CN108875054A - The field value-acquiring method of role's property field in list - Google Patents
The field value-acquiring method of role's property field in list Download PDFInfo
- Publication number
- CN108875054A CN108875054A CN201810690606.0A CN201810690606A CN108875054A CN 108875054 A CN108875054 A CN 108875054A CN 201810690606 A CN201810690606 A CN 201810690606A CN 108875054 A CN108875054 A CN 108875054A
- Authority
- CN
- China
- Prior art keywords
- role
- user
- field value
- field
- property
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Operations Research (AREA)
- Economics (AREA)
- Marketing (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of field value-acquiring methods of role's property field in list, including:Show the corresponding candidate field value of role's property field, candidate's field value is role, and the role is independent individual, rather than group/class, and one role of same period can only be associated with unique user, and a user-association one or more role;Obtain field value:Select a role as the field value of role's property field from the candidate field value.The field value of role's property field is to be made of by role construction or role and user or be made of role and employee in the present invention, since role is independent individual rather than group/class in the present invention, therefore it can judge that corresponding role's property field is responsible for by which post number on earth by the role in field value, it is convenient for segregation of duties, be conducive to the statistical analysis for carrying out relevant issues with post number, and calling to account when something goes wrong.
Description
Technical field
The present invention relates to the list generation methods of the management software systems such as ERP, more particularly to the role in a kind of list
The field value-acquiring method of property field.
Background technique
Access control based roles(RBAC)It is a kind of data base authority pipe the most studied in recent years, that thought is most mature
Reason mechanism, it is considered as the traditional forced symmetric centralization of substitution(MAC)And self contained navigation(DAC)Ideal candidates.Base
In the access control of role(RBAC)Basic thought be divided according to functional post different in business organization's view it is different
The access authority of database resource is encapsulated in role by role, and user is by being endowed different roles come dereference number
According to base resource.
A large amount of table and view are often all had in large-scale application system, this makes management to database resource and awards
Adaptability in tactics obtains sufficiently complex.The access and receiving and grant for permission that database resource is directly managed by user are very difficult, its needs
User is very thorough to the understanding of database structure, and is familiar with the use of sql like language, once and application system structure or peace
Full demand is changed, and will carry out large amount of complex and cumbersome authorization changes, and is very easy to occur some unexpected award
Security breaches caused by power fault.Therefore, for large-scale applied system design one kind is simple, efficient right management method has become
For the common requirements of system and system user.
The mechanism of authorization control of based role can carry out simple, efficient management to the access authority of system, greatly
The burden and cost of System right management are reduced, and System right management is made to be more in line with the service management of application system
Specification.
However, the method for managing user right of traditional based role is all made of the association machine of " role is one-to-many to user "
System, " role " are group/class property, i.e. a role can correspond to simultaneously/be associated with multiple users, and role is similar to post/duty
The concepts such as position/work post are divided into following three kinds of forms to the authorization of user right under this relation mechanism substantially:1, as shown in Figure 1,
Directly user is authorized, the disadvantage is that heavy workload, frequent operation and trouble;2, as shown in Fig. 2, to role(Class/group/post/work
Kind property)It is authorized(One role can be associated with multiple users), user obtains permission by role;3, as shown in figure 3, with
Upper two ways combines.
In above statement, 2,3 are required to authorize class/group property role, and pass through class/group/post/work post
The mode that the role of property is authorized has the disadvantage that:1, operation when user right changes is difficult:It is used in actual system
In the process, often because need to be adjusted the permission of user during operation, such as:In processing employee's permission variation
When, the permission of some employee of role association changes, we cannot change whole because of the variation of individual employee's permissions
The permission of a role, because the role is also associated with the unchanged employee of other permissions.Therefore in order to cope with this kind of situation or wound
New role is built to meet the changed employee of the permission or directly authorize to the employee according to permission demand(It is detached from angle
Color).Both the above processing mode, in the case where role-security is more, to role authorization, not only required time is long, but also is easy
It makes a mistake, user operates cumbersome and bothers, and is also easy the loss caused to system user that malfunctions.
2, to remember that the concrete power limit that role includes is difficult for a long time:If the privilege feature point of role is relatively more, for a long time, very
Difficulty remembers the concrete power limit of role, it more difficult to the permission difference between role similar in permission is remembered, to be associated with new user, nothing
How method accurate judgement, which should select, is associated with.
3, because user right changes, it will cause role's creation is more and more(If not creating new role, can substantially increase
Add the authorization directly to user), it more difficult to distinguish the specific difference of each role-security.
4, when transfer-position, to other several users will be given to undertake by many a authority distributions of transfer-position user, then when handling
It must will be distinguished by these permissions of transfer-position user, create role again respectively to be associated with other several users, such behaviour
Make not only complicated and time consumption, but also mistake also easily occurs.
It would generally include this field of contract signing people in one contract list, if the artificial Zhang San of contract signing, then open
Three be the field value of this field of contract signing people.Contract signing people this field is typically only capable in existing list to extend this as
Corresponding employee, as filled in or being selected as Zhang San for the field value of contract signing people in above-mentioned example.But the employee is responsible more
When the affairs in a post, it can not be well understood and belong to the affairs which post number is engaged on earth, cause to chase after going wrong
Specific owning position number or responsible department can not be traced when duty;For example, Zhang San has been responsible for sale one and sale two simultaneously
Affairs, the contract signing people of a contract list is being extended this as into Zhang San, but do not mark contract signing department on contract list
When, the affairs for belonging to sale one or selling two cannot be distinguished;If going wrong when being called to account, can not precisely divide
Analysis in addition to Zhang San, sale one or sale two need be responsible for, it is even more impossible to analyze be which post number responsibility.
Summary of the invention
It is an object of the invention to overcome the deficiencies of the prior art and provide a kind of fields of role's property field in list
Value-acquiring method.
The purpose of the present invention is achieved through the following technical solutions:The field value of role's property field in list obtains
Method is taken, including:Show the corresponding candidate field value of role's property field, candidate's field value is role, and the role is
Independent individual, rather than group/class, one role of same period can only be associated with unique user, and user-association one or
Multiple roles;Obtain field value:Select a role as the field of role's property field from the candidate field value
Value.
The field value-acquiring method of role's property field in list, including:Show the corresponding candidate of role's property field
Field value, candidate's field value is role, and the role is independent individual, rather than group/class, and one role of same period is only
The unique user of energy association, and a user-association one or more role;Obtain Casting field value:From the candidate field value
It is middle to select a role as the Casting field value in the field value of role's property field;Obtain user field value:It obtains
After Casting field value, it is automatic obtain selected role currently associated user as the use in the field value of role's property field
Family field value, or selected role currently field of the corresponding employee of associated user as role's property field is obtained automatically
User field value in value.
Preferably, the acquisition methods of the field value further include the steps that modifying user field value:User will be currently used as
The user of field value replaces with a user in all users that the role association is crossed, or will currently be used as user field value
Employee replace with an employee in the corresponding all employees of all users that the role association is crossed.
Preferably, the user is defined the competence by it with being associated with for role, the corresponding user of an employee, a use
Family corresponds to an employee.
Preferably, the role belongs to department, is authorized according to the action of role to role, and the role
Title is unique under the department, and the number of the role is unique in systems.
Preferably, when the trans-departmental transfer-position of the user, cancel being associated with for user and the role in former department, by user with newly
Role in department is associated.
The field value-acquiring method of role's property field in list, including:Obtain user field value:Automatic obtain logs in
The active user of system or the corresponding employee of the active user are as the user field in the field value of role's property field
Value;Obtain Casting field value:Obtain user field value after, if active user now associated role only one, obtain automatically
Take the role as the Casting field value in the field value of role's property field;If associated role has active user now
It is two or more, then a field as role's property field is selected from active user now associated all roles
Casting field value in value;The role is independent individual, rather than group/class, and the same period, one role can only be associated with uniquely
User, an and user-association one or more role.
Preferably, the user is determined by it with being associated with for role(It obtains)Permission, the corresponding user of an employee,
The corresponding employee of one user.
The field value-acquiring method of role's property field in list, including:Employee logs in system according to its corresponding user
System;Select current character:After employee's login system, the default role of user is that current character or employee select the employee corresponding
As current character, the default role has and only one a role in all roles of user-association in addition to default role
It is a;Obtain Casting field value:Automatically the current character is obtained as role's word in the field value of role's property field
Segment value, the role is independent individual, rather than group/class, and one role of same period can only be associated with unique user, and one
User-association one or more role;Obtain user field value:After obtaining Casting field value, the current character is obtained automatically and is worked as
Preceding associated user is as the user field value in the field value of role's property field, or obtains the current character automatically
Currently the corresponding employee of associated user is as the user field value in the field value of role's property field.
Preferably, the user is determined by it with being associated with for role(It obtains)Permission, the corresponding user of an employee,
The corresponding employee of one user.
The beneficial effects of the invention are as follows:(1)The field value of role's property field is by role construction or by angle in the present invention
Color and user constitute or are made of role and employee, can since role is independent individual rather than group/class in the present invention
To judge that corresponding role's property field is responsible for by which post number/station number on earth by the role in field value,
It is convenient for segregation of duties, is more advantageous to the statistical analysis for carrying out relevant issues with post number/station number, and going wrong
Shi Jinhang calls to account.
For example, the contract signatory of a contract list is salesman 1, and employee's first is responsible for the salesman 1 of sale one
With the affairs of two salesmen 2 of sale(Salesman 1, salesman 2 are role);Use conventional methods then contract signatory's
Field value is employee's first, and uses the field value of method of the invention then contract signatory for salesman 1(Employee's first);Work as contract
List goes wrong when being called to account, and conventional method can only then call to account to employee's first, and can then be chased after using method of the invention
Blame employee's first and sale one(Because role belongs to department, and can also analyze is which post number/role's signing conjunction
Together), thus allow for more acurrate, more reasonable divisions of responsibility and punishment.
(2)It is one-to-many to user that role definition is properties, the roles such as group, work post, class by traditional rights management mechanism
Relationship, in actual system use process, often because need to be adjusted the permission of user during operation, than
Such as:When handling the variation of employee's permission, the permission of some employee of role association changes, we cannot be individual because of this
The variation of employee's permission and the permission for changing entire role, because the role is also associated with the unchanged employee of other permissions.Therefore
Meet the changed employee of the permission or to the employee according to power to cope with this kind of situation or creation new role
Limit demand directly authorizes(It is detached from role).Both the above processing mode, not to role authorization in the case where role-security is more
Long the time required to only, and be easy to make a mistake, user operates cumbersome and trouble, and being also easy error causes to system user
Loss.
But under the present processes, because role is an independent individual, then it can choose and change role-security i.e.
It can reach purpose.The present processes while it seem that will increase workload in system initialization, but can pass through duplication etc.
Method makes it create the efficiency of role or authorization higher than tradition with the role of group property, because not having to consider that property is group
Intercommunity of the role when meeting association user, application scheme can allow priority assignation clear, be illustrated;Especially used in system
After a period of time(User/role-security dynamic change), this application scheme can be that system user increase substantially system use
In rights management efficiency, keep dynamic authorization simpler, be more convenient, it is apparent, clear, improve the efficiency of priority assignation and reliable
Property.
(3)Tradition is easy error by the role authorization method of property of group, and the application method significantly reduces authorization error
Probability because the application method need to only be considered as the role of independent individual, and do not have to consider to be associated with the group under conventional method
Which intercommunity multiple users of property role have.That user for being associated with the role is only influenced authorizing error,
And tradition then will affect all users for being associated with the role with the role of group property.Even if there is permission grant mistake, this Shen
Modification method please is simple, the time is short, and tradition needs to consider when correcting mistake to be associated with the role with the role of group property
All users permission intercommunity, not only modification trouble, complicated in the case where more than the function point is very easy to error, and very
Role, which can only newly be created, in more situations just can solve.
(4)In tradition using group as under the role authorization method of property, if the privilege feature point of role is relatively more, the time one
It is long, it is difficult to remember the concrete power limit of role, it more difficult to the permission difference between role similar in permission is remembered, to be associated with new use
Family, how be unable to judge accurately should select to be associated with.The role of the application method inherently has post number/station number property
Matter, it is very clear to select.
(5)When transfer-position, to other several users will be given to undertake by many a authority distributions of transfer-position user, then when handling
It must will be distinguished by these permissions of transfer-position user, create role again respectively to be associated with other several users, such behaviour
Make not only complicated and time consumption, but also mistake also easily occurs.
The application method is then:By the several roles of transfer-position user-association, in transfer-position, cancel user and former department first
The association of interior role(These roles being cancelled can be associated with again to other users), then by user and new department
Interior role is associated.It is easy to operate, it will not malfunction.
(6)Role belongs to department, then the department of the role cannot be replaced, and why not role can replace department:Reason
By 1:Because role's property of the application is equal to a station number/post number, in the work of different stations number/post number
Appearance/permission be it is different, if 1 role of developer of 1 role of salesman and engineering department under sales department are completely not
Two same station number/posies number, permission are different;Reason 2:If by the affiliated function of 1 role of salesman(Sales department)
It is changed to technology department, the permission of 1 this role of sales force is constant, then there is one for possessing sales department's permission in technology department
Role will lead to managerial confusion and security breaches in this way.
Detailed description of the invention
Fig. 1 is the schematic diagram that system directly authorizes user in background technique;
Fig. 2 is the schematic diagram that system authorizes group/class property role in background technique;
Fig. 3 is the schematic diagram that system directly authorizes user and combines to group/class property role authorization in background technique;
Fig. 4 is the flow chart of one embodiment of the present invention;
Fig. 5 is the schematic diagram that present system authorizes user by independent individual property role;
Fig. 6 is the flow chart of another embodiment of the invention;
Fig. 7 is the flow chart of another embodiment of the invention;
Fig. 8 is the flow chart of another embodiment of the invention.
Specific embodiment
Technical solution of the present invention is described in further detail with reference to the accompanying drawing, but protection scope of the present invention is not limited to
It is as described below.
【Embodiment one】As shown in figure 4, the field value-acquiring method of role's property field in list, including:Show angle
The corresponding candidate field value of color property field, candidate's field value is role.For example, including role's property field in list
" contract signing people ", candidate field value include salesman 1, salesman 2 and salesman 3.
As shown in figure 5, the role is independent individual, rather than group/class, the same period, one role can only be associated with uniquely
User, an and user-association one or more role.The role belongs to department, diagonal according to the action of role
Color is authorized, and the title of the role is unique under the department, and the number of the role is unique in systems.
The definition of role:Role does not have a properties such as group/class/classification/post/position/work post, but non-set
Property, role have uniqueness, and role is self-existent independent individual;Post number is equivalent in enterprises and institutions' application
(The non-post in post number herein, a post may have multiple employees simultaneously, and one post number of same period can only correspond to one
A employee).
Citing:Following role can be created in some Corporation system:General manager, vice general manager 1, vice general manager 2, Beijing sale
One manager, Beijing sell two manager, Beijing sell three managers, Shanghai sales engineer 1, Shanghai sales engineer 2, on
The incidence relation of extra large sales engineer 3, Shanghai sales engineer 4, Shanghai sales engineer 5 ... user and role:If the public affairs
Department employee Zhang San holds a post the said firm vice general manager 2, while a manager is sold in Beijing of holding a post, then Zhang San needs the associated role to be
A manager is sold in vice general manager 2 and Beijing, and Zhang San has the permission of the two roles.
The concept of traditional role is group/class/post/position/work post property, and a role can correspond to multiple users.And
The concept of the application " role " is equivalent to post number/station number, the role being also analogous in movie and television play:One role is in same a period of time
Section(Childhood, juvenile, middle age ...)It can only be played by a performer, and a performer may divide decorations polygonal.
When the trans-departmental transfer-position of the user, cancel being associated with for user and the role in former department, will user in new department
Role be associated.After creating role, can during creating user association role, can also be created in user
It is associated at any time after the completion.The incidence relation with role can be released after user-association role at any time, can also be established at any time
With the incidence relation of other roles.
Obtain field value:Select a role as the field of role's property field from the candidate field value
Value.For example, candidate field value includes salesman 1, salesman 2 and salesman 3, " closed in for list comprising role's property field
When same signing people " setting field value, selective selling person 2 is as role's property field " contract signing people " from candidate field value
Field value, the i.e. field value of contract signing people are " salesman 2 ".
【Embodiment two】As shown in fig. 6, the field value-acquiring method of role's property field in list, including:Definition institute
The field value for stating role's property field includes Casting field value and user field value, i.e. Casting field value and user field value difference
It is a part of the field value.
Show the corresponding candidate field value of role's property field, candidate's field value is role.For example, including in list
Role's property field " contract signing people ", candidate field value include salesman 1, salesman 2 and salesman 3.
The role is independent individual, rather than group/class, and the same period, one role can only be associated with unique user, and
One user-association one or more role.The role belongs to department, is awarded according to the action of role to role
Power, and the title of the role is unique under the department, the number of the role is unique in systems.The user passes through itself and role
Association determine(It obtains)Permission, the corresponding user of an employee, the corresponding employee of a user.
When the trans-departmental transfer-position of the user, cancel being associated with for user and the role in former department, will user in new department
Role be associated.After creating role, can during creating user association role, can also be created in user
It is associated at any time after the completion.The incidence relation with role can be released after user-association role at any time, can also be established at any time
With the incidence relation of other roles.
Obtain Casting field value:Select a role as the word of role's property field from the candidate field value
Casting field value in segment value.For example, candidate field value includes salesman 1, salesman 2 and salesman 3, include in for list
When field value is arranged in role's property field " contract signing people ", selective selling person 2 is used as role's property word from candidate field value
Casting field value in the field value of section " contract signing people ".
Obtain user field value:After obtaining Casting field value, it is automatic obtain selected role currently associated user as institute
The user field value in the field value of role's property field is stated, or obtains the selected role currently corresponding member of associated user automatically
Work is the user field value in the field value of role's property field.For example, salesman 2 is currently associated with user's first, wait
Word selection segment value includes salesman 1, salesman 2 and salesman 3, is set in for list comprising role's property field " contract signing people "
When setting field value, when Casting field value in the field value that salesman 2 is selected as contract signing people, user's first is made automatically
For the user field value in the field value of contract signing people, i.e. the field value of contract signing people is that " salesman 2(User's first)".Again
For example, salesman 2 is currently associated with user's first, user's first corresponds to employee Zhang San, and candidate field value includes salesman 1, salesman 2
It is selected when field value being set comprising role's property field " contract signing people " in for list in salesman 2 with salesman 3
After the Casting field value in the field value of contract signing people, automatically using Zhang San as the user in the field value of contract signing people
Field value, the i.e. field value of contract signing people are that " salesman 2(Zhang San)".
The acquisition methods of the field value further include the steps that modifying user field value:By current as user field value
User replaces with a user in all users that the role association is crossed, or the current employee as user field value is replaced
An employee being changed in the corresponding all employees of all users that the role association is crossed.The institute that role association is crossed herein is useful
Family includes the role user that currently associated user was once associated with role.For example, the current associated user of salesman 2 is to use
Family first, the user that salesman 2 was once associated with are user's second, user third and user's fourth, " are closed in list comprising role's property field
With signing people ";After the Casting field value in the field value that salesman 2 is selected as contract signing people, user's first is made automatically
For the user field value in the field value of contract signing people, i.e. the field value of contract signing people is that " salesman 2(User's first)";By
It in job change, needs user field value being changed to user third by user's first, then directly regard user third as contract signing people
Field value in user field value, at this time the field value of contract signing people be " salesman 2(User third)".In another example
For example, the current associated user of salesman 2 is user's first, the user that salesman 2 was once associated with is user's second, user third and uses
Family fourth, user's first corresponds to employee Zhang San, user's second corresponds to employee Li Si, the corresponding employee of user third opens five, user's fourth and corresponds to employee
Lee six, include in list role's property field " contract signing people ";In the field value that salesman 2 is selected as contract signing people
Casting field value after, automatically using Zhang San as the user field value in the field value of contract signing people, i.e. contract signing people
Field value is that " salesman 2(Zhang San)";Due to job change, need for user field value to be changed to by Zhang San to open five, then directly
Five will be opened as the user field value in the field value of contract signing people, the field value of contract signing people is " sale at this time
Member 2(Open five)".
【Embodiment three】As shown in fig. 7, the field value-acquiring method of role's property field in list, including:Definition institute
The field value for stating role's property field includes Casting field value and user field value, i.e. Casting field value and user field value difference
It is a part of the field value.
Obtain user field value:The automatic active user for obtaining login system or the corresponding employee of the active user are as institute
State the user field value in the field value of role's property field.For example, the active user of login system is user's first, for list
In comprising role's property field " contract signing people " be arranged field value when, then automatically using user's first as the field of contract signing people
User field value in value.In another example the active user of login system is user's first, user's first corresponds to employee Zhang San, for table
When field value is arranged comprising role's property field " contract signing people " in list, then automatically using Zhang San as the field of contract signing people
User field value in value.
Obtain Casting field value:Obtain user field value after, if active user now associated role only one, from
It is dynamic to obtain the role as the Casting field value in the field value of role's property field;If active user associated angle now
Color there are two or more, then selected in associated all roles now from active user one as role's property field
Casting field value in field value;The role is independent individual, rather than group/class, and the same period, one role can only be associated with
Unique user, and a user-association one or more role.For example, the active user of login system is user's first, if with
Family first is associated with salesman 1, then automatically will sale after user's first to be selected as to the user field value of field value of contract signing people
Member 1 is " user's first as the Casting field value in the field value of contract signing people, the i.e. field value of contract signing people(Salesman
1)".In another example for example, the active user of login system be user's first, if user's first association salesman 1, civilian 1 and cashier 1,
After user's first to be selected as to the user field value of field value of contract signing people, selective selling person 1 is as contract signing people's
Casting field value in field value, the i.e. field value of contract signing people are " user's first(Salesman 1).
The role belongs to department, is authorized according to the action of role to role, and the title of the role exists
Unique under the department, the number of the role is unique in systems.The user is determined by it with being associated with for role(It obtains)Power
Limit, the corresponding user of an employee, the corresponding employee of a user.
When the trans-departmental transfer-position of the user, cancel being associated with for user and the role in former department, will user in new department
Role be associated.After creating role, can during creating user association role, can also be created in user
It is associated at any time after the completion.The incidence relation with role can be released after user-association role at any time, can also be established at any time
With the incidence relation of other roles.
【Example IV】As shown in figure 8, the field value-acquiring method of role's property field in list, including:Definition institute
The field value for stating role's property field includes Casting field value and user field value, i.e. Casting field value and user field value difference
It is a part of the field value.
Employee is according to its corresponding logging in system by user.
Select current character:After employee's login system, the default role of user is that current character or employee select the member
Work corresponds to a role in all roles of user-association in addition to default role as current character, the default role have and
Only one.For example, employee Zhang San corresponds to user's first, user's first is associated with salesman 1, civilian 1 and cashier 1, and salesman 1 is default
Role, then salesman 1 be current character, can also from civilian 1 and cashier 1 in select one as current character.
After employee's login system, system shows the default role of the user-association to the employee(One user have and
Only one default role)Permission corresponding with the default role, employee can choose its all role for corresponding to user-association
In a role in addition to default role and the corresponding permission of the role show.Herein, it shows and defaults to employee in system
After role, default role is current character if employee no longer carries out role selecting, if employee has carried out role selecting, institute again
The role selected is current character, and system is shown according to the permission of current character, user according to the permission of current character into
Row operation.
Obtain Casting field value:Automatically the current character is obtained as the angle in the field value of role's property field
Color field value, the role is independent individual, rather than group/class, and the same period, one role can only be associated with unique user, and
One user-association one or more role.For example, current character is salesman 1, " closed for role's property field in list
When same signing people " setting field value, automatically by salesman 1 as the Casting field value in the field value of contract signing people.
The role belongs to department, is authorized according to the action of role to role, and the title of the role exists
Unique under the department, the number of the role is unique in systems.The user is determined by it with being associated with for role(It obtains)Power
Limit, the corresponding user of an employee, the corresponding employee of a user.
When the trans-departmental transfer-position of the user, cancel being associated with for user and the role in former department, will user in new department
Role be associated.After creating role, can during creating user association role, can also be created in user
It is associated at any time after the completion.The incidence relation with role can be released after user-association role at any time, can also be established at any time
With the incidence relation of other roles.
Obtain user field value:After obtaining Casting field value, obtaining the current character automatically, currently associated user makees
For the user field value in the field value of role's property field, or the current character currently associated user is obtained automatically
Corresponding employee is as the user field value in the field value of role's property field.For example, current character is salesman 1,
The current association user first of salesman 1 will sold when field value is arranged for role's property field " contract signing people " in list
After the person of selling 1 is as the Casting field value in the field value of contract signing people, automatically using user's first as the field of contract signing people
User field value in value, the i.e. field value of contract signing people are that " salesman 1(User's first)".In another example for example, current character
For salesman 1, the current association user first of salesman 1, user's first corresponds to employee Zhang San, for role's property field in list
When field value is arranged in " contract signing people ", after by the Casting field value in field value of the salesman 1 as contract signing people, oneself
It moves using Zhang San as the user field value in the field value of contract signing people, i.e. the field value of contract signing people is that " salesman 1
(Zhang San)".
The above is only a preferred embodiment of the present invention, it should be understood that the present invention is not limited to described herein
Form should not be regarded as an exclusion of other examples, and can be used for other combinations, modifications, and environments, and can be at this
In the text contemplated scope, modifications can be made through the above teachings or related fields of technology or knowledge.And those skilled in the art institute into
Capable modifications and changes do not depart from the spirit and scope of the present invention, then all should be in the protection scope of appended claims of the present invention
It is interior.
Claims (10)
1. the field value-acquiring method of role's property field in list, which is characterized in that including:
Show that the corresponding candidate field value of role's property field, candidate's field value are role, the role is independent
Body, rather than group/class, one role of same period can only be associated with unique user, and a user-association one or more role;
Obtain field value:Select a role as the field value of role's property field from the candidate field value.
2. the field value-acquiring method of role's property field in list, which is characterized in that including:
Show that the corresponding candidate field value of role's property field, candidate's field value are role, the role is independent
Body, rather than group/class, one role of same period can only be associated with unique user, and a user-association one or more role;
Obtain Casting field value:Select a role as the field value of role's property field from the candidate field value
In Casting field value;
Obtain user field value:After obtaining Casting field value, it is automatic obtain selected role currently associated user as the angle
User field value in the field value of color property field, or currently the corresponding employee of associated user makees the selected role of automatic acquisition
For the user field value in the field value of role's property field.
3. the field value-acquiring method of role's property field in list according to claim 2, which is characterized in that described
The acquisition methods of field value further include the steps that modifying user field value:The current user as user field value is replaced with into institute
A user in all users that role association is crossed is stated, or the current employee as user field value is replaced with into the role
An employee in the corresponding all employees of all users being associated with.
4. the field value-acquiring method of role's property field in list according to claim 2 or 3, which is characterized in that
The user is defined the competence by it with being associated with for role, the corresponding user of an employee, the corresponding employee of a user.
5. the field value-acquiring method of role's property field in list according to claim 1, which is characterized in that described
Role belongs to department, is authorized according to the action of role to role, and the title of the role is unique under the department,
The number of the role is unique in systems.
6. the field value-acquiring method of role's property field in list according to claim 5, which is characterized in that described
When the trans-departmental transfer-position of user, cancels being associated with for user and the role in original department, user and the role in new department are closed
Connection.
7. the field value-acquiring method of role's property field in list, which is characterized in that including:
Obtain user field value:The automatic active user for obtaining login system or the corresponding employee of the active user are as the angle
User field value in the field value of color property field;
Obtain Casting field value:Obtain user field value after, if active user now associated role only one, obtain automatically
Take the role as the Casting field value in the field value of role's property field;If associated role has active user now
It is two or more, then a field as role's property field is selected from active user now associated all roles
Casting field value in value;The role is independent individual, rather than group/class, and the same period, one role can only be associated with uniquely
User, an and user-association one or more role.
8. the field value-acquiring method of role's property field in list according to claim 7, which is characterized in that described
User is defined the competence by it with being associated with for role, the corresponding user of an employee, the corresponding employee of a user.
9. the field value-acquiring method of role's property field in list, which is characterized in that including:
Employee is according to its corresponding logging in system by user;
Select current character:After employee's login system, the default role of user is that current character or employee select the employee couple
Using a role in the associated all roles in family in addition to default role as current character, the default role has and only has
One;
Obtain Casting field value:Automatically the current character is obtained as role's word in the field value of role's property field
Segment value, the role is independent individual, rather than group/class, and one role of same period can only be associated with unique user, and one
User-association one or more role;
Obtain user field value:Obtain Casting field value after, obtain automatically the current character currently associated user as institute
The user field value in the field value of role's property field is stated, or obtains the current character currently associated user's correspondence automatically
Employee as the user field value in the field value of role's property field.
10. the field value-acquiring method of role's property field in list according to claim 9, which is characterized in that institute
It states user and is defined the competence by it with being associated with for role, the corresponding user of an employee, the corresponding employee of a user.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2017105533097 | 2017-07-07 | ||
CN201710553309.7A CN107292144A (en) | 2017-07-07 | 2017-07-07 | The field value-acquiring method of role's property field in list |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108875054A true CN108875054A (en) | 2018-11-23 |
CN108875054B CN108875054B (en) | 2021-04-09 |
Family
ID=60100954
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710553309.7A Pending CN107292144A (en) | 2017-07-07 | 2017-07-07 | The field value-acquiring method of role's property field in list |
CN201810690606.0A Active CN108875054B (en) | 2017-07-07 | 2018-06-28 | Method for acquiring field value of role property field in form |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710553309.7A Pending CN107292144A (en) | 2017-07-07 | 2017-07-07 | The field value-acquiring method of role's property field in list |
Country Status (2)
Country | Link |
---|---|
CN (2) | CN107292144A (en) |
WO (1) | WO2019007261A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112632391A (en) * | 2020-12-30 | 2021-04-09 | 深圳市华傲数据技术有限公司 | Data processing method, device and storage medium |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107292144A (en) * | 2017-07-07 | 2017-10-24 | 成都牵牛草信息技术有限公司 | The field value-acquiring method of role's property field in list |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050138061A1 (en) * | 2003-12-19 | 2005-06-23 | Kuehr-Mclaren David G. | Automatic policy generation based on role entitlements and identity attributes |
US20060047657A1 (en) * | 2004-08-26 | 2006-03-02 | Ophir Frieder | Refined permission constraints using internal and external data extraction in a role-based access control system |
CN102004868A (en) * | 2009-09-01 | 2011-04-06 | 上海杉达学院 | Role access control-based information system data storage layer and building method |
CN102053969A (en) * | 2009-10-28 | 2011-05-11 | 上海宝信软件股份有限公司 | Web ERP (enterprise resource planning) user right management system |
CN104462888A (en) * | 2014-12-25 | 2015-03-25 | 遵义国正科技有限责任公司 | User authority management system in passenger transportation management information system |
CN106488789A (en) * | 2014-07-11 | 2017-03-08 | 科乐美数码娱乐株式会社 | Games system, game control device, program and information storage medium |
CN106790060A (en) * | 2016-12-20 | 2017-05-31 | 微梦创科网络科技(中国)有限公司 | The right management method and device of a kind of role-base access control |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101299694B (en) * | 2007-04-30 | 2012-04-25 | 华为技术有限公司 | Method and system for managing caller in household network, household gateway |
CN102930226B (en) * | 2012-10-25 | 2015-01-07 | 无锡中科泛在信息技术研发中心有限公司 | Method for controlling use permission of fine-grained client |
CN103632082B (en) * | 2013-12-10 | 2016-08-17 | 惠州华阳通用电子有限公司 | A kind of general-purpose rights management system and method |
KR101668550B1 (en) * | 2015-01-07 | 2016-10-21 | 충북대학교 산학협력단 | Apparatus and Method for Allocating Role and Permission based on Password |
CN107292144A (en) * | 2017-07-07 | 2017-10-24 | 成都牵牛草信息技术有限公司 | The field value-acquiring method of role's property field in list |
-
2017
- 2017-07-07 CN CN201710553309.7A patent/CN107292144A/en active Pending
-
2018
- 2018-06-28 WO PCT/CN2018/093450 patent/WO2019007261A1/en active Application Filing
- 2018-06-28 CN CN201810690606.0A patent/CN108875054B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050138061A1 (en) * | 2003-12-19 | 2005-06-23 | Kuehr-Mclaren David G. | Automatic policy generation based on role entitlements and identity attributes |
US20060047657A1 (en) * | 2004-08-26 | 2006-03-02 | Ophir Frieder | Refined permission constraints using internal and external data extraction in a role-based access control system |
CN102004868A (en) * | 2009-09-01 | 2011-04-06 | 上海杉达学院 | Role access control-based information system data storage layer and building method |
CN102053969A (en) * | 2009-10-28 | 2011-05-11 | 上海宝信软件股份有限公司 | Web ERP (enterprise resource planning) user right management system |
CN106488789A (en) * | 2014-07-11 | 2017-03-08 | 科乐美数码娱乐株式会社 | Games system, game control device, program and information storage medium |
CN104462888A (en) * | 2014-12-25 | 2015-03-25 | 遵义国正科技有限责任公司 | User authority management system in passenger transportation management information system |
CN106790060A (en) * | 2016-12-20 | 2017-05-31 | 微梦创科网络科技(中国)有限公司 | The right management method and device of a kind of role-base access control |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112632391A (en) * | 2020-12-30 | 2021-04-09 | 深圳市华傲数据技术有限公司 | Data processing method, device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108875054B (en) | 2021-04-09 |
CN107292144A (en) | 2017-10-24 |
WO2019007261A1 (en) | 2019-01-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109032458A (en) | The authorization method for the form data that based role obtains | |
CN108734400A (en) | The method that examination & approval role is arranged by role for workflow approval node | |
CN108764833A (en) | The method that workflow approval node examines role by Department formation | |
CN108717620A (en) | Based role is to the one-to-one Work-flow control method and system of user | |
CN109214150A (en) | The list operating right authorization method of based role | |
CN107315931A (en) | Form field values operating right authorization method | |
CN108876313A (en) | Setting method of the user in the permission of information interchange unit in system | |
CN108898693A (en) | A kind of attendance setting method of system | |
CN107103228A (en) | Man-to-man permission grant method and system of the based role to user | |
CN108932610A (en) | A kind of system work dispatching method | |
CN109064138A (en) | Show the authorization method of all system user current entitlement states | |
CN108921520A (en) | Count list operation permission grant method | |
CN109104425A (en) | The setting method of permission is checked in operation note based on the period | |
CN109165524A (en) | Examination & approval task based on modified RBAC mechanism of authorization control delivers method | |
CN107330344A (en) | A kind of related information authorization method of list | |
CN108985659A (en) | The method that approval process and its approval node authorization are carried out to user | |
CN108629022A (en) | Based role is generated to the one-to-one organization chart of user and application process | |
CN108875391A (en) | Employee logs in the permission display methods after its account in system | |
CN108920940A (en) | The method authorized by field value of third party's field to form fields | |
CN108958870A (en) | shortcut function setting method | |
CN108830565A (en) | The menu authorization method of based role | |
CN109033861A (en) | The method that authorised operator is authorized in system | |
CN108875054A (en) | The field value-acquiring method of role's property field in list | |
CN109087001A (en) | The method for supervising review operation, Authorized operation and list operation | |
CN109086418A (en) | The method that statistics list operation permission is authorized respectively based on train value |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |