WO2019019980A1

WO2019019980A1 - Forum management method

Info

Publication number: WO2019019980A1
Application number: PCT/CN2018/096712
Authority: WO
Inventors: 陈达志
Original assignee: 成都牵牛草信息技术有限公司
Priority date: 2017-07-24
Filing date: 2018-07-23
Publication date: 2019-01-31
Also published as: CN108959628A; CN107451792A

Abstract

A forum management method comprises the following steps: creating system roles, the roles being independent individuals rather than a group/class; setting forum sections, a forum comprising one or more forum sections; setting participating roles/management roles in each forum section, and setting permissions of the participating roles/management roles in the forum section; and associating users with roles in a system. The users use the forum according to the permissions of the associated roles of the users in the forum; one role can be only associated with a unique user in a same period; and one user is associated with one or more roles. Permissions in the forum sections are assigned to the roles; an employee obtains a corresponding permission thereof in the forum by means of the roles associated with the corresponding user; when an employee leaves or transfers a position, seamless connection can be achieved without lag or omission of the forum permission setting; the normal visit of the employee to the forum is not affected, and the risk of confidential information leakage is avoided.

Description

Forum management method

Technical field

The invention relates to a forum management method.

Background technique

Role-based access control (RBAC) is one of the most researched and matured database rights management mechanisms in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and autonomous access control (DAC). Traditional autonomous access control has high flexibility but low security. Forced access control is highly secure but too restrictive. Role-based access control combines both ease of management and reduces the complexity, cost, and probability of errors. Therefore, it has been greatly developed in recent years. The basic idea of role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and indirectly access database resources by being assigned different roles.

A large number of tables and views are often built in large application systems, which makes the management and authorization of database resources very complicated. It is very difficult for the user to directly manage the access and permissions of the database resources. It requires the user to have a very thorough understanding of the database structure and is familiar with the use of the SQL language, and once the application system structure or security requirements have changed, To carry out a large number of complex and cumbersome authorization changes, it is very easy to have some security vulnerabilities caused by unexpected authorization errors. Therefore, designing a simple and efficient rights management method for large-scale application systems has become a common requirement for system and system users.

The role-based permission control mechanism can manage the access rights of the system simply and efficiently, which greatly reduces the burden and cost of the system rights management, and makes the system rights management more in line with the business management specifications of the application system.

However, the traditional role-based user rights management adopts the "role-to-user one-to-many" association mechanism, and the "role" is group/class nature, that is, one role can simultaneously correspond to/associate multiple users, and the role is similar to the post/ The concept of position/work type, the authorization of user rights under this association mechanism is basically divided into the following three forms: 1. As shown in Figure 1, the user is authorized directly, the disadvantage is that the workload is large, the operation is frequent and troublesome; Employee changes (such as transfer, resignation, etc.), all the form operation rights involved in the employee must be adjusted accordingly, especially for company management personnel, the form permissions involved, the task of authority adjustment is large and complicated. It is easy to make mistakes or omissions, affecting the normal operation of the company and even causing unpredictable losses.

2. As shown in Figure 2, the role (class/group/post/work type) is authorized (a role can be associated with multiple users), the user obtains the permission through the role, and the approval operation subject is the group/class nature role; As shown in Figure 3, the above two methods are combined.

In the above expressions, both 2 and 3 need to authorize the role of the class/group nature, and the way of authorization through the role of class/group/post/work type has the following disadvantages: 1. The operation when the user rights change is difficult: In the actual system use process, it is often necessary to adjust the user's authority during the operation process. For example, when the employee permission changes, the employee rights associated with the role change, we cannot change the individual employee rights. And change the permissions of the entire role, because the role is also associated with other employees whose permissions have not changed. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements. The above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.

When the employee/user's form operation permissions change, either the employee/user is removed from the role or the role is added to meet the job requirements. The defect of the first method is the same as the above-mentioned "direct authorization to the user" method. In the second way, the new role involves the creation, association, and authorization of the role. Especially in the case of a large number of roles and a large number of users associated with the role, it is difficult to remember which users are associated with the role.

2. It is difficult to remember the specific permissions contained in the role for a long time: if the role has more permission functions, it will be difficult to remember the specific permissions of the roles, and it is more difficult to remember the difference in permissions between the roles with similar permissions. The permissions of a role are also easily confused; if you want to associate a new user, you cannot accurately determine how the association should be selected.

3, because the user permissions change, it will cause more and more role creation (if you do not create a new role, it will greatly increase the authorization of the user directly), it is more difficult to distinguish the specific differences of the roles of each role.

4. When adjusting the post, if you want to assign a lot of rights of the transferred users to other users, you must separate the rights of the transferred users and create roles to associate with others. Users, such an operation is not only complicated and time consuming, but also prone to errors.

In terms of the management of the internal forums in the system, the forums should be divided into sections, each section should limit the participants. If the participants are not restricted, the company's sensitive information is likely to be leaked. For example, there are sales section, production section, after-sales section, financial section, R&D section, company strategy section, crisis topic section, etc. in the forum. If the company's strategic section posts can be seen, the company's trade secrets are discussed in the forum. It is likely to be leaked, as well as financial secrets, core technology secrets, and so on.

The traditional system has three modes for the management of forum users: (1) directly set the permissions of forum participants and administrators (people, users): For companies with a large number of employees, the frequency of transfer and entry is high, each time Both the transfer and the entry of the post need to set the authority of the employees in the forum, the operation is frequent, the workload is large, and it is easy to make mistakes. Especially fatal is: if the privilege or omission of the forum's permission is set, it will affect the normal use of the employee in the forum, and on the other hand may lead to the leakage of the company's confidential information, causing unpredictable losses to the enterprise. For example, Zhang San is now doing research and development, authorizing the viewing and deletion permission of the R&D section posts in the forum, but after a while it is transferred to do sales. If he does not modify his forum permissions in time, it will affect Zhang San’s normal access to the sales section. On the other hand, Zhang San is still able to view and delete posts in the R&D section, which may result in leaks or malicious operations. When employees are newly hired, if they do not set forum permissions for them in a timely manner, it will affect the new employees' understanding or study of the company and their jobs, which may affect the work.

(2) Authorization of work type: It is impossible to realize fine control of authority, which may lead to information leakage. For example, authorization for sales type, if there is a sales forum of aircraft business department, sales forum of furniture business department in one system, etc. Seeing the above two forum sections, the salesperson of the furniture division of the sales category can also see the sales forum of the aircraft division. Obviously, this cannot meet the needs of the enterprise for the authority management of the forum, and there is still the risk of leakage of confidential information.

(3) Authorization by department: It is not applicable to certain specific situations, which may lead to information leakage. For example, there may be multiple types of work in various departments, such as sales engineers, sales engineers, clerk preparing materials, etc. Assembly workers, test workers, etc., if authorized by the department, will result in the same authority of the different types of staff in the forum section, which may easily lead to information leakage; in addition, the department includes the general staff and department heads of the department, if only wants to let each The department head of the department participates in a certain section, and this method cannot be realized at all.

If the setting manager is directly set as a person: Zhang San is now engaged in sales management work, and is responsible for the management of the sales section (Zhang Sanren, the moderator of the sales section). Now Zhang San is transferred to production, and should let another person To replace Zhang San's management of the sales section; if not set up in time, Zhang San can still see the company's subsequent sales or market information in the forum section, and there is a risk of leakage of confidential information. On the other hand, if the moderator needs to review the newly posted post in the sales section, because Zhang San has been transferred from the position and he is no longer responsible, then it may be considered unnecessary to review the post to be reviewed in the sales section, which will lead to review. Posts cannot be reviewed in a timely manner. Even if the new moderator takes over the management of the section, it is not possible to review the previously submitted pending posts because the audit task is in Zhang San. If the reviewer adopts an independent individual role, the previously submitted review task of the pending post is automatically received by the corresponding employee (new moderator) of the user associated with the management role, and is reviewed by the new moderator.

technical problem

The object of the present invention is to overcome the deficiencies of the prior art, and to provide a forum management method, which assigns the rights in the forum section to the role, and the employee obtains the corresponding authority in the forum through the corresponding user-associated role. If the system administrator (or the corresponding administrator) directly cancels the association between the user and the role of the employee, the employee who has left the forum automatically loses access to any section of the forum, thereby avoiding the risk of disclosure of confidential information of the enterprise; The system administrator (or the corresponding administrator) directly cancels the association between the employee and the original role, and then associates the new role to automatically obtain the rights of the new role in the forum, which enables seamless docking and ensures the user's forum section. Permissions are updated in a timely manner, there will be no lag or omission in the setting of forum permissions, which will not affect the normal access of employees to the forum, and also avoid the risk of disclosure of confidential information; for forum administrators, it is only necessary to set up roles in the early stage. Forum permissions, no longer need to perform any operations when employees leave or adjust their posts. Large reduces board staff (or system administrator / corresponding administrator) workload.

Technical solution

The object of the present invention is achieved by the following technical solution: a forum management method, comprising the steps of: creating a system role, the role is an independent individual, not a group/class; setting a forum section, the forum contains one or more Forum section; set the participation role of each forum section, and set the permissions of the participating roles in the forum section; associate the users and roles in the system with each other, and the user uses the forum according to the permissions of the associated roles in the forum, one role at the same time Only unique users can be associated, and one user is associated with one or more roles. The Create System Role step and the Set Forum Section step are in no particular order. In addition, the step "Associate users and roles in the system" step is after the Create System Role step.

The rights of the participating characters in the forum section include a combination of any one or more of the right to view posts/posts posted by others in the forum section, the permission to post in the forum section, and the permission to reply within the forum section. .

The role belongs to the department. The name of the role is unique under the department. The number of the role is unique in the system, and the role is authorized according to the work content of the role.

The forum management method further includes a step of managing the cross-department management of the user, which specifically includes: (1) canceling the association between the user and the role in the original department; (2) associating the user with the role in the new department, and the user automatically obtains the The appropriate permissions for the role in the forum.

One user corresponds to one employee, one employee corresponds to one user, and the employee determines (acquires) the authority through the role associated with the corresponding user; after the employee leaves the job, the user corresponding to the employee is frozen, and when the employee re-enters the employee, the employee is unfrozen. The user is the current user of the employee. The user cannot be the corresponding user of the employee while it is frozen.

The forum management method includes the following steps: creating a system role, the role is an independent individual, not a group/class; setting a forum section, the forum contains one or more forum sections; setting management roles of each forum section, setting management The administrative rights of the role in the forum section; the users and roles in the system are related to each other, and the users manage the forums in the forum according to their associated roles. One role can only be associated with a unique user at the same time, and one user is associated with one or Multiple roles. The Create System Role step and the Set Forum Section step are in no particular order. In addition, the step "Associate users and roles in the system" step is after the Create System Role step.

The management role includes a first-level management role, and the management rights of the first-level management role in the forum section include any one or more of the posted, modified, audited, and deleted permissions of the posted/reposted posts in the forum section. combination;

Or it also includes a secondary management role, which is used to supervise the management operations of the primary management role.

The management rights of the secondary management role in the forum section include the sealing and unblocking of the posted posts in the forum section. When the post is archived, all the posts of the post are also archived, and only the secondary management role can view the archived Post, after unblocking, restore to the state before the archive.

Each forum section has one or more first-level management roles, and each forum section has one or more secondary management roles.

The forum management method also includes a step of setting a posting approval pass rate, and when the posting in the management role review forum section is passed, the posting approval pass rate within the specified time = the number of people who have given the audit result and the audit result is passed / The total number of people who have given the results of the review. The method of review in the above expressions can also be the approval method.

Beneficial effect

The beneficial effects of the present invention are as follows: (1) The present invention assigns the authority in the forum section to the role, and the employee obtains the corresponding authority in the forum through the corresponding user-associated role, and the employee is directly removed by the system administrator (or The corresponding administrator) cancels the association between the user and the role of the employee, and the resigned employee automatically loses access to any section of the forum, thereby avoiding the risk of disclosure of confidential information of the enterprise; when the employee is transferred, the system administrator directly (or The corresponding administrator) cancels the association between the user corresponding to the original role and the new role, and then automatically obtains the rights of the new role in the forum, which enables seamless docking and ensures that the user's permissions on the forum section are updated in time. There will be no lag or omission in the setting of forum permissions, which will not affect the normal access of employees to the forum, and also avoid the risk of disclosure of confidential information; for forum administrators or system administrators (or corresponding administrators), In the early stage, the forum permission of the role is set, and it is no longer needed when the employee leaves or adjusts the post. Any operation (by the role of the association to achieve the switching of permissions in the employee forum), greatly reducing the workload of the forum administrator or system administrator (or the corresponding administrator).

Example of resignation: The forum administrators set the forum permission for the role of “production worker 1”: the ability to view posts and replies in the production section, and to post and reply in the production section, and the user association corresponding to employee Zhang San When the production worker 1”, Zhang San obtained the forum permission of the role. When Zhang San left, the system administrator (or the corresponding administrator) directly canceled the association between the user corresponding to Zhang San and the role of “production worker 1”. Zhang San automatically lost the right to access any section of the forum (previously, the corresponding user of Zhang San was only associated with “production worker 1”); when the new employee Li Si succeeded Zhang San’s work, he directly connected the user of Li Si. "Production Worker 1", Li Si automatically obtained the forum permission of the role of "production worker 1", no need to re-set the forum permissions for Li Si, the operation is simple and fast, greatly reducing the workload.

Example of transfer: The employee Zhang San should be transferred from the production department to the after-sales department. The system administrator (or the corresponding administrator) cancels the association between the user corresponding to Zhang San and the original character “production worker 1”, and then links to the new after-sales department. The role of "after-sales service personnel 3", Zhang San automatically obtained the forum authority of the role of "after-sales service personnel 3".

(2) The system has two levels of management roles (primary and secondary are just a management-level representation, and can also be expressed in other ways), and the first-level management role (moderator) posts, posts, etc. View, modify, review and delete. The secondary management role (super moderator) is generally set as the top management or top management or boss of the management. It is easy to understand the overall situation of the forum. The role is: 1. Facilitate the management to understand and collect information. 2, can play a positive guiding role on the forum posting, reply attitude and content; 3, fair, timely supervision, prompt forum forum moderators to be fair, responsible and serious in the review. Why do you have a moderator to set up a super moderator, the super moderator is generally the top or the highest level, which is more of a need for supervision, and will not go to specific operations, such as deleting posts, etc. are operated by the moderator (further You can also set the super moderator to have some or all of the permissions of the moderator in addition to the specific permissions.

Posting generally requires moderator review and confirmation before posting successfully, which helps to improve the quality of posts in the forum. If there are too many posts with low quality, it will not only waste the participants' viewing time, but also affect the participants' willingness to participate.

The secondary management role has the operation authority of sealing and unsealing. For the posts that record important sensitive information, on the one hand, it needs to be retained and cannot be deleted. On the other hand, it cannot be seen by ordinary forum users. The secondary management role can be used for such posts. After the storage, only the secondary management role can see the content of this post, and meet the hard management needs of such special posts in the business process.

(3) Posting review is basically a function that all forums have. However, in the prior art, if the moderator delays giving the review opinion of the post, the post cannot obtain the approval result and cannot complete the posting, and the posting review is delayed. cycle.

This application limits the audit period to the specified time, and calculates the audit pass rate during this period. If the pass rate reaches the set standard, the audit will pass. If the pass rate does not meet the set criteria, the audit will not pass, which greatly shortens the post review. The cycle has improved the efficiency of forum management.

(4) The role of the application is a one-to-one relationship to the user. One role can only be associated with a unique user at the same time, and one user is associated with one or more roles. The advantage of this is that as long as the user is associated with the role, Permissions (that is, users gain access to their associated roles), and the role's permission changes are much less than the user permissions in the traditional mechanism. The number of roles of the nature of the independent body (the nature of the post number/station number) is small. Although the employee turnover is large, the change of the post number/station number is small (even if there is no change in a certain period of time, that is, the role does not change), This will greatly simplify the user's rights management and reduce the overhead of the system.

(5) The operation of dynamic management, on-the-job adjustment, etc. is simple and convenient, high efficiency, high reliability: the application of the entry/departure/adjustment in the authority management is simple, and the user/user does not need to reset the permission when the user/user changes, the user only You need to cancel or associate the role: the user who is no longer in the role cancels the role association, and the user who takes the role is associated with the role of the post number. The user associated with the role automatically obtains the related tasks and operations of the role. Permissions, without the need to re-authorize roles, greatly improve the efficiency, security and reliability of system settings.

For example: due to Zhang San’s resignation or transfer, Zhang San will no longer work as a “buyer 3”, and Zhang will cancel the association with “Purchaser 3”; Li Si will take over as “Purchaser”. 3" The role of this role, only need to associate Li Si with the role, then Li Si automatically obtained the authority and task of the "Purchaser 3" role.

(6) The traditional authority management mechanism defines roles as groups, types of work, classes, etc. The role is a one-to-many relationship with the user. In the actual system use process, the user's authority is often required in the operation process. Adjustments, for example, when the employee permissions are changed, the permissions of an employee associated with the role change. We cannot change the permissions of the entire role because of the change of the individual employee permissions, because the role is also associated with other permissions. Staff. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements. The above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.

However, under the method of the present application, since the role is an independent individual, the role permission can be changed to achieve the goal. Although the method of the present application seems to increase the workload when the system is initialized, it can be made by copying or the like to make the role or authorization more efficient than the traditional group/class nature, because the group/class role is not considered. In the commonality of the related users, the application scheme will make the permission setting clear and clear; especially after the system is used for a period of time (the user/role authority changes dynamically), the application scheme can greatly improve the system usage for the system user. The efficiency of the rights management makes the dynamic authorization simpler, more convenient, clearer and clearer, and improves the efficiency and reliability of the permission setting.

(7) The traditional group/class role authorization method is error-prone, and the method of the present application greatly reduces the probability of authorization error, because the method of the present application only needs to consider the role as an independent individual, without considering the traditional method to associate the role of the group. What are the commonalities of multiple users? Even if the authorization error occurs, it only affects the user associated with the role, while the traditional group-based role affects all users associated with the role. Even if a permission authorization error occurs, the correction method of the present application is simple and short, and the traditional group-type role needs to consider the commonality of all users associated with the role when correcting the error, and not only the modification when there are many function points. Troublesome, complicated, very error-prone, and in many cases only new roles can be created.

(8) Under the traditional group-based role authorization method, if the role has more privilege function points, it takes a long time to remember the specific privilege of the role, and it is more difficult to remember the privilege difference between the roles with similar privilege. If you want to associate a new user, you cannot accurately determine how to select the association. The role of the method of the present application itself has the nature of the job number/station number, and the choice is clear at a glance.

(9) When adjusting the post, if you want to assign a lot of rights of the transferred users to other users, you must separate the rights of the transferred users and create roles to associate with others. Users, such an operation is not only complicated and time consuming, but also prone to errors.

The method of the present application is as follows: the transferred user associates several roles. When adjusting the post, the user is first unlinked from the role in the original department (the canceled roles can be re-associated to other users), and then Associate users with roles in the new department. The operation is simple and will not go wrong.

DRAWINGS

1 is a schematic diagram of a manner in which a system directly authorizes a user in the background art;

2 is a schematic diagram of a manner in which a system authorizes a group/class role in the background art;

3 is a schematic diagram of a manner in which a system directly authorizes a user and authorizes a group/class role role in the background art;

4 is a schematic diagram of a manner in which a system authorizes a user through an independent individual role;

FIG. 5 is a flowchart of setting a forum forum to participate in a role according to the present invention; FIG.

FIG. 6 is a flowchart of setting a forum section management role according to the present invention.

Embodiments of the invention

The technical solution of the present invention will be described in further detail below with reference to the accompanying drawings, but the scope of protection of the present invention is not limited to the following.

[Embodiment 1] As shown in FIG. 5, the forum management method includes the following steps: creating a system role, the role is an independent individual, not a group/class; setting a forum section/category, the forum contains one or more Forum section/category; set the participation role for each forum section/category (you can set one or more participating roles), and set the permissions of the participating roles in the forum section/category (you can set the participating roles together in the forum section together or separately Permissions; the permissions of the participating characters in the forum section/category include viewing rights to posts/replies posted by others in the forum section/category, permissions to post in forum sections/categories, and postings in forum sections/categories Permissions.

The users and roles in the system are related to each other, and the user uses the forum according to the rights of the associated roles in the forum. As shown in FIG. 4, one role can only associate with a unique user, and one user associates one or more roles. One user corresponds to one employee, one employee corresponds to one user, and the employee determines (acquires) permission through the role associated with the corresponding user.

Posts participating in the discussion of the role will record the following information: post content, post time, post role, employee corresponding to the user associated with the role, and so on.

Participating roles can view content related to their authorized forum sections.

In this embodiment, the authority in the forum section is assigned to the role, and the employee obtains the corresponding authority in the forum through the corresponding user-associated role. When the employee leaves the company, the system administrator (or the corresponding administrator) directly cancels the corresponding employee. If the user is associated with the role, the retired employee automatically loses access to any section of the forum, avoiding the risk of disclosure of confidential information; when the employee is transferred, the system administrator (or the corresponding administrator) directly cancels the corresponding employee. The user's association with the original role, and then associated with the new role, can automatically obtain the permissions of the new role in the forum, can achieve seamless docking, ensure that the user's permissions on the forum section are updated in a timely manner, there will be no lag in the forum permission settings Or omission, will not affect the normal access of employees to the forum, but also avoid the risk of leakage of confidential information; for forum administrators or system administrators (or corresponding administrators), you only need to set the forum permissions of the role in the early stage. In the event of employee turnover or transfer, no longer need to perform any operations, greatly reducing the theory Manager or system administrator (or the corresponding administrator) workload.

Example of resignation: The forum administrators set the forum permission for the role of “production worker 1”: the ability to view posts and replies in the production section, and to post and reply in the production section, and the user association corresponding to employee Zhang San When the production worker 1”, Zhang San obtained the forum permission of the role. When Zhang San left, the system administrator (or the corresponding administrator) directly canceled the association between the user corresponding to Zhang San and the role of “production worker 1”. Zhang San automatically lost the right to access any section of the forum; when the new employee Li Si succeeded Zhang San’s work, he directly asked Li Si’s user to associate “production worker 1”, and Li Si automatically obtained “production worker 1”. "The forum permission of this role, no need to re-set the forum permissions for Li Si, the operation is simple and fast, greatly reducing the workload.

[Embodiment 2] As shown in FIG. 5, the forum management method includes the following steps: creating a system role, the role is an independent individual, not a group/class; setting a forum section/category, the forum contains one or more Forum section/category; set the forum section/category that the role can participate in, and set the permissions of the participating role in the forum section; the permissions of the participating role in the forum section include the permission to view posts/posts of others in the forum section. , the permission to post in the forum section, the permission to reply within the forum section.

The users and roles in the system are related to each other. The user uses the forum according to the permissions of the associated roles in the forum. In the same period, one role can only associate with a unique user, and one user associates one or more roles, and one user corresponds to one employee. An employee corresponds to a user, and the employee determines (acquires) the authority through the role associated with the corresponding user.

In this embodiment, the role belongs to the department, the name of the role is unique under the department, the number of the role is unique in the system, and the role is authorized according to the work content of the role.

If the user needs to adjust the posts across departments, it also includes a user cross-department management process, which includes: (1) canceling the association between the user and the role in the original department; and (2) associating the user with the role in the new department. The user automatically gets the appropriate permissions for the role in the forum.

[Embodiment 3] As shown in FIG. 6, the forum management method includes the following steps: creating a system role, the role is an independent individual, not a group/class; setting a forum section, the forum includes one or more forum sections Set management roles for each forum section, set management rights of management roles in the forum section; associate users and roles in the system, users can manage forums in the forum according to their associated roles, and one role can only be used in the same period Associate a unique user, and a user associates one or more roles.

In this embodiment, the management role includes a first-level management role (moderator) and a second-level management role (super moderator), and the moderator's management rights in the forum section include posts/posts posted in the forum section. View, modify, review, and delete permissions; the super moderator is used to supervise the management operations of the first-level management roles. The secondary management role can be one or more selected from the primary management role, or other roles can be directly set to the secondary management role (super moderator).

The system has two levels of management roles. The first-level management role (moderator) modifies, reviews, and deletes postings and replies to the section. The secondary management role (super moderator) is generally set to the top management or top management of the management. Layer or boss, easy to understand the overall situation of the forum, the role is: 1, easy for managers to understand, gather information; 2, can play a positive role in the forum posting, reply attitude and content; 3, fair, can be timely Supervising, making the forum section moderators fair, responsible and serious in the review. Why do you have a moderator to set up a super moderator, the super moderator is generally a high-level or top-level, which is more of a supervisory need, and will not (not) go to specific operations, such as deleting posts, etc. are all by the moderator operating.

[Embodiment 4] As shown in FIG. 6, the forum management method includes the following steps: creating a system role, the role is an independent individual, not a group/class; setting a forum section, the forum includes one or more forum sections Set which roles can be the management role of the forum section, set the management rights of the management role in the forum section; associate the users and roles in the system, and the users manage the forums in the forum according to their associated roles, one at the same time A role can only be associated with a unique user, and a user is associated with one or more roles.

In this embodiment, the management role includes a first-level management role (moderator) and a second-level management role (super moderator), and the moderator's management rights in the forum section include posts/posts posted in the forum section. View, modify, review, and delete permissions; the super moderator is used to supervise the management operations of the first-level management roles.

The management rights of the secondary management role in the forum section include the sealing and unblocking of the posted posts in the forum section. When the post is archived, all the posts of the post are also archived, and only the secondary management role can view the archived Post, after unblocking, restore to the state before the archive. The secondary management role has the operation authority of sealing and unsealing. For the posts that record important sensitive information, on the one hand, it needs to be retained and cannot be deleted. On the other hand, it cannot be seen by ordinary forum users. The secondary management role can be used for such posts. After the storage, only the secondary management role can see the content of this post, and meet the hard management needs of such special posts in the business process.

[Embodiment 5] As shown in FIG. 6, the forum management method includes the following steps: creating a system role, the role is an independent individual, not a group/class; setting a forum section, the forum includes one or more forum sections Set which roles can be the management role of the forum section, set the management rights of the management role in the forum section; associate the users and roles in the system, and the users manage the forums in the forum according to their associated roles, one at the same time A role can only be associated with a unique user, and a user is associated with one or more roles.

In the process of reviewing the post, it also includes a step of setting the posting approval pass rate. When the posting in the management role auditing forum section is passed, the specified time period can be defined by the specified time period. The number of people who have given the results of the audit and the results of the audit are the total number of people who have given the results of the audit.

Posting review is basically a function that all forums have. However, in the prior art, if the moderator delays giving the review comments of the post, the post cannot obtain the approval result and cannot complete the posting, which lengthens the period of posting review.

In the above embodiment, as shown in FIG. 4, the forum participants and managers of the present application are independent individual roles, and the following analysis is performed on the advantages of authorizing the user through the independent individual role: the user through the role and the role The association determines (acquires) permissions. If you want to modify the permissions of a user, you can adjust the permissions owned by the role to achieve the purpose of changing the permissions of the user associated with the role. Once a user associates a role, that user has all the operational privileges for that role.

The role of the role to the user is one-to-one (when the role is associated with a user, other users can no longer associate the role; if the role is not associated with the user, it can be selected by other users; that is, a role can be And can only be associated by one user). A user's relationship to a role is one-to-many (one user can associate multiple roles at the same time).

Role definition: The role does not have the nature of group/class/category/post/job/work, but a non-collection nature, the role is unique, the role is an independent independent entity; in the enterprise application is equivalent Job number (The job number here is not a post, one post may have multiple employees at the same time, and one job number can only correspond to one employee at the same time).

For example: a company system can create the following roles: general manager, deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5... User-role relationship: If the company employee Zhang San serves as the company's deputy general manager 2, and also serves as a sales manager in Beijing, then Zhang The three roles to be associated are Deputy General Manager 2 and Beijing Sales Manager. Zhang San has the rights to these two roles.

The concept of traditional roles is group/class/post/position/work type, and one role can correspond to multiple users. The concept of "role" in this application is equivalent to the post number/station number, and is similar to the role in the film and television drama: a character can only be played by one actor at the same time (childhood, juvenile, middle-aged...). And an actor may be decorated with multiple angles.

After the role is created, you can associate the role in the process of creating the user, or you can associate it at any time after the user is created. After the user associates the role, the relationship with the role can be released at any time, and the relationship with other roles can be established at any time.

The composition of the character is: post name + post number. For example: workshop production workers 1, workshop production workers 2, workshop production workers 3... roles are independent individuals, equivalent to the concept of job number and station number, different from the role in the traditional authority management system, the concept of role in the traditional system It is the group/class nature of the position/position/work type.

The following example shows the relationship between employees, users and roles after the employee Zhang San enters a company: 1. New entry: The employee is newly hired, and directly associates the role of the corresponding job number/station number for the user (employee). Yes, for example: Zhang San joined the company (the company assigned a three-user for Zhang San), the job content is in the sales department, responsible for the sales of refrigerator products in Beijing area (the corresponding role is to sell the sales engineer under the 5 "This role", Zhang San users directly select the "sales engineer 5" role association.

2. Adding positions: After working for a period of time, Zhang also arranged for Zhang San to be responsible for the sales of regional TV products in Beijing (the corresponding role is to sell the role of “Sales Engineer 8” under the Ministry of Sales) and concurrently as the head of the after-sales department (corresponding to the after-sales department) In the role of supervisor 1, the three users added the roles of “sales engineer 8” under the sales department and “sales department supervisor 1” under the after-sales department. At this time, Zhang San employees associated three roles, respectively. In order to sell a "sales engineer 5", "sales engineer 8" and "after-sales department supervisor 1" under the after-sales department, Zhang San users have the authority of these three roles.

3. Reducing the position: After a while, the company decided to let Zhang San serve as the post-sales manager (corresponding to the role of “after-sales manager” in the after-sales department) and no longer take up other jobs. Then Zhang San user is associated with the role of “after-sales manager” in the after-sales department, and cancels the three roles previously associated (Sales Engineer 5 under Sales, Sales Engineer 8 and “After Sales Manager 1” under the after-sales department) At this time, Zhang San users only have the authority of the role of “after-sales manager” under the after-sales department.

4, the adjustment of the role permissions (for the adjustment of the permissions of the role itself): If the company decides to increase the authority of the after-sales manager, then only need to increase the authorization of the role of the after-sales manager, then Zhang San users because of the after-sales department The authority of the manager has increased, and the permissions of Zhang San users have also increased.

5. Resignation: After one year, Zhang San resigned, and the relationship between Zhang San users and the post-sales department manager of the after-sales department can be cancelled.

For example: in the dynamic operation of the company, the entry and exit of the staff are often continued, but the change of the post number/station number is very small (even within a certain period of time).

Traditional authorization method: In the case of a large number of system functions, authorization in the traditional group/class role, not only the authorization workload is large, complicated, but also easy to make mistakes, even if it is wrong, it is not easy to find in a short time. It is easy to cause damage to the system user.

Authorization method of the present application: This application authorizes the role of the nature of the post number/station number, and the user determines the (acquired) authority by associating the role, and the control of the user authority is realized by a simple user-role relationship. It makes the permission control simple, easy to operate, clear and clear, and greatly improves the authorization efficiency and authorization reliability.

If necessary, a participant (one type of visitor) can be set up in the participant (participant of the section), and other system visitors can access the forum in addition to the employees of the system users associated with the set role. The forum can be used for external discussions, such as the customer forum module or the visitor forum module: allowing customers or any visitors to participate (the employees of the system users set up by the company can of course participate, and if the employees participate through the system users, they need to It is judged whether the role associated with the user corresponding to the employee has the right to participate. If the user is not directly involved in the system user, it is not necessary to determine whether the role associated with the user corresponding to the employee has the right to participate. Collect information from customers or visitors.

The above is only a preferred embodiment of the present invention, and it should be understood that the present invention is not limited to the forms disclosed herein, and is not to be construed as being limited to the other embodiments, but may be used in various other combinations, modifications and environments. Modifications can be made by the techniques or knowledge of the above teachings or related art within the scope of the teachings herein. All changes and modifications made by those skilled in the art are intended to be within the scope of the appended claims.

Claims

The forum management method is characterized in that it comprises the following steps:

Create system roles, which are independent individuals, not groups/classes;

Set up a forum section with one or more forum sections;

Set the participating roles for each forum section and set the permissions of the participating roles in the forum section;

The users and roles in the system are associated with each other. The user uses the forum according to the permissions of the associated roles in the forum. One role can only associate with a unique user, and one user associates one or more roles.
The forum management method according to claim 1, wherein the rights of the participating characters in the forum section include the right to view posts/posts posted by others in the forum section, the permission to post in the forum section, and the forum. A combination of any one or more of the permissions of the replies within the section.
The forum management method according to claim 1, wherein the role belongs to a department, the name of the role is unique under the department, the number of the role is unique in the system, and the role is performed according to the work content of the role. Authorization.
The forum management method according to claim 3, further comprising: a step of managing the inter-department management of the user, specifically comprising:

(1) cancel the association between the user and the role in the original department;

(2) Associate the user with the role in the new department, and the user automatically obtains the corresponding authority of the role in the forum.
The forum management method according to claim 1, wherein one user corresponds to one employee, one employee corresponds to one user, and the employee determines the authority through the role associated with the corresponding user.
The forum management method is characterized in that it comprises the following steps:

Create system roles, which are independent individuals, not groups/classes;

Set up a forum section with one or more forum sections;

Set the management role of each forum section, and set the administrative rights of the management role in the forum section;

The users and roles in the system are associated with each other. The user manages the forum according to the rights of the associated roles in the forum. In the same period, a role can only associate with a unique user, and one user associates one or more roles.
The forum management method according to claim 6, wherein the management role comprises a first-level management role, and the management rights of the first-level management role in the forum section include viewing of posted posts/replies in the forum section, Modify, review, and delete any combination of one or more of the permissions;

Or it also includes a secondary management role, which is used to supervise the management operations of the primary management role.
The forum management method according to claim 7, wherein the management rights of the secondary management role in the forum section include the sealing and unblocking of the posted posts in the forum section, and when the post is archived, all the posts are Reposts are also archived. Only the secondary management role can view the archived posts and revert to the state before the archive.
The forum management method according to claim 7, wherein each forum section has one or more first-level management roles, and each forum section has one or more secondary management roles.
The forum management method according to claim 9, further comprising the step of setting a posting approval pass rate, and when the posting in the management role audit forum section passes, the posting approval pass rate is within a specified time. The number of people who gave the results of the audit and the results of the audit are the total number of people who have given the results of the audit.