Method for authorizing approval process and approval node thereof for user

Abstract

The invention discloses a method for authorizing an approval process and approval node thereof for a user, wherein the method for authorizing approval process for the user comprises the following steps: selecting a user in a system; displaying all the approval processes in the system, and displaying the current permission status of the selected user for each approval process; authorizing permissions for the approval process for the selected user. After the user is selected, the method displays all the approval processes or all the approval nodes in the system, and the approval processes or theapproval nodes are not omitted, so that the authorization of the related authority for the user can be carried out quickly.

Description

technical field [0001] The invention relates to a method for authorizing an approval process and an approval node for a user. Background technique [0002] Role-based access control (RBAC) is the most researched and thoughtful database permission management mechanism in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and discretionary access control (DAC). The basic idea of ​​role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and users can indirectly access database resources by being assigned different roles. [0003] There are often a large number of tables and views in large-scale application systems, which makes the management and authorization of database resources very complicated. It is very difficult for users to directly manage the access of database re...

AI Technical Summary

Problems solved by technology

[0005] However, the traditional role-based user rights management methods all adopt the "role-to-user one-to-many" association mechanism. / Position / Type of work and other concepts, the authorization of user rights under this association mechanism is basically divided into the following three forms: 1. figure 1 As shown, directly authorizing users has the disadvantages of heavy workload, frequent and cumbersome operations; 2. figure 2 As shown, authorize the role (category / group / position / type of work) (a role can be associated with multiple users), and the user obtains the authority through the role; 3. For example image 3 As shown, the combination of the above two methods

[0006] In the above statement, both 2 and 3 need to authorize the role of class / group nature, but the way of authorization through the role of class / group / post / work type has the following disadvantages: 1. The operation is difficult when the user authority changes: In the actual system use, it is often necessary to adjust the user's permissions during the operation process. For example, when dealing with changes in employee permissions, the permissions of an employee associated with a role change. We cannot Changes to change the permissions of the entire role, because the role is also associated with other employees whose permissions have not changed

The above two processing methods not only take a long time to authorize the role in the case of many role permissions, but also are prone to mistakes. The operation of the user is cumbersome and troublesome, and it is also easy to make mistakes and cause losses to the system user.

[0007] 2. It is difficult to remember the specific permissions contained in the role for a long time: If the role has many permission function points, it is difficult to remember the specific permissions of the role over time, and it is even more difficult to remember the permission differences between roles with similar permissions. To associate a new user, it is impossible to accurately determine how to choose the association

[0008] 3. Due to the change of user permissions, more and more roles will be created (if no new roles are created, the direct authorization to users will be greatly increased), and it is more difficult to distinguish the specific differences between the permissions of each role

[0009] 4. When transferring a post, if you want to assign many permissions of the transferred user to several other users, you must distinguish these permissions of the transferred user during processing, and then create roles to associate with the other users. users, such an operation is not only complicated and time-consuming, but also prone to errors

Since the newly added user may have access to multiple approval processes, at this time, if the authorization method is used to authorize the use rights of each approval process, the authorization workload will be huge, and it is easy to cause authorization errors

In the prior art, the method of granting the approval authority of the approval node is: first find the approval process to which the approval node to be authorized belongs, and then find the approval node to be authorized from the approval process, and add the newly added user to each Among the approvers of the approval nodes that require authorization; the authorization process is more cumbersome than the approval process authorization. When there are many approval nodes that require authorization, the authorization workload is also huge, and authorization errors are prone to occur

[0011] During the operation of the company, due to various reasons, it is necessary to make relatively large adjustments to the approval authority of a certain user's approval process and / or the approval authority of the approval node, and the workload is huge; moreover, the existing ERP and other software systems In the approval process and authorization of approval nodes, it is necessary to authorize the use rights of the approval process one by one, and to authorize the approval nodes of the approval nodes one by one. This authorization method cannot display the user's authority to all the approval processes or approval nodes in the system at one time. The current permission status is not conducive to re-authorization of user permissions, and authorization errors are prone to occur

Images