An employee function-based data permission management method and device

By adopting a data access control method based on employee functions, the problem of complex access control in internal enterprise collaboration has been solved, enabling refined access control and improving enterprise operational efficiency and information security.

CN115062332BActive Publication Date: 2026-06-12KINGDEE SOFTWARE(CHINA) CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
KINGDEE SOFTWARE(CHINA) CO LTD
Filing Date
2022-05-25
Publication Date
2026-06-12

AI Technical Summary

Technical Problem

Existing access control methods require cumbersome authorization processes when collaborating within an enterprise, reducing the flexibility and efficiency of the enterprise's operations, especially when collaborating between different departments.

Method used

The data access control method based on employee functions obtains employee function information, constructs attribute columns, finds and adds attribute field data, and assigns operation permissions according to the importance level of attribute field data and employee level, thereby achieving refined access control.

Benefits of technology

It improves the operational efficiency of the enterprise, ensures information security, facilitates the use of different data by various employees, meets the complex business management requirements of the enterprise, and realizes access control at the form field level.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115062332B_ABST
    Figure CN115062332B_ABST
Patent Text Reader

Abstract

The application discloses a data authority management method and device based on employee functions, and the method comprises the following steps: acquiring function information of an employee, wherein the function information comprises a plurality of function attributes; constructing a plurality of attribute columns based on the function information, wherein each attribute column corresponds to one function attribute; searching for attribute field data corresponding to each attribute column, and adding the attribute field data to the attribute column; and assigning operation authority to the attribute column according to the importance level of the attribute field data and the employee level of the employee. According to the function information of the employee, the operation authority of the employee to the data can be determined, the data in the enterprise is divided and isolated according to the personal function of the employee, the different data can be conveniently used by each employee under the condition of ensuring the safety of the enterprise data, and the operation efficiency in the enterprise is improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the technical field of access control and allocation, and in particular to a data access control method and apparatus based on employee functions. Background Technology

[0002] As businesses grow, the number of employees also increases. Since various types of information within a company are considered its private property and resources, it's necessary to manage and allocate employee access permissions to prevent information leaks, ensuring the company's normal operation and protecting its information security.

[0003] The commonly used permission allocation method is to first determine the employee's department, and then assign the employee corresponding information query and management permissions according to the department's work content and scope of authority. This allows employees to query specific information from their department, and enables information isolation of various parts of the company based on the company's departmental structure, thereby ensuring the normal operation of the company and protecting the company's information security.

[0004] However, current commonly used access control methods have the following technical problems: During normal business operations, collaboration between departments or between employees of different departments is necessary. For example, HR staff might need to access employee identification information to pay social security contributions, or department heads might need to view the work experience of employees in other departments. If enterprise information is isolated solely according to the departmental structure, retrieving or viewing employee information from different departments requires complex authorization procedures, increasing the difficulty of inter-departmental collaboration, reducing the flexibility of internal operations, and decreasing overall operational efficiency. Summary of the Invention

[0005] This invention proposes a data access control method and device based on employee functions. The method can manage the access rights of employees to view data according to their individual functions, thereby improving the flexibility of departments and employees in collaborative work while ensuring the information security of the enterprise, and thus improving the operational efficiency of the enterprise.

[0006] A first aspect of this invention provides a data access control method based on employee functions, the method comprising:

[0007] Obtain employee functional information, wherein the functional information includes several functional attributes;

[0008] Based on the functional information, several rows of attribute columns are constructed, and each row of attribute columns corresponds to a functional attribute.

[0009] Locate the attribute field data corresponding to each of the attribute columns and add the attribute field data to the attribute column;

[0010] Assign operation permissions to the attribute fields based on their importance level and the employee's employee level.

[0011] In one possible implementation of the first aspect, the step of searching for viewable attribute field data in each row of the attribute column includes:

[0012] Determine the user's authorization configuration page;

[0013] If the authorization configuration page is an entity model page, then attribute field data can be extracted arbitrarily from the entity model page, which contains attribute field data of all data elements of the enterprise.

[0014] In one possible implementation of the first aspect, the step of searching for viewable attribute field data in each row of the attribute column includes:

[0015] Determine the user's authorization configuration page;

[0016] If the authorization configuration page is a query configuration page, the user's access information is obtained. The query configuration page contains a dynamic list of enterprises, and each row of the dynamic list contains corresponding attribute field data. The access information includes query information and query columns.

[0017] When the access information matches the dynamic list, the corresponding attribute field data is extracted from the matching dynamic list.

[0018] In one possible implementation of the first aspect, the step of searching for viewable attribute field data in each row of the attribute column includes:

[0019] Determine the user's authorization configuration page;

[0020] If the authorization configuration page is a custom page, the user's authorization selection information is obtained through a preset interface, wherein the custom page contains the user's custom fields;

[0021] Extract the corresponding attribute field data from the custom field according to the authorization selection information.

[0022] In one possible implementation of the first aspect, assigning operation permissions to the attribute field based on the importance level of the attribute field data and the employee's employee level includes:

[0023] Obtain the attribute level value of the attribute field data, and extract the job level value from the functional information;

[0024] If the attribute level value is greater than the job level value, then the operation permission for the attribute field data in the attribute column is determined to be hidden and viewable.

[0025] If the attribute level value is less than the job level value, then the operation permission for the attribute field data in the attribute column is determined to be unmodifiable.

[0026] In one possible implementation of the first aspect, the construction of several row attribute columns based on the functional information includes:

[0027] Obtain the number of attributes of the functional attribute;

[0028] Construct several rows of attribute columns according to the number of attributes mentioned.

[0029] In one possible implementation of the first aspect, after the step of assigning operation permissions to the attribute field based on the importance level of the attribute field data and the employee's staff level, the method further includes:

[0030] The attribute field data and corresponding operation permissions for each attribute column are stored using EhCache caching technology for user access.

[0031] A second aspect of the present invention provides a data access control device based on employee functions, the device comprising:

[0032] The acquisition module is used to acquire the functional information of employees, wherein the functional information includes several functional attributes;

[0033] The construction module is used to construct several rows of attribute columns based on the functional information, with each row of attribute columns corresponding to a functional attribute.

[0034] The search module is used to find the attribute field data corresponding to each of the attribute columns and add the attribute field data to the attribute column.

[0035] The allocation module is used to assign operation permissions to the attribute columns based on the importance level of the attribute field data and the employee's employee level.

[0036] A third aspect of the present invention provides an electronic device, including: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement the data access control method based on employee functions as described above.

[0037] A fourth aspect of the present invention provides a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the data access control method based on employee functions as described above.

[0038] A fifth aspect of the present invention provides a computer program product that, when run on a computer device, enables the computer device to implement the data access control method based on employee functions as described above.

[0039] Compared with the prior art, the data access management method and device based on employee functions provided by the embodiments of the present invention have the following advantages: the present invention can determine the data operation permissions of employees according to their individual function information, so that the data within the enterprise is divided and isolated according to the individual functions of employees. While ensuring the security of enterprise data, it is convenient for each employee to use different data, thereby improving the operational efficiency of the enterprise. Attached Figure Description

[0040] Figure 1 This is a flowchart illustrating a data access control method based on employee functions according to an embodiment of the present invention;

[0041] Figure 2 This is a schematic diagram illustrating the effect of operation permissions provided in an embodiment of the present invention;

[0042] Figure 3 This is a schematic diagram illustrating the display effect of employee data provided in an embodiment of the present invention;

[0043] Figure 4 This is a flowchart illustrating step S13 provided in an embodiment of the present invention;

[0044] Figure 5 This is a flowchart illustrating step S13 provided in an embodiment of the present invention;

[0045] Figure 6 This is a flowchart illustrating step S13 provided in an embodiment of the present invention;

[0046] Figure 7 This is a flowchart illustrating a data access control method based on employee functions according to an embodiment of the present invention;

[0047] Figure 8 This is a schematic diagram of a data access control device based on employee functions provided in an embodiment of the present invention. Detailed Implementation

[0048] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0049] Currently used access control methods present the following technical problems: During normal business operations, collaboration between departments or between employees of different departments is necessary. For example, HR staff might need to access employee identification information to pay social security contributions, or department heads might need to view the work experience of employees in other departments. If enterprise information is isolated solely according to the departmental structure, retrieving or viewing employee information from different departments requires cumbersome authorization processes, increasing the difficulty of inter-departmental collaboration, reducing the flexibility of internal operations, and decreasing overall operational efficiency.

[0050] To address the aforementioned issues, the following specific embodiments will provide a detailed description and explanation of a data access control method based on employee functions provided in this application.

[0051] Reference Figure 1 The diagram illustrates a flowchart of a data access control method based on employee functions, according to an embodiment of the present invention.

[0052] As an example, the data access control method based on employee functions may include:

[0053] S11. Obtain employee functional information, wherein the functional information includes several functional attributes.

[0054] In one embodiment, the functional attributes include the employee's job title, workstation location, department, work attribute, employment status, ID card number, employee number, job title, etc.

[0055] S12. Based on the functional information, construct several rows of attribute columns, with each row of attribute columns corresponding to a functional attribute.

[0056] Since each functional attribute represents an employee's characteristics, to facilitate viewing by other employees, an attribute column can be created for each functional attribute. Multiple attribute columns can then be combined to form an employee information table for other employees to view.

[0057] In order to differentiate and standardize management based on their functional attributes, in an optional embodiment, step S12 may include the following sub-steps:

[0058] S121. Obtain the number of attributes of the functional attribute.

[0059] S122. Construct several rows of attribute columns according to the number of attributes.

[0060] To further differentiate and standardize the management of various functional attributes, in an optional embodiment, a smart attribute field can be added to the attribute column to distinguish different attribute columns.

[0061] S13. Locate the attribute field data corresponding to each attribute column and add the attribute field data to the attribute column.

[0062] Next, locate the attribute field data corresponding to each functional attribute. This attribute field data can be viewed by the employee or not. For example, if the functional attribute corresponding to the attribute column is the employee's job title, its attribute field data is "Designer"; another example is that if the functional attribute corresponding to the attribute column is the job attribute, its corresponding attribute field data can be "Field Staff" or "Office Staff"; yet another example is that if the functional attribute corresponding to the attribute column is the employment status, its corresponding attribute field data can be "Regular Employee," "Intern," or "Expatriate Employee," etc.

[0063] After finding the corresponding attribute field data, the attribute field data can be added to its corresponding attribute column for subsequent processing.

[0064] S14. Assign operation permissions to the attribute columns according to the importance level of the attribute field data and the employee's employee level.

[0065] After adding attribute field data, the level corresponding to the attribute field data can be determined, and the employee's employee level can be obtained. The level corresponding to the attribute field data can be the importance level, and the employee's employee level can be their job function or their position level in the company. Based on the comparison results of the two levels, the corresponding operation permissions can be assigned to the employee to avoid information leakage or tampering and ensure the company's information security.

[0066] In order to accurately assign operation permissions based on the comparison results of levels, in one embodiment, step S14 may include the following sub-steps:

[0067] S141. Obtain the attribute level value of the attribute field data, and extract the job level value from the functional information.

[0068] Specifically, the job titles of employees can be obtained from the functional information, and their job grade values ​​can be determined based on their job titles. Each job title can correspond to a job grade value, and the specific job grade value can be adjusted according to the actual needs of different companies.

[0069] For example, the job level value for a regular employee is 20, for a contract worker it is 15, for an intern it is 10, for a supervisor it is 30, and for a general manager it is 50.

[0070] This allows you to determine the importance level of an attribute field within the company, and then assign the attribute level value accordingly. The importance level can be adjusted based on the company's specific needs; for example, salary and ID number might be considered high importance, while job title and workstation number might be considered low importance.

[0071] The job grade value can be compared with the preset grade value, and the corresponding operation permissions can be assigned to the attribute field data in the attribute column according to the comparison result.

[0072] S142. If the attribute level value is greater than the job level value, then the operation permission for the attribute field data in the attribute column is determined to be hidden and viewable.

[0073] S143. If the attribute level value is less than the job level value, then the operation permission of the attribute field data in the attribute column is determined to be unmodifiable.

[0074] In one embodiment, if the attribute level value is greater than the job level value, it means the attribute field data belongs to a higher-ranking employee, and lower-ranking employees cannot view it. The attribute field data can be set to a hidden viewing permission (e.g., displayed with an asterisk or blurred), preventing lower-ranking employees from viewing it. If the attribute level value is equal to the job level value, it means the attribute field data belongs to an employee of the same or lower rank. Employees can view it, but to ensure information security, they cannot delete or modify the data.

[0075] Reference Figure 2 The diagram illustrates the effect of the operation permissions provided in an embodiment of the present invention.

[0076] If Specialist Zhang San is viewing employee Li Si's data, and the attribute level values ​​of Li Si's various attribute fields are lower than Zhang San's job level values, then Zhang San can view Li Si's data but cannot modify it. Similarly, if employee Li Si is viewing Specialist Zhang San's data, and because Li Si's job level value is lower than the attribute level values ​​of some of Specialist Zhang San's attribute fields, Li Si can only view some of Zhang San's attribute fields, such as job title and work number; he will not be able to view Zhang San's salary, ID number, and other attribute fields.

[0077] Reference Figure 3 The diagram illustrates the display effect of employee data provided in an embodiment of the present invention.

[0078] In one embodiment, employee data can be... Figure 3 The document shown displays employee information in various fields. When the operator lacks sufficient permissions, some employee attribute fields are hidden (e.g., displayed as asterisks or blurred), such as the general manager's job grade field in the image. This invention implements form field-level access control, providing greater granularity.

[0079] In this embodiment, the present invention provides a data access control method based on employee functions. Its advantages are as follows: the present invention can determine an employee's data access permissions based on their individual function information, allowing internal enterprise data to be divided and isolated according to employee functions. This ensures enterprise data security while facilitating different employees' access to different data, thereby improving internal operational efficiency. Furthermore, managing information access permissions based on employee functions allows for refined data access control down to the column data level, achieving form field-level access control. Each field can be processed according to different conditions and rules, meeting the requirements of refined and complex business management within an enterprise.

[0080] Reference Figure 4 The diagram shows a flowchart of step S13 provided in an embodiment of the present invention.

[0081] Since different attribute categories may correspond to different attribute field data—for example, a designer's job title might be graphic design, while a receptionist's job title might be reception—in order to find the attribute field data corresponding to the attribute category according to actual needs, in one embodiment, the method may further include the following, detailed below:

[0082] Reference Figure 3 In this embodiment, step S13 includes the following sub-steps:

[0083] S31. Determine the user's authorization configuration page.

[0084] Specifically, an authorization configuration page can be displayed to users, who can be administrative personnel responsible for permission allocation operations, such as the head of the human resources department of a company.

[0085] This authorization configuration page can specifically be a page used to manage various personnel information.

[0086] In one embodiment, the authorization configuration page may include various standard functions and fields displayed on different types of pages (e.g., lists: dynamic lists, query lists, ordinary entity lists, forms), allowing users to query the corresponding entities and field names.

[0087] In one embodiment, when displaying the authorization configuration page, the user needs to log in, and when the user logs in, it is determined whether the currently logged-in user has authorization to configure various controlled field data (e.g., the company's business code, tax account, etc.). If so, whether to display or modify it is controlled according to permissions and rules.

[0088] This involves query rule conditions. Since rule conditions may include other fields under the entity, when authorizing page fields, it first checks if there are any missing query fields. If so, it automatically adds the fields of the rule conditions. After the results are found, they are then assigned to the expression of the rule conditions for judgment and processing.

[0089] If the logged-in user has not authorized the configuration of each controlled field data, the columns and their data on the page can be removed; if it is necessary to view according to rules, the data corresponding to the rule should be reset to ***.

[0090] S32. If the authorization configuration page is an entity model page, then arbitrarily extract attribute field data from the entity model page, which contains attribute field data of all data elements of the enterprise.

[0091] In this embodiment, the authorization configuration page is the entity model page, which contains the attribute field data of all data elements of the enterprise. Specifically, it can be understood as a page containing all data information of the enterprise.

[0092] Human resources managers can extract relevant data from this page and use it as attribute field data for the attribute columns.

[0093] Since the entity model page contains attribute field data for all data elements of the enterprise, HR managers can flexibly add corresponding attribute field data to the attribute columns to accurately describe the content represented by the attribute columns.

[0094] It should be noted that, in this embodiment, the method can be... Figure 1 Based on the provided embodiments, the remaining steps are the same as... Figure 1 The steps are the same, so I will not repeat them here.

[0095] Reference Figure 5 The diagram shows a flowchart of step S13 provided in an embodiment of the present invention.

[0096] In practice, the personnel configuring attribute field data for attribute columns may be human resources staff. These staff members have limited access to company information. To extract relevant attribute field data from this limited viewable information, in one embodiment, the method may further include the following, detailed below:

[0097] Reference Figure 4 In this embodiment, step S13 includes the following sub-steps:

[0098] S41. Determine the user's authorization configuration page.

[0099] In this embodiment, the steps are the same as those in the above embodiment. For details, please refer to the analysis of the above steps. To avoid repetition, this step will not be described again.

[0100] S42. If the authorization configuration page is a query configuration page, obtain the user's access information, wherein the query configuration page contains a dynamic list of enterprises, each row of the dynamic list contains corresponding attribute field data, and the access information includes query information and query columns.

[0101] In this embodiment, the query configuration page can have a dynamic list of companies. The dynamic list can have multiple rows or pages, and the dynamic list can have multiple different list columns. Each list column stores corresponding column information for users to view.

[0102] All fields on the query configuration page can be entity-based or not. Non-entity fields can be rewritten in the list field output through a custom implementation class in the query configuration.

[0103] In one embodiment, the query information includes the name of the query, and the query category may be the category code.

[0104] S43. When the access information matches the dynamic list, extract the corresponding attribute field data from the matching dynamic list.

[0105] In practice, the above matching operation can be used to determine whether the dynamic list contains the corresponding query information and query category. If the dynamic list contains the corresponding query information and query category, the stored category information can be extracted from the corresponding category in the dynamic list according to the query information and query category, and used as attribute field data.

[0106] For example, if the query information is a job description: field designer, and the query category is 0015, and the dynamic list has a category 0015, and the job description of category 0015 is field designer, then the field data in category 0015 can be extracted as attribute field data.

[0107] Conversely, if the dynamic list does not contain the corresponding query information and query category, an error will be returned.

[0108] By using dynamic lists to extract attribute field data, users can extract data from limited information, thereby improving the efficiency of data extraction.

[0109] It should be noted that, in this embodiment, the method can be... Figure 1 Based on the provided embodiments, the remaining steps are the same as... Figure 1 The steps are the same, so I will not repeat them here.

[0110] Reference Figure 6 The diagram shows a flowchart of step S13 provided in an embodiment of the present invention.

[0111] To improve the flexibility of user operation, in one embodiment, the method may further include the following, which are detailed below:

[0112] Reference Figure 6 In this embodiment, step S13 includes the following sub-steps:

[0113] S51. Determine the user's authorization configuration page.

[0114] In this embodiment, the steps are the same as those in the above embodiment. For details, please refer to the analysis of the above steps. To avoid repetition, this step will not be described again.

[0115] S52. If the authorization configuration page is a custom page, obtain the user's authorization selection information through a preset interface, wherein the custom page contains the user's custom fields.

[0116] In this embodiment, the custom page may include multiple fields defined by the user, and each field may be a pre-defined description of the job title or function.

[0117] In practice, a serial interface can be used to communicate with the user, such as connecting to the user's terminal, and receiving the user's authorization selection information, which can be data from a custom field selected by the user.

[0118] S53. Extract the corresponding attribute field data from the custom field according to the authorization selection information.

[0119] It can read the authorization selection information to determine the fields selected by the user, and then extract the corresponding field data from the custom fields as attribute field data.

[0120] Users can quickly select the corresponding field data as attribute field data through their own choices.

[0121] It should be noted that, in this embodiment, the method can be... Figure 1 Based on the provided embodiments, the remaining steps are the same as... Figure 1 The steps are the same, so I will not repeat them here.

[0122] Reference Figure 7 The diagram illustrates a flowchart of a data access control method based on employee functions, according to an embodiment of the present invention.

[0123] To facilitate subsequent data extractions, in one embodiment, the method may further include the following, detailed below:

[0124] S61. Obtain employee functional information, wherein the functional information includes several functional attributes.

[0125] S62. Based on the functional information, construct several rows of attribute columns, with each row of attribute columns corresponding to a functional attribute.

[0126] S63. Locate the attribute field data corresponding to each attribute column and add the attribute field data to the attribute column;

[0127] S64. Assign operation permissions to the attribute column according to the importance level and employee level of the attribute field data.

[0128] Among them, steps S61-S64 and Figure 1 The steps are the same, and to avoid repetition, they will not be described again here. For details, please refer to the analysis of the above embodiments.

[0129] S65. Store the attribute field data and corresponding operation permissions of each attribute column using EhCache caching technology for user access.

[0130] Specifically, EhCache caching technology can be used to store the data of employees who have been assigned operation permissions, making it convenient for employees to view and access the data later, thereby improving the data access efficiency of each employee and improving the internal operating efficiency of the enterprise.

[0131] It should be noted that, in this embodiment, the method can be... Figure 1 Based on the provided embodiments, the remaining steps are the same as... Figure 1 The steps are the same, so I will not repeat them here.

[0132] This invention also provides a data access control device based on employee functions, see [link to relevant documentation]. Figure 8 The diagram shows a structural schematic of a data access control device based on employee functions according to an embodiment of the present invention.

[0133] As an example, the data access control device based on employee functions may include:

[0134] The acquisition module 701 is used to acquire the functional information of employees, wherein the functional information includes several functional attributes;

[0135] The construction module 702 is used to construct several rows of attribute columns based on the functional information, with each row of attribute columns corresponding to a functional attribute.

[0136] The lookup module 703 is used to look up the attribute field data corresponding to each of the attribute columns and add the attribute field data to the attribute column.

[0137] The allocation module 704 is used to assign operation permissions to the attribute column according to the importance level and employee level of the attribute field data.

[0138] Optionally, the search module is further configured to:

[0139] Determine the user's authorization configuration page;

[0140] If the authorization configuration page is an entity model page, then attribute field data can be extracted arbitrarily from the entity model page, which contains attribute field data of all data elements of the enterprise.

[0141] Optionally, the search module is further configured to:

[0142] Determine the user's authorization configuration page;

[0143] If the authorization configuration page is a query configuration page, the user's access information is obtained. The query configuration page contains a dynamic list of enterprises, and each row of the dynamic list contains corresponding attribute field data. The access information includes query information and query columns.

[0144] When the access information matches the dynamic list, the corresponding attribute field data is extracted from the matching dynamic list.

[0145] Optionally, the search module is further configured to:

[0146] Determine the user's authorization configuration page;

[0147] If the authorization configuration page is a custom page, the user's authorization selection information is obtained through a preset interface, wherein the custom page contains the user's custom fields;

[0148] Extract the corresponding attribute field data from the custom field according to the authorization selection information.

[0149] Optionally, the allocation module is further configured to:

[0150] Obtain the attribute level value of the attribute field data, and extract the job level value from the functional information;

[0151] If the attribute level value is greater than the job level value, then the operation permission for the attribute field data in the attribute column is determined to be hidden and viewable.

[0152] If the attribute level value is less than the job level value, then the operation permission for the attribute field data in the attribute column is determined to be unmodifiable.

[0153] Optionally, the building module is further configured to:

[0154] Obtain the number of attributes of the functional attribute;

[0155] Construct several rows of attribute columns according to the number of attributes mentioned.

[0156] Optionally, the device further includes:

[0157] The caching module is used to store the attribute field data and corresponding operation permissions of each attribute column through EhCache caching technology for users to access.

[0158] Those skilled in the art will understand that, for ease of description and brevity, the specific working process of the device described above can be referred to the corresponding process in the foregoing method embodiments, and will not be repeated here.

[0159] Furthermore, this application also provides an electronic device, including: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement the data access control method based on employee functions as described in the above embodiments.

[0160] Furthermore, embodiments of this application also provide a computer-readable storage medium storing computer-executable instructions for causing a computer to execute the data access control method based on employee functions as described in the above embodiments.

[0161] The above description represents the preferred embodiments of the present invention. It should be noted that those skilled in the art can make various improvements and modifications without departing from the principles of the present invention, and these improvements and modifications are also considered to be within the scope of protection of the present invention.

Claims

1. A data access control method based on employee functions, characterized in that, The method includes: Obtain employee functional information, wherein the functional information includes several functional attributes; Based on the functional information, several rows of attribute columns are constructed, and each row of attribute columns corresponds to a functional attribute. Locate the attribute field data corresponding to each of the attribute columns and add the attribute field data to the attribute column; Assign operation permissions to the attribute fields based on their importance level and the employee's employee level. Assigning operation permissions to the attribute fields based on their importance level and the employee's employee level includes: Obtain the attribute level value of the attribute field data, and extract the job level value from the functional information; If the attribute level value is greater than the job level value, then the operation permission for the attribute field data in the attribute column is determined to be hidden and viewable. If the attribute level value is less than the job level value, then the operation permission for the attribute field data in the attribute column is determined to be unmodifiable.

2. The data access control method based on employee functions according to claim 1, characterized in that, The process of finding the viewable attribute field data for each row of the attribute column includes: Determine the user's authorization configuration page; If the authorization configuration page is an entity model page, then attribute field data can be extracted arbitrarily from the entity model page, which contains attribute field data of all data elements of the enterprise.

3. The data access control method based on employee functions according to claim 1, characterized in that, The process of finding the viewable attribute field data for each row of the attribute column includes: Determine the user's authorization configuration page; If the authorization configuration page is a query configuration page, the user's access information is obtained. The query configuration page contains a dynamic list of enterprises, and each row of the dynamic list contains corresponding attribute field data. The access information includes query information and query columns. When the access information matches the dynamic list, the corresponding attribute field data is extracted from the matching dynamic list.

4. The data access control method based on employee functions according to claim 1, characterized in that, The process of finding the viewable attribute field data for each row of the attribute column includes: Determine the user's authorization configuration page; If the authorization configuration page is a custom page, the user's authorization selection information is obtained through a preset interface, wherein the custom page contains the user's custom fields; Extract the corresponding attribute field data from the custom field according to the authorization selection information.

5. The data access control method based on employee functions according to claim 1, characterized in that, The construction of several row attribute columns based on the functional information includes: Obtain the number of attributes of the functional attribute; Construct several rows of attribute columns according to the number of attributes mentioned.

6. The data access control method based on employee functions according to any one of claims 1, 2, 3, 4 or 5, characterized in that, After the step of assigning operation permissions to the attribute field based on the importance level of the attribute field data and the employee's employee level, the method further includes: The attribute field data and corresponding operation permissions for each attribute column are stored using EhCache caching technology for user access.

7. A data access control device based on employee functions, characterized in that, The device includes: The acquisition module is used to acquire the functional information of employees, wherein the functional information includes several functional attributes; The construction module is used to construct several rows of attribute columns based on the functional information, with each row of attribute columns corresponding to a functional attribute. The search module is used to find the attribute field data corresponding to each of the attribute columns and add the attribute field data to the attribute column. The allocation module is used to assign operation permissions to the attribute columns based on the importance level of the attribute field data and the employee's employee level. Assigning operation permissions to the attribute fields based on their importance level and the employee's employee level includes: Obtain the attribute level value of the attribute field data, and extract the job level value from the functional information; If the attribute level value is greater than the job level value, then the operation permission for the attribute field data in the attribute column is determined to be hidden and viewable. If the attribute level value is less than the job level value, then the operation permission for the attribute field data in the attribute column is determined to be unmodifiable.

8. An electronic device, comprising: A memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, when the processor executes the program, it implements the data access control method based on employee functions as described in any one of claims 1-6.

9. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions for causing a computer to perform the data access control method based on employee functions as described in any one of claims 1-6.

10. A computer program product, which, when run on a computer device, enables the computer device to implement the data access control method based on employee functions as described in any one of claims 1-6.