A role-based method of authorizing permissions for form operations

Abstract

The invention discloses a method for authorizing form operation authority based on role, which comprises the following steps of: selecting one or more roles as authorized roles; each role is an independent individual, not a group / class; one role can only be associated with unique users at the same time period, and one user can be associated with one or more roles; the authorization method comprises the following steps of: selecting one or more roles as authorized roles; slecting form: when the selected authorized role is one and the selected form is one, the existing operation permission status of the authorized role on the selected form is displayed; displaying blank form operation permissions when the selected form is two or more; performing form operation permission authorization on authorized roles; after the above steps are complete, saving the permissions for the authorized role. The invention improves the authorization efficiency of the form operation authority, is simple to operate, improves the safety performance of the system, and reduces the risk of loss caused by the information leakage of the enterprise.

Description

technical field [0001] The invention relates to a user authority management method of management software systems such as ERP, in particular to a role-based form operation authority authorization method. Background technique [0002] Role-based access control (RBAC) is the most researched and thoughtful database permission management mechanism in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and discretionary access control (DAC). The basic idea of ​​role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and users can indirectly access database resources by being assigned different roles. [0003] There are often a large number of tables and views in large-scale application systems, which makes the management and authorization of database resources very complicated...

AI Technical Summary

Problems solved by technology

[0005] However, the traditional role-based user rights management methods all adopt the "role-to-user one-to-many" association mechanism. / Position / Type of work and other concepts, the authorization of user rights under this association mechanism is basically divided into the following three forms: 1. figure 1 As shown, directly authorizing users has the disadvantages of heavy workload, frequent and cumbersome operations; 2. figure 2 As shown, authorize the role (category / group / position / type of work) (a role can be associated with multiple users), and the user obtains the authority through the role; 3. For example image 3 As shown, the combination of the above two methods

[0006] In the above statement, both 2 and 3 need to authorize the role of class / group nature, but the way of authorization through the role of class / group / post / work type has the following disadvantages: 1. The operation is difficult when the user authority changes: In the actual system use, it is often necessary to adjust the user's permissions during the operation process. For example, when dealing with changes in employee permissions, the permissions of an employee associated with a role change. We cannot Changes to change the permissions of the entire role, because the role is also associated with other employees whose permissions have not changed

The above two processing methods not only take a long time to authorize the role in the case of many role permissions, but also are prone to mistakes. The operation of the user is cumbersome and troublesome, and it is also easy to make mistakes and cause losses to the system user.

[0007] 2. It is difficult to remember the specific permissions contained in the role for a long time: If the role has many permission function points, it is difficult to remember the specific permissions of the role over time, and it is even more difficult to remember the permission differences between roles with similar permissions. To associate a new user, it is impossible to accurately determine how to choose the association

[0008] 3. Due to the change of user permissions, more and more roles will be created (if no new roles are created, the direct authorization to users will be greatly increased), and it is more difficult to distinguish the specific differences between the permissions of each role

[0009] 4. When transferring a post, if you want to assign many permissions of the transferred user to several other users, you must distinguish these permissions of the transferred user during processing, and then create roles to associate with the other users. users, such an operation is not only complicated and time-consuming, but also prone to errors

[0010] There are many types of forms in the enterprise, such as customer forms, contract forms, order forms, etc. Different roles in the enterprise also have different requirements for the operation permissions of the forms. For example, Zhang San needs to add, view, modify, Delete and print the form operation authority, while Li Si and other 50 employees only have the printing authority to the contract form. In the existing software system, separate authorization of form operation authority based on different roles cannot be realized, and the information security of the enterprise is worrying. Due to the indiscriminate setting of the form operation permissions by employee roles, the company's confidential forms will be leaked, which will cause risks to the company. In addition, the existing software system cannot use Li Si as a template to batch authorize the rest of the employees who only have form printing permissions, and the work efficiency is very low.

Images