Search

CN-121980585-A - Authority refinement control system and method applied to nuclear power production management in group yard of group factory

CN121980585ACN 121980585 ACN121980585 ACN 121980585ACN-121980585-A

Abstract

The invention discloses a rights refined control system and method applied to nuclear power production management under a group yard of a group factory, wherein the system comprises a rights model construction module, a rights execution module and a rights execution module, wherein the rights model construction module is used for constructing a three-level rights model based on an organization mechanism, a post role and a data field, the rights execution module supports two modes of manual authorization and automatic authorization, the manual authorization is based on a manual application of an approval process driven by a workflow, the automatic authorization is based on a preset strategy and responds to organization or personnel change, the rights audit module is used for recording operation logs related to rights to form an audit log library to support audit trail, and the rights execution module is used for controlling rights of a data field of a user according to the three-level rights model during operation. The invention defines the authority control strategy and algorithm, realizes the flexibility and high efficiency of authority control, improves the authority distribution capacity of cross-mechanism, hierarchical domain division and field level, enhances the controllability of approval and audit, and is beneficial to the safety and integrity of production data.

Inventors

  • LIU HUAWEI
  • XU YANFENG
  • YI XIAOYONG
  • MAO QIWEN
  • WANG XUANPENG
  • XIE HU

Assignees

  • 国核信息科技有限公司
  • 山东核电有限公司
  • 国电投核能有限公司
  • 上海核工程研究设计院股份有限公司
  • 国核示范电站有限责任公司

Dates

Publication Date
20260505
Application Date
20260112

Claims (9)

  1. 1. A right refined control system applied to nuclear power production management in a group yard of a group factory is characterized by comprising: The permission model construction module is used for constructing a three-level permission model based on the organization mechanism, the post roles and the data fields; The authorization execution module supports two modes of manual authorization and automatic authorization, wherein the manual authorization is based on a manual application of an approval process driven by a workflow, and the automatic authorization is based on a preset strategy and responds to organization or personnel change; the authority audit module is used for recording the operation logs related to the authority to form an audit log library to support audit trail and And the permission implementation module is used for controlling the data domain permission of the user according to the three-level permission model during running.
  2. 2. The authority refinement control system applied to nuclear power production management under a group yard of a group factory according to claim 1 is characterized in that in the three-level authority model, a user, a post role and an organization mechanism are in a relation of many to many respectively, the post role and a data domain are in a one-to-one relation, and different post roles correspond to different data domain authority logics.
  3. 3. The rights refining control system for nuclear power production management in a cluster yard of a cluster factory of claim 1, wherein the set of post roles ultimately owned by the user includes a post role directly granted to the user and a post role granted to an organization to which the user belongs.
  4. 4. The rights refinement control system applied to nuclear power production management in a group yard of a group factory according to claim 1, wherein the data field comprises a menu, a data line and a form field.
  5. 5. The rights refinement control system for nuclear power production management in a group yard of a group factory according to claim 1, wherein the data domain rights in the rights enforcement module are of at least one of the following types: The authority of the unit data of the present level; this level unit and lower level a unit data authority; The data authority is organized at the present level; The data authority of the organization and the subordinate organizations, wherein the organization comprises units which are a specific form of the organization.
  6. 6. The rights refinement control system applied to nuclear power production management under a group yard of a group factory according to claim 5, wherein the expression form of the data domain rights comprises menu rights, data line rights and form field read-write rights.
  7. 7. The authority refinement control system applied to nuclear power production management under a group yard of a group factory according to claim 6 is characterized in that the form field read-write authority is realized based on service scene configuration, and specifically comprises associated service scenes, post roles, power plants/units and specific form fields, so that differential read-write or hiding control of the same post role in form fields of different power plants under different scenes is realized, wherein the associated service scenes support free configuration.
  8. 8. The authority refinement control system applied to nuclear power production management under a group yard of a group factory according to claim 1, wherein the post role has an attribute of an affiliated organization, is unchangeable after creation, and is used for identifying an organization structure for creating the role.
  9. 9. A right refined control method applied to nuclear power production management in a group yard of a group factory comprises the following steps: constructing a three-level authority model based on the organization mechanism, the post roles and the data fields; Providing two modes of manual authorization and automatic authorization, wherein the manual authorization is based on a manual application of an approval process driven by a workflow, and the automatic authorization is based on a preset strategy and responds to organization or personnel change; When a user operates, determining an authority set according to the three-level authority model, controlling the authority of the data domain of the user, and recording the operation logs related to the authority to form an audit log library to support an audit trail.

Description

Authority refinement control system and method applied to nuclear power production management in group yard of group factory Technical Field The invention belongs to the technical field of nuclear power production management information, and particularly relates to a rights refinement control system and method applied to nuclear power production management in a group yard of a group factory. Background The traditional nuclear power production management system has simpler authority control due to a single-organization operation mode. However, in a large-scale operation mode of a group factory and a group pile, the cooperative control of multiple power plants and multiple units is involved, and the authority control faces a plurality of challenges. The group factory group pile refers to a centralized, standardized and collaborative operation management mode of multiple bases and multiple units in the nuclear power industry. Has specific technical, management and security connotations. The challenges faced are mainly: 1. For example, A, B power plants exist under a nuclear power set the League flag, and an A power plant maintainer needs to remotely access equipment operation and maintenance data of a B power plant, but the A power plant maintainer cannot directly obtain the authority of the B power plant data due to the limitation of membership. 2. The hierarchical domain authorization is complex, and rights are allocated by longitudinal and transverse combination, for example, a nuclear power group headquarter needs to check production data of all power plants, but all power plants do not want to completely open the data, so that the detailed rights are divided for different organization levels and data domains. 3. The authority control of refinement and customization cannot be realized, such as the customized business processing logic of each form of the approval nodes with the same approval process of different power plants. The existing system is insufficient in terms of authority model, authorization mechanism, audit and the like, and a new authority control system and method are needed. Therefore, a flexible and efficient fine authority control scheme capable of adapting to complex organization architecture and business scene of group factory and group pile is needed. Disclosure of Invention Aiming at the defects of flexibility, high efficiency and the like in the prior art, the invention aims to overcome the defects of the prior art and provides a rights refinement control system and method applied to nuclear power production management in a group yard of a group factory. In view of the above, the invention provides a rights refinement control system applied to nuclear power production management in a group yard of a group factory, comprising: The permission model construction module is used for constructing a three-level permission model based on the organization mechanism, the post roles and the data fields; The authorization execution module supports two modes of manual authorization and automatic authorization, wherein the manual authorization is based on a manual application of an approval process driven by a workflow, and the automatic authorization is based on a preset strategy and responds to organization or personnel change; the authority audit module is used for recording the operation logs related to the authority to form an audit log library to support audit trail and And the permission implementation module is used for controlling the data domain permission of the user according to the three-level permission model during running. As an improvement of the system, in the three-level authority model, the user, the post roles and the organization mechanism are in a two-to-many relationship, the post roles and the data domains are in a one-to-one relationship, and different post roles correspond to different data domain authority logics. As an improvement of the system, the final post role set of the user comprises a post role directly granted to the user and a post role granted to an organization to which the user belongs. As an improvement of the above system, the data field includes a menu, a data line, and a form field. As an improvement of the above system, the data domain rights in the rights enforcement module are of at least one of the following types: The authority of the unit data of the present level; this level unit and lower level a unit data authority; The data authority is organized at the present level; The data authority of the organization and the subordinate organizations, wherein the organization comprises units which are a specific form of the organization. As an improvement of the system, the expression form of the data domain authority comprises menu authority, data line authority and form field read-write authority. The system is improved in that the read-write permission of the form field is realized based on service scene configuration, and the system specifically comp