A permission hierarchical control system and method for a medical SPD intelligent cabinet

CN122263183APending Publication Date: 2026-06-23GUANGZHOU YONGNAN TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGZHOU YONGNAN TECHNOLOGY CO LTD
Filing Date
2026-03-25
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

Existing medical SPD smart cabinets cannot effectively manage the differentiated permission requirements of personnel with different roles in a refined and isolated manner, leading to problems of cross-requisition and mixed management of consumables.

Method used

By establishing a permission matrix and access chain, and combining a virtual model with a medical platform, hierarchical control of roles, cabinet levels, grid levels, core operations, and data scope is achieved. Terminal devices are used to confirm roles and generate log chains to realize hierarchical management of permissions.

Benefits of technology

It achieves hierarchical isolation of access and usage permissions for smart cabinets for different roles, avoids redundant settings for multiple roles accessing the space, ensures common access and traffic separation of the storage area, and has a good hierarchical effect on access permissions.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122263183A_ABST
    Figure CN122263183A_ABST
Patent Text Reader

Abstract

The application discloses a kind of authority hierarchical control system and method for medical SPD intelligent cabinet, it is related to authority control technical field, connection module, for building the virtual model of medical cabinet based on medical platform, data connection is carried out between virtual model and medical cabinet based on medical platform;Establish module is connected with connection module, and establishes authority matrix in medical platform.The present application can classify the access and use authority of different roles to intelligent cabinet by accessing the role area of chain and taking single grid as the minimum unit, so that the operation of multiple role authorization can be isolated, and there is no need to specially build corresponding access space for multiple roles, and there is no repeated setting of multiple role access space in the storage area. The setting in the storage area can meet the common access of all roles and perform shunt isolation access, with good access authority classification effect.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of access control technology, specifically to an access control system and method for medical SPD smart cabinets. Background Technology

[0002] With the continuous development of the healthcare industry, SPD (Supply, Processing, and Distribution) smart cabinets have been widely used in hospital consumable management scenarios. As the terminal device of the SPD system, SPD smart cabinets are deployed in hospital departments, operating rooms, wards, and other areas, enabling intelligent management of medical consumables, medicines, and devices throughout the entire process from warehousing, requisition, use to settlement. However, in practical applications, the usage needs and management responsibilities of consumables differ significantly among personnel in different hospital positions. Centralized storage of various types of consumables easily leads to cross-requisitioning and mixed management by personnel with different roles, making it difficult to set differentiated permissions for different roles and hindering refined and isolated control of consumables. Summary of the Invention

[0003] The purpose of this invention is to provide a hierarchical access control system and method for medical SPD smart cabinets, in order to solve the problems in the background art.

[0004] To achieve the above objectives, the present invention provides the following technical solution: a hierarchical access control system for a medical SPD smart cabinet, comprising: The connection module is used to build a virtual model of the medical cabinet based on the medical platform, and to connect the virtual model with the medical cabinet through the medical platform. Establish a module and connect it with the connection module to create a permission matrix in the medical platform. The permission matrix includes roles, cabinet level, grid level, core operation and data scope. Bind the permission matrix to the virtual model and define the access chain. The access chain includes multiple role areas, multi-level access areas and storage areas. The access control module, connected to the establishment module, is used to confirm roles through terminal devices and immediately generate a log chain. Roles then use the terminal devices to control the medical cabinet through the access chain.

[0005] In a preferred embodiment, the connection module includes: The data acquisition and construction unit is used to collect the cabinet information of the medical cabinet, and to perform three-dimensional construction based on the cabinet information in the medical platform to obtain a virtual model; The communication connection unit is used to connect the cabinets and compartments in the virtual model to the cabinets and compartments of the medical cabinet one-to-one.

[0006] In a preferred embodiment, the establishment module includes: The registration unit is used to confirm multiple roles and register role ports based on the corresponding roles on the medical platform. The permission creation unit is used to create roles, corresponding cabinet levels, grid levels, core operations, and data ranges in the medical platform to obtain the permission matrix. The configuration unit is used to divide the corresponding permission matrix on the virtual model to obtain multi-level access areas. In the medical platform, storage areas are configured for the corresponding multi-level access areas, and log lines are configured for the corresponding storage areas. The configuration connection unit is used to configure the corresponding role area for each multi-level access area to obtain the access chain. The allocation area is configured for multiple role areas, and the allocation area is connected to multiple terminal devices.

[0007] In a preferred embodiment, the configuration unit includes: The marking unit is used to obtain the cabinet level and grid level corresponding to the role based on the permission matrix, and to mark the cabinets and grids in the virtual model according to the cabinet level and grid level corresponding to multiple roles respectively; The copying unit is used to copy the cabinets and compartments in the virtual models with multiple tags according to the number of tags, and to combine the cabinets and compartments in the virtual models corresponding to multiple roles individually to obtain a multi-level access area; The corresponding unit is used to configure the corresponding storage area for the corresponding multi-level access area. The storage area has multiple unit storage cells, and the unit storage cell corresponds one-to-one with the grid in the corresponding access area. The corresponding setting unit is used to set log lines for the corresponding storage area. The log line includes a time line, multiple moving storage location points on the time line, multiple master points in each storage location point, and multiple points in the multiple master points. The number of master points is the same as the number of access areas and corresponds one-to-one. The number of points in the master points is the same as the number of grids in the corresponding access area, and the multiple points are connected one-to-one with the unit storage cells.

[0008] In a preferred embodiment, the configuration connection unit includes: The communication connection unit is used to configure corresponding role areas for each of the multi-level access areas, and the role area is connected to the unit storage cell of the corresponding access area. The port connection unit is used to configure the allocation area for multiple role areas. The allocation area communicates with multiple terminal devices, and the role port is marked for the corresponding allocation area.

[0009] In a preferred embodiment, the access control module includes: The access unit is used to log in to the role port through the terminal device, confirm the role corresponding to the role port through the allocation area, and transfer the access of the role port to the role area of ​​the corresponding role. The operation log unit is used to perform authorized operations by accessing the corresponding unit storage cell through the connection point in the role area, and at the same time, to record the access log of the role port.

[0010] In a preferred embodiment, the operation recording unit includes: The selection unit is used to select the authorization cabinet / authorization grid to be accessed in the role port of the role area, and determine the connection point corresponding to the authorization cabinet / authorization grid as the target connection point. The enabled unit is used to perform authorization operations based on the connection point corresponding to the unit storage cell accessed by the target connection point, and at the same time enables a storage location point; The recording unit is used to mark and record the corresponding point in the storage location point triggered by the unit storage cell to enable the connection and to complete the recording of the role port access log.

[0011] This invention also provides a hierarchical access control method for medical SPD smart cabinets, comprising the following steps: A virtual model of the medical cabinet is built based on the medical platform, and the virtual model is connected to the medical cabinet via data connection based on the medical platform. Establish a permission matrix in the medical platform, which includes roles, cabinet level, grid level, core operation and data scope. Bind the permission matrix to the virtual model and define the access chain, which includes multiple role areas, multi-level access areas and storage areas. The role is confirmed through the terminal device and a log chain is generated immediately. The role then uses the terminal device to control the medical cabinet through the access chain.

[0012] The technical effects and advantages provided by the present invention in the above technical solution are as follows: This invention, by accessing the role area of ​​the access chain and using a single compartment as the smallest unit, can classify the access and usage permissions of different roles to the smart cabinet, so that the operation of authorizing multiple roles can be isolated. There is no need to specially build corresponding access spaces for multiple roles, and there is no duplicate setting of multiple role access spaces. The settings in the storage area can meet the common access of all roles and perform traffic diversion and isolation access, which has a good hierarchical effect of access permissions. Attached Figure Description

[0013] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments recorded in this invention. For those skilled in the art, other drawings can be obtained based on these drawings.

[0014] Figure 1 This is a system block diagram of the present invention.

[0015] Figure 2 This is a flowchart of the method of the present invention. Detailed Implementation

[0016] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0017] Example 1, please refer to Figure 1 As shown in this embodiment, a hierarchical access control system for a medical SPD smart cabinet includes: The connection module is used to build a virtual model of the medical cabinet based on the medical platform, and to connect the virtual model with the medical cabinet through the medical platform. Establish a module and connect it with the connection module to create a permission matrix in the medical platform. The permission matrix includes roles, cabinet level, grid level, core operation and data scope. Bind the permission matrix to the virtual model and define the access chain. The access chain includes multiple role areas, multi-level access areas and storage areas. The access control module, connected to the establishment module, is used to confirm roles through terminal devices and immediately generate a log chain. Roles then use the terminal devices to control the medical cabinet through the access chain.

[0018] It should be noted that by accessing the role area of ​​the chain and using a single grid as the smallest unit (unit storage cell), the access and usage permissions of different roles to the smart cabinet can be classified, so that the operation of authorizing multiple roles can be isolated. There is no need to specially build corresponding access spaces for multiple roles, and there will be no duplicate settings for multiple roles' access spaces. The settings in the storage area can meet the common access of all roles and perform traffic diversion and isolation access, which has a good hierarchical effect of access permissions.

[0019] In one embodiment, the connection module includes: The data acquisition and construction unit is used to collect the cabinet information of the medical cabinet, and to perform three-dimensional construction based on the cabinet information in the medical platform to obtain a virtual model; The communication connection unit is used to connect the cabinets and compartments in the virtual model to the cabinets and compartments of the medical cabinet one-to-one.

[0020] It's important to note that SPD (Supply, Processing, and Distribution) is a comprehensive management system for consumables, encompassing the entire process from warehousing to departmental use, billing, and traceability. SPD smart cabinets are terminal devices placed in departments, operating rooms, and wards, featuring automatic storage and retrieval, automatic accounting, and automatic inventory deduction. Combined with hierarchical access control, this enables traceability of high-value consumables and medications, preventing loss and misuse. In summary, the smart storage and retrieval terminal placed in the department first connects to the hospital's medical platform to collect cabinet information, including the number of cabinets and the number of compartments in each cabinet. Subsequently, the specific type of medical item—whether a drug or instrument—is stored in the compartment. After storage in the smart cabinet, the stored medical item undergoes identity authentication and data collection. Then, based on the collected cabinet information, a 3D model is constructed on the medical platform to obtain a virtual model. Then, connection points are configured for the cabinets and compartments in the virtual model. Based on these connection points, the cabinets and compartments in the virtual model are connected one-to-one with the cabinets and compartments of the actual medical cabinets. These connection points are communication nodes, which enable the subsequent access of roles to be classified by permission through the medical platform, making permission control more stable and accurate.

[0021] In one embodiment, the establishment module includes: The registration unit is used to confirm multiple roles and register role ports based on the corresponding roles on the medical platform. The permission creation unit is used to create roles, corresponding cabinet levels, grid levels, core operations, and data ranges in the medical platform to obtain the permission matrix. The configuration unit is used to divide the corresponding permission matrix on the virtual model to obtain multi-level access areas. In the medical platform, storage areas are configured for the corresponding multi-level access areas, and log lines are configured for the corresponding storage areas. The configuration connection unit is used to configure the corresponding role area for each multi-level access area to obtain the access chain. The allocation area is configured for multiple role areas, and the allocation area is connected to multiple terminal devices.

[0022] It should be noted that the roles within the hospital include: assigning roles to personnel involved in accessing the smart cabinets, namely super administrator, department administrator, doctor, and nurse, and registering the corresponding ports based on the medical platform; and implementing hierarchical access control based on different roles. For example, the super administrator's roles are: cabinet level: all cabinets; grid level: all grids; core operation: all operations; data scope: hospital-wide data. The department administrator's roles are: cabinet level: department administrator; grid level: departmental cabinets; core operation: departmental grids; data scope: management + approval; data scope: departmental data. The doctor's roles are: cabinet level: authorized cabinet; grid level: authorized grids; core operation: requisition / return / query; data scope: personal operation records. The nurse's roles are: cabinet level: authorized cabinet; grid level: authorized grids; core operation: requisition / return / query; data scope: personal operation records. Then, based on the permission matrix, the virtual model is divided into multiple access areas, which are model space regions. In the medical platform, a corresponding storage area is configured for each access area to store data for accessing and opening the actual smart cabinet. At the same time, a log line is configured for each storage area to record the items that the role uses to access the smart cabinet. Since there are multiple roles, a corresponding role area needs to be configured for each of the multiple access areas. Before being accessed, multiple role areas are configured together with an allocation area. The allocation area is connected to multiple terminal devices, which are smart cabinets or mobile terminals, to identify the role and open the smart cabinet.

[0023] In one embodiment, the configuration unit includes: The marking unit is used to obtain the cabinet level and grid level corresponding to the role based on the permission matrix, and to mark the cabinets and grids in the virtual model according to the cabinet level and grid level corresponding to multiple roles respectively; The copying unit is used to copy the cabinets and compartments in the virtual models with multiple tags according to the number of tags, and to combine the cabinets and compartments in the virtual models corresponding to multiple roles individually to obtain a multi-level access area; The corresponding unit is used to configure the corresponding storage area for each multi-level access area. Each storage area has multiple unit storage cells (the unit storage cell is the smallest access unit in the entire storage area; permissions and access operations for the same cell do not require repeated settings for different roles and permissions to achieve isolated access. A single permission setting at the smallest access unit—the unit storage cell—is sufficient to achieve hierarchical isolation of access permissions for different roles, without wasting storage space and reducing operational pressure). Each unit storage cell corresponds one-to-one with a cell in the corresponding access area. The corresponding setting unit is used to set log lines for the corresponding storage area. The log line includes a time line, multiple moving storage location points on the time line, multiple master points in each storage location point, and multiple points in the multiple master points. The number of master points is the same as the number of access areas and corresponds one-to-one. The number of points in the master points is the same as the number of grids in the corresponding access area, and the multiple points are connected one-to-one with the unit storage cells.

[0024] In one embodiment, the configuration connection unit includes: The communication connection unit is used to configure corresponding role areas for each of the multi-level access areas, and the role area is connected to the unit storage cell of the corresponding access area. The port connection unit is used to configure the allocation area for multiple role areas. The allocation area communicates with multiple terminal devices, and the role port is marked for the corresponding allocation area.

[0025] It should be noted that, based on the permission matrix, the cabinet and grid levels corresponding to roles are determined. In the medical platform, cabinets and grids in the virtual model are marked according to the cabinet and grid levels corresponding to multiple roles. There are overlapping cabinet and grid levels between different roles. Therefore, the unit model is copied according to the number of times it is marked. For example, the unit model here is the unit's cabinet (only including the outline of the external cabinet model, which can be used as a representative of the cabinet). The unit model also includes individual grid models. When different unit models are marked multiple times, the model is copied according to the number of times it is interacted. For example, the cabinet and grid levels managed by the super administrator and the cabinet and grid levels managed by the department administrator are copied once. The cabinet and grid level managed by the department administrator is marked once by the department administrator's role and once by the super administrator. This is twice. Then, the unit model corresponding to the cabinet and grid level managed by the department administrator is copied once. Combined with the original model, the models of the cabinet and grid levels managed by the two department administrators that are marked twice are obtained. Then, the overall virtual model is mapped to the super administrator. The replicated cabinets and compartments are individually combined to serve as virtual cabinets managed by the corresponding department administrators. The above example illustrates two roles, but in reality, there are multiple roles. Each role has corresponding cabinet and grid management functions. Each role has a corresponding access area, and these access areas are considered multi-level access areas, which are independent of each other. The overlapping parts of the models within these multi-level access areas are identical, while the non-overlapping parts are independent. A corresponding storage area is configured for each multi-level access area, with the storage area itself acting as the corresponding cabinet. The storage space within the storage area is divided into unit storage cells in the corresponding virtual model. Each unit storage cell stores data about the items in the corresponding slot, such as the item's type, quantity, and other lifecycle data. There is a one-to-one correspondence between unit storage cells and slots in the corresponding access area. All unit storage cells are in a state of storage isolation. Each unit storage cell has multiple connection points, the number of which is the same as the number of role types (e.g., four role types). Then, corresponding role areas are configured for each multi-level access area, and the number of connection points for the corresponding number of unit storage cells in the role area is set. For example, two authorization cabinets are open to doctors, and one of the two authorization cabinets has 10 authorization cells open. Another authorization cabinet has 12 authorization slots. Thus, the doctor's corresponding unit storage slots are 10 in the authorization cabinet corresponding to one virtual model and 12 in the other authorization cabinet. 22 connection points are set in the role area, each connecting one-to-one with the connection point of the corresponding role in the unit storage slot. The role area has a corresponding number of connection points for the number of authorization slots under control, and the authorization slots of a corresponding role have connection points for that role. Connections are established based on the role as a reference. Multiple connection points in a unit storage slot are isolated from each other and cannot be interconnected.The corresponding role area is configured with an allocation area, which stores personnel information and corresponding roles. The personnel information includes registration information such as the doctor's name, department, and age. The allocation area connects to multiple terminal devices, which are devices that support personnel login, such as computers and the smart cabinet itself. Account login is possible. The allocation area assigns roles to logged-in accounts and marks role ports. Then, the allocation area can guide access from role ports to the corresponding role area. The role area can connect to authorized unit storage cells to perform authorized operations.Log lines are set up for the corresponding storage area. Time lines are network lines marked with time (network lines are formed by multiple network nodes connected in the medical platform's storage space; they are marked with time). In situations where no port accesses the smart cabinet, the network lines can be folded over time. For example, if no port accesses the smart cabinet between 13:00 and 14:00, the time period between 13:00 and 14:00 can be directly marked as a single point on the network line. There are no logs or data to be recorded during this time period; therefore, only a collection of single-point time periods needs to be marked on the network line. That is, folding), multiple storage locations on the timeline are configured virtual signal carriers, each storage location has multiple master points and multiple points within those master points. Master points are virtual signal carriers with smaller storage capacity stored within the virtual signal carriers. Multiple points are multiple storage spaces within the master points (storing small amounts of data, capable of recording the authorization slots for role port access, actual authorization operations, for example, the name of the medicine retrieved corresponds to a fixed marker at that point, requiring no separate temporary storage; if there are no changes to the medicine, this slot will always store that type of medicine or a certain type of medical device, and the quantity here is also... This is a trigger marker, not a data transmission. For example, if a location can store a maximum of 50 boxes of the medicine, then 50 marker points are configured for that location. Retrieving two boxes directly activates two marker points at that location (the marker point is a virtual signal carrier storing the medicine's identification code, which is entered when the medicine is placed in the smart cabinet). This represents two boxes of medicine being retrieved; both activations are triggered, but there is no data transmission or external data entry. It's only used for data triggering and recording, making it more efficient, and the logs cannot be directly modified. The number of main points is the same as the number of access areas, and they are connected one-to-one (trigger connection). Multiple points in the main points have the same number of grids in the corresponding access areas and are connected one-to-one (trigger connection). When personnel access the site later, the main points in the log line and the corresponding points in the main points can be directly triggered to record the access, forming an access log. Multiple moving storage locations can move along the timeline. When an access occurs, a storage location is activated to record the access log, which can record the log quickly and immutably. This is a trigger connection marker, which cannot tamper with the access log, and has a good data recording and protection function. Triggering the connection to record the log makes the response more efficient.

[0026] In one embodiment, the access control module includes: The access unit is used to log in to the role port through the terminal device, confirm the role corresponding to the role port through the allocation area, and transfer the access of the role port to the role area of ​​the corresponding role. The operation record unit is used to access the corresponding unit storage cell through the connection point in the role area to perform authorized operations (the core operations and data range in the permission matrix are the authorized operations that can be performed by the corresponding role). At the same time, it records the access log of the role port. If you want to access and perform authorized operations on other cells, you can access them through the corresponding connection point in the role area.

[0027] In one embodiment, the operation recording unit includes: The selection unit is used to select the authorization cabinet / authorization grid to be accessed in the role port of the role area, and determine the connection point corresponding to the authorization cabinet / authorization grid as the target connection point. The enabled unit is used to perform authorization operations based on the connection point corresponding to the unit storage cell accessed by the target connection point, and at the same time enables a storage location point; The recording unit is used to mark and record the corresponding point in the storage location point triggered by the unit storage cell to enable the connection and to complete the recording of the role port access log.

[0028] It should be noted that to use the smart cabinet, login is required via a terminal device. For example, this can be done on a hospital-networked authorized computer terminal using a role-based port, or directly on the smart cabinet itself. After logging in, access is granted to the allocation area. The allocation area confirms the role of the role-based port, and based on the confirmed role, the port is connected to the corresponding role area for access. Based on the mapping between role areas and storage cells obtained from the permission matrix, the role-based port accesses the corresponding storage cell through a connection point within the role area. Authorization operations can be performed based on the corresponding storage cell. Upon accessing a storage cell, a connection is immediately triggered to the timeline, randomly activating a storage location point. This storage location point is connected to the timeline as an intermediate "communication node," thus completing the binding between the storage location point and the timeline. If not activated... When storing location points, these points are stored in the medical platform according to the corresponding timeline and are in a standby state. When access to the smart cabinet occurs, the stored location point is activated and moved to the corresponding timeline point. Each storage location point has a master point corresponding to all access areas, which is the area of ​​the unit storage cells that the corresponding character can access. The master point stores the number of unit storage cells in the corresponding accessible unit storage cell area. The points represent authorized cells. The prerequisite for opening an authorized cell for real-time operation is to access the corresponding unit storage cell to carry out the operation. Therefore, when a unit storage cell is accessed, it will immediately trigger a connection to the corresponding point and activate the marker point of the quantity of medicines / medical devices taken in the corresponding authorized cell for logging. The logs can be retrieved later, allowing for the full process of the character using the smart cabinet to be traced. By accessing the role area of ​​the chain and using a single compartment as the smallest unit, the access and usage permissions of different roles to the smart cabinet can be classified, so that the operation of authorizing multiple roles can be isolated. There is no need to build corresponding access spaces for multiple roles separately, and there will be no duplicate settings for multiple roles' access spaces. The settings in the storage area can meet the common access of all roles and perform traffic diversion and isolation access, which has a good hierarchical effect of access permissions.

[0029] Example 2, please refer to Figure 2 As shown in this embodiment, a hierarchical access control method for a medical SPD smart cabinet includes the following steps: S1. Construct a virtual model of the medical cabinet based on the medical platform, and connect the virtual model with the medical cabinet based on the data of the medical platform; S2. Establish a permission matrix in the medical platform. The permission matrix includes roles, cabinet level, grid level, core operation and data scope. Bind the permission matrix to the virtual model and define the access chain. The access chain includes multiple role areas, multi-level access areas and storage areas. S3. The role is confirmed through the terminal device and a log chain is generated immediately. The role uses the terminal device to control the medical cabinet through the access chain.

[0030] As described in steps S1-S3 above, by accessing the role area of ​​the access chain and using a single grid as the smallest unit, the access and usage permissions of different roles to the smart cabinet can be classified, so that the operation of authorizing multiple roles can be isolated. There is no need to specially build corresponding access spaces for multiple roles, and there will be no duplicate settings for multiple roles' access spaces. The settings in the storage area can meet the common access of all roles and perform traffic diversion and isolation access, which has a good hierarchical effect of access permissions.

[0031] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A hierarchical access control system for medical SPD smart cabinets, characterized in that, include: The connection module is used to build a virtual model of the medical cabinet based on the medical platform, and to connect the virtual model with the medical cabinet through the medical platform. Establish a module and connect it with the connection module to create a permission matrix in the medical platform. The permission matrix includes roles, cabinet level, grid level, core operation and data scope. Bind the permission matrix to the virtual model and define the access chain. The access chain includes multiple role areas, multi-level access areas and storage areas. The access control module, connected to the establishment module, is used to confirm roles through terminal devices and immediately generate a log chain. Roles then use the terminal devices to control the medical cabinet through the access chain.

2. The access control system for a medical SPD intelligent cabinet according to claim 1, characterized in that, The connection module includes: The data acquisition and construction unit is used to collect the cabinet information of the medical cabinet, and to perform three-dimensional construction based on the cabinet information in the medical platform to obtain a virtual model; The communication connection unit is used to connect the cabinets and compartments in the virtual model to the cabinets and compartments of the medical cabinet one-to-one.

3. The access control system for a medical SPD intelligent cabinet according to claim 1, characterized in that, The establishment module includes: The registration unit is used to confirm multiple roles and register role ports based on the corresponding roles on the medical platform. The permission creation unit is used to create roles, corresponding cabinet levels, grid levels, core operations, and data ranges in the medical platform to obtain the permission matrix. The configuration unit is used to divide the corresponding permission matrix on the virtual model to obtain multi-level access areas. In the medical platform, storage areas are configured for the corresponding multi-level access areas, and log lines are configured for the corresponding storage areas. The configuration connection unit is used to configure the corresponding role area for each multi-level access area to obtain the access chain. The allocation area is configured for multiple role areas, and the allocation area is connected to multiple terminal devices.

4. The access control system for a medical SPD intelligent cabinet according to claim 3, characterized in that, The configuration unit includes: The marking unit is used to obtain the cabinet level and grid level corresponding to the role based on the permission matrix, and to mark the cabinets and grids in the virtual model according to the cabinet level and grid level corresponding to multiple roles respectively; The copying unit is used to copy the cabinets and compartments in the virtual models with multiple tags according to the number of tags, and to combine the cabinets and compartments in the virtual models corresponding to multiple roles individually to obtain a multi-level access area; The corresponding unit is used to configure the corresponding storage area for the corresponding multi-level access area. The storage area has multiple unit storage cells, and the unit storage cell corresponds one-to-one with the grid in the corresponding access area. The corresponding setting unit is used to set log lines for the corresponding storage area. The log line includes a time line, multiple moving storage location points on the time line, multiple master points in each storage location point, and multiple points in the multiple master points. The number of master points is the same as the number of access areas and corresponds one-to-one. The number of points in the master points is the same as the number of grids in the corresponding access area, and the multiple points are connected one-to-one with the unit storage cells.

5. A hierarchical access control system for a medical SPD intelligent cabinet according to claim 4, characterized in that, The configuration connection unit includes: The communication connection unit is used to configure corresponding role areas for each of the multi-level access areas, and the role area is connected to the unit storage cell of the corresponding access area. The port connection unit is used to configure the allocation area for multiple role areas. The allocation area communicates with multiple terminal devices, and the role port is marked for the corresponding allocation area.

6. The access control system for a medical SPD intelligent cabinet according to claim 1, characterized in that, The access control module includes: The access unit is used to log in to the role port through the terminal device, confirm the role corresponding to the role port through the allocation area, and transfer the access of the role port to the role area of ​​the corresponding role. The operation log unit is used to perform authorized operations by accessing the corresponding unit storage cell through the connection point in the role area, and at the same time, to record the access log of the role port.

7. A hierarchical access control system for a medical SPD intelligent cabinet according to claim 6, characterized in that, The operation recording unit includes: The selection unit is used to select the authorization cabinet / authorization grid to be accessed in the role port of the role area, and determine the connection point corresponding to the authorization cabinet / authorization grid as the target connection point. The enabled unit is used to perform authorization operations based on the connection point corresponding to the unit storage cell accessed by the target connection point, and at the same time enables a storage location point; The recording unit is used to mark and record the corresponding point in the storage location point triggered by the unit storage cell to enable the connection and to complete the recording of the role port access log.

8. A method for hierarchical access control of a medical SPD smart cabinet, used to implement the hierarchical access control system for a medical SPD smart cabinet as described in any one of claims 1-7, characterized in that, Includes the following steps: A virtual model of the medical cabinet is built based on the medical platform, and the virtual model is connected to the medical cabinet via data connection based on the medical platform. Establish a permission matrix in the medical platform, which includes roles, cabinet level, grid level, core operation and data scope. Bind the permission matrix to the virtual model and define the access chain, which includes multiple role areas, multi-level access areas and storage areas. The role is confirmed through the terminal device and a log chain is generated immediately. The role then uses the terminal device to control the medical cabinet through the access chain.