Task and role matching method and system based on duty list and role permission
By constructing a task allocation database and dynamic personnel capability profiles, and combining RBAC and ABAC models, using genetic algorithms and Agent technology, we have achieved precise matching of tasks and roles and dynamic management of permissions in linear engineering construction. This has solved the problems of time-consuming task assignment and rigid permissions, and improved construction efficiency and security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHINA RAILWAY TENTH BUREAU GRP ELECTRIC ENG CO LTD
- Filing Date
- 2026-03-18
- Publication Date
- 2026-06-19
AI Technical Summary
In the construction of linear projects such as railways and power, the lack of systematic and intelligent support for matching tasks with roles leads to time-consuming task assignment, low execution efficiency, rigid access control, imbalance of rights and responsibilities, data security risks, and inaccurate assessment of personnel capabilities, making it difficult to meet the intelligent needs of construction safety management.
A task allocation database is constructed, and dynamic personnel capability profiles are generated by combining RBAC and ABAC models. The suitability between personnel and tasks is calculated through genetic algorithms to realize the dynamic granting and revoke of permissions. Agent technology is used to automatically decompose tasks and generate structured tag sets. Optimization and adjustment are carried out in combination with on-site data to form a fully automated management process.
It achieves precise matching of tasks and roles, dynamic permission management, improves construction efficiency and safety compliance, reduces the risk of data leakage, ensures that permission control is synchronized with the construction scenario, and meets the intelligent management needs of linear engineering construction.
Smart Images

Figure CN122243062A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the fields of engineering construction safety management and artificial intelligence technology, and in particular relates to a method and system for matching tasks and roles based on a duty list and role permissions. Background Technology
[0002] The statements in this section are merely background information related to the present invention and do not necessarily constitute prior art.
[0003] In the construction of linear engineering projects such as railways and power grids, comprehensive safety management is a core means to ensure construction quality and operational safety. Its core requirements include precise matching of tasks and job roles, dynamic control of personnel permissions, and efficient allocation of resources. Currently, task and role matching in the industry largely relies on manual experience, lacking systematic and intelligent technical support. This is no longer adequate to meet the management needs of complex task types, dynamic working environments, and stringent safety requirements in linear engineering construction scenarios, exposing numerous technical deficiencies and management pain points.
[0004] Traditional matching methods lack a structured database system. Multidimensional data on positions, personnel, tasks, and permissions are managed in a scattered manner, without standardized storage and association rules. This results in coarse-grained candidate selection and extremely low adaptability and accuracy of matching results. At the same time, job performance requirements and role-based permission control are disconnected, and the constraints are set in a single and static manner. This can easily lead to imbalances of power and responsibility, such as "having power but no responsibility" or "having responsibility but no power," or waste of resources and data security risks caused by excessive granting of permissions, which violates the compliance requirements of security management.
[0005] Furthermore, the personnel competency assessment model is simplistic, relying solely on basic qualifications and work experience for qualitative judgment. It lacks a quantitative scoring system and dynamic updating mechanism, failing to reflect real-time skill improvements and performance changes. This results in a mismatch between personnel capabilities and task requirements, impacting construction efficiency and work quality. The matching process is disconnected from actual management procedures, requiring manual intervention at each stage. The lack of a fully automated, interconnected mechanism not only leads to time-consuming task assignment and low execution efficiency but also lacks effective data traceability and closed-loop supervision, making it difficult to meet the intelligent and standardized development needs of penetrating management in linear engineering construction. Summary of the Invention
[0006] To overcome the shortcomings of the existing technology, this invention provides a task and role matching method and system based on duty list and role permissions, which solves the problems of poor adaptability, rigid permission control and low efficiency of the traditional mode, realizes accurate matching of task-role-person, dynamic control of permissions and automated operation of management process, and provides technical support for penetrating safety management of linear engineering construction.
[0007] To achieve the above objectives, one or more embodiments of the present invention provide the following technical solutions: The first aspect of this invention provides a method for matching tasks and roles based on a duty list and role permissions; The task and role matching method based on the duty checklist and role permissions includes: Construct a task allocation database, which includes a job posting table, a historical task table, a personnel information table, a personnel quantification table, a current task allocation table, and a historical task allocation table; We compiled industry standards and safety responsibility checklists to establish standardized job responsibility checklists; based on the RBAC and ABAC fusion model, we constructed a three-dimensional matrix and bound permission levels to task collaboration attributes. The task parsing agent breaks down the main input task and extracts the structured tag set of subtasks; the personnel profiling agent integrates historical personnel data to generate a dynamic personnel capability profile that includes permission level and ability level score. With compliance with duties, appropriate permissions, and qualified capabilities as constraints, a dual objective function is constructed to maximize efficiency and minimize resource waste. A genetic algorithm is used to calculate the fit between personnel and tasks and select the optimal set of candidates. By combining on-site dynamic data to optimize and adjust the matching results, dynamically grant and automatically revoke the minimum necessary permissions, the entire process of task allocation, data migration and result output is automated.
[0008] As a further technical solution, when constructing the task allocation database, the six types of core database tables it includes adopt a database engine that supports transactions and foreign key constraints. The personnel information table and the job position table are linked via a job position code foreign key; The personnel quantification table and the personnel information table are linked via a personnel code foreign key; The current task assignment table is used to record the attributes of tasks to be assigned and the final matching personnel information; The structure of the historical task allocation table is the same as that of the current task allocation table, and it is used to store historical allocation records.
[0009] As a further technical solution, the establishment of the duty performance list includes: referring to the project construction safety penetration supervision and management implementation manual and the enterprise safety duty performance list, sorting out the statutory responsibilities, inspection items and duty performance frequency of each position, and forming a structured duty performance database; The construction of the three-dimensional matrix includes: defining basic roles based on the RBAC model, introducing dynamic triggering conditions by combining the ABAC model, and dynamically binding the permission level with the collaborative attributes of the task.
[0010] As a further technical solution, the input main task is decomposed by a task parsing agent, and a structured tag set of subtasks is extracted, including: By parsing and generating agents, the input unstructured construction task information is broken down into a main task-sub-task structure. Core attributes such as task type, required qualifications, job requirements, and task permission level are extracted to generate a structured task tag set.
[0011] As a further technical solution, a personnel profiling agent is used to integrate historical personnel data to generate a dynamic personnel capability profile that includes permission level and ability level score. This includes: integrating historical job performance data, training records, and qualification information of personnel through the personnel profiling agent, extracting multi-dimensional capability indicators such as operational skills, permission compliance, and job performance frequency, calculating and generating ability level score, and forming a dynamically updated capability profile.
[0012] As a further technical solution, constrained by performance compliance, permission adaptation, and capability attainment, a dual objective function is constructed to maximize efficiency and minimize resource waste, including: Set a set of constraints, which includes constraints on matching personnel job attributes with task job attributes, constraints on matching personnel role attributes with task role attributes, constraints on personnel ability level not being lower than task ability requirements, constraints on personnel permission level not being lower than task permission requirements, and constraints on personnel uniqueness. Based on the above constraints, dual objective functions are constructed to maximize efficiency and minimize resource waste, where the constructed objective function to maximize efficiency is:
[0013] in, Based on personnel competence level, For mission capability requirements; The constructed objective function for minimizing resource waste is:
[0014] PPV represents personnel permission value; TPV represents task permission value.
[0015] As a further technical solution, the matching results are optimized and adjusted by combining on-site dynamic data, and the minimum necessary permissions are dynamically granted and automatically revoked to achieve full automation of task allocation, data migration, and result output, including: The task adjustment agent obtains dynamic data on-site. If the originally matched personnel are unable to perform their duties, they will be automatically replaced from the candidate list in turn. If the personnel's ability is temporarily insufficient, relevant training materials will be automatically pushed to them. A permission mapping and scheduling layer is constructed, which dynamically generates a three-element authorization relationship based on task, role, and personnel attributes. Only the minimum necessary permissions required for the current task are granted to the successfully matched personnel. Permissions are automatically revoked and permission usage logs are recorded after the task is completed.
[0016] A second aspect of the present invention provides a task and role matching system based on a duty list and role permissions.
[0017] A task and role matching system based on duty checklists and role permissions includes: The task allocation database construction module is configured to: construct a task allocation database, which includes a job table, a historical task table, a personnel information table, a personnel quantification table, a current task allocation table, and a historical task allocation table; The module for constructing a dual-dimensional model of job duties and permissions is configured to: sort out industry standards and security duty checklists, and establish a standardized job duty checklist; construct a three-dimensional matrix based on the RBAC and ABAC fusion model, and bind permission levels with task collaboration attributes; The task parsing and personnel capability profile building module is configured to: break down the input main task through the task parsing agent and extract the structured tag set of sub-tasks; and integrate historical personnel data through the personnel profile agent to generate a dynamic personnel capability profile that includes permission level and capability level score. The genetic algorithm intelligent matching module is configured to: construct a dual objective function that maximizes efficiency and minimizes resource waste, with constraints of performance compliance, permission adaptation, and ability attainment; and use a genetic algorithm to calculate the fit between personnel and tasks to select the optimal set of candidates. The dynamic adjustment and automation linkage module is configured to: optimize and adjust the matching results based on on-site dynamic data, dynamically grant and automatically revoke the minimum necessary permissions, and realize full-process automation of task allocation, data migration and result output.
[0018] A third aspect of the present invention provides a computer-readable storage medium having a program stored thereon, which, when executed by a processor, implements the steps of the task and role matching method based on a duty list and role permissions as described in the first aspect of the present invention.
[0019] A fourth aspect of the present invention provides an electronic device, including a memory, a processor, and a program stored in the memory and executable on the processor, wherein the processor executes the program to implement the steps in the task and role matching method based on a duty list and role permissions as described in the first aspect of the present invention.
[0020] The above one or more technical solutions have the following beneficial effects: (1) This invention constructs a dual-dimensional model of job performance and authority, solidifying industry standards and enterprise safety performance checklists into structured data. Combined with a three-dimensional authority matrix of RBAC+ABAC, it achieves precise binding of responsibilities and authority, fundamentally avoiding management loopholes such as "having authority but no responsibility" and "having responsibility but no authority." At the same time, based on dynamically updated personnel capability profiles and optimized genetic algorithms, it constructs a triple constraint of performance compliance + authority adaptation + capability attainment, effectively improving the compliance rate of task and role matching, and effectively ensuring the scientific and safe compliance of linear engineering construction task allocation.
[0021] (2) This invention adopts a minimum necessary permission dynamic granting and automatic revocation mechanism. Through AI+RBAC technology, it generates exclusive authorization relationships for successfully matched personnel, granting only the permissions required for the current task. After the task is completed, the permissions are immediately revoked and a complete log is retained. This design significantly reduces the risk of data leakage and permission abuse. In addition, the on-site dynamic adjustment mechanism can optimize permission configuration in real time according to the on-duty status and capability changes of personnel, ensuring that permission control is dynamically synchronized with the construction scenario, building a double line of defense for data security and operational safety.
[0022] Advantages of additional aspects of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. Attached Figure Description
[0023] The accompanying drawings, which form part of this invention, are used to provide a further understanding of the invention. The illustrative embodiments of the invention and their descriptions are used to explain the invention and do not constitute an improper limitation of the invention.
[0024] Figure 1 The flowchart is for the intelligent matching method based on job performance list and role permissions in the first embodiment.
[0025] Figure 2 The graph shows the scheduling results of the genetic algorithm operation in the first embodiment.
[0026] Figure 3 This is a system structure diagram of the second embodiment. Detailed Implementation
[0027] It should be noted that the following detailed descriptions are exemplary and intended to provide further illustration of the invention. Unless otherwise specified, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention pertains.
[0028] It should be noted that the terminology used herein is for the purpose of describing particular implementations only and is not intended to limit the exemplary implementations of the present invention.
[0029] Where there is no conflict, the embodiments and features in the embodiments of the present invention can be combined with each other.
[0030] The overall approach proposed in this invention addresses the pain points of inaccurate task allocation, rigid access control, and low automation in the penetrating management of linear engineering construction. This invention achieves structured storage of job, personnel, task, and permission data through six core databases; it integrates RBAC and ABAC models to construct a dual-dimensional binding mechanism for job performance and permissions, achieving precise correlation between responsibilities and permissions; it employs agent technology to automatically decompose tasks and generate dynamic personnel capability profiles; it uses a dual-objective optimized genetic algorithm to achieve intelligent matching of tasks and roles based on triple constraints of performance compliance, permission adaptation, and capability attainment; and finally, it adjusts the results based on dynamic on-site data and automatically grants and revokes the minimum necessary permissions, forming a fully automated closed loop that significantly improves the execution efficiency and safety compliance of penetrating management.
[0031] Example 1 This embodiment discloses a method for matching tasks and roles based on a duty list and role permissions; like Figure 1 As shown, the task and role matching method based on the duty list and role permissions includes: Step S1: Construct a task allocation database, which includes a job posting table, a historical task table, a personnel information table, a personnel quantification table, a current task allocation table, and a historical task allocation table.
[0032] The constructed task allocation database uses the InnoDB engine for its job postings, historical task tables, personnel information tables, personnel quantification tables, current task allocation tables, and historical task allocation tables. This engine natively supports transaction processing and foreign key constraints, effectively ensuring the atomicity and consistency of data operations and preventing the invalidation of relationships due to abnormal data insertion or updates. Furthermore, it improves data read / write efficiency under concurrent access in multiple scenarios through row-level locking, adapting to the high-frequency data interaction needs of linear engineering construction task allocation.
[0033] The core fields of the job posting table include job code (e.g., POST-A-001), job name, role attribute (A / B / C), and role name (e.g., "security personnel"), storing standardized job information. The core fields of the historical task table include main task code, main task name, main task description, subtask code, and subtask name, which provide historical reference for task decomposition. The core fields of the personnel information table include personnel code, personnel name, personnel role attribute, personnel position code, position performance list, resume information, personnel information entry time, and personnel information update time. The fields automatically record timestamps. The core fields of the personnel quantification table include the personnel quantification data primary key, personnel code, personnel name, personnel role attribute, personnel job code, personnel permission level, personnel ability level (personnel profile Agent scoring result, 0-100 points), and the personnel information entry time and personnel information update time fields automatically record timestamps.
[0034] The core fields of the current task assignment table include main task code, main task name, main task description, subtask code, subtask name, task role attribute, task capability requirement, personnel code, personnel name, personnel role attribute, personnel position code, personnel permission level, and personnel capability level. The fields in the historical task assignment table are the same as those in the current task assignment table, and are used to store the assignment records of completed tasks.
[0035] In the six database tables mentioned above, the personnel information table and the job position table are linked via a job position code foreign key, ensuring an accurate mapping between personnel and job information and facilitating the management and querying of personnel job attributes. The personnel quantification table and the personnel information table are linked via a personnel code foreign key, binding quantitative personnel data with basic information, which helps in the quantitative assessment of personnel capabilities. The current task allocation table records the attributes of tasks to be assigned and the final matching personnel information, detailing the specific requirements of the tasks and the allocation results, providing a basis for subsequent task execution and management. The historical task allocation table has the same structure as the current task allocation table and is used to store historical allocation records, facilitating the tracing and analysis of task allocation history, summarizing lessons learned, and optimizing task allocation strategies.
[0036] Step S2 involves compiling industry standards and safety performance checklists to establish standardized job performance checklists. A three-dimensional matrix is constructed based on a fusion model of RBAC and ABAC, and permission levels are bound to task collaboration attributes. During the construction of the performance checklist, the legal responsibilities, inspection items, and performance frequency of each position are reviewed. Each performance clause is associated with a unique identifier and constraints, forming a structured performance database that supports dynamic adjustments by administrators.
[0037] First, the RBAC+ABAC fusion model takes the enterprise's "1+3+N safety performance checklist" as a rigid constraint, integrates the standardized responsibility control of RBAC with the dynamic scenario adaptation capabilities of ABAC, and is divided into four core layers: basic data support layer, RBAC static responsibility binding layer, ABAC dynamic rule adaptation layer, and permission execution and full life cycle management layer. It forms a closed-loop control system from top to bottom, providing refined and dynamic permission management support for the engineering construction field. The division of labor among each layer is clear and the linkage and collaboration are coordinated to build a full-process permission control system.
[0038] The basic data support layer is the underlying data foundation for model operation. It consists of six core database tables using the InnoDB storage engine, such as the job table and personnel information table. Through foreign key constraints and index optimization, it achieves standardized data management, stores standardized and structured data such as job positions, personnel, tasks and permission allocation, and realizes full-process traceability of permission behavior.
[0039] The RBAC static responsibility binding layer serves as the rigid control foundation of the model, with the legal responsibilities of positions and the company's safety management system at its core. First, based on the safety performance checklist, the core role system is clearly defined and categorized according to business attributes, establishing a unique mapping between roles and positions. Then, performance requirements are compiled into a structured database based on industry standards, transforming performance clauses into basic permission items. Simultaneously, a role-permission isolation and inheritance mechanism is established, dividing permissions into low, medium, and high levels according to performance collaboration attributes, completing the static binding of roles, responsibilities, and basic permissions.
[0040] The ABAC dynamic rule adaptation layer is the core of dynamic access control. It sets constraint rules based on personnel, data assets, task execution scenarios, and platform operation behaviors, including: subject attribute rules, object attribute rules, environmental attribute rules, and operation attribute rules. Subject attribute rules are centered on personnel, including their roles, positions, qualification levels, ability scores, permission levels, on-duty status, and assigned grid. The core constraint rule is "if personnel attributes do not meet task requirements, the corresponding permissions shall not be granted." For example, personnel without a high-voltage electrician's certificate do not have any operation permissions for data related to live-line work. Object attribute rules are centered on data assets, including data security level, assigned grid, associated task risk level, and associated task type. The core constraint rule is "only the minimum data range required for the task shall be opened." For example, highly sensitive construction plan data can only be accessed by the project decision-making level and the corresponding task manager. Environmental attribute rules are centered on the task execution scenario, including task execution time, work scenario (high altitude / electrified / night / rainy weather), construction stage, on-site environmental early warning information, task duration, etc. The core constraint rule is "automatically adjust the permission scope when the environment changes." For example, in winds of level six or above, the editing permissions for construction plans related to high-altitude operations are automatically revoked. Operation attribute rules are centered on platform operation behavior, including operation type (view, edit, add, delete, etc.), operation risk level, and corresponding approval process, etc. The core constraint rule is "operation permissions are strictly matched with task risk level and personnel responsibilities." For example, modifications to the construction plan for high-risk tasks can only be initiated by the grid leader, and will only take effect after approval by the project manager.
[0041] By setting the above rules, permissions can be adapted in real time to personnel capabilities, data security levels, on-site environment, and operational risks. For example, the scope of permissions can be automatically adjusted when the environment changes, thus making up for the shortcomings of static control by RBAC from a dynamic perspective.
[0042] The permission execution and full lifecycle management layer is the model's implementation unit, achieving closed-loop control of permissions throughout the entire process. Based on the three-element authorization relationship generated by the first two layers—tasks, roles, and data—only the minimum necessary permissions required for a task are granted. During task execution, the system can automatically adjust the permission scheme according to changes in personnel, tasks, and environment. After the task ends, all temporary permissions are automatically revoked, eliminating the risk of permission retention. Simultaneously, the entire process of permission granting, adjustment, use, and revocation is logged immutably, supporting multi-dimensional traceability and meeting the audit and compliance requirements of engineering construction safety management.
[0043] Subsequently, a three-dimensional matrix of "role-data permission-operation permission" was constructed based on the RBAC+ABAC model.
[0044] (1) Extract the core requirements for job performance based on relevant norms and systems; then determine five basic roles based on the grid management model and classify them according to business attributes to establish a unique mapping between roles and positions; then compile a structured performance list and assign unique identifiers to the clauses; finally, pre-divide the roles into three levels of authority: low, medium and high, and build a rigid framework.
[0045] (2) According to the business type, the platform data is divided into seven categories: grid and job basic data, task life cycle management data, personnel basic and performance data, personnel quantification and capability data, construction technology and equipment management data, safety control and hidden danger management data, and training and qualification management data, and further subdivided into sub-items, and the metadata standard is unified; according to the operation type, the operation behavior is classified and bound to the performance list one by one, and an operation standardization dictionary is established to provide standardized dimension support for matrix construction.
[0046] (3) The obtained duty list is converted into a combination of data permissions and operation permissions, and the basic permission set is integrated for each role. The principle of matching rights and responsibilities is strictly followed. Finally, the degree of matching between permissions and duty list and system norms is verified to ensure that there is no problem of disconnect between rights and responsibilities.
[0047] (4) Construct a standardized rule base around the four major attribute dimensions of subject, object, environment and operation, define the rule priority of legal compliance > risk prevention and control > business collaboration and design a conflict detection mechanism, and design scenario-based constraint rules for high-risk engineering scenarios.
[0048] (5) Define standardized roles based on the RBAC model, refine the permission triggering conditions in combination with the ABAC model, and construct a three-dimensional matrix of "role-data permission-operation permission"; the matrix takes the standardized role as the core dimension, the data permission associated with the task as the second dimension, and the operation permission corresponding to the job duties as the third dimension. Each permission combination in the matrix corresponds one-to-one with the job duty list and the task collaboration attribute.
[0049] Based on the standardized job performance list, a set of basic permissions for roles is constructed, which clarifies the scope of basic permissions for each role within the matrix: permissions within the scope of the job performance list are directly granted, and permissions outside the scope of the job performance list are permanently prohibited; permissions that need to be dynamically adjusted in combination with task scenarios, personnel attributes, and environmental conditions are refined through the ABAC model as dynamic adaptation rules for the matrix.
[0050] The dynamic rules of the four dimensions of subject, object, environment and operation in the ABAC model are refined and associated with the cells in the "condition allowed" state in the matrix. The triggering conditions, effective period and automatic recycling mechanism of the permission opening of each cell are clarified, and the deep integration of RBAC static responsibility and permission with ABAC dynamic rules is achieved.
[0051] The three permission levels—low, medium, and high—are deeply bound to the matrix, clearly defining the access scope of matrix cells corresponding to each permission level, and strictly implementing a rigid binding between permission levels and task collaboration attributes: Low permission: Only cells in the matrix corresponding to independent specific tasks are open for basic data viewing and basic operation permissions, with no cross-task or cross-grid data access permissions; Medium permission: In addition to the scope of low permission access, cells in the matrix corresponding to collaborative tasks of the same position are open for relevant data editing and reporting permissions, and can access task-related data of the same position within this grid; High permission: In addition to the scope of medium permission access, cells in the matrix corresponding to cross-position and cross-grid collaborative tasks are open for management, approval, and scheduling permissions, and can access core task data of this grid / project.
[0052] (6) Through triple verification of job performance matching, industry standards, and data regulations, select typical scenarios for adaptation testing, organize multi-role reviews to collect issues, and optimize matrix permission boundaries and rule details.
[0053] (7) Clarify the matrix update process after the system and business adjustments, link the matrix with the entire task process, realize automated control of permissions, monitor core indicators such as permission matching accuracy, and regularly analyze and optimize matrix rules.
[0054] Step S3: The main task is broken down by the task parsing agent, and the structured tag set of subtasks is extracted; the personnel profile agent integrates the personnel historical data to generate a dynamic personnel capability profile that includes permission level and ability level score.
[0055] Unstructured master task information (including master task name, task description, and work requirements) for linear engineering construction is input into the task parsing agent. The information source is the project schedule database and can be automatically synchronized to the pending fields of the historical task table in the task allocation database. The agent, relying on its built-in engineering task decomposition model, breaks down the master task into independently executable sub-tasks according to construction procedures, work division, and safety requirements, forming a hierarchical structure of master task and sub-tasks. For example, the master task of "110kV live-line work" is broken down into sub-tasks such as "equipment inspection before work," "live-line operation implementation," and "safety acceptance after work." For each sub-task, the agent automatically extracts four core attributes: task type, required qualifications, job requirements, and task permission level, clarifying the sub-task's work category, required personnel qualifications, job performance terms, and permission adaptation level. Subsequently, a unique subtask code is assigned to each subtask, and the subtask code is associated with the four extracted core attributes to generate a standardized structured task tag set. The Agent automatically writes the tag set into the current task allocation table of the task allocation database, completing the structured storage of task data and providing accurate basis for task dimensions for subsequent matching.
[0056] Furthermore, in this embodiment, the personnel profile agent integrates multi-dimensional historical data of personnel, extracts capability indicators and calculates quantitative scores to generate a dynamic personnel capability profile that includes permission level and capability level score.
[0057] The Agent automatically retrieves the historical performance data, training records, and qualification information of construction personnel from the personnel information table in the task allocation database. At the same time, it synchronizes auxiliary data such as the execution quality of past tasks and the handling of anomalies, forming a multi-dimensional data pool of personnel. Based on the competency requirements of engineering construction positions, Agent extracts three core competency indicators from the integrated data: operational skills, permission compliance, and frequency of job performance, which correspond to the personnel's practical ability, the degree of compliance in the use of permissions, and the frequency of execution of job responsibilities, respectively. Agent uses a 0-100 point system, assigns weights to three core indicators and performs quantitative calculations, combines industry standards and corporate assessment requirements to generate a comprehensive score of personnel's ability level, and matches the corresponding permission level according to personnel's job attributes and performance. By linking personnel codes with permission levels, ability level scores, and scores on three core indicators, a dynamic personnel capability profile is created. The agent automatically writes the profile data into the personnel quantification table in the task allocation database. The profile supports dynamic updates, and the indicators and scores can be automatically adjusted weekly based on the latest task execution data and training feedback, ensuring the timeliness and accuracy of personnel capability assessment.
[0058] Step S4: With compliance with duties, appropriate permissions, and qualified capabilities as constraints, construct a dual objective function that maximizes efficiency and minimizes resource waste. Use a genetic algorithm to calculate the fit between personnel and tasks and select the optimal set of candidates.
[0059] Define a set of constraints, which includes: Personnel job attribute matching constraint with task job attribute: PPA = TPA, where PPA represents personnel job attribute and TPA represents task job attribute; Personnel role attribute matching constraint with task role attribute: PRA = TRA, where PRA represents personnel role attribute and TRA represents task role attribute; Personnel capability level is not lower than the task capability requirement constraint: PAL ≥ TAR, where PAL is the personnel capability level and TAR is the task capability requirement. Personnel permission levels must not be lower than task permission requirements: PPV ≥ TPV, where PPV is the personnel permission value and TPV is the task permission value; Personnel uniqueness constraint ensures that the same person is not repeatedly assigned to multiple parallel tasks; Based on the above set of constraints, this embodiment constructs a dual-objective optimization function to simultaneously maximize task execution efficiency and minimize the waste of personnel permission resources. The two objective functions work together to ensure that the matching result satisfies both the efficiency requirements of task execution and avoids resource waste caused by excessive granting of permissions. The constructed efficiency-maximizing objective function is as follows:
[0060] in, Based on personnel competence level, For mission capability requirements; The constructed objective function for minimizing resource waste is:
[0061] PPV represents personnel permission value; TPV represents task permission value.
[0062] This embodiment employs an optimized genetic algorithm, combining a set of constraints and a biobjective function, to calculate the suitability score between personnel and tasks. Based on the score, the optimal candidate set is selected, and the scheduling results are as follows: Figure 2 As shown, specifically: The population size was set to 50, the number of iterations to 100, and an elite retention strategy and dynamic mutation probability were adopted. The elite retention strategy initially retained 5 optimal individuals, and then retained 5 more every 10 generations, up to a maximum of 40 individuals after 70 generations. The mutation probability decreased non-linearly from 0.8, and remained at 0.2 after 70 generations. At the same time, a uniqueness repair mechanism was embedded to ensure that the operation process met the constraint set. The suitability score is a comprehensive score indicating the match between personnel and tasks. The formula is: Suitability = Job Performance Matching Score × 40% + Authority Matching Score × 30% + Ability Matching Score × 30%. The Job Performance Matching Score is calculated based on the overlap between the personnel's job description and the task's job requirements; a perfect match earns 100 points. The Authority Matching Score is calculated based on the compatibility between the personnel's authority and the task's authority; a perfect match earns 100 points. The Ability Matching Score is calculated based on the difference between the personnel's ability level and the task's ability requirements; if PAL ≥ TAR, points are awarded proportionally; otherwise, 0 points are awarded. The fitness score is used as the fitness value of the genetic algorithm and substituted into the bi-objective function for iterative calculation. In each generation, the optimal solution that satisfies the set of constraints is selected. Through elite retention and dynamic mutation, the algorithm is gradually optimized until 100 iterations are completed and the global optimal solution is obtained. From the globally optimal solution obtained through iterative computation, personnel with a suitability score of ≥80 are selected and sorted from highest to lowest to form the optimal candidate set. This set will be synchronously output to the dynamic adjustment and automation linkage module, providing a basis for personnel selection for subsequent on-site dynamic adjustments and final task allocation. Furthermore, the personnel information in the set will be temporarily written to the current task allocation table in the task allocation database for easy data retrieval and updates later.
[0063] Step S5 involves optimizing and adjusting the matching results based on on-site dynamic data, dynamically granting and automatically revoking the minimum necessary permissions, thereby automating the entire process of task allocation, data migration, and result output.
[0064] The task adjustment agent enables real-time collection of dynamic data on-site and intelligent optimization of matching results. The agent works in conjunction with the construction site management system to automatically acquire dynamic data such as personnel on-duty status, equipment operation, and on-site environmental warnings. Differentiated adjustment strategies are implemented for different scenarios: if the originally matched personnel are unable to perform their duties due to leave, job reassignment, or unforeseen on-site situations, the agent automatically replaces them with the next best candidate from the optimal pool, in descending order of suitability, thus rapidly updating the matching results. If the matched personnel's skill level temporarily does not meet the task requirements, the agent automatically pushes training manuals and practical tutorials corresponding to the task's skill requirements from the system's training resource library. The final matching result is confirmed only after the personnel have completed the training and passed the skill retest, ensuring the suitability of the personnel for task execution.
[0065] This embodiment achieves refined and dynamic control of permissions by constructing a permission mapping and scheduling layer and integrating AI+RBAC technology. The core is to generate and execute a three-element authorization relationship of "task-role-data".
[0066] Among them, AI+RBAC technology uses RBAC as the foundation for compliance management and AI multi-agent technology as the dynamic execution engine. It achieves refined, dynamic and closed-loop management of permissions throughout the entire lifecycle in five core stages to meet different management needs. Each stage is progressive and collaborative, completing the entire process from basic framework construction to self-iteration of the technology system, and adapting to the compliance and practical requirements of engineering construction.
[0067] The first phase establishes a standardized RBAC (Real-Time Account Control) framework to define compliance boundaries for AI implementation. First, based on the enterprise's security duty checklist and industry standards, a standardized role system is defined, including grid leaders and security officers, with duty clauses structurally linked to roles and positions. Building upon this, dynamic ABAC triggering conditions are added, constructing a three-dimensional permission matrix and clarifying the hierarchical rules and operational boundaries for low, medium, and high permissions. Then, the InnoDB engine is used to build six core database tables, achieving standardized data management through foreign key constraints and index optimization, forming a scalable RBAC rule system that provides standardized and structured data support for AI operations.
[0068] The second phase relies on AI multi-agents to dynamically analyze and quantify core elements, outputting precise authorization criteria. The task analysis agent breaks down construction tasks, extracts core features, generates a structured task tag set, and identifies minimum permission requirements. The personnel capability profile update agent integrates multi-dimensional data such as personnel resumes and qualifications, calculates a capability score on a 0-100 scale, and generates dynamically updated personnel capability profiles. Finally, a genetic algorithm module, constrained by performance compliance, permission suitability, and capability attainment, selects candidates with a suitability greater than a preset threshold, replacing the traditional, crude, manual static configuration method.
[0069] The third stage, driven by AI, generates a ternary authorization relationship using RBAC, achieving precise and minimal granting of permissions. This is the core execution stage of the technology. The permission mapping and scheduling layer receives the task and personnel matching results output by AI. Within the RBAC matrix framework, it upgrades the traditional static user, role, and permission relationships into dynamic task, role, and data ternary authorization relationships. This precisely binds permissions across three dimensions: task, role, and data, limiting the temporal and spatial boundaries of permissions, verifying compliance with duties, defining the minimum data access scope, and forming a unique and compliant temporary authorization relationship.
[0070] The fourth phase, AI-driven RBAC, enables real-time dynamic adjustment of permissions to adapt to changes in the field scenario. Through a task adjustment agent, dynamic data on on-site personnel, tasks, and the environment are accessed. When situations arise such as personnel reassignment, task changes, or inadequate skills, permission adjustments are automatically completed within the RBAC framework. This includes replacing personnel and reauthorizing, adjusting permission boundaries, and locking high-risk operation permissions, all without manual intervention, achieving flexible and adaptable permission control.
[0071] The fifth phase completes the automated closed-loop management of the entire lifecycle of permissions, driving continuous iteration of the technology system. During the authorization phase, AI automatically grants permissions in conjunction with the database. Upon completion of the task, the RBAC permission revoke mechanism is automatically triggered, clearing relevant fields in the personnel quantification table and recording the entire process permission log, ensuring traceability and auditability. Simultaneously, data such as historical task permission usage and execution results are fed back to the AI algorithm module, continuously optimizing the dimensions of personnel capability profiling and the accuracy of permission matching, achieving self-iteration and long-term optimization of the AI+RBAC technology system.
[0072] The permission mapping and scheduling layer reads task attributes, personnel roles, and ability information from the task allocation database to accurately identify the operation and data permissions required for the current task. It only grants the minimum necessary permissions to complete the task to the successfully matched personnel, prohibiting access to irrelevant data and operation functions, thus avoiding the risk of permission abuse and data leakage from the source. After the task is completed and closed, the permission mapping and scheduling layer will automatically revoke all granted permissions and generate and retain a complete permission usage log, recording the permission grant time, usage scope, operation records, and revoke time, realizing traceable management of the entire lifecycle of permissions.
[0073] Finally, an automated linkage framework was built using Python to connect all stages of task adjustment, permission adaptation, data migration, and result output, all without manual intervention: the program automatically receives the optimization results from the task adjustment agent, updates the personnel information in the current task allocation table of the task allocation database; synchronously triggers permission mapping and scheduling layer to complete permission granting; after the task is completed, it automatically migrates the complete data of the current task allocation table to the historical task allocation table, and synchronizes the task information to the historical task table, then clears the current task allocation table to reserve data space for new task allocation; the entire process is displayed in real time through a visual interface, and finally outputs results such as matching scheme scoring and permission usage statistics, forming a closed-loop management system that significantly improves the management efficiency of linear engineering construction task allocation.
[0074] Example 2 This embodiment discloses a task and role matching system based on a duty list and role permissions; like Figure 3As shown, the task and role matching system based on the duty list and role permissions includes: The task allocation database construction module is configured to: construct a task allocation database, which includes a job table, a historical task table, a personnel information table, a personnel quantification table, a current task allocation table, and a historical task allocation table; The module for constructing a dual-dimensional model of job duties and permissions is configured to: sort out industry standards and security duty checklists, and establish a standardized job duty checklist; construct a three-dimensional matrix based on the RBAC and ABAC fusion model, and bind permission levels with task collaboration attributes; The task parsing and personnel capability profile building module is configured to: break down the input main task through the task parsing agent and extract the structured tag set of sub-tasks; and integrate historical personnel data through the personnel profile agent to generate a dynamic personnel capability profile that includes permission level and capability level score. The genetic algorithm intelligent matching module is configured to: construct a dual objective function that maximizes efficiency and minimizes resource waste, with constraints of performance compliance, permission adaptation, and ability attainment; and use a genetic algorithm to calculate the fit between personnel and tasks to select the optimal set of candidates. The dynamic adjustment and automation linkage module is configured to: optimize and adjust the matching results based on on-site dynamic data, dynamically grant and automatically revoke the minimum necessary permissions, and realize full-process automation of task allocation, data migration and result output.
[0075] Example 3 The purpose of this embodiment is to provide a computer-readable storage medium.
[0076] A computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps in the task and role matching method based on a duty list and role permissions as described in Embodiment 1.
[0077] Example 4 The purpose of this embodiment is to provide an electronic device.
[0078] An electronic device includes a memory, a processor, and a program stored in the memory and executable on the processor. When the processor executes the program, it implements the steps in the task and role matching method based on a duty list and role permissions as described in Embodiment 1.
[0079] The steps and methods involved in the apparatuses of Embodiments 2, 3, and 4 above correspond to those in Embodiment 1. For specific implementation details, please refer to the relevant description section of Embodiment 1. The term "computer-readable storage medium" should be understood as a single medium or multiple media including one or more instruction sets; it should also be understood as including any medium capable of storing, encoding, or carrying an instruction set for execution by a processor and enabling the processor to perform any of the methods in this invention.
[0080] Those skilled in the art will understand that the modules or steps of the present invention described above can be implemented using general-purpose computer devices. Optionally, they can be implemented using computer-executable program code, thereby allowing them to be stored in a storage device for execution by a computer device, or they can be fabricated as separate integrated circuit modules, or multiple modules or steps can be fabricated as a single integrated circuit module. The present invention is not limited to any particular combination of hardware and software.
[0081] While the specific embodiments of the present invention have been described above in conjunction with the accompanying drawings, this is not intended to limit the scope of protection of the present invention. Those skilled in the art should understand that various modifications or variations that can be made by those skilled in the art without creative effort based on the technical solutions of the present invention are still within the scope of protection of the present invention.
Claims
1. A task and role matching method based on a duty list and role permissions, characterized in that, include: Construct a task allocation database, which includes a job posting table, a historical task table, a personnel information table, a personnel quantification table, a current task allocation table, and a historical task allocation table; We compiled industry standards and safety responsibility checklists to establish standardized job responsibility checklists; based on the RBAC and ABAC fusion model, we constructed a three-dimensional matrix and bound permission levels to task collaboration attributes. The task parsing agent breaks down the main input task and extracts the structured tag set of subtasks; the personnel profiling agent integrates historical personnel data to generate a dynamic personnel capability profile that includes permission level and ability level score. With compliance with duties, appropriate permissions, and qualified capabilities as constraints, a dual objective function is constructed to maximize efficiency and minimize resource waste. A genetic algorithm is used to calculate the fit between personnel and tasks and select the optimal set of candidates. By combining on-site dynamic data to optimize and adjust the matching results, dynamically grant and automatically revoke the minimum necessary permissions, the entire process of task allocation, data migration and result output is automated.
2. The task and role matching method based on duty checklist and role permissions as described in claim 1, characterized in that, When constructing the task allocation database, the six core database tables it includes use a database engine that supports transactions and foreign key constraints; The personnel information table and the job position table are linked via a job position code foreign key; The personnel quantification table and the personnel information table are linked via a personnel code foreign key; The current task assignment table is used to record the attributes of tasks to be assigned and the final matching personnel information; The structure of the historical task allocation table is the same as that of the current task allocation table, and it is used to store historical allocation records.
3. The task and role matching method based on duty checklist and role permissions as described in claim 1, characterized in that, The process of establishing the duty list includes: referring to the project construction safety penetration supervision and management implementation manual and the enterprise safety duty list, sorting out the statutory responsibilities, inspection items and duty frequency of each position, and forming a structured duty database; The construction of the three-dimensional matrix includes: defining basic roles based on the RBAC model, introducing dynamic triggering conditions by combining the ABAC model, and dynamically binding the permission level with the collaborative attributes of the task.
4. The task and role matching method based on duty checklist and role permissions as described in claim 1, characterized in that, The task parsing agent breaks down the main input task and extracts a structured tag set for subtasks, including: By parsing and generating agents, the input unstructured construction task information is broken down into a main task-sub-task structure. Core attributes such as task type, required qualifications, job requirements, and task permission level are extracted to generate a structured task tag set.
5. The task and role matching method based on duty list and role permissions as described in claim 1, characterized in that, By integrating historical personnel data through the personnel profiling agent, a dynamic personnel capability profile is generated, which includes permission level and ability level score. This includes: integrating personnel's historical job performance data, training records, and qualification information through the personnel profiling agent, extracting multi-dimensional capability indicators such as operational skills, permission compliance, and job performance frequency, calculating and generating ability level scores, and forming a dynamically updated capability profile.
6. The task and role matching method based on duty checklist and role permissions as described in claim 1, characterized in that, Constrained by performance compliance, access control appropriateness, and capability attainment, a dual objective function is constructed to maximize efficiency and minimize resource waste, including: Set a set of constraints, which includes constraints on matching personnel job attributes with task job attributes, constraints on matching personnel role attributes with task role attributes, constraints on personnel ability level not being lower than task ability requirements, constraints on personnel permission level not being lower than task permission requirements, and constraints on personnel uniqueness. Based on the above constraints, dual objective functions are constructed to maximize efficiency and minimize resource waste, where the constructed objective function to maximize efficiency is: in, Based on personnel competence level, For mission capability requirements; The constructed objective function for minimizing resource waste is: PPV represents personnel permission value; TPV represents task permission value.
7. The task and role matching method based on duty list and role permissions as described in claim 1, characterized in that, By combining on-site dynamic data to optimize and adjust matching results, dynamically granting and automatically revoking the minimum necessary permissions, the entire process of task allocation, data migration, and result output is automated, including: The task adjustment agent obtains dynamic data on-site. If the originally matched personnel are unable to perform their duties, they will be automatically replaced from the candidate list in turn. If the personnel's ability is temporarily insufficient, relevant training materials will be automatically pushed to them. A permission mapping and scheduling layer is constructed, which dynamically generates a three-element authorization relationship based on task, role, and personnel attributes. Only the minimum necessary permissions required for the current task are granted to the successfully matched personnel. Permissions are automatically revoked and permission usage logs are recorded after the task is completed.
8. A task and role matching system based on a duty list and role permissions, characterized in that: include: The task allocation database construction module is configured to: construct a task allocation database, which includes a job table, a historical task table, a personnel information table, a personnel quantification table, a current task allocation table, and a historical task allocation table; The module for constructing a dual-dimensional model of job duties and permissions is configured to: sort out industry standards and security duty checklists, and establish a standardized job duty checklist; construct a three-dimensional matrix based on the RBAC and ABAC fusion model, and bind permission levels with task collaboration attributes; The task parsing and personnel capability profile building module is configured to: break down the input main task through the task parsing agent and extract the structured tag set of sub-tasks; and integrate historical personnel data through the personnel profile agent to generate a dynamic personnel capability profile that includes permission level and capability level score. The genetic algorithm intelligent matching module is configured to: construct a dual objective function that maximizes efficiency and minimizes resource waste, with constraints of performance compliance, permission adaptation, and ability attainment; and use a genetic algorithm to calculate the fit between personnel and tasks to select the optimal set of candidates. The dynamic adjustment and automation linkage module is configured to: optimize and adjust the matching results based on on-site dynamic data, dynamically grant and automatically revoke the minimum necessary permissions, and realize full-process automation of task allocation, data migration and result output.
9. A computer-readable storage medium having a program stored thereon, characterized in that, When the program is executed by the processor, it implements the steps in the task and role matching method based on the duty list and role permissions as described in any one of claims 1-7.
10. An electronic device comprising a memory, a processor, and a program stored in the memory and executable on the processor, characterized in that, When the processor executes the program, it implements the steps in the task and role matching method based on the duty list and role permissions as described in any one of claims 1-7.