows: (1)
  • the present application can independently authorize one or more form data, for example, the operation authority can be authorized only for one customer of Haier Electric Appliance Co., Ltd., and the fineness of system management is improved, and is particularly suitable.
  • the operation authority can be authorized only for one customer of Haier Electric Appliance Co., Ltd.
  • the fineness of system management is improved, and is particularly suitable.
  • it is beneficial to protect the confidential form data of the enterprise from being leaked and meet the actual use requirements of the enterprise.
  • the application directly authorizes the form data, and the required fields on the form of the form data must have a value, which is specific data that has been created, such as "Haier Electric Company"; and the traditional basic authorization is for the customer
  • the form is authorized, not for a specific customer or customers, and this application is for specific customers such as Haier Electric Company.
  • sales department has sales staff Li Si, Wang Wu, Zhao Liu, sales manager is Zhang San; traditional form through the form (customer form) on the form data operation permissions (view, modify, delete, print, export)
  • the result is: Li Si is responsible for the customers in the electrical industry, and its operation authority is to view (one of the customers in the electrical industry is Haier Electric), and Wang Wu is responsible for the customers in the construction industry. Modification and deletion (one of the customers in the construction industry is Haitian Construction Company), Zhao Six is responsible for customers in the chemical industry, and its operation authority is for viewing; Zhang San is responsible for customers in the electrical and construction industries, and its operation authority is to view, modify, Delete, print.
  • the traditional method can not see the form data of all customers in an industry for the licensee, or the form data of one customer in the industry can not be seen, and it is impossible to separately control an authorized person to Haier Electric Company and Haitian Construction Company.
  • the operation permission of a specific piece of form data can not see the form data of all customers in an industry for the licensee, or the form data of one customer in the industry can not be seen, and it is impossible to separately control an authorized person to Haier Electric Company and Haitian Construction Company. The operation permission of a specific piece of form data.
  • Li Si can see all customers in the electrical industry, but he is not allowed to see Haier Electric Company.
  • Wang Wu does not see all customers in the construction industry, but allows See Haitian Construction Company.
  • the licensor of this application can be either a system setup person or a department head with certain form data operation authority.
  • the department head can authorize the authorized person whose authority is less than or equal to him according to the operation authority he has.
  • the operation facilitates the department head to authorize and control the form data according to the needs, so that the middle-level leaders of the enterprise can perform the management work and meet the actual needs of the enterprise.
  • Zhang San the sales manager, considered that the salesperson Zhao Liu had served as a manager at Haier Electric Co., Ltd., which facilitated sales negotiations. Therefore, he wanted Zhao Six to be responsible for the customer.
  • Zhang San wanted to delegate the customer of Haier Electric to Zhao Six.
  • Zhang San only authorized Zhao Liu to have the authority to view and modify the data of Haier Electric Appliance Co., Ltd., and other employees do not have these rights.
  • Zhang San has the right to view, modify, delete and print the customer of Haier Electric Appliance Co., Ltd., and Zhao Six does not have any authority for the customer. He can choose Zhao Liu as the authorized person; when authorized, Zhang San is shown to the customer.
  • the operation permission item "View, Modify, Delete, Print” because Zhao Liu does not have any operation authority for the customer of Haier Electric Appliance Co., Ltd., the "View, Modify, Delete, Print” displayed is not selected; Zhang San can be One or some or all of the permission options in "View, Modify, Delete, Print” are authorized to Zhao Six.
  • Sales manager Zhang San wants to authorize Haier Electric Company's customer to Li Si (I don't want Li Si to have any operational authority for the customer, because Zhang San has let Zhao Liuquan take charge of the customer), Zhang San to Haier Electric Co., Ltd.
  • the customer has the right to view, modify, delete and print, and Li Si has “View” for the customer, and can choose Li Si as the authorized person; when authorized, it displays the operation permission item of Zhang San for the customer “View and modify” , delete, print", because Li Si has the "View” operation permission for the customer, the "View” item in the "View, Modify, Delete, Print” displayed is selected; Zhang San will display the "View” The “View” selected in “Modify, Delete, Print” is changed to “Unchecked”. After the authorization is saved, Li Si will no longer have any authority for Haier Electric Company.
  • Zhang San can not authorize the control of customers in the chemical industry, because Zhang San does not have any operating authority for customers in the chemical industry.
  • the application can separately authorize the viewing and/or modification authority of the field value of each form field of each selected form data, and can realize the separate authorization of the operation authority of the form field value, thereby further improving the system management. accuracy.
  • the role of the application is a one-to-one relationship to the user.
  • One role can only be associated with a unique user at the same time, and one user is associated with one or more roles.
  • Permissions that is, users gain access to their associated roles
  • the role's permission changes are much less than the user permissions in the traditional mechanism.
  • the number of roles of the nature of the independent body is small. Although the employee turnover is large, the change of the post number/station number is small (even if there is no change in a certain period of time, that is, the role does not change), This will greatly simplify the user's rights management and reduce the overhead of the system.
  • the operation of dynamic management, on-the-job adjustment, etc. is simple and convenient, high in efficiency and high in reliability: the application of the entry/departure/adjustment in the authority management is simple, and the user/user does not need to reset the authority when the user/user changes, the user only You need to cancel or associate the role: the user who is no longer in the role cancels the role association, and the user who takes the role is associated with the role of the post number. The user associated with the role automatically obtains the related tasks and operations of the role.
  • the traditional authority management mechanism defines roles as groups, types of work, classes, etc.
  • the role is a one-to-many relationship with the user. In the actual system use process, the user rights are often required in the operation process. Adjustments, for example, when the employee permissions are changed, the permissions of an employee associated with the role change. We cannot change the permissions of the entire role because of the change of the individual employee permissions, because the role is also associated with other permissions. Staff. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements.
  • the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
  • the role since the role is an independent individual, the role permission can be changed to achieve the goal.
  • the method of the present application seems to increase the workload when the system is initialized, it can be made by copying or the like to make the role or authorization more efficient than the traditional group/class nature, because the group/class role is not considered.
  • the application scheme will make the permission setting clear and clear; especially after the system is used for a period of time (the user/role authority changes dynamically), the application scheme can greatly improve the system usage for the system user.
  • the efficiency of the rights management makes the dynamic authorization simpler, more convenient, clearer and clearer, and improves the efficiency and reliability of the permission setting.
  • the traditional group/class role authorization method is error-prone, and the method of the present application greatly reduces the probability of authorization error, because the method of the present application only needs to consider the role as an independent individual, without considering the traditional method to associate the role of the group. What are the commonalities of multiple users? Even if the authorization error occurs, it only affects the user associated with the role, while the traditional group-based role affects all users associated with the role. Even if a permission authorization error occurs, the correction method of the present application is simple and short, and the traditional group-type role needs to consider the commonality of all users associated with the role when correcting the error, and not only the modification when there are many function points. Troublesome, complicated, very error-prone, and in many cases only new roles can be created.
  • the method of the present application is as follows: the transferred user associates several roles.
  • the user When adjusting the post, the user is first unlinked from the role in the original department (the canceled roles can be re-associated to other users), and then Associate users with roles in the new department. The operation is simple and will not go wrong.
  • FIG. 1 is a schematic diagram of a manner in which a system directly authorizes a user in the background art
  • FIG. 2 is a schematic diagram of a manner in which a system authorizes a group/class role in the background art
  • FIG. 3 is a schematic diagram of a manner in which a system directly authorizes a user and authorizes a group/class role role in the background art
  • FIG. 4 is a schematic diagram of a manner in which a system authorizes a user through an independent individual role
  • Figure 5 is a schematic diagram of the authorization of the existing form authorization method according to the customer industry
  • FIG. 6 is a schematic diagram of form data authorization for a plurality of authorized persons according to the present invention.
  • Figure 7 is a schematic diagram of the invention of the invention by the supervisor of the workshop, Zhao Liu, for the individual authorized person - Zhang San;
  • FIG. 8 is a schematic diagram of the invention of the invention by the supervisor of the workshop, Zhao Liu, for a single authorized person-Hu seven;
  • FIG. 9 is a schematic diagram showing the common operation authority of Zhang San and Hu Qi when authorized by the present invention.
  • FIG. 10 is a schematic diagram showing the operation authority of each form data of Zhang San and Hu Qi according to the authorization of the present invention.
  • This application is authorized for the operation of the form data, and the difference between authorizing the form is that when the form is authorized, it refers to the authorization of the operation authority of the entire form of a form, for example: authorization of the contract form, its operation Authorization of permissions will cover all contracts; and in the form, each field has no specific field value (ie, when the form is authorized, whether the form has corresponding form data does not affect the authorized operation of the form authorization; for example, when authorizing the contract form, Whether the specific contract data/contract has been created in the system does not affect the authorization operation of the contract form authorization; or there is no specific contract, you can also authorize the contract form).
  • authorizing form data refers to the authorization of a certain piece of data of a form, for example, the authorization of the sales contract of Vanke Real Estate Company in the contract form, and the authorization of the operation authority is limited to the data of this form.
  • the field value of at least one field in each field is required, that is, at least one field of the form data has a field value.
  • the traditional form authorization method can be done: Authorize Li Si to view (modify and delete) all customers in the electrical industry (for example, there are 10,000 customers in the electrical industry, one of which is Haier Electric Company), and the authorized Wang Wu can view (modify, Delete) All customers in the construction industry (such as 5,000 customers in the construction industry, one of which is Haitian Construction Company).
  • the traditional way of authorizing the form data operation authority through the form cannot be authorized only for Haier Electric or Haitian Construction Company, and there are certain limitations in authorization.
  • the sales department has sales staff Li Si, Wang Wu, Zhao Liu, and the sales manager is Zhang San; the traditional permission to manipulate the form data through the form (customer form) (add, view, modify, After deleting, printing, and exporting, the result is: Li Si is responsible for the customers in the electrical industry, and its operation authority is new, view (one of the customers in the electrical industry is Haier Electric Company), and Wang Wu is responsible for the construction.
  • the customers in the industry have the operation authority to add, view, modify and delete (one of the customers in the construction industry is Haitian Construction Company), and Zhao Six is responsible for the customers in the chemical industry.
  • the operation authority is new and view; Zhang San Responsible for customers in the electrical and construction industries, their operation rights are new, view, modify, delete, and print.
  • the traditional method for the authorized person can either see the form data of all the customers in an industry, or the form data of one customer in the industry can not be seen, and it is impossible to separately control an authorized person to Haier Electric Company and Haitian Construction Company ( The operation permission of a specific form data).
  • a form data operation authority authorization method includes a step of selecting form data, a step of selecting an authorized person, and an operation authority authorization step, a step of selecting form data, and a step of selecting a licensee. Steps: Select form data: Select one or more form data that requires authorization for operation authority; select the authorized person: select one or more authorized persons who need authorization for operation authority; operation authority authorization steps: Authorization of the selected licensee to perform the operational rights of the selected form data.
  • the form data operation authority authorization method also includes a step of authorizing the viewing and/or modification rights of the field values of each form field of each selected form data.
  • the operation authority authorization step includes the following two authorization methods: (1) performing operation authority authorization for each selected form data; and (2) operating all selected form data as a whole.
  • Authorization permission check the operation permission item (in the box in the figure, that is, "view" column name).
  • the operation authority includes a combination of one or more of viewing, modifying, deleting, printing, and viewing rights of the associated information.
  • the authorized person includes a combination of one or more of a person, a user, a group/class nature role, and an independent individual nature role.
  • the authorized person of the present application is an independent individual character, and the independent individual nature role is different from the group/class nature role, and an independent individual nature role can only be associated with a unique user in the same period.
  • a user associates one or more independent individual nature roles.
  • the independent individual role belongs to the department, the name of the role is unique under the department, the number of the role is unique in the system, the role is authorized according to the working content of the role, and the user obtains the right by the associated role.
  • the user moves across departments, the user is first associated with the role in the original department, and then the user is associated with the role in the new department.
  • the following is an analysis of the advantages of the user's form data operation authority authorization method through the independent individual role: the user determines (acquires) the right through the association with the role, and if the user's permission is to be modified, the role has the authority In order to achieve the purpose of changing the permissions of the user associated with the role. Once a user associates a role, that user has all the operational privileges for that role.
  • the relationship of the role (independent individual role) to the user is one-to-one (when the role is associated with one user, other users can no longer associate the role; if the role is not associated with the user, it can be selected by other users; At the same time, a character can and can only be associated with one user).
  • a user's relationship to a role is one-to-many (one user can associate multiple roles at the same time).
  • Role definition The role does not have the nature of group/class/category/post/job/work, but a non-collection nature, the role is unique, the role is an independent independent entity; in the enterprise application is equivalent Job number (The job number here is not a post, one post may have multiple employees at the same time, and one job number can only correspond to one employee at the same time).
  • a company system can create the following roles: general manager, deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
  • general manager deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
  • Zhang San serves as the company's deputy general manager 2, and also serves as a sales manager in Beijing, then Zhang The three roles to be associated are Deputy General Manager 2 and Beijing Sales Manager. Zhang San has the rights to these two roles.
  • roles are group/class/post/position/work type, and one role can correspond to multiple users.
  • the concept of "role" in this application is equivalent to the post number/station number, and is similar to the role in the film and television drama: a character can only be played by one actor at the same time (childhood, juvenile, middle-aged). And an actor may be decorated with multiple angles.
  • the role After the role is created, you can associate the role in the process of creating the user, or you can associate it at any time after the user is created. After the user associates the role, the relationship with the role can be released at any time, and the relationship with other roles can be established at any time.
  • the composition of the character is: post name + post number.
  • workshop production workers 1, workshop production workers 2, workshop production workers 3... roles are independent individuals, equivalent to the concept of job number and station number, different from the role in the traditional authority management system, the concept of role in the traditional system It is the group/class nature of the position/position/work type.
  • the following example shows the relationship between employees, users and roles after the employee Zhang San enters a company: 1. New entry: The employee is newly hired, and directly associates the role of the corresponding job number/station number for the user (employee). Yes, for example: Zhang San joined the company (the company assigned a three-user for Zhang San), the job content is in the sales department, responsible for the sales of refrigerator products in Beijing area (the corresponding role is to sell the sales engineer under the 5 "This role", Zhang San users directly select the "sales engineer 5" role association.
  • Zhang also arranged for Zhang San to be responsible for the sales of regional TV products in Beijing (the corresponding role is to sell the role of “Sales Engineer 8” under the Ministry of Sales) and concurrently as the head of the after-sales department (corresponding to the after-sales department)
  • the three users added the roles of “sales engineer 8” under the sales department and “sales department supervisor 1” under the after-sales department.
  • Zhang San employees associated three roles, respectively.
  • Zhang San users have the authority of these three roles.
  • Zhang San serves as the post-sales manager (corresponding to the role of “after-sales manager” in the after-sales department) and no longer take up other jobs. Then Zhang San user is associated with the role of “after-sales manager” in the after-sales department, and cancels the three roles previously associated (Sales Engineer 5 under Sales, Sales Engineer 8 and “After Sales Manager 1” under the after-sales department) At this time, Zhang San users only have the authority of the role of “after-sales manager” under the after-sales department.
  • This application authorizes the role of the nature of the post number/station number, and the user determines the (acquired) authority by associating the role, and the control of the user authority is realized by a simple user-role relationship. It makes the permission control simple, easy to operate, clear and clear, and greatly improves the authorization efficiency and authorization reliability.
  • a form data operation authority authorization method includes the following sequential steps: S1: Select form data: the authorizer selects one or more form data requiring authorization authority to operate; S2: Select authorized person: Authorizer Selecting one or more authorized persons who need to perform operation authority authorization, and the authorized person's operation authority on the selected form data should be less than or equal to the authorized authority's operation authority on the selected form data; S3: operation authority authorization Step: Authorize the selected authorized person to perform the operational rights of the selected form data.
  • the viewing and/or modifying rights of the field values of each form field of each selected form data can be separately authorized, and for the same selected form data, the authorized person has each of the form data
  • the operational authority of the field value of the form field shall be less than or equal to the operational authority of the authorizer for the field value of each form field of the piece of form data.
  • the licensor of this application can be either a system setup person or a department head with certain form data operation authority.
  • the department head can authorize the authorized person whose authority is less than or equal to his authorized operation according to the operation authority he has.
  • the department heads authorize and control the form data according to the needs, which is convenient for the middle-level leaders of the enterprise to perform management work, in line with the actual needs of the enterprise.
  • Zhang San the sales manager, considered that the salesperson Zhao Liu had served as a manager at Haier Electric Co., Ltd., which facilitated sales negotiations. Therefore, he wanted Zhao Six to be responsible for the customer.
  • Zhang San wanted to delegate the customer of Haier Electric to Zhao Six.
  • Zhang San only authorized Zhao Liu to have the authority to view and modify the data of Haier Electric Appliance Co., Ltd., and other employees do not have these rights.
  • Zhang San has the right to view, modify, delete and print the customer of Haier Electric Appliance Co., Ltd., and Zhao Six does not have any authority for the customer. He can choose Zhao Liu as the authorized person; when authorized, Zhang San is shown to the customer.
  • the operation permission item "View, Modify, Delete, Print” because Zhao Liu does not have any operation authority for the customer of Haier Electric Appliance Co., Ltd., the "View, Modify, Delete, Print” displayed is not selected; Zhang San can be One or some or all of the permission options in "View, Modify, Delete, Print” are authorized to Zhao Six.
  • Sales manager Zhang San wants to authorize Haier Electric Company's customer to Li Si (I don't want Li Si to have any operational authority for the customer, because Zhang San has let Zhao Liuquan take charge of the customer), Zhang San to Haier Electric Co., Ltd.
  • the customer has the right to view, modify, delete and print, and Li Si has “View” for the customer, and can choose Li Si as the authorized person; when authorized, it displays the operation permission item of Zhang San for the customer “View and modify” , delete, print", because Li Si has the "View” operation permission for the customer, the "View” item in the "View, Modify, Delete, Print” displayed is selected; Zhang San will display the "View” The “View” selected in “Modify, Delete, Print” is changed to “Unchecked”. After the authorization is saved, Li Si will no longer have any authority for Haier Electric Company.
  • Zhang San can not authorize the control of customers in the chemical industry, because Zhang San does not have any operating authority for customers in the chemical industry.
  • a form data operation authority authorization method includes the following sequential steps: SS1: Step of selecting an authorized person: the authorized person selects one or more authorized persons who need to perform operation authority authorization; SS2: Select form data Step: the licensor selects one or more form data that needs authorization for operation authority; the operation authority of the selected authorized person to the form data should be less than or equal to the authority of the licensor to operate the form data; SS3: operation Authority Authorization Step: Authorizes the selected licensee to perform the operation rights of the selected form data.
  • the authorized authority A's operation authority for the form data should be superimposed by the operation authority granted by each licensor. (As long as there is an licensor granting the licensor certain operational rights to the form data, the licensor will eventually have the privilege). For example, a licensor grants A permission to operate on a form data to be modified/cannot be deleted/printable, and another licensor grants A permission to operate the form data cannot be modified/can be deleted/cannot be printed, then authorized The final operation authority of the A data for the form is: can be modified / can be deleted / can print.
  • Zhao Six has “View, “Haier Electric Company” Modify, print” permissions.
  • the authorized person is selected first, and then the data is selected: Zhang San selects the authorized person Li Si, Wang Wu, Zhao Liu, and Zhang San can select any one or more customers in the electrical appliance and construction industry (because Zhang San The operating authority of customers in the electrical and construction industries is greater than the operating authority of any one of Li Si, Wang Wu and Zhao Liu. Zhang San can also choose other operating rights greater than or equal to Li Si, Wang Wu and Zhao Liu.
  • Form data (such as contract, order form data, Zhang San at least have the contract, the order view of the order data).
  • the system can control the operation authority of the “data authorization”.
  • the control method includes: when the authorization authority of the form is authorized, only the authorized person is authorized to operate the “data authorization” operation right of the form, The authorized person can authorize the form data with authority in the form data corresponding to the form that has “data authorization”.
  • Zhang San authorized the operation authority of the “data authorization” of the customer form
  • Zhang San can authorize the form data (electrical appliances, customers in the construction industry) that he has permission, although Zhang
  • Zhang The third is the manager of the sales department, but it does not have the authority of customers in the chemical industry, so it is not possible to authorize data for customers in the chemical industry.
  • the authorization priority of the form data is higher than the authorization of the form: when the form data authorized by the form includes the form data of the authorization mode of the application, the data of the type is executed with the authorization authority of the application.
  • Zhang San has authorized the customer form in the form of form authorization (authorized to view and modify the authority), after authorization, Zhang San is authorized to include customer A; in the manner of this application, Zhang Sanye
  • the authorization for the client A is authorized (authorization is to view, modify, and delete the authority); then the operation authority of the data of the customer A is performed by the authority authorized by the application, that is, the client A can view, modify, and delete.
  • Zhang San has authorized the customer form in the form of form authorization (authorized to view and modify the authority)
  • the authorization Zhang San is authorized to include customer A; in the manner of this application, Zhang San is also carried out.
  • Authorization of customer A one authority is not authorized, that is, the authorization cannot be viewed, modified, etc.
  • the operation authority of Zhang San to customer A is executed with the authority authorized by this application, that is, the customer A cannot Make any changes such as viewing changes.
  • the licensor may cancel the authorization in the manner of the present application, and the data involved in the cancellation of the authorization is no longer controlled by the authorization method of the application: the licensor may cancel the authorization of the client A in the manner of the application, when authorized After canceling the authorization for the customer A to Zhang San in this application mode (ie, canceling the authorization that has been previously authorized), Zhang San operates the customer A with the authority authorized by the form (because there is no The authorization of the application method controls the operation of the client A), that is, the permission of Zhang San to the customer A is viewed and modified.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Resources & Organizations (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Data Mining & Analysis (AREA)
  • General Business, Economics & Management (AREA)
  • Human Computer Interaction (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Computing Systems (AREA)
  • Artificial Intelligence (AREA)
  • Computational Linguistics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)
PCT/CN2018/095700 2017-07-16 2018-07-13 一种表单数据操作权限授权方法 Ceased WO2019015539A1 (zh)

Priority Applications (14)

Application Number Priority Date Filing Date Title
KR1020207003240A KR20200022494A (ko) 2017-07-16 2018-07-13 폼 데이터 조작 권한 부여 방법
US16/631,359 US11599656B2 (en) 2017-07-16 2018-07-13 Method for authorizing form data operation authority
BR112020000938-5A BR112020000938A2 (pt) 2017-07-16 2018-07-13 método para autorizar a autoridade de operação de dados de formulários
CA3070011A CA3070011A1 (en) 2017-07-16 2018-07-13 Method for authorizing form data operation authority
PE2020000072A PE20200328A1 (es) 2017-07-16 2018-07-13 Metodo para autorizar permisos de operacion de datos de formulario
AU2018302991A AU2018302991A1 (en) 2017-07-16 2018-07-13 Method for authorizing form data operation authority
MX2020000526A MX2020000526A (es) 2017-07-16 2018-07-13 Metodo para autorizar permisos de operacion de datos de formulario.
EA202090305A EA202090305A1 (ru) 2017-07-16 2018-07-13 Способ предоставления прав на операции с данными формы
MYPI2020000209A MY203858A (en) 2017-07-16 2018-07-13 Method for authorizing form data operation authority
EP18835429.4A EP3657365A4 (en) 2017-07-16 2018-07-13 FORM DATA PROCESSING AUTHORIZATION PROCESS
JP2020501265A JP7231910B2 (ja) 2017-07-16 2018-07-13 フォームデータの操作権限を承認する方法
PH12020500090A PH12020500090A1 (en) 2017-07-16 2020-01-10 Method for authorizing form data operation authority
CONC2020/0000430A CO2020000430A2 (es) 2017-07-16 2020-01-15 Método para autorizar permisos de operación de datos de formulario
ZA2020/00279A ZA202000279B (en) 2017-07-16 2020-01-15 Method for authorizing form data operation authority

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710578153.8 2017-07-16
CN201710578153.8A CN107330307A (zh) 2017-07-16 2017-07-16 一种表单数据操作权限授权方法

Publications (1)

Publication Number Publication Date
WO2019015539A1 true WO2019015539A1 (zh) 2019-01-24

Family

ID=60227420

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/095700 Ceased WO2019015539A1 (zh) 2017-07-16 2018-07-13 一种表单数据操作权限授权方法

Country Status (16)

Country Link
US (1) US11599656B2 (https=)
EP (1) EP3657365A4 (https=)
JP (1) JP7231910B2 (https=)
KR (1) KR20200022494A (https=)
CN (2) CN107330307A (https=)
AU (1) AU2018302991A1 (https=)
BR (1) BR112020000938A2 (https=)
CA (1) CA3070011A1 (https=)
CO (1) CO2020000430A2 (https=)
EA (1) EA202090305A1 (https=)
MX (1) MX2020000526A (https=)
MY (1) MY203858A (https=)
PE (1) PE20200328A1 (https=)
PH (1) PH12020500090A1 (https=)
WO (1) WO2019015539A1 (https=)
ZA (1) ZA202000279B (https=)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107358093A (zh) * 2017-07-11 2017-11-17 成都牵牛草信息技术有限公司 通过第三方字段对表单字段的字段值进行授权的方法
CN107330307A (zh) * 2017-07-16 2017-11-07 成都牵牛草信息技术有限公司 一种表单数据操作权限授权方法
CN109977697A (zh) * 2019-04-03 2019-07-05 陕西医链区块链集团有限公司 一种区块链的数据授权方法
CN110059127B (zh) * 2019-04-25 2022-03-22 北京字节跳动网络技术有限公司 一种支付工具信息的处理方法和处理系统
CN110427750A (zh) * 2019-07-23 2019-11-08 武汉宏途科技有限公司 一种通过权限组合方式进行表单权限控制的方法及系统
CN110569667B (zh) * 2019-09-10 2022-03-15 北京字节跳动网络技术有限公司 一种访问控制方法、装置、计算机设备及存储介质
CN111415264A (zh) * 2020-04-10 2020-07-14 信钛速保(厦门)信息科技有限公司 一种保险管理系统及保险单据操作授权方法
CN113986857A (zh) * 2021-10-27 2022-01-28 重庆允成互联网科技有限公司 一种跨企业协同功能数据处理方法

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101075254A (zh) * 2007-06-08 2007-11-21 北京神舟航天软件技术有限公司 数据库表行级数据的自主访问控制方法
CN101673375A (zh) * 2009-09-25 2010-03-17 金蝶软件(中国)有限公司 一种工资系统数据授权的方法及系统
US20130007851A1 (en) * 2006-11-27 2013-01-03 Therap Services, Llc Method and System for Managing Secure Sharing of Private Information Across Security Domains Using an Authorization Profile
CN106570406A (zh) * 2016-10-27 2017-04-19 深圳前海微众银行股份有限公司 数据级权限配置方法及装置
CN106599718A (zh) * 2016-12-09 2017-04-26 中国人民银行清算总中心 信息访问权限的控制方法及装置
CN107330307A (zh) * 2017-07-16 2017-11-07 成都牵牛草信息技术有限公司 一种表单数据操作权限授权方法

Family Cites Families (63)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0697662B1 (en) * 1994-08-15 2001-05-30 International Business Machines Corporation Method and system for advanced role-based access control in distributed and centralized computer systems
US5613012A (en) * 1994-11-28 1997-03-18 Smarttouch, Llc. Tokenless identification system for authorization of electronic transactions and electronic transmissions
JP2001118009A (ja) * 1999-10-18 2001-04-27 Internatl Business Mach Corp <Ibm> 電子帳票の取得方法、電子帳票システム、電子帳票を取得するプログラムを格納した記憶媒体
EP1132808A1 (en) * 2000-01-04 2001-09-12 Océ-Technologies B.V. Method and system for submitting jobs to a reproduction center
AU782518B2 (en) * 2000-01-07 2005-08-04 International Business Machines Corporation A method for inter-enterprise role-based authorization
WO2001088661A2 (en) * 2000-05-16 2001-11-22 U.S. Army Medical Research And Material Command System and method for providing access to forms and maintaining the data used to complete the forms
US20020026592A1 (en) * 2000-06-16 2002-02-28 Vdg, Inc. Method for automatic permission management in role-based access control systems
US7039606B2 (en) * 2001-03-23 2006-05-02 Restaurant Services, Inc. System, method and computer program product for contract consistency in a supply chain management framework
US20030074206A1 (en) * 2001-03-23 2003-04-17 Restaurant Services, Inc. System, method and computer program product for utilizing market demand information for generating revenue
CA2344074A1 (en) * 2001-04-17 2002-10-17 George Wesley Bradley Method and system for cross-platform form creation and deployment
US20040006594A1 (en) * 2001-11-27 2004-01-08 Ftf Technologies Inc. Data access control techniques using roles and permissions
US7703021B1 (en) * 2002-05-24 2010-04-20 Sparta Systems, Inc. Defining user access in highly-configurable systems
US7234064B2 (en) * 2002-08-16 2007-06-19 Hx Technologies, Inc. Methods and systems for managing patient authorizations relating to digital medical data
US7735144B2 (en) * 2003-05-16 2010-06-08 Adobe Systems Incorporated Document modification detection and prevention
US7734999B2 (en) * 2005-01-03 2010-06-08 Emergis Inc. System and method for providing forms on a user interface
US20070011496A1 (en) * 2005-07-06 2007-01-11 Caterpillar Inc. Method and system for design and analysis of fastened joints
US8166404B2 (en) * 2005-10-04 2012-04-24 Disney Enterprises, Inc. System and/or method for authentication and/or authorization
US8429708B1 (en) * 2006-06-23 2013-04-23 Sanjay Tandon Method and system for assessing cumulative access entitlements of an entity in a system
US20090025063A1 (en) * 2007-07-18 2009-01-22 Novell, Inc. Role-based access control for redacted content
US20090259578A1 (en) * 2008-04-09 2009-10-15 Visa U.S.A. Inc. Customer exclusive data
US20090292546A1 (en) * 2008-05-20 2009-11-26 Aleixo Jeffrey A Human Resources Employment Method
US8676683B1 (en) * 2008-05-29 2014-03-18 Bank Of America Corporation Business transaction facilitation system
US8275870B2 (en) * 2008-08-12 2012-09-25 Olive Interactive, LLC Internet identity graph and social graph management system and method
JP2010067064A (ja) * 2008-09-11 2010-03-25 Konica Minolta Business Technologies Inc 情報処理装置
US20100251092A1 (en) * 2009-03-25 2010-09-30 Sun Jun-Shi Method and System for Processing Fixed Format Forms Online
WO2010128358A1 (en) * 2009-05-06 2010-11-11 Grigory Levit Permissions verification method and system
US8402266B2 (en) * 2009-06-01 2013-03-19 Microsoft Corporation Extensible role-based access control model for services
US8332917B2 (en) * 2009-12-29 2012-12-11 International Business Machines Corporation Providing secure dynamic role selection and managing privileged user access from a client device
US20110231322A1 (en) * 2010-03-16 2011-09-22 Copyright Clearance Center, Inc. Automated rules-based rights resolution
JP5538981B2 (ja) * 2010-03-31 2014-07-02 キヤノン株式会社 帳票生成装置、帳票生成装置の制御方法、プログラム
US20120036263A1 (en) * 2010-05-21 2012-02-09 Open Subnet Inc. System and Method for Monitoring and Controlling Access to Web Content
US8381285B2 (en) * 2010-06-25 2013-02-19 Sap Ag Systems and methods for generating constraints for use in access control
JP5681939B2 (ja) 2011-06-08 2015-03-11 株式会社Pfu 帳票提供装置、帳票提供方法、及びプログラム
US20120323717A1 (en) * 2011-06-16 2012-12-20 OneID, Inc. Method and system for determining authentication levels in transactions
WO2013058846A1 (en) * 2011-10-18 2013-04-25 Dotloop, Llc Systems, methods and apparatus for form building
US9002890B2 (en) * 2012-03-14 2015-04-07 International Business Machines Corporation Rule-based access control list management
US8867741B2 (en) * 2012-04-13 2014-10-21 Xerox Corporation Mobile field level encryption of private documents
US10447737B2 (en) * 2012-07-03 2019-10-15 Salesforce.Com, Inc. Delegating administration rights using application containers
WO2014018614A2 (en) * 2012-07-27 2014-01-30 Safelyfiled.Com, Llc System for the unified organization, secure storage and secure retrieval of digital and paper documents
CN102902767A (zh) 2012-09-25 2013-01-30 北京科东电力控制系统有限责任公司 一种表格快速搭建的方法及系统
US9679264B2 (en) * 2012-11-06 2017-06-13 Oracle International Corporation Role discovery using privilege cluster analysis
US20150106736A1 (en) * 2013-10-15 2015-04-16 Salesforce.Com, Inc. Role-based presentation of user interface
US20150120591A1 (en) * 2013-10-31 2015-04-30 Avaya Inc. Unified control of employee access to employer communications systems during periods of employee furlough
US9613359B2 (en) * 2014-02-18 2017-04-04 San Diego Gas & Electric Company Distribution interconnection information systems and methods
US9886565B2 (en) * 2014-06-20 2018-02-06 Microsoft Technology Licensing, Llc User-specific visualization of display elements
US11176267B2 (en) * 2015-02-24 2021-11-16 International Business Machines Corporation Fine-grained user control over usages of sensitive system resources having private data with applications in privacy enforcement
EP3062260B1 (en) * 2015-02-27 2017-05-31 Sap Se A method for controlling access to electronic documents using locks
CN104715341A (zh) 2015-03-30 2015-06-17 中国联合网络通信集团有限公司 一种权限分配方法及装置
US9705931B1 (en) * 2016-07-13 2017-07-11 Lifetrack Medical Systems Inc. Managing permissions
JP7224288B2 (ja) * 2017-01-11 2023-02-17 マジック リープ, インコーポレイテッド 医療アシスタント
CN107146072A (zh) * 2017-05-16 2017-09-08 成都牵牛草信息技术有限公司 基于表单字段的工作流审批节点设置审批角色的方法
CN107169365A (zh) * 2017-05-16 2017-09-15 成都牵牛草信息技术有限公司 工作流及其审批节点的表单字段操作权限的设定方法
CN107292588A (zh) * 2017-07-01 2017-10-24 成都牵牛草信息技术有限公司 根据表单字段值对表单操作权限进行分别授权的方法
CN107330344A (zh) * 2017-07-01 2017-11-07 成都牵牛草信息技术有限公司 一种表单的关联信息授权方法
CN107301336A (zh) * 2017-07-04 2017-10-27 成都牵牛草信息技术有限公司 基于表单时间性质字段的表单授权方法
CN107315931A (zh) * 2017-07-05 2017-11-03 成都牵牛草信息技术有限公司 表单字段值操作权限授权方法
CN107357882A (zh) * 2017-07-10 2017-11-17 成都牵牛草信息技术有限公司 基于依据字段设置审批流程的方法
CN107358093A (zh) * 2017-07-11 2017-11-17 成都牵牛草信息技术有限公司 通过第三方字段对表单字段的字段值进行授权的方法
CN107340951A (zh) * 2017-07-13 2017-11-10 成都牵牛草信息技术有限公司 基于角色获取的表单数据的授权方法
CN107480557A (zh) * 2017-08-07 2017-12-15 成都牵牛草信息技术有限公司 显示所有系统使用者当前权限状态的授权方法
US20190050587A1 (en) * 2017-08-08 2019-02-14 Adobe Systems Incorporated Generating electronic agreements with multiple contributors
CN107392499A (zh) * 2017-08-10 2017-11-24 成都牵牛草信息技术有限公司 对使用者进行审批流程及其审批节点授权的方法
US10681095B1 (en) * 2018-01-17 2020-06-09 Sure Market, LLC Distributed messaging communication system integrated with a cross-entity collaboration platform

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130007851A1 (en) * 2006-11-27 2013-01-03 Therap Services, Llc Method and System for Managing Secure Sharing of Private Information Across Security Domains Using an Authorization Profile
CN101075254A (zh) * 2007-06-08 2007-11-21 北京神舟航天软件技术有限公司 数据库表行级数据的自主访问控制方法
CN101673375A (zh) * 2009-09-25 2010-03-17 金蝶软件(中国)有限公司 一种工资系统数据授权的方法及系统
CN106570406A (zh) * 2016-10-27 2017-04-19 深圳前海微众银行股份有限公司 数据级权限配置方法及装置
CN106599718A (zh) * 2016-12-09 2017-04-26 中国人民银行清算总中心 信息访问权限的控制方法及装置
CN107330307A (zh) * 2017-07-16 2017-11-07 成都牵牛草信息技术有限公司 一种表单数据操作权限授权方法

Also Published As

Publication number Publication date
CN109032459A (zh) 2018-12-18
EP3657365A4 (en) 2021-04-28
CN109032459B (zh) 2022-01-25
PH12020500090A1 (en) 2020-09-14
KR20200022494A (ko) 2020-03-03
US20200218820A1 (en) 2020-07-09
PE20200328A1 (es) 2020-02-13
US11599656B2 (en) 2023-03-07
EP3657365A1 (en) 2020-05-27
JP2020528603A (ja) 2020-09-24
CA3070011A1 (en) 2019-01-24
CO2020000430A2 (es) 2020-04-24
BR112020000938A2 (pt) 2020-07-21
MY203858A (en) 2024-07-22
MX2020000526A (es) 2020-12-03
AU2018302991A1 (en) 2020-02-27
JP7231910B2 (ja) 2023-03-02
EA202090305A1 (ru) 2020-05-12
CN107330307A (zh) 2017-11-07
ZA202000279B (en) 2021-02-24

Similar Documents

Publication Publication Date Title
JP7540660B2 (ja) フォームフィールド値の操作権限承認方法
WO2019015539A1 (zh) 一种表单数据操作权限授权方法
CN108764833B (zh) 工作流审批节点按部门设置审批角色的方法
WO2018196876A1 (zh) 基于角色对用户一对一的工作流控制方法和系统
WO2018224024A1 (zh) 工作流审批节点高效审批方法
JP7318894B2 (ja) 統計列表の操作権限の承認方法
WO2019007292A1 (zh) 基于角色的表单操作权限授权方法
WO2018210245A1 (zh) 工作流及其审批节点的表单字段操作权限的设定方法
WO2018210248A1 (zh) 基于表单字段的工作流审批节点设置审批角色的方法
WO2018214889A1 (zh) 基于会签的审批节点在审批流程中的设置方法
WO2019011220A1 (zh) 基于依据字段设置审批流程的方法
WO2018205942A1 (zh) 工作流审批节点按部门级别设置审批角色的方法
WO2018214890A1 (zh) 工作流审批节点按角色设置审批角色的方法
JP7504384B2 (ja) フォームフィールド値によりフォーム操作権限をそれぞれ与える方法
WO2018214828A1 (zh) 基于投票的审批节点在审批流程中的设置方法
WO2018192557A1 (zh) 基于角色对用户的一对一的权限授权方法和系统
JP7329218B2 (ja) 第三者フィールドを介してフォームフィールドのフィールド値を承認する方法
WO2019015656A1 (zh) 一种系统派工方法
WO2019029502A1 (zh) 系统中对授权操作者进行授权的方法
WO2018205940A1 (zh) 基于角色对用户的一对一的组织结构图生成及应用方法
WO2018224023A1 (zh) 系统中员工登录其账户后的权限显示方法
WO2019034023A1 (zh) 审批者针对审批任务征询参考意见的方法
WO2019011162A1 (zh) 快捷功能设置方法
WO2019029500A1 (zh) 基于列值对统计列表操作权限进行分别授权的方法
WO2019001322A1 (zh) 基于角色的菜单授权方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18835429

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020501265

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: DZP2020000015

Country of ref document: DZ

ENP Entry into the national phase

Ref document number: 3070011

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: NC2020/0000430

Country of ref document: CO

NENP Non-entry into the national phase

Ref country code: DE

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112020000938

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 20207003240

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2018835429

Country of ref document: EP

Effective date: 20200217

ENP Entry into the national phase

Ref document number: 2018302991

Country of ref document: AU

Date of ref document: 20180713

Kind code of ref document: A

WWP Wipo information: published in national office

Ref document number: NC2020/0000430

Country of ref document: CO

ENP Entry into the national phase

Ref document number: 112020000938

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20200115

WWW Wipo information: withdrawn in national office

Ref document number: 2018835429

Country of ref document: EP

WWC Wipo information: continuation of processing after refusal or withdrawal

Ref document number: 202090305

Country of ref document: EA

WWW Wipo information: withdrawn in national office

Ref document number: 202090305

Country of ref document: EA