WO2019024899A1 - Method for supervising approval operations, authorization operations and form operations - Google Patents

Method for supervising approval operations, authorization operations and form operations Download PDF

Info

Publication number
WO2019024899A1
WO2019024899A1 PCT/CN2018/098373 CN2018098373W WO2019024899A1 WO 2019024899 A1 WO2019024899 A1 WO 2019024899A1 CN 2018098373 W CN2018098373 W CN 2018098373W WO 2019024899 A1 WO2019024899 A1 WO 2019024899A1
Authority
WO
WIPO (PCT)
Prior art keywords
role
roles
monitored
user
monitoring
Prior art date
Application number
PCT/CN2018/098373
Other languages
French (fr)
Chinese (zh)
Inventor
陈达志
Original Assignee
成都牵牛草信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 成都牵牛草信息技术有限公司 filed Critical 成都牵牛草信息技术有限公司
Publication of WO2019024899A1 publication Critical patent/WO2019024899A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06311Scheduling, planning or task assignment for a person or group
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06311Scheduling, planning or task assignment for a person or group
    • G06Q10/063114Status monitoring or status determination for a person or group
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06311Scheduling, planning or task assignment for a person or group
    • G06Q10/063116Schedule adjustment for a person or group
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Definitions

  • the invention relates to a method for monitoring approval operation, authorization operation and form operation in a management system such as ERP and CRM.
  • employee Zhang San is the production workshop director in the company and concurrently the director of the research and development department.
  • the work content is the authorized operation of the production workshop staff and the form operation of the R&D department.
  • Li Si can supervise all the work records of Zhang San, including the authorization operation record of the production workshop staff and the form operation record of the R&D department.
  • the traditional method cannot achieve dynamic management of monitoring and being monitored in business operations.
  • the traditional system directly monitors/monitors the user/employee. Once the supervisory authority is granted, the supervisor A can supervise the relevant work and operation records of the supervised user/employee; however, if there is a supervised employee B After leaving the job, the new employee C takes over the work of employee B. The employee C cannot automatically become the supervised object of supervisor A, and needs to reset C to become the supervised object of supervisor A.
  • the traditional method can not achieve the supervision of only certain post number/station number, or the operation record of a post number/station number is supervised by which post number/station number, no matter who is doing this position.
  • the work of the number/station number has a corresponding supervisor/supervised job number/station number.
  • Role-based access control is one of the most researched and matured database rights management mechanisms in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and autonomous access control (DAC). Traditional autonomous access control has high flexibility but low security. Forced access control is highly secure but too restrictive. Role-based access control combines both ease of management and reduces the complexity, cost, and probability of errors. Therefore, it has been greatly developed in recent years.
  • the basic idea of role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and indirectly access database resources by being assigned different roles.
  • the role-based permission control mechanism can manage the access rights of the system simply and efficiently, which greatly reduces the burden and cost of the system rights management, and makes the system rights management more in line with the business management specifications of the application system.
  • the traditional role-based user rights management adopts the "role-to-user one-to-many” association mechanism, and the "role” is group/class nature, that is, one role can simultaneously correspond to/associate multiple users, and the role is similar to the post/
  • the concept of position/work type the authorization of user rights under this association mechanism is basically divided into the following three forms: 1.
  • the role (class/group/post/work type) is authorized (a role can be associated with multiple users), the user obtains the permission through the role, and the authority authority is the group/class nature role; As shown in Figure 3, the above two methods are combined.
  • both 2 and 3 need to authorize the role of the class/group nature, and the way of authorization through the role of class/group/post/work type has the following disadvantages: 1.
  • the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
  • the employee/user's form operation permissions change either the employee/user is removed from the role or the role is added to meet the job requirements.
  • the defect of the first method is the same as the above-mentioned "direct authorization to the user" method.
  • the new role involves the creation, association, and authorization of the role. Especially in the case of a large number of roles and a large number of users associated with the role, it is difficult to remember which users are associated with the role.
  • a method for monitoring an approval operation comprising the following steps:
  • the role is an independent individual, not a group / class, a role can only be associated with a unique user, and a user is associated with one or more roles;
  • the role records the role of performing the approval operation when performing the approval operation (it may also be understood that the role/user associated with the role records the execution of the approval operation when performing the approval operation) The role and/or the user associated with the role), so that the system can find the operation of the monitored role for the monitoring role;
  • the supervisory role monitors the audit operation records performed by the monitored role, or the user associated with the supervisor role monitors the audit operation records performed by the user associated with the monitored role.
  • Steps (1) to (4) are sequentially performed, or steps (1), (3), (2), and (4) are sequentially performed, or steps (1), (3), and (4) are performed.
  • Step (2) is performed sequentially.
  • the role can only select one department. Once the role is selected, the role belongs to the department. The name of the role is unique under the department. The number of the role is unique in the system, according to the work content of the role. The role is authorized.
  • the method of checking the approval operation further includes a step of managing the management of the user across departments, including: (1) canceling the association between the user and the role in the original department; (2) associating the user with the role in the new department, the user automatically Obtain supervision or supervision of the role in the new department.
  • a method of monitoring authorized operations including the following steps:
  • the role is an independent individual, not a group / class, a role can only be associated with a unique user, and a user is associated with one or more roles;
  • the role records the role of performing the authorization operation when performing the authorization operation (it may also be understood that the role/user associated with the role records the execution of the authorization operation when performing the authorization operation) The role and/or the user associated with the role), so that the system can find the operation of the monitored role for the monitoring role;
  • the monitoring role monitors the authorized operation record performed by the monitored role, or the user associated with the monitoring role monitors the authorized operation record performed by the user associated with the monitored role.
  • Steps (1) to (4) are sequentially performed, or steps (1), (3), (2), and (4) are sequentially performed, or steps (1), (3), and (4) are performed.
  • Step (2) is performed sequentially.
  • the role can only select one department. Once the role is selected, the role belongs to the department. The name of the role is unique under the department. The number of the role is unique in the system, according to the work content of the role. The role is authorized.
  • the method for monitoring the authorization operation further includes a step of managing the cross-department management of the user, which includes: (1) canceling the association between the user and the role in the original department; (2) associating the user with the role in the new department, the user automatically Obtain supervision or supervision of the role in the new department.
  • a method of monitoring the operation of a form including the following steps:
  • the role is an independent individual, not a group / class, a role can only be associated with a unique user, and a user is associated with one or more roles;
  • the character records the role of performing the form operation when performing the form operation (it may also be understood that the character/the user associated with the role records the execution of the form operation when performing the form operation) The role and/or the user associated with the role), so that the system can find the operation of the monitored role for the monitoring role;
  • the monitoring role monitors the form operation record executed by the monitored role, or the user associated with the monitoring role monitors the form operation record executed by the user associated with the monitored role.
  • Steps (1) to (4) are sequentially performed, or steps (1), (3), (2), and (4) are sequentially performed, or steps (1), (3), and (4) are performed.
  • Step (2) is performed sequentially.
  • the beneficial effects of the present invention are as follows: (1)
  • the subject to be monitored and monitored by the present invention is an independent individual character, and the role has the nature of the post number/station number, and each of the roles requiring the monitoring authority is separately monitored. Set up, fine-tune authorization for monitoring and monitored authority to meet the actual operational needs of the enterprise.
  • the role of the user associated with Zhang San is: production workshop director 1, research and development department minister 1, the work content is the authorization operation of the production workshop staff, the R&D department form operation.
  • the role "Production Workshop Director 1" is set as the monitored role, and the supervisor role is set to "Deputy General Manager 1", and the employee corresponding to the "Deputy General Manager 1” is the employee of the production workshop.
  • the authorized operation record of the role is supervised (if: "The user associated with the supervisory role monitors the authorized operation record performed by the user associated with the monitored role", then the employee corresponding to the "deputy general manager 1" corresponds to the employee Wang Wuneng.
  • the production workshop director 1 supervises the authorized operation records of the user associated with this role; similarly, the role “R&D Department Minister 1” is set as the monitored role, and the supervisor role is set to "Deputy General Manager 3", then "Deputy Zhao Liuneng, the employee corresponding to the general manager 3's associated user, supervises the form operation record of the “R&D Department Minister 1” (if: “The user associated with the supervisory role monitors the form operation record executed by the user associated with the monitored role” The employee corresponding to the user of the "Deputy General Manager 3", Zhao Liuneng, supervises the form operation record of the user associated with the "R&D Department 1".
  • the invention realizes the switching and updating of the monitoring related authority through the association/disassociation of the user and the role when the employee leaves the job and adjusts the post, and can realize the seamless handover of the authority, and ensure that the user is monitored and the authority is monitored. Timely update, there will be no lag or omission of authority update, will not affect the normal operation of the enterprise, and also avoid the risk of leakage of confidential information.
  • Example of resignation the user associated role of the employee Zhang San “production worker 1”.
  • the system administrator or the corresponding administrator directly cancels the association between the user corresponding to Zhang San and the role of “production worker 1”.
  • Zhang San automatically lost the corresponding supervision and supervision authority of “production worker 1”, avoiding the delay in the transfer of supervision authority, which made Zhang San still have the supervision authority after leaving the company, resulting in the disclosure of relevant confidential information to Zhang San; the newly recruited employee Li Si succeeded Zhang San
  • the user corresponding to Li Si is directly associated with “production worker 1”, Li Si automatically obtains the supervision and supervision authority corresponding to the role of “production worker 1”, and no need to reset the monitoring and Monitoring authority, operation is simple and fast, greatly reducing the workload.
  • Example of transfer The employee Zhang San should be transferred from the production department to the after-sales department.
  • the system administrator (or the corresponding administrator) cancels the association between the user corresponding to Zhang San and the original character “production worker 1”, and then links to the new after-sales department.
  • the role of "after-sales service personnel 3", Zhang San automatically obtained the role of "after-sales service personnel 3" corresponding to the monitoring and monitoring authority.
  • the traditional approach cannot achieve dynamic management of monitoring and being monitored in business operations.
  • the traditional system directly monitors/monitors the user/employee.
  • the supervisor A can supervise the relevant operation records of the supervised user/employee; however, if a supervised employee B leaves the job The new employee C takes over the work of employee B.
  • the employee C cannot automatically become the supervised object of supervisor A. It needs to reset C to become the supervised object of supervisor A.
  • the role of the application is a one-to-one relationship to the user.
  • One role can only be associated with a unique user at the same time, and one user is associated with one or more roles.
  • Permissions that is, users gain access to their associated roles
  • the role's permission changes are much less than the user permissions in the traditional mechanism.
  • the number of roles of the nature of the independent body is small. Although the employee turnover is large, the change of the post number/station number is small (even if there is no change in a certain period of time, that is, the role does not change), This will greatly simplify the user's rights management and reduce the overhead of the system.
  • the operation of dynamic management, on-the-job adjustment, etc. is simple and convenient, high efficiency, high reliability: the application of the entry/departure/adjustment in the authority management is simple, and the user/user does not need to reset the permission when the user/user changes, the user only
  • the role needs to be canceled or associated the user who is no longer in the role cancels the role association, and the user who takes over the role is associated with the role of the role number.
  • the user associated with the role automatically obtains the monitoring of the role. Monitoring permissions eliminates the need to re-authorize roles, greatly improving the efficiency, security, and reliability of system setup.
  • Zhang San due to Zhang San’s resignation or transfer, Zhang San will no longer work as a “buyer 3”, and Zhang will cancel the association with “Purchaser 3”; Li Si will take over as “Purchaser”. 3) The role of this role, only need to associate Li Si with the role, then Li Si automatically obtained the role of "Purchaser 3" to monitor and be monitored.
  • the traditional authority management mechanism defines roles as groups, types of work, classes, etc.
  • the role is a one-to-many relationship with the user. In the actual system use process, the user's authority is often required in the operation process. Adjustments, for example, when the employee permissions are changed, the permissions of an employee associated with the role change. We cannot change the permissions of the entire role because of the change of the individual employee permissions, because the role is also associated with other permissions. Staff. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements.
  • the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
  • the role since the role is an independent individual, the role permission can be changed to achieve the goal.
  • the method of the present application seems to increase the workload when the system is initialized, it can be made by copying or the like to make the role or authorization more efficient than the traditional group/class nature, because the group/class role is not considered.
  • the application scheme will make the permission setting clear and clear; especially after the system is used for a period of time (the user/role authority changes dynamically), the application scheme can greatly improve the system usage for the system user.
  • the efficiency of the rights management makes the dynamic authorization simpler, more convenient, clearer and clearer, and improves the efficiency and reliability of the permission setting.
  • the traditional group/class role authorization method is error-prone, and the method of the present application greatly reduces the probability of authorization error, because the method of the present application only needs to consider the role as an independent individual, without considering the traditional method to associate the role of the group. What are the commonalities of multiple users? Even if the authorization error occurs, it only affects the user associated with the role, while the traditional group-based role affects all users associated with the role. Even if a permission authorization error occurs, the correction method of the present application is simple and short, and the traditional group-type role needs to consider the commonality of all users associated with the role when correcting the error, and not only the modification when there are many function points. Troublesome, complicated, very error-prone, and in many cases only new roles can be created.
  • the method of the present application is as follows: the transferred user associates several roles.
  • the user When adjusting the post, the user is first unlinked from the role in the original department (the canceled roles can be re-associated to other users), and then Associate users with roles in the new department. The operation is simple and will not go wrong.
  • FIG. 1 is a schematic diagram of a manner in which a system directly authorizes a user in the background art
  • FIG. 2 is a schematic diagram of a manner in which a system authorizes a group/class role in the background art
  • FIG. 3 is a schematic diagram of a manner in which a system directly authorizes a user and authorizes a group/class role role in the background art
  • FIG. 4 is a schematic diagram of a manner in which a system authorizes a user through an independent individual role
  • FIG. 5 is a flowchart of Embodiment 1 of the present invention.
  • FIG. 6 is a flowchart of Embodiment 2 of the present invention.
  • FIG. 7 is a flowchart of Embodiment 3 of the present invention.
  • Figure 8 is a flow chart of Embodiment 4 of the present invention.
  • a method for monitoring an approval operation includes the following steps: creating a role in the system, as shown in FIG. 4, the role is an independent individual, not a group/class, at the same time, A role can only be associated with a unique user, and a user is associated with one or more roles; one user corresponds to one employee, one employee corresponds to one user, and the employee determines (acquires) through its corresponding user-associated role (independent individual role) Permissions.
  • the employee and the user are each in a one-to-one relationship and are bound for life. After the user corresponds to the employee, the user belongs to the employee, and the user cannot associate with other employees; if the employee leaves the job, the user cannot correspond to other employees. After the employee re-joins, the employee still uses the original user.
  • the role records the role of performing the approval operation when performing the approval operation; setting one or more roles as the monitoring role, setting one or more roles as the monitored role for each monitoring role; monitoring by the monitoring role
  • the record of the approval operation performed by the monitored role, or the user associated with the monitored role monitors the record of the approval operation performed by the user associated with the monitored role (the monitoring role can count/view all the approval operation records performed by the monitored role to analyze Issues mapped by the relevant operational actions of the monitored role and corresponding processing, etc.).
  • the subject of monitoring and being monitored by the present invention is an independent individual character, and the work content of the user/employee is distinguished by the post number/station number, and each post number/station number corresponds to an independent individual character.
  • the monitoring authority is set separately, and the monitoring and monitoring authority are refined and authorized to meet the actual operation and use requirements of the enterprise.
  • the role of the user associated with Zhang San is: production workshop director 1, research and development department minister 1, the work content is the authorization operation of the production workshop staff, the R&D department form operation.
  • the role "Production Workshop Director 1” is set as the monitored role, and the supervisor role is set to "Deputy General Manager 1", and the employee corresponding to the "Deputy General Manager 1” is the employee of the production workshop.
  • the role authorization operation record is supervised; similarly, the role "R&D Department Minister 1" is set as the monitored role, and the supervisor role is set to "Deputy General Manager 3", and the corresponding employee of the "Deputy General Manager 3” is associated. Zhao Liuneng supervised the form operation record of the “R&D Department Minister 1”.
  • the invention realizes the switching and updating of the monitoring related authority through the association/disassociation of the user and the role when the employee leaves the job and adjusts the post, and can realize the seamless handover of the authority, and ensure that the user monitoring and the monitored authority are updated in time. There will be no lag or omission in the privilege update, which will not affect the normal operation of the enterprise, and also avoid the risk of leakage of confidential information.
  • Example of resignation employee Zhang's corresponding user role "production worker 1".
  • the system administrator or the corresponding administrator directly cancels the role of Zhang San's corresponding user and "production worker 1".
  • the association if it is to adjust the post, it is necessary to associate a new role for the user corresponding to Zhang San), then Zhang San automatically loses the corresponding supervision and supervision authority of "production worker 1", avoiding the delay of supervision and transfer of authority, making Zhang Sanguan Or after leaving the post, he still has the supervision authority, which leads to the disclosure of relevant confidential information to Zhang San; when the new employee Li Si takes over Zhang San’s work, he directly associates the user of Li Si with “production worker 1”, then Li Si automatically obtained “ The role of production worker 1” corresponds to the monitoring and supervision rights. It is no longer necessary to reset the monitoring and monitoring authority for Li Si. The operation is simple and quick, which greatly reduces the workload.
  • Example of transfer The employee Zhang San should be transferred from the production department to the after-sales department.
  • the system administrator (or the corresponding administrator) cancels the association between the user corresponding to Zhang San and the original character “production worker 1”, and then links to the new after-sales department.
  • the role of "after-sales service personnel 3", Zhang San automatically obtained the role of "after-sales service personnel 3" corresponding to the monitoring and monitoring authority.
  • the method for monitoring an approval operation includes the following steps: creating a role in the system, as shown in FIG. 4, the role is an independent individual, not a group/class, at the same time.
  • a role can only be associated with a unique user, and a user is associated with one or more roles; one user corresponds to one employee, one employee corresponds to one user, and the employee determines (acquires) permissions through the role associated with the corresponding user.
  • the role records the role of performing the approval operation when performing the approval operation; setting one or more roles as the monitored role, and setting one or more roles as the supervisory role for each monitored role; Monitor the audit operation records performed by the monitored role, or monitor the approval operation records performed by the users associated with the monitored role by the user associated with the monitoring role (the monitoring role can count/view all the approval operation records performed by the monitored role to Analyze the problems mapped by the relevant operational actions of the monitored role and deal with them accordingly.
  • the role can only select one department. Once the role is selected, the role belongs to the department (the department cannot be changed), the name of the role is unique under the department, and the number of the role is unique in the system.
  • the role's work content authorizes the role.
  • the user needs to adjust the posts across departments, it also includes a user cross-department management process, which includes: (1) canceling the association between the user and the role in the original department; and (2) associating the user with the role in the new department. The user automatically obtains the monitoring or monitored rights of the role in the new department.
  • the department when the monitored role is set, the department can be selected, and the setting mode is convenient and quick, and is applicable to the department head as a monitoring role to monitor the related operation records of all the roles in the entire department.
  • a method for monitoring an authorization operation includes the steps of: creating a role in a system, the role being an independent individual, not a group/class, and a role can only be associated uniquely during the same time period.
  • the role records the role performing the authorization operation when performing an authorization operation; sets one or more roles as the monitoring role, and sets one or each for each monitoring role Multiple roles as their monitored role; the monitoring role monitors the authorized operation records performed by the monitored role, or the user associated with the monitoring role monitors the authorized operation records performed by the user associated with the monitored role (monitoring role statistics/viewing) All authorized operation records performed by the monitored role to analyze the problems mapped by the relevant operational actions of the monitored role and to deal with them accordingly.
  • a method for monitoring a form operation includes the following steps: creating a role in a system, the role is an independent individual, not a group/class, and a role can only be associated uniquely during the same time period.
  • the role records the role performing the form operation when performing a form operation; setting one or more roles as the monitored role, setting for each monitored role One or more roles as their monitoring role; the monitoring role monitors the form operation records performed by the monitored role, or the user associated with the monitoring role monitors the form operation records performed by the user associated with the monitored role (monitoring role statistics/ View all the form operation records executed by the monitored role to analyze the problems mapped by the related operational actions of the monitored role and handle them accordingly.
  • the present invention also enables monitoring of audit operations.
  • the monitored and monitored roles of the present application are independent individual roles, and the following advantages are analyzed for the advantages of authorizing users through independent individual roles: the user determines through the association with the roles. (Acquire) permission, if you want to modify the user's permissions, by adjusting the permissions owned by the role to achieve the purpose of changing the permissions of the user associated with the role. Once a user associates a role, that user has all the operational privileges for that role.
  • the role of the role to the user is one-to-one (when the role is associated with a user, other users can no longer associate the role; if the role is not associated with the user, it can be selected by other users; that is, a role can be And can only be associated by one user).
  • a user's relationship to a role is one-to-many (one user can associate multiple roles at the same time).
  • Role definition The role does not have the nature of group/class/category/post/job/work, but a non-collection nature, the role is unique, the role is an independent independent entity; in the enterprise application is equivalent Job number (The job number here is not a post, one post may have multiple employees at the same time, and one job number can only correspond to one employee at the same time).
  • a company system can create the following roles: general manager, deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
  • general manager deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
  • Zhang San serves as the company's deputy general manager 2, and also serves as a sales manager in Beijing, then Zhang The three roles to be associated are Deputy General Manager 2 and Beijing Sales Manager. Zhang San has the rights to these two roles.
  • roles are group/class/post/position/work type, and one role can correspond to multiple users.
  • the concept of "role" in this application is equivalent to the post number/station number, and is similar to the role in the film and television drama: a character can only be played by one actor at the same time (childhood, juvenile, middle-aged). And an actor may be decorated with multiple angles.
  • the role After the role is created, you can associate the role in the process of creating the user, or you can associate it at any time after the user is created. After the user associates the role, the relationship with the role can be released at any time, and the relationship with other roles can be established at any time.
  • the composition of the character is: post name + post number.
  • workshop production workers 1, workshop production workers 2, workshop production workers 3... roles are independent individuals, equivalent to the concept of job number and station number, different from the role in the traditional authority management system, the concept of role in the traditional system It is the group/class nature of the position/position/work type.
  • the following example shows the relationship between employees, users and roles after the employee Zhang San enters a company: 1. New entry: The employee is newly hired, and directly associates the role of the corresponding job number/station number for the user (employee). Yes, for example: Zhang San joined the company (the company assigned a three-user for Zhang San), the job content is in the sales department, responsible for the sales of refrigerator products in Beijing area (the corresponding role is to sell the sales engineer under the 5 "This role", Zhang San users directly select the "sales engineer 5" role association.
  • Zhang also arranged for Zhang San to be responsible for the sales of regional TV products in Beijing (the corresponding role is to sell the role of “Sales Engineer 8” under the Ministry of Sales) and concurrently as the head of the after-sales department (corresponding to the after-sales department)
  • the three users added the roles of “sales engineer 8” under the sales department and “sales department supervisor 1” under the after-sales department.
  • Zhang San employees associated three roles, respectively.
  • Zhang San users have the authority of these three roles.
  • Zhang San serves as the post-sales manager (corresponding to the role of “after-sales manager” in the after-sales department) and no longer take up other jobs. Then Zhang San user is associated with the role of “after-sales manager” in the after-sales department, and cancels the three roles previously associated (Sales Engineer 5 under Sales, Sales Engineer 8 and “After Sales Manager 1” under the after-sales department) At this time, Zhang San users only have the authority of the role of “after-sales manager” under the after-sales department.
  • This application authorizes the role of the nature of the post number/station number, and the user determines the (acquired) authority by associating the role, and the control of the user authority is realized by a simple user-role relationship. It makes the permission control simple, easy to operate, clear and clear, and greatly improves the authorization efficiency and authorization reliability.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Game Theory and Decision Science (AREA)
  • Educational Administration (AREA)
  • Development Economics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A method for supervising approval operations, authorization operations and form operations, comprising: creating roles in a system, wherein the roles are independent entities, and at any one time, a single role may only be associated with a single user, while a single user may be associated with one or more roles; when a role executes an approval/authorization/form operation, recording the role executing the operation; configuring one or more roles as a supervising role/supervised role, and configuring a supervised role/supervising role for each supervising role/supervised role; and supervising, by means of the supervising role, an approval/authorization/form operation record executed by the supervised role. The supervising and supervised subjects are independent roles that are individual in nature; work content of users/staff is distinguished according to post number/workstation number, respectively corresponding to one independent role which is individual in nature; supervision permissions are configured for each role, wherein supervising and supervised permissions undergo refined authorization, thus meeting actual operation and usage requirements of companies.

Description

监察审批操作、授权操作及表单操作的方法Method of monitoring approval operations, authorization operations, and form operations 技术领域Technical field
本发明涉及一种ERP、CRM等管理系统中监察审批操作、授权操作及表单操作的方法。The invention relates to a method for monitoring approval operation, authorization operation and form operation in a management system such as ERP and CRM.
背景技术Background technique
管理系统中对用户操作记录的监督和追责十分重要,现有管理系统中,在很多情况下需要具有管理权限的管理者对被监督对象的操作记录进行监督,虽然可以监督、监察被管理对象的工作操作记录,然而,传统系统均采用直接针对用户/员工进行监督、监察的方式,一旦赋予了监督权限,监督者就可以监督该用户/员工的所有工作操作记录。但是一个用户/员工经常是身兼多职,而监督者对用户/员工的监督权限往往不能覆盖其所有职位涉及到的工作内容,两者很难兼顾。举例:员工张三在公司担任生产车间主任,同时兼任研发部部长,工作内容是对生产车间员工的授权操作和研发部表单操作。赋予管理者李四对张三的监督权限后,则李四就可以监督张三的所有工作操作记录,包括对生产车间员工的授权操作记录和研发部表单操作记录。然而,在企业实际运营过程中,往往需要将员工的某些工作内容独立出来,如需要保密的内容,或某监督者不具备查看权限的部分内容等,并不能整体把所有的工作操作记录都展示在某一个监督者面前。有的时候不同监督者对同一个用户有着不同工作内容的监督权限,需要按岗位号/工位号对用户的工作内容进行区分和分别的监督权限授权。例如,负责管理生产的副总王五只能对张三的授权操作记录进行监督,负责研发的副总赵六只能对张三的表单操作记录进行监督,传统技术手段无法实现此功能。It is very important to supervise and blame the user operation records in the management system. In the existing management system, in many cases, managers with management authority are required to supervise the operation records of the supervised objects, although the managed objects can be supervised and monitored. The work operation record, however, the traditional system adopts the method of directly supervising and monitoring the user/employee. Once the supervision authority is granted, the supervisor can supervise all the work operation records of the user/employee. However, a user/employee often has multiple roles, and the supervisor's supervisory authority over the user/employee often cannot cover the work content involved in all of his positions, and it is difficult to balance the two. For example: employee Zhang San is the production workshop director in the company and concurrently the director of the research and development department. The work content is the authorized operation of the production workshop staff and the form operation of the R&D department. After giving the manager Li Si the supervision authority of Zhang San, Li Si can supervise all the work records of Zhang San, including the authorization operation record of the production workshop staff and the form operation record of the R&D department. However, in the actual operation of the enterprise, it is often necessary to separate some of the employee's work content, such as content that needs to be kept secret, or part of the content that a supervisor does not have the right to view, etc., and cannot record all the work operations as a whole. Shown in front of a supervisor. Sometimes, different supervisors have different supervisory authority for the same user, and need to distinguish the user's work content and separate supervisory authority according to the post number/station number. For example, Wang Wu, the deputy general manager responsible for managing production, can only supervise Zhang San’s authorized operation records. Zhao Six, the deputy general manager in charge of research and development, can only supervise Zhang San’s form operation records. Traditional techniques cannot achieve this function.
又如,传统方式不能实现监察与被监察在企业经营中的动态管理。比如,传统系统直接针对用户/员工进行监督/监察的方式,一旦赋予了监督权限,监督者A就可以监督被监督的用户/员工的相关工作操作记录;但是,若有一个被监督的员工B离职了,新来的员工C接替员工B的工作,员工C不能自动成为监督者A的被监督对象,需要重新设置C成为监督者A的被监督对象;同理,若监督者A离职了,新进来的员工K接替了A的工作,也需要设置K成为被监督者的监督者;以上这些在企业动态的管理中随时都会产生变动,所以传统企业无法实现此功能的自动的变化,存在监督/被监督设置滞后带来的管理缺失。In another example, the traditional method cannot achieve dynamic management of monitoring and being monitored in business operations. For example, the traditional system directly monitors/monitors the user/employee. Once the supervisory authority is granted, the supervisor A can supervise the relevant work and operation records of the supervised user/employee; however, if there is a supervised employee B After leaving the job, the new employee C takes over the work of employee B. The employee C cannot automatically become the supervised object of supervisor A, and needs to reset C to become the supervised object of supervisor A. Similarly, if supervisor A leaves, The new employee K has taken over the work of A, and also needs to set K as the supervisor of the supervised person; these will change at any time in the dynamic management of the enterprise, so the traditional enterprise can not realize the automatic change of this function, there is supervision / The lack of management brought by the supervision of the lag.
又如,传统方式不能实现只针对某些岗位号/工位号的监督,或某个岗位号/工位号的操作记录被哪些岗位号/工位号监督,即可不管是谁做这个岗位号/工位号的工作,都有对应的监督/被监督的岗位号/工位号。For example, the traditional method can not achieve the supervision of only certain post number/station number, or the operation record of a post number/station number is supervised by which post number/station number, no matter who is doing this position. The work of the number/station number has a corresponding supervisor/supervised job number/station number.
基于角色的访问控制(RBAC)是近年来研究最多、思想最成熟的一种数据库权限管理机制,它被认为是替代传统的强制访问控制(MAC)和自主访问控制(DAC)的理想候选。传统的自主访问控制的灵活性高但是安全性低,强制访问控制安全性高但是限制太强;基于角色的访问控制两者兼具,不仅易于管理而且降低了复杂性、成本和发生错误的概率,因而近年来得到了极大的发展。基于角色的访问控制(RBAC)的基本思想是根据企业组织视图中不同的职能岗位划分不同的角色,将数据库资源的访问权限封装在角色中,用户通过被赋予不同的角色来间接访问数据库资源。Role-based access control (RBAC) is one of the most researched and matured database rights management mechanisms in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and autonomous access control (DAC). Traditional autonomous access control has high flexibility but low security. Forced access control is highly secure but too restrictive. Role-based access control combines both ease of management and reduces the complexity, cost, and probability of errors. Therefore, it has been greatly developed in recent years. The basic idea of role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and indirectly access database resources by being assigned different roles.
在大型应用系统中往往都建有大量的表和视图,这使得对数据库资源的管理和授权变得十分复杂。由用户直接管理数据库资源的存取和权限的收授是十分困难的,它需要用户对数据库结构的了解非常透彻,并且熟悉SQL语言的使用,而且一旦应用系统结构或安全需求有所变动,都要进行大量复杂而繁琐的授权变动,非常容易出现一些意想不到的授权失误而引起的安全漏洞。因此,为大型应用系统设计一种简单、高效的权限管理方法已成为系统和系统用户的普遍需求。A large number of tables and views are often built in large application systems, which makes the management and authorization of database resources very complicated. It is very difficult for the user to directly manage the access and permissions of the database resources. It requires the user to have a very thorough understanding of the database structure and is familiar with the use of the SQL language, and once the application system structure or security requirements have changed, To carry out a large number of complex and cumbersome authorization changes, it is very easy to have some security vulnerabilities caused by unexpected authorization errors. Therefore, designing a simple and efficient rights management method for large-scale application systems has become a common requirement for system and system users.
基于角色的权限控制机制能够对系统的访问权限进行简单、高效的管理,极大地降低了系统权限管理的负担和代价,而且使得系统权限管理更加符合应用系统的业务管理规范。The role-based permission control mechanism can manage the access rights of the system simply and efficiently, which greatly reduces the burden and cost of the system rights management, and makes the system rights management more in line with the business management specifications of the application system.
然而,传统基于角色的用户权限管理均采用“角色对用户一对多”的关联机制,其“角色”为组/类性质,即一个角色可以同时对应/关联多个用户,角色类似于岗位/职位/工种等概念,这种关联机制下对用户权限的授权基本分为以下三种形式:1、如图1所示,直接对用户授权,缺点是工作量大、操作频繁且麻烦;当发生员工变动(如调岗、离职等),该员工涉及到的所有权限必须要作相应调整,特别是对于公司管理人员,其涉及到的权限多,权限调整的工作量大、繁杂,容易出错或遗漏,影响企业的正常运营,甚至造成不可预估的损失。However, the traditional role-based user rights management adopts the "role-to-user one-to-many" association mechanism, and the "role" is group/class nature, that is, one role can simultaneously correspond to/associate multiple users, and the role is similar to the post/ The concept of position/work type, the authorization of user rights under this association mechanism is basically divided into the following three forms: 1. As shown in Figure 1, the user is authorized directly, the disadvantage is that the workload is large, the operation is frequent and troublesome; Employee changes (such as transfer, resignation, etc.), all the rights involved in the employee must be adjusted accordingly, especially for company management personnel, which involve a lot of permissions, the task of authority adjustment is large, complicated, error-prone or Missing, affecting the normal operation of the company, and even causing unpredictable losses.
2、如图2所示,对角色(类/组/岗位/工种性质)进行授权(一个角色可以关联多个用户),用户通过角色获得权限,权限授权主体是组/类性质角色;3、如图3所示,以上两种方式结合。2. As shown in Figure 2, the role (class/group/post/work type) is authorized (a role can be associated with multiple users), the user obtains the permission through the role, and the authority authority is the group/class nature role; As shown in Figure 3, the above two methods are combined.
以上的表述中,2、3均需要对类/组性质的角色进行授权,而通过类/组/岗位/工种性质的角色进行授权的方式有以下缺点:1、用户权限变化时的操作难:在实际的系统使用过程中,经常因为在运营过程中需要对用户的权限进行调整,比如:在处理员工权限变化时,角色关联的某个员工权限发生变化,我们不能因该个别员工权限的变化而改变整个角色的权限,因为该角色还关联了其他权限未变的员工。因此为了应对该种情况,要么创建新角色来满足该权限发生变化的员工,要么对该员工根据权限需求直接授权(脱离角色)。以上两种处理方式,在角色权限较多的情况下对角色授权不仅所需时间长,而且容易犯错,使用方操作起来繁琐又麻烦,也容易出错导致对系统使用方的损失。In the above expressions, both 2 and 3 need to authorize the role of the class/group nature, and the way of authorization through the role of class/group/post/work type has the following disadvantages: 1. The operation when the user rights change is difficult: In the actual system use process, it is often necessary to adjust the user's authority during the operation process. For example, when the employee permission changes, the employee rights associated with the role change, we cannot change the individual employee rights. And change the permissions of the entire role, because the role is also associated with other employees whose permissions have not changed. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements. The above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
员工/用户的表单操作权限发生变化时,要么员工/用户脱离角色,要么新增角色来满足工作要求。第一种方式的缺陷同上述“直接对用户授权”方式的缺陷。第二种方式,新增角色便涉及到角色的新建、关联、授权工作,特别在角色多、角色关联的用户也多的情况下,角色具体关联了哪些用户是很难记住的。When the employee/user's form operation permissions change, either the employee/user is removed from the role or the role is added to meet the job requirements. The defect of the first method is the same as the above-mentioned "direct authorization to the user" method. In the second way, the new role involves the creation, association, and authorization of the role. Especially in the case of a large number of roles and a large number of users associated with the role, it is difficult to remember which users are associated with the role.
2、要长期记住角色包含的具体权限难:若角色的权限功能点比较多,时间一长,很难记住角色的具体权限,更难记住权限相近的角色之间的权限差别,相近角色的权限也很容易混淆;若要关联新的用户,无法准确判断应当如何选择关联。2. It is difficult to remember the specific permissions contained in the role for a long time: if the role has more permission functions, it will be difficult to remember the specific permissions of the roles, and it is more difficult to remember the difference in permissions between the roles with similar permissions. The permissions of a role are also easily confused; if you want to associate a new user, you cannot accurately determine how the association should be selected.
3、因为用户权限变化,则会造成角色创建越来越多(若不创建新角色,则会大幅增加直接对用户的授权),更难分清各角色权限的具体差别。3, because the user permissions change, it will cause more and more role creation (if you do not create a new role, it will greatly increase the authorization of the user directly), it is more difficult to distinguish the specific differences of the roles of each role.
4、调岗时,若要将被调岗用户的很多个权限分配给另外几个用户承担,则处理时必须将被调岗用户的这些权限区分开来,分别再创建角色来关联另外几个用户,这样的操作不仅复杂耗时,而且还很容易发生错误。4. When adjusting the post, if you want to assign a lot of rights of the transferred users to other users, you must separate the rights of the transferred users and create roles to associate with others. Users, such an operation is not only complicated and time consuming, but also prone to errors.
技术问题technical problem
本发明的目的在于克服现有技术的不足,提供一种监察审批操作、授权操作及表单操作的方法。It is an object of the present invention to overcome the deficiencies of the prior art and to provide a method of monitoring approval operations, authorization operations, and form operations.
技术解决方案Technical solution
本发明的目的是通过以下技术方案来实现的:监察审批操作的方法,包括以下步骤:The object of the present invention is achieved by the following technical solutions: a method for monitoring an approval operation, comprising the following steps:
(1)在系统中创建角色,所述角色是独立的个体,而非组/类,同一时段,一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;(1) Create a role in the system, the role is an independent individual, not a group / class, a role can only be associated with a unique user, and a user is associated with one or more roles;
(2)所述角色在执行审批操作时,记录执行该次审批操作的该角色(也可理解为,所述角色/该角色关联的用户在执行审批操作时,记录执行该次审批操作的该角色和/或该角色关联的用户),便于系统为监察角色查找被监察角色的操作;(2) The role records the role of performing the approval operation when performing the approval operation (it may also be understood that the role/user associated with the role records the execution of the approval operation when performing the approval operation) The role and/or the user associated with the role), so that the system can find the operation of the monitored role for the monitoring role;
(3)设置一个或多个角色作为监察角色,为每个监察角色设置一个或多个角色作为其被监察角色;或,设置一个或多个角色作为被监察角色,为每个被监察角色设置一个或多个角色作为其监察角色;(3) Set one or more roles as supervisor roles, set one or more roles for each supervisor role as their monitored roles; or set one or more roles as monitored roles for each monitored role One or more roles as their supervisory role;
(4)由监察角色监察被监察角色所执行的审批操作记录,或由监察角色关联的用户监察被监察角色关联的用户所执行的审批操作记录。(4) The supervisory role monitors the audit operation records performed by the monitored role, or the user associated with the supervisor role monitors the audit operation records performed by the user associated with the monitored role.
步骤(1)~(4)顺序执行,或步骤(1)、步骤(3)、步骤(2)、步骤(4)顺序执行,或步骤(1)、步骤(3)、步骤(4)、步骤(2)顺序执行。Steps (1) to (4) are sequentially performed, or steps (1), (3), (2), and (4) are sequentially performed, or steps (1), (3), and (4) are performed. Step (2) is performed sequentially.
所述的角色能且只能选择一个部门,角色一旦选择部门后则该角色归属于该部门,该角色的名称在该部门下唯一,该角色的编号在系统中唯一,根据角色的工作内容对角色进行授权。The role can only select one department. Once the role is selected, the role belongs to the department. The name of the role is unique under the department. The number of the role is unique in the system, according to the work content of the role. The role is authorized.
察审批操作的方法,还包括一个用户跨部门调岗管理步骤,具体包括:(1)取消用户与原部门内的角色的关联;(2)将用户与新部门内的角色进行关联,用户自动获得新部门内该角色的监察或被监察权限。The method of checking the approval operation further includes a step of managing the management of the user across departments, including: (1) canceling the association between the user and the role in the original department; (2) associating the user with the role in the new department, the user automatically Obtain supervision or supervision of the role in the new department.
设置被监察角色时,选择一个或多个部门,则所选部门下的所有角色都被设置为被监察角色,且所选部门下后续增加的角色也被设置为被监察角色。When setting the monitored role, select one or more departments, all the roles under the selected department are set to be monitored, and the subsequent added roles under the selected department are also set to be monitored.
监察授权操作的方法,包括以下步骤:A method of monitoring authorized operations, including the following steps:
(1)在系统中创建角色,所述角色是独立的个体,而非组/类,同一时段,一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;(1) Create a role in the system, the role is an independent individual, not a group / class, a role can only be associated with a unique user, and a user is associated with one or more roles;
(2)所述角色在执行授权操作时,记录执行该次授权操作的该角色(也可理解为,所述角色/该角色关联的用户在执行授权操作时,记录执行该次授权操作的该角色和/或该角色关联的用户),便于系统为监察角色查找被监察角色的操作;(2) the role records the role of performing the authorization operation when performing the authorization operation (it may also be understood that the role/user associated with the role records the execution of the authorization operation when performing the authorization operation) The role and/or the user associated with the role), so that the system can find the operation of the monitored role for the monitoring role;
(3)设置一个或多个角色作为监察角色,为每个监察角色设置一个或多个角色作为其被监察角色;或,设置一个或多个角色作为被监察角色,为每个被监察角色设置一个或多个角色作为其监察角色;(3) Set one or more roles as supervisor roles, set one or more roles for each supervisor role as their monitored roles; or set one or more roles as monitored roles for each monitored role One or more roles as their supervisory role;
(4)由监察角色监察被监察角色所执行的授权操作记录,或由监察角色关联的用户监察被监察角色关联的用户所执行的授权操作记录。(4) The monitoring role monitors the authorized operation record performed by the monitored role, or the user associated with the monitoring role monitors the authorized operation record performed by the user associated with the monitored role.
步骤(1)~(4)顺序执行,或步骤(1)、步骤(3)、步骤(2)、步骤(4)顺序执行,或步骤(1)、步骤(3)、步骤(4)、步骤(2)顺序执行。Steps (1) to (4) are sequentially performed, or steps (1), (3), (2), and (4) are sequentially performed, or steps (1), (3), and (4) are performed. Step (2) is performed sequentially.
所述的角色能且只能选择一个部门,角色一旦选择部门后则该角色归属于该部门,该角色的名称在该部门下唯一,该角色的编号在系统中唯一,根据角色的工作内容对角色进行授权。The role can only select one department. Once the role is selected, the role belongs to the department. The name of the role is unique under the department. The number of the role is unique in the system, according to the work content of the role. The role is authorized.
监察授权操作的方法,还包括一个用户跨部门调岗管理步骤,具体包括:(1)取消用户与原部门内的角色的关联;(2)将用户与新部门内的角色进行关联,用户自动获得新部门内该角色的监察或被监察权限。The method for monitoring the authorization operation further includes a step of managing the cross-department management of the user, which includes: (1) canceling the association between the user and the role in the original department; (2) associating the user with the role in the new department, the user automatically Obtain supervision or supervision of the role in the new department.
设置被监察角色时,选择一个或多个部门,则所选部门下的所有角色都被设置为被监察角色,且所选部门下后续增加的角色也被设置为被监察角色。When setting the monitored role, select one or more departments, all the roles under the selected department are set to be monitored, and the subsequent added roles under the selected department are also set to be monitored.
监察表单操作的方法,包括以下步骤:A method of monitoring the operation of a form, including the following steps:
(1)在系统中创建角色,所述角色是独立的个体,而非组/类,同一时段,一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;(1) Create a role in the system, the role is an independent individual, not a group / class, a role can only be associated with a unique user, and a user is associated with one or more roles;
(2)所述角色在执行表单操作时,记录执行该次表单操作的该角色(也可理解为,所述角色/该角色关联的用户在执行表单操作时,记录执行该次表单操作的该角色和/或该角色关联的用户),便于系统为监察角色查找被监察角色的操作;(2) the character records the role of performing the form operation when performing the form operation (it may also be understood that the character/the user associated with the role records the execution of the form operation when performing the form operation) The role and/or the user associated with the role), so that the system can find the operation of the monitored role for the monitoring role;
(3)设置一个或多个角色作为监察角色,为每个监察角色设置一个或多个角色作为其被监察角色;或,设置一个或多个角色作为被监察角色,为每个被监察角色设置一个或多个角色作为其监察角色;(3) Set one or more roles as supervisor roles, set one or more roles for each supervisor role as their monitored roles; or set one or more roles as monitored roles for each monitored role One or more roles as their supervisory role;
(4)由监察角色监察被监察角色所执行的表单操作记录,或由监察角色关联的用户监察被监察角色关联的用户所执行的表单操作记录。(4) The monitoring role monitors the form operation record executed by the monitored role, or the user associated with the monitoring role monitors the form operation record executed by the user associated with the monitored role.
步骤(1)~(4)顺序执行,或步骤(1)、步骤(3)、步骤(2)、步骤(4)顺序执行,或步骤(1)、步骤(3)、步骤(4)、步骤(2)顺序执行。Steps (1) to (4) are sequentially performed, or steps (1), (3), (2), and (4) are sequentially performed, or steps (1), (3), and (4) are performed. Step (2) is performed sequentially.
设置被监察角色时,选择一个或多个部门,则所选部门下的所有角色都被设置为被监察角色,且所选部门下后续增加的角色也被设置为被监察角色。When setting the monitored role, select one or more departments, all the roles under the selected department are set to be monitored, and the subsequent added roles under the selected department are also set to be monitored.
有益效果Beneficial effect
本发明的有益效果是:(1)本发明监察和被监察的主体都是独立个体性质的角色,角色具有岗位号/工位号性质,针对每一个需要设置监察权限的角色分别进行监察权限的设置,对监察与被监察权限进行精细化授权,满足企业实际运营使用需求。The beneficial effects of the present invention are as follows: (1) The subject to be monitored and monitored by the present invention is an independent individual character, and the role has the nature of the post number/station number, and each of the roles requiring the monitoring authority is separately monitored. Set up, fine-tune authorization for monitoring and monitored authority to meet the actual operational needs of the enterprise.
举例:员工张三对应的用户关联的角色为:生产车间主任1、研发部部长1,工作内容分别是对生产车间员工的授权操作、研发部表单操作。将角色“生产车间主任1”设置为被监察角色,其监察角色设置为“副总经理1”,则“副总经理1”关联的用户对应的员工王五能对“生产车间主任1”这个角色的授权操作记录进行监督(若:“由监察角色关联的用户监察被监察角色关联的用户所执行的授权操作记录”,则“副总经理1”关联的用户对应的员工王五能对“生产车间主任1”这个角色关联的用户的授权操作记录进行监督);同样的,将角色“研发部部长1”设置为被监察角色,其监察角色设置为“副总经理3”,则“副总经理3”关联的用户对应的员工赵六能对“研发部部长1”的表单操作记录进行监督(若:“由监察角色关联的用户监察被监察角色关联的用户所执行的表单操作记录”,则“副总经理3”关联的用户对应的员工赵六能对“研发部部长1” 关联的用户的表单操作记录进行监督)。For example: the role of the user associated with Zhang San is: production workshop director 1, research and development department minister 1, the work content is the authorization operation of the production workshop staff, the R&D department form operation. The role "Production Workshop Director 1" is set as the monitored role, and the supervisor role is set to "Deputy General Manager 1", and the employee corresponding to the "Deputy General Manager 1" is the employee of the production workshop. The authorized operation record of the role is supervised (if: "The user associated with the supervisory role monitors the authorized operation record performed by the user associated with the monitored role", then the employee corresponding to the "deputy general manager 1" corresponds to the employee Wang Wuneng. The production workshop director 1" supervises the authorized operation records of the user associated with this role; similarly, the role "R&D Department Minister 1" is set as the monitored role, and the supervisor role is set to "Deputy General Manager 3", then "Deputy Zhao Liuneng, the employee corresponding to the general manager 3's associated user, supervises the form operation record of the “R&D Department Minister 1” (if: “The user associated with the supervisory role monitors the form operation record executed by the user associated with the monitored role” The employee corresponding to the user of the "Deputy General Manager 3", Zhao Liuneng, supervises the form operation record of the user associated with the "R&D Department 1".
(2)本发明在员工离职、调岗时,通过用户与角色的关联/取消关联顺带就实现了监察相关权限的切换和更新,能够实现权限的无缝交接,保证用户监察、被监察权限得到及时更新,不会出现权限更新的滞后或遗漏,不会影响企业正常运营,也规避了机密信息泄露的风险。(2) The invention realizes the switching and updating of the monitoring related authority through the association/disassociation of the user and the role when the employee leaves the job and adjusts the post, and can realize the seamless handover of the authority, and ensure that the user is monitored and the authority is monitored. Timely update, there will be no lag or omission of authority update, will not affect the normal operation of the enterprise, and also avoid the risk of leakage of confidential information.
离职举例:员工张三对应的用户关联角色“生产工人1”,张三离职时,系统管理员(或相应管理员)直接取消张三对应的用户与“生产工人1”这一角色的关联,则张三自动失去“生产工人1”相应的监察与被监察权限,避免监察权限交接滞后使得张三离职后仍具备监察权限,导致相关机密信息泄露给张三;新入职员工李四接替张三的工作时,直接让李四对应的用户关联“生产工人1”,则李四自动获得了“生产工人1”这一角色对应的监察与被监察权限,无需再为李四重新设置监察与被监察权限,操作简单快捷,大大减少了工作量。Example of resignation: the user associated role of the employee Zhang San “production worker 1”. When Zhang San leaves the post, the system administrator (or the corresponding administrator) directly cancels the association between the user corresponding to Zhang San and the role of “production worker 1”. Zhang San automatically lost the corresponding supervision and supervision authority of “production worker 1”, avoiding the delay in the transfer of supervision authority, which made Zhang San still have the supervision authority after leaving the company, resulting in the disclosure of relevant confidential information to Zhang San; the newly recruited employee Li Si succeeded Zhang San When working directly, the user corresponding to Li Si is directly associated with “production worker 1”, Li Si automatically obtains the supervision and supervision authority corresponding to the role of “production worker 1”, and no need to reset the monitoring and Monitoring authority, operation is simple and fast, greatly reducing the workload.
调岗举例:员工张三要从生产部调岗到售后部,系统管理员(或相应管理员)取消张三对应的用户与原角色“生产工人1”的关联,再关联到售后部的新角色“售后服务人员3”,张三则自动获得了“售后服务人员3”这一角色对应的监察与被监察权限。Example of transfer: The employee Zhang San should be transferred from the production department to the after-sales department. The system administrator (or the corresponding administrator) cancels the association between the user corresponding to Zhang San and the original character “production worker 1”, and then links to the new after-sales department. The role of "after-sales service personnel 3", Zhang San automatically obtained the role of "after-sales service personnel 3" corresponding to the monitoring and monitoring authority.
传统方式不能实现监察与被监察在企业经营中的动态管理。比如,传统系统直接针对用户/员工进行监督/监察的方式,一旦赋予了监督权限,监督者A就可以监督被监督的用户/员工的相关操作记录;但是,若有一个被监督的员工B离职了,新来的员工C接替员工B的工作,员工C不能自动成为监督者A的被监督对象,需要重新设置C成为监督者A的被监督对象;同理,若监督者A离职了,新进来的员工K接替了A的工作,也需要设置K成为被监督者的监督者;以上这些在企业动态的管理中随时都会产生变动,所以传统企业无法实现此功能的自动的变化;而本申请在员工入职时,因为员工对应的用户是关联角色的,员工/用户通过其关联的角色自动的就获得了监督/被监督权限,则员工/用户的监督与被监督权限,在用户关联的角色设置了“监督与被监督关系”后,在其员工入职接替工作(关联角色)后,自动也获得了监督或被监督权限,无需再次设置,这样避免了监督/被监督权限设置的滞后带来的监督/被监督的缺失。The traditional approach cannot achieve dynamic management of monitoring and being monitored in business operations. For example, the traditional system directly monitors/monitors the user/employee. Once the supervisory authority is granted, the supervisor A can supervise the relevant operation records of the supervised user/employee; however, if a supervised employee B leaves the job The new employee C takes over the work of employee B. The employee C cannot automatically become the supervised object of supervisor A. It needs to reset C to become the supervised object of supervisor A. Similarly, if supervisor A leaves, new The incoming employee K takes over the work of A, and also needs to set K as the supervisor of the supervised person; these will change at any time in the management of the enterprise dynamics, so the traditional enterprise cannot realize the automatic change of this function; When an employee joins a job, because the employee's corresponding user is an associated role, the employee/user automatically obtains the supervisory/supervised authority through its associated role, then the employee/user's supervision and supervised authority, and the role associated with the user. After setting up the “supervised and supervised relationship”, after the employee’s employment replacement work (associated role), he was automatically supervised or Governor authority, without setting again, thus avoiding supervision and lack of supervision / supervised / supervisory authority is set to lag brings.
(3)设置被监察角色时可选择部门,则所选部门下的所有角色都被设置为被监察角色,且所选部门下后续增加的角色也被设置为被监察角色,设置方式方便快捷,适用于部门主管作为监察角色监察整个部门内所有角色的相关操作记录。(3) When the monitored role is set, the selected department is selected, and all the roles under the selected department are set as the monitored role, and the subsequent added roles in the selected department are also set as the monitored role, and the setting method is convenient and quick. Applicable to department heads as a monitoring role to monitor the relevant operational records of all roles within the entire department.
(4)本申请角色对用户是一对一的关系,同一时段一个角色只能关联唯一的用户,一个用户关联一个或多个角色,这样做的好处是,只要将用户关联到角色即可获得权限(即用户获得其关联的角色的权限),而且角色的权限变更比传统机制中的用户权限变更要少得多。独立体性质(岗位号/工位号性质)的角色数量变化小,虽然员工流动大,但岗位号/工位号的变化小(甚至在一定时段内是没有变化的,即角色没有变化),这样将极大简化用户的权限管理,减少系统的开销。(4) The role of the application is a one-to-one relationship to the user. One role can only be associated with a unique user at the same time, and one user is associated with one or more roles. The advantage of this is that as long as the user is associated with the role, Permissions (that is, users gain access to their associated roles), and the role's permission changes are much less than the user permissions in the traditional mechanism. The number of roles of the nature of the independent body (the nature of the post number/station number) is small. Although the employee turnover is large, the change of the post number/station number is small (even if there is no change in a certain period of time, that is, the role does not change), This will greatly simplify the user's rights management and reduce the overhead of the system.
(5)动态管理、入职调岗等的操作简单方便,效率高,可靠性高:入职/离职/调岗在权限管理中的应用简单,当员工/用户发生变化时不用重新设置权限,用户只需取消或关联角色即可:不再任职该角色的用户就取消该角色关联,接手任职该角色的用户关联该岗位号性质的角色,关联该角色的用户自动就获得了该角色的监察、被监察权限,无需对角色进行重新授权,极大地提高了系统设置的效率、安全性和可靠性。(5) The operation of dynamic management, on-the-job adjustment, etc. is simple and convenient, high efficiency, high reliability: the application of the entry/departure/adjustment in the authority management is simple, and the user/user does not need to reset the permission when the user/user changes, the user only The role needs to be canceled or associated: the user who is no longer in the role cancels the role association, and the user who takes over the role is associated with the role of the role number. The user associated with the role automatically obtains the monitoring of the role. Monitoring permissions eliminates the need to re-authorize roles, greatly improving the efficiency, security, and reliability of system setup.
举例:因张三用户离职或调岗等原因,张三不再做“采购员3”这个角色的工作,则将张三取消与“采购员3”的关联;另外李四接手做“采购员3”这个角色的工作,只需将李四关联该角色,则李四自动获得了“采购员3”这个角色的监察、被监察权限。For example: due to Zhang San’s resignation or transfer, Zhang San will no longer work as a “buyer 3”, and Zhang will cancel the association with “Purchaser 3”; Li Si will take over as “Purchaser”. 3) The role of this role, only need to associate Li Si with the role, then Li Si automatically obtained the role of "Purchaser 3" to monitor and be monitored.
(6)传统的权限管理机制将角色定义为组、工种、类等性质,角色对用户是一对多的关系,在实际的系统使用过程中,因为在运营过程中经常需要对用户的权限进行调整,比如:在处理员工权限变化的时候,角色关联的某个员工的权限发生变化,我们不能因该个别员工权限的变化而改变整个角色的权限,因为该角色还关联了其他权限未变的员工。因此为了应对该种情况,要么创建新角色来满足该权限发生变化的员工,要么对该员工根据权限需求直接授权(脱离角色)。以上两种处理方式,在角色权限较多的情况下对角色授权不仅所需时间长,而且容易犯错,使用方操作起来繁琐又麻烦,也容易出错导致对系统使用方的损失。(6) The traditional authority management mechanism defines roles as groups, types of work, classes, etc. The role is a one-to-many relationship with the user. In the actual system use process, the user's authority is often required in the operation process. Adjustments, for example, when the employee permissions are changed, the permissions of an employee associated with the role change. We cannot change the permissions of the entire role because of the change of the individual employee permissions, because the role is also associated with other permissions. Staff. So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements. The above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
但在本申请的方法下,因为角色是一个独立的个体,则可以选择改变角色权限即可达到目的。本申请的方法,虽然看起来在系统初始化时会增加工作量,但可以通过复制等方法,使其创建角色或授权的效率高于传统组/类性质的角色,因为不用考虑组/类性质角色在满足关联用户时的共通性,本申请方案会让权限设置清晰,明了;尤其是在系统使用一段时间后(用户/角色权限动态变化),该申请方案能为系统使用方大幅度提高系统使用中的权限管理效率,使动态授权更简单,更方便,更清晰、明了,提高权限设置的效率和可靠性。However, under the method of the present application, since the role is an independent individual, the role permission can be changed to achieve the goal. Although the method of the present application seems to increase the workload when the system is initialized, it can be made by copying or the like to make the role or authorization more efficient than the traditional group/class nature, because the group/class role is not considered. In the commonality of the related users, the application scheme will make the permission setting clear and clear; especially after the system is used for a period of time (the user/role authority changes dynamically), the application scheme can greatly improve the system usage for the system user. The efficiency of the rights management makes the dynamic authorization simpler, more convenient, clearer and clearer, and improves the efficiency and reliability of the permission setting.
(7)传统组/类性质的角色授权方法容易出错,本申请方法大幅降低了授权出错的几率,因为本申请方法只需考虑作为独立个体的角色,而不用考虑传统方法下关联该组性质角色的多个用户有哪些共通性。即使授权出错也只影响关联到该角色的那一个用户,而传统以组性质的角色则会影响关联到该角色的所有用户。即使出现权限授权错误,本申请的修正方法简单、时间短,而传统以组性质的角色在修正错误时需要考虑关联到该角色的所有用户的权限共通性,在功能点多的情况下不仅修改麻烦、复杂,非常容易出错,且很多情况下只能新创建角色才能解决。(7) The traditional group/class role authorization method is error-prone, and the method of the present application greatly reduces the probability of authorization error, because the method of the present application only needs to consider the role as an independent individual, without considering the traditional method to associate the role of the group. What are the commonalities of multiple users? Even if the authorization error occurs, it only affects the user associated with the role, while the traditional group-based role affects all users associated with the role. Even if a permission authorization error occurs, the correction method of the present application is simple and short, and the traditional group-type role needs to consider the commonality of all users associated with the role when correcting the error, and not only the modification when there are many function points. Troublesome, complicated, very error-prone, and in many cases only new roles can be created.
(8)在传统以组为性质的角色授权方法下,若角色的权限功能点比较多,时间一长,很难记住角色的具体权限,更难记住权限相近的角色之间的权限差别,若要关联新的用户,无法准确判断应当如何选择关联。本申请方法的角色本身就具有岗位号/工位号的性质,选择一目了然。(8) Under the traditional group-based role authorization method, if the role has more privilege function points, it takes a long time to remember the specific privilege of the role, and it is more difficult to remember the privilege difference between the roles with similar privilege. If you want to associate a new user, you cannot accurately determine how to select the association. The role of the method of the present application itself has the nature of the job number/station number, and the choice is clear at a glance.
(9)调岗时,若要将被调岗用户的很多个权限分配给另外几个用户承担,则处理时必须将被调岗用户的这些权限区分开来,分别再创建角色来关联另外几个用户,这样的操作不仅复杂耗时,而且还很容易发生错误。(9) When adjusting the post, if you want to assign a lot of rights of the transferred users to other users, you must separate the rights of the transferred users and create roles to associate with others. Users, such an operation is not only complicated and time consuming, but also prone to errors.
本申请方法则为:被调岗用户关联了几个角色,在调岗时,首先取消用户与原部门内的角色的关联(被取消的这几个角色可以被重新关联给其他用户),然后将用户与新部门内的角色进行关联即可。操作简单,不会出错。The method of the present application is as follows: the transferred user associates several roles. When adjusting the post, the user is first unlinked from the role in the original department (the canceled roles can be re-associated to other users), and then Associate users with roles in the new department. The operation is simple and will not go wrong.
附图说明DRAWINGS
图1为背景技术中系统直接对用户进行授权的方式示意图;1 is a schematic diagram of a manner in which a system directly authorizes a user in the background art;
图2为背景技术中系统对组/类性质角色进行授权的方式示意图;2 is a schematic diagram of a manner in which a system authorizes a group/class role in the background art;
图3为背景技术中系统对用户直接授权和对组/类性质角色授权相结合的方式示意图;3 is a schematic diagram of a manner in which a system directly authorizes a user and authorizes a group/class role role in the background art;
图4为本发明系统通过独立个体性质角色对用户进行授权的方式示意图;4 is a schematic diagram of a manner in which a system authorizes a user through an independent individual role;
图5为本发明实施例1流程图;Figure 5 is a flowchart of Embodiment 1 of the present invention;
图6为本发明实施例2流程图;Figure 6 is a flowchart of Embodiment 2 of the present invention;
图7为本发明实施例3流程图;Figure 7 is a flowchart of Embodiment 3 of the present invention;
图8为本发明实施例4流程图。Figure 8 is a flow chart of Embodiment 4 of the present invention.
本发明的实施方式Embodiments of the invention
下面结合附图进一步详细描述本发明的技术方案,但本发明的保护范围不局限于以下所述。The technical solution of the present invention will be described in further detail below with reference to the accompanying drawings, but the scope of protection of the present invention is not limited to the following.
【实施例1】如图5所示,监察审批操作的方法,包括以下步骤:在系统中创建角色,如图4所示,所述角色是独立的个体,而非组/类,同一时段,一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;一个用户对应一个员工,一个员工对应一个用户,员工通过其对应的用户关联的角色(独立个体性质角色)确定(获得)权限。员工和用户相互均为1对1关系且终生绑定,用户对应员工后,则该用户归属于该员工,用户不能再关联其他的员工;若该员工离职,该用户也不能对应其他的员工,员工再次入职后,该员工还是使用原来的用户。[Embodiment 1] As shown in FIG. 5, a method for monitoring an approval operation includes the following steps: creating a role in the system, as shown in FIG. 4, the role is an independent individual, not a group/class, at the same time, A role can only be associated with a unique user, and a user is associated with one or more roles; one user corresponds to one employee, one employee corresponds to one user, and the employee determines (acquires) through its corresponding user-associated role (independent individual role) Permissions. The employee and the user are each in a one-to-one relationship and are bound for life. After the user corresponds to the employee, the user belongs to the employee, and the user cannot associate with other employees; if the employee leaves the job, the user cannot correspond to other employees. After the employee re-joins, the employee still uses the original user.
所述角色在执行审批操作时,记录执行该次审批操作的该角色;设置一个或多个角色作为监察角色,为每个监察角色设置一个或多个角色作为其被监察角色;由监察角色监察被监察角色所执行的审批操作记录,或由监察角色关联的用户监察被监察角色关联的用户所执行的审批操作记录(监察角色能统计/查看被监察角色所执行的所有审批操作记录,以分析被监察角色的相关操作行为所映射的问题及进行相应处理等)。The role records the role of performing the approval operation when performing the approval operation; setting one or more roles as the monitoring role, setting one or more roles as the monitored role for each monitoring role; monitoring by the monitoring role The record of the approval operation performed by the monitored role, or the user associated with the monitored role monitors the record of the approval operation performed by the user associated with the monitored role (the monitoring role can count/view all the approval operation records performed by the monitored role to analyze Issues mapped by the relevant operational actions of the monitored role and corresponding processing, etc.).
本发明监察和被监察的主体都是独立个体性质的角色,将用户/员工的工作内容按岗位号/工位号进行区分,每个岗位号/工位号分别对应一个独立个体性质的角色,针对每一个需要设置监察权限的角色分别进行监察权限的设置,对监察与被监察权限进行精细化授权,满足企业实际运营使用需求。The subject of monitoring and being monitored by the present invention is an independent individual character, and the work content of the user/employee is distinguished by the post number/station number, and each post number/station number corresponds to an independent individual character. For each role that needs to set the monitoring authority, the monitoring authority is set separately, and the monitoring and monitoring authority are refined and authorized to meet the actual operation and use requirements of the enterprise.
举例:员工张三对应的用户关联的角色为:生产车间主任1、研发部部长1,工作内容分别是对生产车间员工的授权操作、研发部表单操作。将角色“生产车间主任1”设置为被监察角色,其监察角色设置为“副总经理1”,则“副总经理1”关联的用户对应的员工王五能对“生产车间主任1”这个角色的授权操作记录进行监督;同样的,将角色“研发部部长1”设置为被监察角色,其监察角色设置为“副总经理3”,则“副总经理3”关联的用户对应的员工赵六能对“研发部部长1”的表单操作记录进行监督。For example: the role of the user associated with Zhang San is: production workshop director 1, research and development department minister 1, the work content is the authorization operation of the production workshop staff, the R&D department form operation. The role "Production Workshop Director 1" is set as the monitored role, and the supervisor role is set to "Deputy General Manager 1", and the employee corresponding to the "Deputy General Manager 1" is the employee of the production workshop. The role authorization operation record is supervised; similarly, the role "R&D Department Minister 1" is set as the monitored role, and the supervisor role is set to "Deputy General Manager 3", and the corresponding employee of the "Deputy General Manager 3" is associated. Zhao Liuneng supervised the form operation record of the “R&D Department Minister 1”.
本发明在员工离职、调岗时,通过用户与角色的关联/取消关联顺带就实现了监察相关权限的切换和更新,能够实现权限的无缝交接,保证用户监察、被监察权限得到及时更新,不会出现权限更新的滞后或遗漏,不会影响企业正常运营,也规避了机密信息泄露的风险。The invention realizes the switching and updating of the monitoring related authority through the association/disassociation of the user and the role when the employee leaves the job and adjusts the post, and can realize the seamless handover of the authority, and ensure that the user monitoring and the monitored authority are updated in time. There will be no lag or omission in the privilege update, which will not affect the normal operation of the enterprise, and also avoid the risk of leakage of confidential information.
离职举例:员工张三对应的用户关联角色“生产工人1”,张三调岗或离职时,系统管理员(或相应管理员)直接取消张三对应的用户与“生产工人1”这一角色的关联(若是调岗,还需为张三对应的用户关联一个新的角色),则张三自动失去“生产工人1”相应的监察与被监察权限,避免监察权限交接滞后使得张三调岗或离职后仍具备监察权限,导致相关机密信息泄露给张三;新入职员工李四接替张三的工作时,直接让李四对应的用户关联“生产工人1”,则李四自动获得了“生产工人1”这一角色对应的监察与被监察权限,无需再为李四重新设置监察与被监察权限,操作简单快捷,大大减少了工作量。Example of resignation: employee Zhang's corresponding user role "production worker 1". When Zhang San is transferred or resigned, the system administrator (or the corresponding administrator) directly cancels the role of Zhang San's corresponding user and "production worker 1". The association (if it is to adjust the post, it is necessary to associate a new role for the user corresponding to Zhang San), then Zhang San automatically loses the corresponding supervision and supervision authority of "production worker 1", avoiding the delay of supervision and transfer of authority, making Zhang Sanguan Or after leaving the post, he still has the supervision authority, which leads to the disclosure of relevant confidential information to Zhang San; when the new employee Li Si takes over Zhang San’s work, he directly associates the user of Li Si with “production worker 1”, then Li Si automatically obtained “ The role of production worker 1” corresponds to the monitoring and supervision rights. It is no longer necessary to reset the monitoring and monitoring authority for Li Si. The operation is simple and quick, which greatly reduces the workload.
调岗举例:员工张三要从生产部调岗到售后部,系统管理员(或相应管理员)取消张三对应的用户与原角色“生产工人1”的关联,再关联到售后部的新角色“售后服务人员3”,张三则自动获得了“售后服务人员3”这一角色对应的监察与被监察权限。Example of transfer: The employee Zhang San should be transferred from the production department to the after-sales department. The system administrator (or the corresponding administrator) cancels the association between the user corresponding to Zhang San and the original character “production worker 1”, and then links to the new after-sales department. The role of "after-sales service personnel 3", Zhang San automatically obtained the role of "after-sales service personnel 3" corresponding to the monitoring and monitoring authority.
【实施例2】如图6所示,监察审批操作的方法,包括以下步骤:在系统中创建角色,如图4所示,所述角色是独立的个体,而非组/类,同一时段,一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;一个用户对应一个员工,一个员工对应一个用户,员工通过其对应的用户关联的角色确定(获得)权限。[Embodiment 2] As shown in FIG. 6, the method for monitoring an approval operation includes the following steps: creating a role in the system, as shown in FIG. 4, the role is an independent individual, not a group/class, at the same time. A role can only be associated with a unique user, and a user is associated with one or more roles; one user corresponds to one employee, one employee corresponds to one user, and the employee determines (acquires) permissions through the role associated with the corresponding user.
所述角色在执行审批操作时,记录执行该次审批操作的该角色;设置一个或多个角色作为被监察角色,为每个被监察角色设置一个或多个角色作为其监察角色;由监察角色监察被监察角色所执行的审批操作记录,或由监察角色关联的用户监察被监察角色关联的用户所执行的审批操作记录(监察角色能统计/查看被监察角色所执行的所有审批操作记录,以分析被监察角色的相关操作行为所映射的问题及进行相应处理等)。The role records the role of performing the approval operation when performing the approval operation; setting one or more roles as the monitored role, and setting one or more roles as the supervisory role for each monitored role; Monitor the audit operation records performed by the monitored role, or monitor the approval operation records performed by the users associated with the monitored role by the user associated with the monitoring role (the monitoring role can count/view all the approval operation records performed by the monitored role to Analyze the problems mapped by the relevant operational actions of the monitored role and deal with them accordingly.
所述的角色能且只能选择一个部门,角色一旦选择部门后则该角色归属于该部门(不能更换部门),该角色的名称在该部门下唯一,该角色的编号在系统中唯一,根据角色的工作内容对角色进行授权。The role can only select one department. Once the role is selected, the role belongs to the department (the department cannot be changed), the name of the role is unique under the department, and the number of the role is unique in the system. The role's work content authorizes the role.
如果用户需要跨部门调岗,还包括一个用户跨部门调岗管理步骤,具体包括:(1)取消用户与原部门内的角色的关联;(2)将用户与新部门内的角色进行关联,用户自动获得新部门内该角色的监察或被监察权限。If the user needs to adjust the posts across departments, it also includes a user cross-department management process, which includes: (1) canceling the association between the user and the role in the original department; and (2) associating the user with the role in the new department. The user automatically obtains the monitoring or monitored rights of the role in the new department.
设置被监察角色时,选择一个或多个部门,则所选部门下的所有角色都被设置为被监察角色,且所选部门下后续增加的角色也被设置为被监察角色。When setting the monitored role, select one or more departments, all the roles under the selected department are set to be monitored, and the subsequent added roles under the selected department are also set to be monitored.
本实施例中,设置被监察角色时可选择部门,设置方式方便快捷,适用于部门主管作为监察角色监察整个部门内所有角色的相关操作记录。In this embodiment, when the monitored role is set, the department can be selected, and the setting mode is convenient and quick, and is applicable to the department head as a monitoring role to monitor the related operation records of all the roles in the entire department.
【实施例3】如图7所示,监察授权操作的方法,包括以下步骤:在系统中创建角色,所述角色是独立的个体,而非组/类,同一时段,一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;所述角色在执行授权操作时,记录执行该次授权操作的该角色;设置一个或多个角色作为监察角色,为每个监察角色设置一个或多个角色作为其被监察角色;由监察角色监察被监察角色所执行的授权操作记录,或由监察角色关联的用户监察被监察角色关联的用户所执行的授权操作记录(监察角色能统计/查看被监察角色所执行的所有授权操作记录,以分析被监察角色的相关操作行为所映射的问题及进行相应处理等)。[Embodiment 3] As shown in FIG. 7, a method for monitoring an authorization operation includes the steps of: creating a role in a system, the role being an independent individual, not a group/class, and a role can only be associated uniquely during the same time period. User, and a user associates one or more roles; the role records the role performing the authorization operation when performing an authorization operation; sets one or more roles as the monitoring role, and sets one or each for each monitoring role Multiple roles as their monitored role; the monitoring role monitors the authorized operation records performed by the monitored role, or the user associated with the monitoring role monitors the authorized operation records performed by the user associated with the monitored role (monitoring role statistics/viewing) All authorized operation records performed by the monitored role to analyze the problems mapped by the relevant operational actions of the monitored role and to deal with them accordingly.
【实施例4】如图8所示,监察表单操作的方法,包括以下步骤:在系统中创建角色,所述角色是独立的个体,而非组/类,同一时段,一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;所述角色在执行表单操作时,记录执行该次表单操作的该角色;设置一个或多个角色作为被监察角色,为每个被监察角色设置一个或多个角色作为其监察角色;由监察角色监察被监察角色所执行的表单操作记录,或由监察角色关联的用户监察被监察角色关联的用户所执行的表单操作记录(监察角色能统计/查看被监察角色所执行的所有表单操作记录,以分析被监察角色的相关操作行为所映射的问题及进行相应处理等)。[Embodiment 4] As shown in FIG. 8, a method for monitoring a form operation includes the following steps: creating a role in a system, the role is an independent individual, not a group/class, and a role can only be associated uniquely during the same time period. a user, and a user associates one or more roles; the role records the role performing the form operation when performing a form operation; setting one or more roles as the monitored role, setting for each monitored role One or more roles as their monitoring role; the monitoring role monitors the form operation records performed by the monitored role, or the user associated with the monitoring role monitors the form operation records performed by the user associated with the monitored role (monitoring role statistics/ View all the form operation records executed by the monitored role to analyze the problems mapped by the related operational actions of the monitored role and handle them accordingly.
基于类似的方法,本发明也能实现对审核操作的监察。Based on a similar approach, the present invention also enables monitoring of audit operations.
上述实施例中,如图4所示,本申请监察与被监察角色为独立个体性质角色,以下对通过独立个体性质角色对用户进行授权所具备的优势进行分析:用户通过其与角色的关联确定(获得)权限,如果要修改用户的权限,通过调整角色所拥有的权限以达到改变关联了该角色的用户的权限的目的。一旦用户关联角色后,该用户就拥有了该角色的所有操作权限。In the above embodiment, as shown in FIG. 4, the monitored and monitored roles of the present application are independent individual roles, and the following advantages are analyzed for the advantages of authorizing users through independent individual roles: the user determines through the association with the roles. (Acquire) permission, if you want to modify the user's permissions, by adjusting the permissions owned by the role to achieve the purpose of changing the permissions of the user associated with the role. Once a user associates a role, that user has all the operational privileges for that role.
角色对用户的关系为一对一(该角色与一个用户关联时,其他用户则不能再关联该角色;若该角色未被用户关联,则可以被其他用户选择关联;即同一时段,一个角色能且只能被一个用户关联)。用户对角色的关系为一对多(一个用户可以同时关联多个角色)。The role of the role to the user is one-to-one (when the role is associated with a user, other users can no longer associate the role; if the role is not associated with the user, it can be selected by other users; that is, a role can be And can only be associated by one user). A user's relationship to a role is one-to-many (one user can associate multiple roles at the same time).
角色的定义:角色不具有组/类/类别/岗位/职位/工种等性质,而是一个非集合的性质,角色具有唯一性,角色是独立存在的独立个体;在企事业单位应用中相当于岗位号(此处的岗位号非岗位,一个岗位同时可能有多个员工,而同一时段一个岗位号只能对应一个员工)。Role definition: The role does not have the nature of group/class/category/post/job/work, but a non-collection nature, the role is unique, the role is an independent independent entity; in the enterprise application is equivalent Job number (The job number here is not a post, one post may have multiple employees at the same time, and one job number can only correspond to one employee at the same time).
举例:某个公司系统中可创建如下角色:总经理、副总经理1、副总经理2、北京销售一部经理、北京销售二部经理、北京销售三部经理、上海销售工程师1、上海销售工程师2、上海销售工程师3、上海销售工程师4、上海销售工程师5……用户与角色的关联关系:若该公司员工张三任职该公司副总经理2,同时任职北京销售一部经理,则张三需要关联的角色为副总经理2和北京销售一部经理,张三拥有了这两个角色的权限。For example: a company system can create the following roles: general manager, deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5... User-role relationship: If the company employee Zhang San serves as the company's deputy general manager 2, and also serves as a sales manager in Beijing, then Zhang The three roles to be associated are Deputy General Manager 2 and Beijing Sales Manager. Zhang San has the rights to these two roles.
传统角色的概念是组/类/岗位/职位/工种性质,一个角色能够对应多个用户。而本申请“角色”的概念相当于岗位号/工位号,也类同于影视剧中的角色:一个角色在同一时段(童年、少年、中年……)只能由一个演员来饰演,而一个演员可能会分饰多角。The concept of traditional roles is group/class/post/position/work type, and one role can correspond to multiple users. The concept of "role" in this application is equivalent to the post number/station number, and is similar to the role in the film and television drama: a character can only be played by one actor at the same time (childhood, juvenile, middle-aged...). And an actor may be decorated with multiple angles.
在创建角色之后,可以在创建用户的过程中关联角色,也可以在用户创建完成后随时进行关联。用户关联角色后可以随时解除与角色的关联关系,也可以随时建立与其他角色的关联关系。After the role is created, you can associate the role in the process of creating the user, or you can associate it at any time after the user is created. After the user associates the role, the relationship with the role can be released at any time, and the relationship with other roles can be established at any time.
所述角色的构成为:岗位名+岗内编号。例如:车间生产工人1、车间生产工人2、车间生产工人3……角色是独立个体,相当于岗位号、工位号的概念,不同于传统权限管理体系中的角色,传统体系中角色的概念是岗位/职位/工种等的组/类性质。The composition of the character is: post name + post number. For example: workshop production workers 1, workshop production workers 2, workshop production workers 3... roles are independent individuals, equivalent to the concept of job number and station number, different from the role in the traditional authority management system, the concept of role in the traditional system It is the group/class nature of the position/position/work type.
以下举例员工张三进入某公司后,员工、用户与角色之间的关系为:1、新入职:员工新入职,直接为该用户(员工)选择相应的岗位号/工位号的角色进行关联即可,例:张三入职公司(公司为张三分配了一个张三用户),工作内容是在销售一部,负责北京区域冰箱产品的销售(对应的角色是销售一部下的“销售工程师5”这个角色),则张三用户直接选择“销售工程师5”这个角色关联即可。The following example shows the relationship between employees, users and roles after the employee Zhang San enters a company: 1. New entry: The employee is newly hired, and directly associates the role of the corresponding job number/station number for the user (employee). Yes, for example: Zhang San joined the company (the company assigned a three-user for Zhang San), the job content is in the sales department, responsible for the sales of refrigerator products in Beijing area (the corresponding role is to sell the sales engineer under the 5 "This role", Zhang San users directly select the "sales engineer 5" role association.
2、增加职位:张三工作一段时间后,公司还安排张三负责北京区域电视产品的销售(对应的角色是销售一部下的“销售工程师8”这个角色)并兼任售后部主管(对应售后部主管1这个角色),则张三用户再增加关联销售一部下的“销售工程师8”和售后部下的“售后部主管1”这两个角色,此时,张三员工关联了三个角色,分别为销售一部下的“销售工程师5”、“销售工程师8”和售后部下的“售后部主管1”,张三用户则拥有了这三个角色的权限。2. Adding positions: After working for a period of time, Zhang also arranged for Zhang San to be responsible for the sales of regional TV products in Beijing (the corresponding role is to sell the role of “Sales Engineer 8” under the Ministry of Sales) and concurrently as the head of the after-sales department (corresponding to the after-sales department) In the role of supervisor 1, the three users added the roles of “sales engineer 8” under the sales department and “sales department supervisor 1” under the after-sales department. At this time, Zhang San employees associated three roles, respectively. In order to sell a "sales engineer 5", "sales engineer 8" and "after-sales department supervisor 1" under the after-sales department, Zhang San users have the authority of these three roles.
3、减少职位:又过了一段时间,公司决定让张三任职售后部经理(对应售后部下“售后部经理”这个角色),且不再兼任其他工作。则张三用户关联售后部下“售后部经理”这个角色,同时取消此前关联的三个角色(销售一部下的“销售工程师5”、“销售工程师8”和售后部下的“售后部主管1”),此时,张三用户只拥有售后部下“售后部经理”这个角色的权限。3. Reducing the position: After a while, the company decided to let Zhang San serve as the post-sales manager (corresponding to the role of “after-sales manager” in the after-sales department) and no longer take up other jobs. Then Zhang San user is associated with the role of “after-sales manager” in the after-sales department, and cancels the three roles previously associated (Sales Engineer 5 under Sales, Sales Engineer 8 and “After Sales Manager 1” under the after-sales department) At this time, Zhang San users only have the authority of the role of “after-sales manager” under the after-sales department.
4、角色权限的调整(针对角色本身所拥有的权限的调整):如公司决定增加售后部经理的权限,则只需增加对售后部经理这个角色的授权即可,则张三用户因为售后部经理这个角色的权限增加了,张三用户的权限也增加了。4, the adjustment of the role permissions (for the adjustment of the permissions of the role itself): If the company decides to increase the authority of the after-sales manager, then only need to increase the authorization of the role of the after-sales manager, then Zhang San users because of the after-sales department The authority of the manager has increased, and the permissions of Zhang San users have also increased.
5、离职:一年后,张三离职了,则取消张三用户与售后部下“售后部经理”这个角色的关联即可。5. Resignation: After one year, Zhang San resigned, and the relationship between Zhang San users and the post-sales department manager of the after-sales department can be cancelled.
举例:公司在动态的经营中,职员的入职、离职是经常持续发生的,但岗位号/工位号的变化非常少(甚至在一定时期内是没有变化的)。For example: in the dynamic operation of the company, the entry and exit of the staff are often continued, but the change of the post number/station number is very small (even within a certain period of time).
传统授权方法:在系统功能点多的情况下,以传统的组/类性质的角色进行授权,不仅授权工作量大,繁杂,而且很容易出错,甚至出错了在短时间内都不容易发现,容易对系统使用方造成损失。Traditional authorization method: In the case of a large number of system functions, authorization in the traditional group/class role, not only the authorization workload is large, complicated, but also easy to make mistakes, even if it is wrong, it is not easy to find in a short time. It is easy to cause damage to the system user.
本申请授权方法:本申请是对岗位号/工位号性质的角色进行授权,用户关联角色而确定(获得)权限,则对用户权限的控制,通过简单的用户-角色的关联关系来实现,让权限控制变得简单、易操作,清晰明了,大幅度提高了授权效率和授权可靠性。Authorization method of the present application: This application authorizes the role of the nature of the post number/station number, and the user determines the (acquired) authority by associating the role, and the control of the user authority is realized by a simple user-role relationship. It makes the permission control simple, easy to operate, clear and clear, and greatly improves the authorization efficiency and authorization reliability.
以上所述仅是本发明的优选实施方式,应当理解本发明并非局限于本文所披露的形式,不应看作是对其他实施例的排除,而可用于各种其他组合、修改和环境,并能够在本文所述构想范围内,通过上述教导或相关领域的技术或知识进行改动。而本领域人员所进行的改动和变化不脱离本发明的精神和范围,则都应在本发明所附权利要求的保护范围内。The above is only a preferred embodiment of the present invention, and it should be understood that the present invention is not limited to the forms disclosed herein, and is not to be construed as being limited to the other embodiments, but may be used in various other combinations, modifications and environments. Modifications can be made by the techniques or knowledge of the above teachings or related art within the scope of the teachings herein. All changes and modifications made by those skilled in the art are intended to be within the scope of the appended claims.

Claims (10)

  1. 监察审批操作的方法,其特征在于,包括以下步骤:A method of monitoring an approval operation, which is characterized by the following steps:
    在系统中创建角色,所述角色是独立的个体,而非组/类,同一时段,一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;Create roles in the system, the roles are independent individuals, not groups/classes. At the same time, one role can only be associated with a unique user, and one user is associated with one or more roles;
    所述角色在执行审批操作时,记录执行该次审批操作的该角色;The role records the role performing the approval operation when performing an approval operation;
    设置一个或多个角色作为监察角色,为每个监察角色设置一个或多个角色作为其被监察角色;或,设置一个或多个角色作为被监察角色,为每个被监察角色设置一个或多个角色作为其监察角色;Set one or more roles as the monitoring role, set one or more roles for each monitored role as their monitored role; or set one or more roles as the monitored role, setting one or more for each monitored role Roles as their supervisory role;
    由监察角色监察被监察角色所执行的审批操作记录,或由监察角色关联的用户监察被监察角色关联的用户所执行的审批操作记录。The monitoring role monitors the audit operation records performed by the monitored role, or the user associated with the monitoring role monitors the approval operation records performed by the user associated with the monitored role.
  2. 根据权利要求1所述的监察审批操作的方法,其特征在于:所述的角色能且只能选择一个部门,角色一旦选择部门后则该角色归属于该部门,该角色的名称在该部门下唯一,该角色的编号在系统中唯一,根据角色的工作内容对角色进行授权。The method of monitoring an approval operation according to claim 1, wherein the role can and can only select one department, and once the role is selected, the role belongs to the department, and the name of the role is under the department. Uniquely, the role's number is unique in the system and the role is authorized based on the role's work content.
  3. 根据权利要求2所述的监察审批操作的方法,其特征在于:还包括一个用户跨部门调岗管理步骤,具体包括:(1)取消用户与原部门内的角色的关联;The method for monitoring an approval operation according to claim 2, further comprising: a step of managing the user's inter-departmental adjustment, specifically comprising: (1) canceling the association between the user and the role in the original department;
    (2)将用户与新部门内的角色进行关联,用户自动获得新部门内该角色的监察或被监察权限。(2) Associate the user with the role in the new department, and the user automatically obtains the monitoring or monitored authority of the role in the new department.
  4. 根据权利要求2所述的监察审批操作的方法,其特征在于:设置被监察角色时,选择一个或多个部门,则所选部门下的所有角色都被设置为被监察角色,且所选部门下后续增加的角色也被设置为被监察角色。The method for monitoring an approval operation according to claim 2, wherein when the monitored role is set, one or more departments are selected, and all roles under the selected department are set as the monitored role, and the selected department is selected. The next added role is also set to be monitored.
  5. 监察授权操作的方法,其特征在于,包括以下步骤:A method of monitoring an authorization operation, comprising the steps of:
    在系统中创建角色,所述角色是独立的个体,而非组/类,同一时段,一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;Create roles in the system, the roles are independent individuals, not groups/classes. At the same time, one role can only be associated with a unique user, and one user is associated with one or more roles;
    所述角色在执行授权操作时,记录执行该次授权操作的该角色;The role records the role of performing the authorization operation when performing the authorization operation;
    设置一个或多个角色作为监察角色,为每个监察角色设置一个或多个角色作为其被监察角色;或,设置一个或多个角色作为被监察角色,为每个被监察角色设置一个或多个角色作为其监察角色;Set one or more roles as the monitoring role, set one or more roles for each monitored role as their monitored role; or set one or more roles as the monitored role, setting one or more for each monitored role Roles as their supervisory role;
    由监察角色监察被监察角色所执行的授权操作记录,或由监察角色关联的用户监察被监察角色关联的用户所执行的授权操作记录。The monitoring role monitors the authorized operation record performed by the monitored role, or the user associated with the monitoring role monitors the authorized operation record performed by the user associated with the monitored role.
  6. 根据权利要求5所述的监察授权操作的方法,其特征在于:所述的角色能且只能选择一个部门,角色一旦选择部门后则该角色归属于该部门,该角色的名称在该部门下唯一,该角色的编号在系统中唯一,根据角色的工作内容对角色进行授权。The method for monitoring an authorization operation according to claim 5, wherein the role can and can only select one department, and once the role is selected, the role belongs to the department, and the name of the role is under the department. Uniquely, the role's number is unique in the system and the role is authorized based on the role's work content.
  7. 根据权利要求6所述的监察授权操作的方法,其特征在于:还包括一个用户跨部门调岗管理步骤,具体包括:(1)取消用户与原部门内的角色的关联;The method for monitoring an authorization operation according to claim 6, further comprising: a step of managing the inter-departmental management of the user, comprising: (1) canceling the association between the user and the role in the original department;
    (2)将用户与新部门内的角色进行关联,用户自动获得新部门内该角色的监察或被监察权限。(2) Associate the user with the role in the new department, and the user automatically obtains the monitoring or monitored authority of the role in the new department.
  8. 根据权利要求6所述的监察审批操作的方法,其特征在于:设置被监察角色时,选择一个或多个部门,则所选部门下的所有角色都被设置为被监察角色,且所选部门下后续增加的角色也被设置为被监察角色。The method for monitoring an approval operation according to claim 6, wherein when the monitored role is set, one or more departments are selected, and all roles under the selected department are set as the monitored role, and the selected department is selected. The next added role is also set to be monitored.
  9. 监察表单操作的方法,其特征在于,包括以下步骤:A method of monitoring the operation of a form, comprising the steps of:
    在系统中创建角色,所述角色是独立的个体,而非组/类,同一时段,一个角色只能关联唯一的用户,而一个用户关联一个或多个角色;Create roles in the system, the roles are independent individuals, not groups/classes. At the same time, one role can only be associated with a unique user, and one user is associated with one or more roles;
    所述角色在执行表单操作时,记录执行该次表单操作的该角色;The character records the role of performing the form operation when performing a form operation;
    设置一个或多个角色作为监察角色,为每个监察角色设置一个或多个角色作为其被监察角色;或,设置一个或多个角色作为被监察角色,为每个被监察角色设置一个或多个角色作为其监察角色;Set one or more roles as the monitoring role, set one or more roles for each monitored role as their monitored role; or set one or more roles as the monitored role, setting one or more for each monitored role Roles as their supervisory role;
    由监察角色监察被监察角色所执行的表单操作记录,或由监察角色关联的用户监察被监察角色关联的用户所执行的表单操作记录。The monitoring role monitors the form operation record executed by the monitored role, or the user associated with the monitoring role monitors the form operation record executed by the user associated with the monitored role.
  10. 根据权利要求9所述的监察表单操作的方法,其特征在于:设置被监察角色时,选择一个或多个部门,则所选部门下的所有角色都被设置为被监察角色,且所选部门下后续增加的角色也被设置为被监察角色。The method for monitoring the operation of a form according to claim 9, wherein when the monitored character is set, one or more departments are selected, and all the roles under the selected department are set as the monitored role, and the selected department is selected. The next added role is also set to be monitored.
PCT/CN2018/098373 2017-08-03 2018-08-02 Method for supervising approval operations, authorization operations and form operations WO2019024899A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710658069.7 2017-08-03
CN201710658069.7A CN107392494A (en) 2017-08-03 2017-08-03 The method for supervising review operation, Authorized operation and list operation

Publications (1)

Publication Number Publication Date
WO2019024899A1 true WO2019024899A1 (en) 2019-02-07

Family

ID=60344630

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/098373 WO2019024899A1 (en) 2017-08-03 2018-08-02 Method for supervising approval operations, authorization operations and form operations

Country Status (2)

Country Link
CN (2) CN107392494A (en)
WO (1) WO2019024899A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107392494A (en) * 2017-08-03 2017-11-24 成都牵牛草信息技术有限公司 The method for supervising review operation, Authorized operation and list operation
CN108960646B (en) * 2018-07-11 2021-06-08 武汉中原电子信息有限公司 Smart power grid acquisition terminal monitoring method and system
CN117952442B (en) * 2024-03-27 2024-05-28 深圳市崇晸实业有限公司 Management and control method and system for maintaining background operation of e-commerce

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102468971A (en) * 2010-11-04 2012-05-23 北京北方微电子基地设备工艺研究中心有限责任公司 Authority management method and device, and authority control method and device
CN106055967A (en) * 2016-05-24 2016-10-26 福建星海通信科技有限公司 SAAS platform user organization permission management method and system
CN106228059A (en) * 2016-07-22 2016-12-14 南京航空航天大学 Based on three Yuans management and the role access control method of expansion
CN107392494A (en) * 2017-08-03 2017-11-24 成都牵牛草信息技术有限公司 The method for supervising review operation, Authorized operation and list operation

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8312515B2 (en) * 2008-10-30 2012-11-13 Hewlett-Packard Development Company, L.P. Method of role creation
CN101453475B (en) * 2009-01-06 2012-07-04 中国人民解放军信息工程大学 Authentication management system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102468971A (en) * 2010-11-04 2012-05-23 北京北方微电子基地设备工艺研究中心有限责任公司 Authority management method and device, and authority control method and device
CN106055967A (en) * 2016-05-24 2016-10-26 福建星海通信科技有限公司 SAAS platform user organization permission management method and system
CN106228059A (en) * 2016-07-22 2016-12-14 南京航空航天大学 Based on three Yuans management and the role access control method of expansion
CN107392494A (en) * 2017-08-03 2017-11-24 成都牵牛草信息技术有限公司 The method for supervising review operation, Authorized operation and list operation

Also Published As

Publication number Publication date
CN109087001A (en) 2018-12-25
CN107392494A (en) 2017-11-24
CN109087001B (en) 2021-04-16

Similar Documents

Publication Publication Date Title
JP7164091B2 (en) How to manage instant messaging accounts within the management system
WO2019029650A1 (en) Form data operation auditing method
WO2018196876A1 (en) Workflow control method and system based on one-to-one correspondence between roles and users
WO2019007292A1 (en) Role-based form operation authority granting method
WO2018192557A1 (en) Permission granting method and system based on one-to-one correspondence between roles and users
WO2018214890A1 (en) Role-based method for setting approval role for workflow approval node
WO2018214891A1 (en) Method for setting up approval role according to department by approval node in workflow
WO2019011220A1 (en) Method for setting approval procedure based on base fields
WO2019007260A1 (en) Method for authorizing operation permissions of form field values
JP7318894B2 (en) How to authorize the operation privileges for the statistics column table
WO2019015656A1 (en) System dispatching method
WO2018205942A1 (en) Method for setting approval roles according to department levels on workflow approval nodes
JP7231910B2 (en) How to approve permission to manipulate form data
WO2019019981A1 (en) Method for setting permission of user in information exchange unit in system
US20200389463A1 (en) Permission granting method and system based on one-to-one correspondence between roles and users
WO2019011304A1 (en) Role acquisition-based method for authorizing form data
WO2019029648A1 (en) Improved rbac right mechanism-based approval task transfer method
WO2019024899A1 (en) Method for supervising approval operations, authorization operations and form operations
WO2019029649A1 (en) Method for authorizing approval processes and approval nodes thereof for user
WO2019011162A1 (en) Shortcut function setting method
WO2019015657A1 (en) Attendance tracking configuration method for system
WO2018224023A1 (en) Method for displaying permission after employee logs into account thereof in system
WO2019034023A1 (en) Method for approver to ask for reference opinion for approval task
WO2019029500A1 (en) Column value-based separate authorization method for statistical list operations
WO2019019980A1 (en) Forum management method

Legal Events

Date Code Title Description
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18841556

Country of ref document: EP

Kind code of ref document: A1