Approval method for form data operations

Abstract

The invention discloses an auditing method for form data operation, which comprises the following steps: a role in a system is created, the role is an independent individual, one role can only be associated with a unique user at the same time period, and one user is associated with one or more roles; one or more roles in the system are selected as approvers, and each approver is authorized to haveaudit privileges for the operation of the form data; an audit request for an operation for which the requestor submits data for a form is audited; the approval request is audited by an approver who has the approval authority for the operation on the form data. As the audit of the invention has only one audit step, once the audit is agreed / passed or disagreed / not passed, the audit task ends without creating a process, and the audit cycle of the form data operation is shortened. The auditor adopts the role of an independent individual, and can realize the seamless transfer of audit authority when the employee leaves office or changes his post, which will not affect the normal operation of the enterprise, and also avoid the risk of confidential information leakage.

Description

technical field [0001] The invention relates to an auditing method for form data operation in management software such as ERP and CRM. Background technique [0002] Role-based access control (RBAC) is the most researched and thoughtful database permission management mechanism in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and discretionary access control (DAC). Traditional discretionary access control has high flexibility but low security, mandatory access control has high security but is too restrictive; role-based access control combines both, which is not only easy to manage but also reduces complexity, cost and error probability , and thus has been greatly developed in recent years. The basic idea of ​​role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, a...

AI Technical Summary

Problems solved by technology

[0007] In the above statement, both 2 and 3 need to authorize the role of class / group nature, but the way of authorization through the role of class / group / post / job nature has the following disadvantages: 1. The operation is difficult when the user authority changes: In the actual system use, it is often necessary to adjust the user's permissions during the operation process. For example, when dealing with changes in employee permissions, the permissions of an employee associated with a role change. Instead, change the permissions of the entire role, because the role is also associated with other employees whose permissions have not changed

[0009] 2. It is difficult to remember the specific permissions contained in the role for a long time: If the role has many permission function points, it is difficult to remember the specific permissions of the role over time, and it is even more difficult to remember the permission differences between roles with similar permissions. The permissions of the role are also easy to confuse; if you want to associate a new user, you cannot accurately determine how to choose the association

[0010] 3. Due to the change of user permissions, more and more roles will be created (if no new roles are created, the direct authorization to users will be greatly increased), and it is more difficult to distinguish the specific differences between the permissions of each role

[0011] 4. When transferring a post, if you want to assign many permissions of the transferred user to several other users, you must distinguish these permissions of the transferred user during processing, and then create roles to associate with the other users. users, such an operation is not only complicated and time-consuming, but also prone to errors

[0015] There are also some software on the market that have the audit function, but the audit function of the existing software does not have the function of giving the audit result of disagreement, only the function of agreeing with the signature (or confirmation nature), and there is no expression of non-signature / disagree / no The passed function cannot promptly and quickly feed back the failed review results to the review requester

For the submitter, the failed part of the submitted data (form data) includes the data that failed the review (form data) and the data that has not been reviewed (form data), and it is difficult for the submitter to distinguish

Images