Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Setting method for viewing permission of operation record based on time period

一种操作记录、时间段的技术,应用在计算机安全装置、仪器、数字数据认证等方向,能够解决不利公司信息保密、使用方操作繁琐又麻烦、操作记录泄露等问题,达到提高准确性和授权速度、权限设置清晰、降低可能性的效果

Active Publication Date: 2018-12-28
CHENGDU QIANNIUCAO INFORMATION TECH CO LTD
View PDF9 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the traditional role-based user rights management methods all adopt the "role-to-user one-to-many" association mechanism. / Position / Position / Type of work and other concepts, the authorization of user rights under this association mechanism is basically divided into the following three forms: 1. figure 1 As shown, directly authorizing users has the disadvantages of heavy workload, frequent and cumbersome operations; 2. figure 2 As shown, authorize the role (class / group / post / job / type of work) (a role can be associated with multiple users), and the user obtains the authority through the role; 3. For example image 3 As shown, the combination of the above two methods
[0006] In the above statement, both 2 and 3 need to authorize the role of class / group nature, but the way of authorization through the role of class / group / post / work type has the following disadvantages: 1. The operation is difficult when the user authority changes: In the actual system use, it is often necessary to adjust the user's permissions during the operation process. For example, when dealing with changes in employee permissions, the permissions of an employee associated with a role change. We cannot Changes to change the permissions of the entire role, because the role is also associated with other employees whose permissions have not changed
The above two processing methods not only take a long time to authorize the role in the case of many role permissions, but also are prone to mistakes. The operation of the user is cumbersome and troublesome, and it is also easy to make mistakes and cause losses to the system user.
[0007] 2. It is difficult to remember the specific permissions contained in the role for a long time: If the role has many permission function points, it is difficult to remember the specific permissions of the role over time, and it is even more difficult to remember the permission differences between roles with similar permissions. To associate a new user, it is impossible to accurately determine how to choose the association
[0008] 3. Due to the change of user permissions, more and more roles will be created (if no new roles are created, the direct authorization to users will be greatly increased), and it is more difficult to distinguish the specific differences between the permissions of each role
[0009] 4. When transferring a post, if you want to assign many permissions of the transferred user to several other users, you must distinguish these permissions of the transferred user during processing, and then create roles to associate with the other users. users, such an operation is not only complicated and time-consuming, but also prone to errors
[0010] In traditional ERP and other management software systems, after employees / users have obtained the permission to view their own operation records, employees / users can view all their own operation records, but in some cases it will lead to the disclosure of company information
For example, after Zhang San is transferred from the sales manager to the production director, Zhang San will not be involved in viewing the sales approval operation records after being transferred to the production director. However, since Zhang San has the authority to view his own approval operation records, Zhang San can still I checked the approval operation records (such as sales contract approval records) when I was a sales manager before, but the company was unable to take effective restrictive measures at this time (if Zhang San is not granted the permission to view his own approval operation records, it will lead to other Unable to view the approval operation record of himself as the production director, which made Zhang San unable to work normally), which led to the leakage of company information
For another example, when an employee A is temporarily transferred to investigate the operation records of another employee B for a certain period of time, it is necessary to authorize the employee A to view the operation records of employee B. After obtaining the authorization, the employee A can view the employee All operation records of employee B, resulting in the leakage of operation records other than the operation records that need to be investigated in all operation records of employee B
It can be seen from this that the existing authorization method for viewing authority of operation records cannot effectively control the authority in some cases, which is not conducive to the confidentiality of the company's information and is likely to cause losses to the company
[0011] The traditional authorization method for viewing operation records cannot use the method / rule of "association time between roles (authorization objects / viewing objects) and their current associated users as the reference time point" to set a dynamic viewing permission time period
For example: If an enterprise wants to use the associated time as a reference time point to set a viewing time period to authorize a role to view the operation records of certain roles, but the associated time is dynamic (many factors such as employee entry, job transfer, resignation, etc., make The role associated with the corresponding user will change, which will make the association time uncertain), all traditional methods do not have a solution for the dynamic authorization time period; but this application method can solve it very well

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Setting method for viewing permission of operation record based on time period
  • Setting method for viewing permission of operation record based on time period
  • Setting method for viewing permission of operation record based on time period

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 3

[0085] [Embodiment 3] The method for setting the permission to view operation records based on time period includes: S31. Selecting a role as an authorization object.

[0086] The role is an independent individual, not a group / class. A role can only be associated with a unique user at the same time, and a user is associated with one or more roles; users obtain the permissions of their associated roles; users obtain their associated roles permission. When a role (independent individual character role) is created or after the role is created, select a department for the role, then the role belongs to the department, and the role is authorized according to the job content of the role, and the name of the role is unique under the department. The number of this role is unique in the system.

[0087] When the user is transferred, cancel the association between the user and the original role, and associate the user with the new role, then the user automatically loses the authority o...

Embodiment 4

[0102] [Embodiment 4] A method for setting the permission to view operation records based on time periods, including: S41. Select a role as an authorization object.

[0103] The role is an independent individual, not a group / class. A role can only be associated with a unique user at the same time, and a user is associated with one or more roles; users obtain the permissions of their associated roles; users obtain their associated roles permission. When a role (independent individual character role) is created or after the role is created, select a department for the role, then the role belongs to the department, and the role is authorized according to the job content of the role, and the name of the role is unique under the department. The number of this role is unique in the system.

[0104] When the user is transferred, cancel the association between the user and the original role, and associate the user with the new role, then the user automatically loses the authority of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for setting the viewing authority of operation records based on a time period, which comprises the following steps: selecting an authorized object; setting one or moreviewing objects for each authorization object, wherein the authorization object and the viewing object are the same kind of roles, users and employees; a view permission period is set for each authorization object, and the authorization object obtains the right to view the operation record of its corresponding view object within the view permission period of the authorization object. The invention can grant the operation record of viewing the viewing object in a certain period of time to the authorized object according to the actual need, however, the operation records of the viewing object outside the time period cannot be viewed, so as to meet the viewing requirements of the operation records of the viewing object under various conditions involving time limits, reduce the possibility that the operation records are known by irrelevant personnel, and improve the security of the company information.

Description

technical field [0001] The invention relates to a method for authorizing data viewing authority in management software systems such as ERP, in particular to a method for setting time-based operation record viewing authority. Background technique [0002] Role-based access control (RBAC) is the most researched and thoughtful database permission management mechanism in recent years. It is considered to be an ideal candidate to replace traditional mandatory access control (MAC) and discretionary access control (DAC). The basic idea of ​​role-based access control (RBAC) is to divide different roles according to different functional positions in the enterprise organization view, encapsulate the access rights of database resources in roles, and users can indirectly access database resources by being assigned different roles. [0003] There are often a large number of tables and views in large-scale application systems, which makes the management and authorization of database resou...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/62
CPCH04L63/101H04L63/102H04L63/105H04L63/108G06F21/6218H04L41/28G06F2221/2141G06F2221/2137G06F21/31G06F21/6209G06Q10/105G06Q10/109
Inventor 陈达志
Owner CHENGDU QIANNIUCAO INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products