WO2019029650A1 - Procédé de vérification d'opération de données de formulaire - Google Patents

Procédé de vérification d'opération de données de formulaire Download PDF

Info

Publication number
WO2019029650A1
WO2019029650A1 PCT/CN2018/099769 CN2018099769W WO2019029650A1 WO 2019029650 A1 WO2019029650 A1 WO 2019029650A1 CN 2018099769 W CN2018099769 W CN 2018099769W WO 2019029650 A1 WO2019029650 A1 WO 2019029650A1
Authority
WO
WIPO (PCT)
Prior art keywords
form data
audit
role
review
user
Prior art date
Application number
PCT/CN2018/099769
Other languages
English (en)
Chinese (zh)
Inventor
陈达志
Original Assignee
成都牵牛草信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 成都牵牛草信息技术有限公司 filed Critical 成都牵牛草信息技术有限公司
Publication of WO2019029650A1 publication Critical patent/WO2019029650A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management

Definitions

  • the invention relates to an audit method for form data operations in management software such as ERP and CRM.
  • Role-based access control is one of the most researched and matured database rights management mechanisms in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and autonomous access control (DAC). Traditional autonomous access control has high flexibility but low security. Forced access control is highly secure but too restrictive. Role-based access control combines both ease of management and reduces the complexity, cost, and probability of errors. Therefore, it has been greatly developed in recent years.
  • the basic idea of role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and indirectly access database resources by being assigned different roles.
  • the role-based permission control mechanism can manage the access rights of the system simply and efficiently, which greatly reduces the burden and cost of the system rights management, and makes the system rights management more in line with the business management specifications of the application system.
  • the traditional role-based user rights management adopts the "role-to-user one-to-many” association mechanism, and the "role” is group/class nature, that is, one role can simultaneously correspond to/associate multiple users, and the role is similar to the post/
  • the concept of position/work type the authorization of user rights under this association mechanism is basically divided into the following three forms: 1.
  • the role (class/group/post/work type) is authorized (a role can be associated with multiple users), the user obtains the permission through the role, and the authority authority is the group/class nature role; As shown in Figure 3, the above two methods are combined.
  • both 2 and 3 need to authorize the role of the class/group nature, and the way of authorization through the role of class/group/post/work type has the following disadvantages: 1.
  • the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
  • the employee/user's form operation permissions change either the employee/user is removed from the role or the role is added to meet the job requirements.
  • the defect of the first method is the same as the above-mentioned "direct authorization to the user" method.
  • the new role involves the creation, association, and authorization of the role. Especially in the case of a large number of roles and a large number of users associated with the role, it is difficult to remember which users are associated with the role.
  • the difference between auditing and approval is the role of having permission to audit the data (form data), through form authorization or data/form data (form expression) Is a business object, such as orders, contracts, customers, etc., each form data corresponds to a unique business object, such as 001 customer in the customer form represents a unique customer 001, customer 001 is a form data / object)
  • Authorization implementation there may be multiple roles that have permission for a piece of data (form data), only one of the roles needs to complete the review (or the data review has a result, whether the result is positive or negative), the review The task is over; the approval role is the role set in the approval process step, which data (form data) is not specific to the approval node, but the approval role of the approval node can be approved for the approval task that arrives at the approval node.
  • a role approval is completed until the next step or end (single person Approval), it may also be the number of people who pass the approval after multiple roles are approved (voting), or all roles must submit approval comments (signature); 2.
  • the review method when the form data is added (the new review request has been submitted) is the submit role (or submitter) clicks the unsubscribe button, the audit task is revoked, the modification and deletion are authorized to click to cancel the submission (undo modification) ) or the undo deleted role (or submitter) can click to cancel the review task; the process approval approval cancellation is canceled by the process initiator.
  • the audit may agree or disagree (the method of review of this application: the result of the audit is consent or does not agree that the audit task is completed), and the approval process must be agreed upon to end.
  • the review function of the existing software in the market expresses the state of the form data or the state switch of the form data, does not express its review process, and does not unlock the application/request, review the application/request, and cannot clearly express its process.
  • the application review method has unlock application/request and/or review application/request, and generate relevant clear audit tasks, which is more suitable for the actual management needs of the enterprise.
  • the object of the present invention is to overcome the deficiencies of the prior art and provide a method for reviewing the operation of a form data.
  • the audit function is used to implement the review and confirmation of the form data operation, and no process is required to be created, and the auditor is reduced.
  • the process creates the workload of the personnel, shortens the form data operation review cycle; the reviewer adopts the role of independent individual nature, can realize the seamless handover of the audit authority, ensure that the user audit authority is updated in time, and there is no lag of the audit authority update or Missing, will not affect the normal operation of the company, but also avoid the risk of leakage of confidential information.
  • the role is an independent individual, not a group / class, a role can only be associated with a unique user at the same time, and a user is associated with one or more roles;
  • Steps (1) to (4) are sequentially performed, or steps (3), (1), (2), and (4) are sequentially performed.
  • the review comments include consent/pass, disagree/disapproval (agree/pass, disagree/not pass is just a positive or negative expression, and can be expressed in other ways).
  • the operation of the form data includes any one of adding, modifying, and deleting form data.
  • a step of unlocking the application is also included: S1: Unlocking the applicant to apply for unlocking the form data, and confirming whether to unlock by the unlocker having the unlocking authority of the operation of the form data; S2: If the unlocking is passed, The modification/delete operation of the form data is performed by the operator according to the operation authority of the form data; S3: the review requester submits a review request for the modification/deletion operation of the form data; S4: the reviewer modifies/deletes the change The operation is reviewed and an audit opinion is given.
  • the user needs to adjust the post, it also includes a user adjustment management step, which includes: (1) canceling the association between the user and the original role; (2) associating the user with the new role corresponding to the post, and the user automatically obtains the new The audit permissions for the role.
  • the method of reviewing the form data operation further includes the step of authorizing the review authority of the operation of the form data of the form owned by the reviewer through the field value of the form field, the field value of the form field being determined by selection or automatically determined.
  • the results of the review are based on pre-defined audit rules.
  • the auditing rule is as follows: the auditing opinion of the first reviewer who gives the auditing opinion is used as the auditing result, and the auditing is ended as long as any reviewer gives the auditing opinion.
  • the auditing rule is as follows: Among the multiple auditors, as long as any one of the auditors gives an approval opinion of “Agree/Pass”, the audit result is “Agree/Pass”, as long as any reviewer gives The review of “Agree/Pass” will end the review.
  • the auditing rule is as follows: As long as any of the auditors gives an audit opinion that is “disagree/not passed”, the audit result is “disagree/not pass”, as long as there is any An auditor gives an opinion of “disagree/not pass” and the review ends.
  • An audit method for form data operations including the following steps:
  • Step (3) is finally executed, and there is no order between step (1) and step (2).
  • the form data operation includes modifying or deleting the form data, and if the form data is to be modified/deleted, a step of unlocking the application is also included:
  • S1 unlocking the applicant to apply for unlocking the form data, and confirming whether to unlock by the unlocker having the unlocking authority of the operation of the form data;
  • S4 The reviewer reviews the modification/deletion operation and gives an audit opinion.
  • the unlocking applicant includes one or more of an employee, a user, a role, a group/class having permission to apply for the form data (or the form data to operate);
  • the unlocker includes one or more of an employee, a user, a role, a group/class having the unlocking authority of the operation of the form data;
  • the operator includes one or more of an employee, a user, a role, a group/class that unlocks the applicant and/or the operational authority having the form data;
  • the audit requester includes one or more of an operator and/or an employee having the form data and/or an employee, a user, a role, a group/class of the audit request authority;
  • the reviewer includes one or more of an employee, a user, a role, a group/class having the audit authority of the operation of the form data;
  • the roles are independent individuals, not groups/classes, and one role can only associate with a single user at a time, and one user associates one or more roles.
  • the beneficial effects of the present invention are: 1) the audit has only one review step, and once the audit approves/passes or disagrees/dismiss, the audit task ends, for the form data that does not require complicated approval process, or needs to be reviewed and confirmed but I don't want to create the form data of the complicated approval process, use the audit function to realize the review and confirmation of the form data operation, no need to create the process, reduce the workload of the auditor/process creation staff, and shorten the review cycle of the form data operation.
  • the auditor adopts the role of independent individual nature.
  • the user leaves the company and adjusts the post, the user's association with the role/disassociation is realized, and the audit authority is switched and updated.
  • the audit authority can be seamlessly transferred to ensure the user.
  • the auditing authority is updated in a timely manner, and there will be no lag or omission of the auditing authority update, which will not affect the normal operation of the enterprise, and also avoid the risk of leakage of confidential information.
  • Example of resignation the user associated role of the employee Zhang San “production worker 1”.
  • the system administrator or the corresponding administrator directly cancels the association between the user corresponding to Zhang San and the role of “production worker 1”.
  • Zhang San automatically loses the corresponding audit authority of “production worker 1”, avoiding the delay of reviewing the transfer of authority, so that Zhang San still has certain confidential information review and viewing authority after leaving the company, resulting in the disclosure of relevant confidential information to Zhang San; new employee Li
  • the user corresponding to Li Si is directly associated with “production worker 1”, and Li Si automatically obtains the audit authority corresponding to the role of “production worker 1”, and no need to reset the audit authority for Li Si.
  • the operation is simple and fast, which greatly reduces the workload.
  • Example of transfer The employee Zhang San should be transferred from the production department to the after-sales department.
  • the system administrator (or the corresponding administrator) cancels the association between the user corresponding to Zhang San and the original character “production worker 1”, and then links to the new after-sales department.
  • the role of "after-sales service personnel 3", Zhang San automatically obtained the audit authority corresponding to the role of "after-sales service personnel 3".
  • the present invention can give an approval/pass, disagree/disapproval audit result, and can promptly and promptly feed back the audit result to the audit requester, including the result of the disagreement/disapproval.
  • This application provides the unlock application function. If you need to modify or delete the official data of the form that needs to be reviewed, you need to submit the unlock application/request, and the unlocker who unlocks the operation with the form data will unlock it. There is no unlock application/request in the review, and the unlocked person with unlock permission can unlock the form data that has been approved and needs to be unlocked.
  • Benefits of unlocking the application (request) function 1 reduce the unlocker's workload, let the unlocker know clearly what unlocking needs; 2 set up an interactive way for unlocking the demander and the unlocker: for example: the company has 1000 salespeople Only 8 people have the unlock permission. If there is no unlock application (request) function, and someone needs to unlock the official data of a form, the unlocker can only be notified by phone or instant message which form data needs to be unlocked. After learning the information and finding the form data and unlocking it, then: A. Communicate with the unlocking demander and find the form data that needs to be unlocked, which will greatly increase the unlocker's workload and cumbersomeness; B.
  • the unlock application (request) function provided by the present application can well solve the above problem.
  • the review rules of this application can be customized. For example, if someone passes, it must pass, must pass the vote to pass, must pass more than half to pass, must pass more than two-thirds to pass, and so on. It provides a flexible and applicable auditing method for enterprise form data operation auditing. It is easy to use and is especially suitable for situations where democratic decision-making is required.
  • the application review rules can be set as follows: As long as any reviewer submits the review comments, the audit results are determined, the review is completed, and the review tasks of other reviewers are automatically removed, achieving efficient and rapid review. It is especially suitable for multiple people to have the same audit authority for the same audit task, and anyone can decide the outcome of the audit.
  • the role of the application is a one-to-one relationship to the user.
  • One role can only be associated with a unique user at the same time, and one user is associated with one or more roles.
  • the advantage of this is that as long as the user is associated with the role, the permission can be obtained. (ie, the user gains access to their associated role), and the role's permission changes are much less than the user permissions in the traditional mechanism.
  • the number of roles of the nature of the independent body (the nature of the post number/station number) is small. Although the employee turnover is large, the change of the post number/station number is small (even if there is no change in a certain period of time, that is, the role does not change), This will greatly simplify the user's rights management and reduce the overhead of the system.
  • the traditional rights management mechanism defines the role as a group, a job type, a class, etc.
  • the role is a one-to-many relationship to the user.
  • the user's authority is often adjusted during the operation process. For example, when dealing with employee permission changes, the permissions of an employee associated with the role change. We cannot change the permissions of the entire role because of the change of the individual employee permissions, because the role is also associated with other employees whose permissions have not changed. . So in response to this situation, either create a new role to satisfy the employee whose permissions have changed, or directly authorize (disengage the role) from the employee based on the permission requirements.
  • the above two processing methods not only require a long time for the role authorization in the case of a large number of role permissions, but also are easy to make mistakes, the user is cumbersome and troublesome to operate, and is also prone to errors resulting in loss to the system user.
  • the role since the role is an independent individual, the role permission can be changed to achieve the goal.
  • the method of the present application seems to increase the workload when the system is initialized, it can be made by copying or the like to make the role or authorization more efficient than the traditional group/class nature, because the group/class role is not considered.
  • the application scheme will make the permission setting clear and clear; especially after the system is used for a period of time (the user/role authority changes dynamically), the application scheme can greatly improve the system usage for the system user.
  • the efficiency of the rights management makes the dynamic authorization simpler, more convenient, clearer and clearer, and improves the efficiency and reliability of the permission setting.
  • the traditional group/class role authorization method is error-prone, and the method of the present application greatly reduces the probability of authorization errors, because the method of the present application only needs to consider the role as an independent individual, without considering the traditional method to associate the role of the group. What are the commonalities of multiple users. Even if the authorization error occurs, it only affects the user associated with the role, while the traditional group-based role affects all users associated with the role. Even if a permission authorization error occurs, the correction method of the present application is simple and short, and the traditional group-type role needs to consider the commonality of all users associated with the role when correcting the error, and not only the modification when there are many function points. Troublesome, complicated, very error-prone, and in many cases only new roles can be created.
  • the method of the present application is as follows: the transferred user associates several roles.
  • the user When adjusting the post, the user is first unlinked from the role in the original department (the canceled roles can be re-associated to other users), and then Associate users with roles in the new department. The operation is simple and will not go wrong.
  • FIG. 1 is a schematic diagram of a manner in which a system directly authorizes a user in the background art
  • FIG. 2 is a schematic diagram of a manner in which a system authorizes a group/class role in the background art
  • FIG. 3 is a schematic diagram of a manner in which a system directly authorizes a user and authorizes a group/class role role in the background art
  • FIG. 4 is a schematic diagram of a manner in which a system authorizes a user through an independent individual role
  • Figure 5 is a flow chart of the method for reviewing the present invention.
  • Figure 6 is a flow chart of the unlocking application of the present invention.
  • the method for reviewing the form data operation includes the following steps: creating a role in the system, as shown in FIG. 4, the role is an independent individual, not a group/class, the same A role can only be associated with a unique user, and a user is associated with one or more roles; when a role is created or a role is selected for the role after the role is created, the role belongs to the department, and the role is based on the role of the role.
  • the authorization is performed, and the name of the role is unique under the department.
  • the number of the role is unique in the system; one user corresponds to one employee, one employee corresponds to one user, and the employee determines (acquires) permission through the role associated with the corresponding user.
  • the review requester submits an audit request for some operation of a form data; the operation of the form data includes the form data Add, modify, delete; the reviewer who has the audit permission for the operation of the form data will review the review request and give an audit opinion.
  • the customer form sets the deletion to be audited
  • the reviewer role 1 has the client's deleted audit authority, and all the review requests submitted by the deleted client are reviewed by role 1.
  • the auditor role 1 has the user's new, modified, and deleted auditing authority. Any new, modified, or deleted customer submitted audit request is performed by role 1. Review.
  • role A has the modified audit authority of the sales order data of "role B, role C, and role D"
  • role B has modified a sales order of Changhong Electric Co., Ltd.
  • Role C modifies an application software company's sales order.
  • Role D modifies a sales order from Wanda Construction Company. After role B ⁇ C ⁇ D modifies the three sales orders and submits/saves, role A can The revision of these three orders is reviewed.
  • the audit requester may submit an audit request for a certain operation of the plurality of form data at a time, and the auditor has the audit authority corresponding to the form data for the operation.
  • the method for reviewing the form data operation further includes the step of authorizing the review authority of the operation of the form data of the form by the field value of the form field, wherein the field value of the form field is selected and determined (eg, the client)
  • the fields of the form customer industry field values are manufactured, finance, aviation and other industry options selected by the form operator, such as the contract form field contract signator's field values are Zhang San, Li Si, Wang Wu and other company employee options are operated by the form People choose, these field values are not manually filled, but the field values obtained by the selection method, such as the field contract level of the contract form, the city where the customer is located, the contract signing department, the contract responsible department, the contract execution person, and the contract responsibility role.
  • the field values of the fields are also selected or automatically determined (for example, the field values of the field creators of the customer form include the employee options of Zhang San, Li Si, Wang Wu, etc., but the value of the creator is automatically obtained when the customer is created. The current operator as the creator, the person who recorded the single, the role of the single, the single person, etc. The same is true value, field values automatically determines the type of field / save) in accordance with the relevant rules of the form.
  • the contract form is set to delete, it needs to be reviewed.
  • Three contracts are submitted three times (on the contract form, the field value of the responsible department field has 3 sales, and 2 is sales).
  • Request, role 1's audit permission is: the field value of the responsible department field of the contract form is the deletion of the sales one; the audit authority of role 2 is: the field value of the responsible department field of the contract form is the deletion of the sales department Review.
  • Role 1 can only review the field value of the responsible department field for the deletion of three contracts for the sales department.
  • Role 2 can only review the field value of the responsible department field for the deletion of two contracts for the second part of the sales department.
  • Auditing is the review and approval. When the operation of a form data does not take effect immediately, the reviewer who needs audit authority needs to confirm the operation of the form data operation.
  • Audit permissions Use the form authorization method to control which reviewers have which data (form data) audit permissions (the audit authority authorization method can be designed as: if there is a data (form data) audit authority, then there is This data (form data) has several additional audit/modification audit/delete audit/unlock audit permissions; for example, it can also be designed to add an overall audit/modification audit of this data (form data) to the overall authorization.
  • the audit independent authorization is deleted; for example, it can also be designed to independently authorize these kinds of permissions separately).
  • the review agrees/by means of the operation of accepting the form data, the operation is effective, the audit disagree/not pass indicates that the operation is not approved, and the data (form data) is returned to the pre-audit state: which forms need to be set for review, the form setting
  • the review is performed only when the form data of the form is performed, otherwise no review is required.
  • Audit settings A. If the new request is reviewed, the modification must be reviewed; otherwise, if the modification requires review, the new one may not be reviewed; B. If new or modified requirements for review or approval are required, then the deletion must be required. Audit; C. Can be added or modified without review or approval, but can be set to require deletion of the audit (or not set to audit).
  • the data (form data) is in the process of review, and the submission can be revoked and the review task can be canceled:
  • A. New review only the new review requester clicks the revoke submit button, the audit task is revoked, and the data (form data) status is revoked after the submission is revoked.
  • B. modifies the audit the role (or employee, user, group/class, etc.) that has permission to modify the data (form data) can be clicked to unsubmit, undo the data (form Data) status is "unlocked” (informal data status);
  • C. delete audit, the role (or employee, user, group/class, etc.) with permission to delete the data (form data) can be clicked to cancel the submission, after revocation
  • the data (form data) status is "unlocked”.
  • a new order 001 is submitted. After the authorized role is approved, the order becomes official data (form data). If you need to modify the order, you need to initiate it first. Unlock the application (request), after the unlock application is approved, the data (form data) is modified and submitted, and then the authorized role is reviewed. After the approval, the modified data (form data) becomes the official data (form data). At this time, if you want to delete the order, you need to initiate the unlock application first. After the unlock application is approved, the deleted data (form data) will be submitted, and the data (form data) will be deleted after the authorized role is reviewed.
  • the unlock request and the audit request do not need to fill in another request form, but generate a corresponding task for the request object (form data) itself to the corresponding authorized unlocker/auditor.
  • the audit function is used to realize the review and confirmation of the form data operation without the need to create a process, which reduces the workload of the auditor/process creator and shortens the review cycle of the form data operation.
  • the audit opinion includes consent/pass, disagree/disapproval, and the invention can give the result of approval/pass, disagree/disapproval, and can promptly and promptly feedback the audit result to the audit requester, including the audit result. Disagree/do not pass.
  • the user also includes a user transfer management step, which specifically includes: (1) canceling the association between the user and the original role; and (2) associating the user with the new role corresponding to the post adjustment.
  • the user automatically gets the audit permission for this new role.
  • the auditor adopts the role of an independent individual.
  • the association and disassociation of the user and the role are realized, and the audit authority is switched and updated, and the audit authority can be seamlessly transferred.
  • the audit authority is switched and updated, and the audit authority can be seamlessly transferred.
  • Example of resignation the user associated role of the employee Zhang San “production worker 1”.
  • the system administrator or the corresponding administrator directly cancels the association between the user corresponding to Zhang San and the role of “production worker 1”.
  • Zhang San automatically loses the corresponding audit authority of “Production Worker 1”, avoiding the delay of reviewing the transfer of authority, so that Zhang San still has certain confidential information review and viewing authority after leaving the company, resulting in the disclosure of relevant confidential information to Zhang San (the handover will be delayed Affecting the delay of related audit tasks, affecting the normal or efficient operation of the company, and even causing unpredictable losses);
  • the new employee Li Si takes over the work of Zhang San, directly associates the user of Li Si with “production worker 1” Li Si automatically obtained the audit authority corresponding to the role of “production worker 1”, and no need to reset the audit authority for Li Si.
  • the operation is simple and fast, which greatly reduces the workload.
  • Example of transfer The employee Zhang San should be transferred from the production department to the after-sales department.
  • the system administrator (or the corresponding administrator) cancels the association between the user corresponding to Zhang San and the original character “production worker 1”, and then links to the new after-sales department.
  • the role of "after-sales service personnel 3", Zhang San automatically obtained the audit authority corresponding to the role of "after-sales service personnel 3".
  • the role of the role to the user is one-to-one (when the role is associated with a user, other users can no longer associate the role; if the role is not associated with the user, it can be selected by other users; that is, a role can be And can only be associated by one user).
  • a user's relationship to a role is one-to-many (one user can associate multiple roles at the same time).
  • Role definition The role does not have the nature of group/class/category/post/job/work, but a non-collection nature, the role is unique, the role is an independent independent entity; in the enterprise application is equivalent Job number (The job number here is not a post, one post may have multiple employees at the same time, and one job number can only correspond to one employee at the same time).
  • a company system can create the following roles: general manager, deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
  • general manager deputy general manager 1, deputy general manager 2, Beijing sales manager, Beijing sales manager, Shanghai sales engineer 1, Shanghai sales Engineer 2, Shanghai Sales Engineer 3, Shanghai Sales Engineer 4, Shanghai Sales Engineer 5...
  • Zhang San serves as the company's deputy general manager 2, and also serves as a sales manager in Beijing, then Zhang The three roles to be associated are Deputy General Manager 2 and Beijing Sales Manager. Zhang San has the rights to these two roles.
  • roles are group/class/post/position/work type, and one role can correspond to multiple users.
  • the concept of "role" in this application is equivalent to the post number/station number, and is similar to the role in the film and television drama: a character can only be played by one actor at the same time (childhood, juvenile, middle-aged). And an actor may be decorated with multiple angles.
  • the role After the role is created, you can associate the role in the process of creating the user, or you can associate it at any time after the user is created. After the user associates the role, the relationship with the role can be released at any time, and the relationship with other roles can be established at any time.
  • the composition of the character is: post name + post number.
  • workshop production workers 1, workshop production workers 2, workshop production workers 3... roles are independent individuals, equivalent to the concept of job number and station number, different from the role in the traditional authority management system, the concept of role in the traditional system It is the group/class nature of the position/position/work type.
  • the following example shows the relationship between employees, users and roles after the employee Zhang San enters a company: 1. New entry: The employee is newly hired, and directly associates the role of the corresponding job number/station number for the user (employee). Yes, for example: Zhang San joined the company (the company assigned a three-user for Zhang San), the job content is in the sales department, responsible for the sales of refrigerator products in Beijing area (the corresponding role is to sell the sales engineer under the 5 "This role", Zhang San users directly select the "sales engineer 5" role association.
  • Zhang also arranged for Zhang San to be responsible for the sales of regional TV products in Beijing (the corresponding role is to sell the role of “Sales Engineer 8” under the Ministry of Sales) and concurrently as the head of the after-sales department (corresponding to the after-sales department)
  • the three users added the roles of “sales engineer 8” under the sales department and “sales department supervisor 1” under the after-sales department.
  • Zhang San employees associated three roles, respectively.
  • Zhang San users have the authority of these three roles.
  • Zhang San serves as the post-sales manager (corresponding to the role of “after-sales manager” in the after-sales department) and no longer take up other jobs. Then Zhang San user is associated with the role of “after-sales manager” in the after-sales department, and cancels the three roles previously associated (Sales Engineer 5 under Sales, Sales Engineer 8 and “After Sales Manager 1” under the after-sales department) At this time, Zhang San users only have the authority of the role of “after-sales manager” under the after-sales department.
  • This application authorizes the role of the nature of the post number/station number, and the user determines the (acquired) authority by associating the role, and the control of the user authority is realized by a simple user-role relationship. It makes the permission control simple, easy to operate, clear and clear, and greatly improves the authorization efficiency and authorization reliability.
  • a step of unlocking the application is also included: S1: Unlocking the applicant to apply for unlocking the form data, and unlocking the unlocking authority of the operation by the form data. Confirm whether to unlock; S2: If the unlocking is passed, the operator performs the modification/delete operation of the form data according to the operation authority of the form data; if the unlocking does not pass, the form data remains in the original state; S3: the review requester submits The review request for the modification/deletion operation of the form data; S4: the reviewer reviews the modification/deletion operation and gives an audit opinion.
  • the unlocker can agree or disagree with the unlocking application (request), agree, the data (form data) is unlocked, and the data (form data) can be modified or deleted. Disagree, the data (form data) is still the status of the review, the official data (form data).
  • the official data of the form is: 1. Form data that is not required for review/approval is official data; 2. Form data that needs to be reviewed, becomes formal data (form data) after review; 3. Form data that needs to be approved, approved After becoming official data (form data).
  • Users who have view rights to the form data, or users who have the view permission and have the modify permission can submit the unlock application and unlock it by the unlocker with the unlock permission.
  • This embodiment provides an unlock application (request) function. If the official data of the form to be audited needs to be modified or deleted, an unlock application (request) needs to be submitted, and the unlocker with the data unlocking authority of the form is unlocked. In the traditional review, there is no unlock application (request), and the unlocker who has the unlock permission unlocks the form data that has been approved and needs to be unlocked.
  • the benefits of unlocking the application function 1 reduce the workload of the unlocker, let the unlocker clearly know which unlocking needs; 2 set up an interactive way for unlocking the demander and the unlocker: for example: the enterprise has 1000 sales personnel, of which only 8 people have the unlock permission. If there is no unlock application function and someone needs to unlock the official data of a form, the unlocker can only be notified by phone or instant message which form data needs to be unlocked.
  • the form data is unlocked again: A. Communicate with the unlocking demander and find the form data that needs to be unlocked, which will greatly increase the workload and cumbersomeness of the unlocker; B. Communicate by telephone or instant messaging.
  • the unlocking process can not record the unlocking demand, unlocking the demand time If the information is unlocked, there is no relevant basis for the unlocking.
  • the unlock application (request) function provided by this embodiment can well solve the above problem.
  • the auditing rule may be: the auditing opinion of the first reviewer who gives the auditing opinion as the auditing result, and the auditing is ended as long as any reviewer gives the auditing opinion.
  • the audit results are determined, the review is over, and the review tasks of other reviewers are automatically removed, enabling efficient and rapid review. It is especially suitable for multi-person (multi-approval role).
  • the same audit task has the same audit authority. Any one person (role) can decide the audit result.
  • the application review rules can be customized. For example, if someone passes, it must pass, must pass the vote to pass, must pass more than half to pass, must pass more than two-thirds to pass, and so on. It provides a flexible and applicable auditing method for enterprise form data operation auditing. It is easy to use and is especially suitable for situations where democratic decision-making is required.
  • the method for reviewing the form data operation includes the following steps: authorizing each reviewer to have the audit authority of the operation of the form data; and reviewing the audit request of the requester to submit a certain operation of the form data;
  • the reviewer who has the audit authority of the operation of the form data audits the review request and gives an audit opinion;
  • the form data operation includes modifying or deleting the form data, and if the form data is to be modified/deleted, a Step of unlocking the application: S1: Unlock the applicant application (request) to unlock the form data, and confirm whether to unlock by the unlocker who has the unlock permission of the operation of the form data;
  • S2 If the unlocking is passed, the operator operates according to the form data thereof The permission to perform the modification/delete operation of the form data; if the unlocking does not pass, the form data remains in the original state;
  • S4 the reviewer Review the modification/delete operation

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention concerne un procédé de vérification d'opération de données de formulaire, consistant : à créer des rôles dans un système, les rôles étant des individus indépendants, un seul rôle dans une même période étant associé à un utilisateur unique et un utilisateur étant associé à au moins un rôle ; à sélectionner au moins un rôle dans le système en tant qu'auditeur et à accorder à chaque auditeur une autorisation de vérification pour une opération de données de formulaire particulière ; à soumettre, par le biais d'un demandeur de vérification, une demande de vérification pour une certaine opération de données de formulaire ; et à réaliser la vérification, par le biais de l'auditeur doté de la permission de vérification, pour ladite opération de données de formulaire selon la demande de vérification. Selon ce procédé, la vérification comprend seulement une étape et, une fois que la vérification est approuvé/adoptée ou non approuvée/rejetée, la tâche de vérification est terminée sans qu'un flux ne soit créer, de sorte à raccourcir la période de vérification pour une opération de données de formulaire. L'auditeur est un rôle individuel indépendant ; et lorsqu'un employé démissionne ou est transféré à un autre poste, un transfert fluide des autorisations de vérification peut être réalisé sans que cela n'affecte le fonctionnement normal d'une entreprise, ce qui permet d'éviter le risque de fuite d'informations confidentielles.
PCT/CN2018/099769 2017-08-10 2018-08-09 Procédé de vérification d'opération de données de formulaire WO2019029650A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710682789.7 2017-08-10
CN201710682789.7A CN107464098A (zh) 2017-08-10 2017-08-10 表单数据操作的审核方法

Publications (1)

Publication Number Publication Date
WO2019029650A1 true WO2019029650A1 (fr) 2019-02-14

Family

ID=60547597

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/099769 WO2019029650A1 (fr) 2017-08-10 2018-08-09 Procédé de vérification d'opération de données de formulaire

Country Status (2)

Country Link
CN (2) CN107464098A (fr)
WO (1) WO2019029650A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111507853A (zh) * 2020-06-02 2020-08-07 泰康保险集团股份有限公司 团体保单核保数据处理方法及装置
CN111538748A (zh) * 2020-04-30 2020-08-14 中国银行股份有限公司 业务页面修改方法及装置
CN111598542A (zh) * 2020-05-21 2020-08-28 贵州普致丰科技有限公司 一种按进度存储的电力生产项目档案管理系统
CN111815273A (zh) * 2020-07-03 2020-10-23 远光软件股份有限公司 单据审批流程的配置方法、存储介质及电子设备
CN113723914A (zh) * 2021-08-11 2021-11-30 中核武汉核电运行技术股份有限公司 一种电厂的人员岗位授权装置及岗位授权方法

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107464098A (zh) * 2017-08-10 2017-12-12 成都牵牛草信息技术有限公司 表单数据操作的审核方法
CN107958551B (zh) * 2017-12-29 2020-11-03 福建省农村信用社联合社 一种业务可扩展的银行全渠道远程集中授权系统
CN109741004A (zh) * 2018-11-30 2019-05-10 航天信息股份有限公司 申请单审核方法,装置,存储介质及电子设备
CN109992980B (zh) * 2019-04-04 2022-12-27 浪潮通用软件有限公司 一种用户权限多模型管理方法
CN110276205B (zh) * 2019-06-06 2021-06-15 深圳市杰科数码有限公司 产品序列号文件生成方法、系统、电子装置及存储介质
CN111861357B (zh) * 2019-06-17 2024-04-26 北京嘀嘀无限科技发展有限公司 权限信息处理方法及系统、计算机设备、存储介质
CN110427750A (zh) * 2019-07-23 2019-11-08 武汉宏途科技有限公司 一种通过权限组合方式进行表单权限控制的方法及系统
CN110990856A (zh) * 2019-12-06 2020-04-10 广东联晟通信科技有限公司 一种权限审核方法及系统
CN111340454A (zh) * 2020-03-04 2020-06-26 山信软件股份有限公司 企业作业证安全管理方法
CN112967025B (zh) * 2020-07-09 2022-06-17 北京中百信信息技术股份有限公司 信息工程监理项目形象进度管理系统
CN112488652B (zh) * 2020-11-30 2024-05-10 乐刷科技有限公司 工单审核方法、系统、终端和存储介质
CN113065853A (zh) * 2021-04-12 2021-07-02 北京嘀嘀无限科技发展有限公司 数据审核方法、设备、存储介质及计算机程序产品
CN113269525A (zh) * 2021-05-24 2021-08-17 山东浪潮商用系统有限公司 一种工作流的会签管理方法
CN113723769A (zh) * 2021-08-11 2021-11-30 中核武汉核电运行技术股份有限公司 一种电厂的承包商授权装置及授权方法
CN115239292A (zh) * 2022-07-21 2022-10-25 北京铭研医药研究有限公司 用于医药研发及生产核查的信息处理方法及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101630385A (zh) * 2009-07-31 2010-01-20 福州星网视易信息系统有限公司 通过简单的配置项实现多级审核工作流功能的实现方法
US20110246555A1 (en) * 2010-03-30 2011-10-06 Hedges Carl Metadata Role-Based View Generation in Multimedia Editing Systems and Methods Therefor
CN105184144A (zh) * 2015-07-31 2015-12-23 上海玖道信息科技股份有限公司 一种多系统权限管理方法
CN106204258A (zh) * 2016-07-22 2016-12-07 福建节点信息科技有限公司 一种企业资金风险移动管控系统及管控方法
CN107464098A (zh) * 2017-08-10 2017-12-12 成都牵牛草信息技术有限公司 表单数据操作的审核方法

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102194152B (zh) * 2010-03-12 2016-01-20 新奥特(北京)视频技术有限公司 一种审核业务流程中的权限控制方法和装置
JP5814639B2 (ja) * 2011-06-09 2015-11-17 キヤノン株式会社 クラウドシステム、クラウドサービスのライセンス管理方法、およびプログラム
CN102316216A (zh) * 2011-09-07 2012-01-11 宇龙计算机通信科技(深圳)有限公司 一种终端自适应角色的方法及终端
US20140258226A1 (en) * 2013-03-11 2014-09-11 Southpaw Technology, Inc. Asynchronous transaction management, systems and methods
CN104463005A (zh) * 2013-09-25 2015-03-25 天津书生投资有限公司 一种控制电子文档的访问权限的方法
CN104484617B (zh) * 2014-12-05 2017-09-26 中国航空工业集团公司第六三一研究所 一种基于多策略融合的数据库访问控制方法
CN105046438A (zh) * 2015-07-31 2015-11-11 长威信息科技发展股份有限公司 基于可视化流程配置的自定义流程配置办公系统
CN106485388A (zh) * 2015-09-01 2017-03-08 北京奇虎科技有限公司 业务审批系统的权限管理方法和装置
CN105303084A (zh) * 2015-09-24 2016-02-03 北京奇虎科技有限公司 权限管理系统及方法
CN106407717A (zh) * 2016-10-24 2017-02-15 深圳市前海安测信息技术有限公司 医疗信息化系统中电子病历电子签章审核系统及方法
CN106779619B (zh) * 2016-12-30 2024-02-02 全民互联科技(天津)有限公司 一种完善业务审批的审核加签方法及系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101630385A (zh) * 2009-07-31 2010-01-20 福州星网视易信息系统有限公司 通过简单的配置项实现多级审核工作流功能的实现方法
US20110246555A1 (en) * 2010-03-30 2011-10-06 Hedges Carl Metadata Role-Based View Generation in Multimedia Editing Systems and Methods Therefor
CN105184144A (zh) * 2015-07-31 2015-12-23 上海玖道信息科技股份有限公司 一种多系统权限管理方法
CN106204258A (zh) * 2016-07-22 2016-12-07 福建节点信息科技有限公司 一种企业资金风险移动管控系统及管控方法
CN107464098A (zh) * 2017-08-10 2017-12-12 成都牵牛草信息技术有限公司 表单数据操作的审核方法

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111538748A (zh) * 2020-04-30 2020-08-14 中国银行股份有限公司 业务页面修改方法及装置
CN111598542A (zh) * 2020-05-21 2020-08-28 贵州普致丰科技有限公司 一种按进度存储的电力生产项目档案管理系统
CN111507853A (zh) * 2020-06-02 2020-08-07 泰康保险集团股份有限公司 团体保单核保数据处理方法及装置
CN111507853B (zh) * 2020-06-02 2023-04-07 泰康保险集团股份有限公司 团体保单核保数据处理方法及装置
CN111815273A (zh) * 2020-07-03 2020-10-23 远光软件股份有限公司 单据审批流程的配置方法、存储介质及电子设备
CN113723914A (zh) * 2021-08-11 2021-11-30 中核武汉核电运行技术股份有限公司 一种电厂的人员岗位授权装置及岗位授权方法

Also Published As

Publication number Publication date
CN109086627A (zh) 2018-12-25
CN107464098A (zh) 2017-12-12
CN109086627B (zh) 2021-11-16

Similar Documents

Publication Publication Date Title
WO2019029650A1 (fr) Procédé de vérification d'opération de données de formulaire
CN108764833B (zh) 工作流审批节点按部门设置审批角色的方法
US20200134527A1 (en) Method for setting approval procedure based on base fields
US20200145424A1 (en) Workflow control method and system based on one-to-one correspondence between roles and users
WO2018210248A1 (fr) Procédé basé sur des champs de formulaire permettant d'organiser des rôles d'examen et d'approbation sur des nœuds d'examen et d'approbation de flux de travail
CN108550029B (zh) 工作流审批节点按部门级别设置审批角色的方法
WO2018214889A1 (fr) Procédé basé sur une contresignature permettant de configurer un nœud d'approbation dans un processus d'approbation
WO2018224024A1 (fr) Procédé d'approbation efficace pour noeud d'approbation de flux de travail
WO2018214890A1 (fr) Procédé à base de rôle pour configuration de rôle d'approbation pour nœud d'approbation de flux de travail
JP7365609B2 (ja) 全てのシステム使用者の最近の権限状態を表示する承認方法
JP7318894B2 (ja) 統計列表の操作権限の承認方法
CN109165524B (zh) 基于改进型rbac权限控制机制的审批任务转交方法
CN108711037B (zh) 审批工作流的委托及其再委托方法
WO2018214828A1 (fr) Procédé à base de vote permettant de configurer un nœud d'approbation dans un processus d'approbation
JP2020520034A (ja) ロール対ユーザーに基づく1対1の権限承認方法とシステム
WO2019034023A1 (fr) Procédé permettant à un approbateur de demander une opinion de référence pour une tâche d'approbation
WO2019011162A1 (fr) Procédé de définition de fonction de raccourci
CN108985648B (zh) 管理系统中事务处理的管理方法
WO2019029500A1 (fr) Procédé d'autorisation séparée basé sur une valeur de colonne pour opération de liste statistique
WO2019024899A1 (fr) Procédé de surveillance d'opérations d'approbation, d'opérations d'autorisation et d'opérations associées à des formulaires
WO2019019980A1 (fr) Procédé de gestion de forum

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18843116

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18843116

Country of ref document: EP

Kind code of ref document: A1