CN-121997309-A - Role authority-based chemical reagent operation management method and system

Abstract

The invention discloses a chemical reagent operation management method based on role authority, which comprises the steps of collecting biological characteristic data of operators and reagent identification information, obtaining a role authority configuration file in a matching mode, extracting reagent operation type limitation, determining an allowable operation range, generating a temporary operation token and registering the temporary operation token in association with a timestamp to be an authorized operation record, extracting key event nodes to identify authority cross-boundary deviation, storing the key event nodes and associated data in an independent storage partition in an isolated mode if the cross-boundary deviation exists, marking the key event nodes and the associated data as abnormal log entries to form a behavior record set stored in a layering mode, carrying out log aggregation processing on the behavior record set stored in the layering mode, determining a responsibility tracing path according to a time sequence relation and the role authority information, and generating audit report data. According to the invention, accurate control of authority can be realized through real-time isolation of dynamic authorization and abnormal behaviors, and a responsibility tracing path is automatically constructed based on the abnormal logs stored in a layered manner, so that the operation safety and the auditing efficiency are improved.

Inventors

• SHAO DONG
• HU JIAN

Assignees

• 苏州毕恩思实验器材有限公司

Dates

Publication Date

20260508

Application Date

20260407

Claims (10)

1. 1. A chemical reagent operation management method based on role authority is characterized by comprising the following steps: Acquiring biological characteristic data and reagent identification information of an operator through scanning equipment, and matching and acquiring configuration files of corresponding role authorities from a pre-established database to obtain an identity verification result; if the identity verification result accords with a preset role-based access control model, extracting reagent operation type limitation from the configuration file, and determining an operation range which is allowed to be executed by an operator for a reagent corresponding to the reagent identification information; Generating a temporary operation token according to the determined operation range and the acquired reagent identification information, and registering the temporary operation token and the current timestamp in an associated mode as an authorized operation record; monitoring the operation behavior of the real-time reagent based on the authorized operation record, extracting key event nodes from the real-time behavior data obtained by monitoring, and judging whether the key event nodes exceed the operation range or not so as to identify whether permission out-of-range deviation exists or not; if the permission cross-boundary deviation is identified, the corresponding key event nodes and the associated data are stored in the independent storage partition in an isolated mode and marked as abnormal log entries, and a behavior record set of layered storage is formed; performing log aggregation processing on the behavior record set stored in a layered manner, and determining a responsibility tracing path according to the time sequence relation among various abnormal log entries in an aggregation result and corresponding operator role authority information; And extracting the identity information of the operator, the reagent identification information and the time information in the abnormal log entry according to the responsibility tracing path, and generating audit report data.
2. 2. The method for managing the operation of a chemical reagent based on role authority as set forth in claim 1, wherein the biometric data comprises fingerprint feature data or iris feature data, the reagent identification information comprises reagent bar code information or reagent two-dimensional code information, and the scanning device comprises a fingerprint identifier or iris identifier for acquiring the biometric data and a bar code scanner or two-dimensional code scanner for acquiring the reagent identification information.
3. 3. The method for managing the operation of the chemical reagent based on the role authority as set forth in claim 1, wherein the configuration file is stored with job level information, qualification information and training record information of the operator in advance, and the reagent operation type restrictions in the configuration file include a lead operation restriction, a preparation operation restriction, a discard operation restriction and a transfer operation restriction.
4. 4. The method for managing operation of a chemical reagent based on role authority as set forth in claim 1, wherein generating the temporary operation token comprises: Extracting an operation type code corresponding to the operation range, a reagent code corresponding to the reagent identification information and a current timestamp; splicing the operation type code and the reagent code into a first character string according to a preset sequence, converting the current timestamp into a Unix timestamp, splicing the Unix timestamp and the first character string, and generating a second character string; and calculating the second character string by adopting a hash algorithm, taking the calculated hash value as a temporary operation token, and setting that the difference value between the validity period of the temporary operation token and the current timestamp does not exceed a preset validity period threshold value.
5. 5. The method for managing operation of chemical reagents based on role authority according to claim 1, wherein monitoring real-time reagent operation behavior based on the authorized operation record comprises: The method comprises the steps that hand action image data of an operator are collected in real time through an image collecting device arranged at a reagent storage device or an operation table; collecting weight change data of the reagent container in real time through a weight sensor arranged at the reagent storage device; acquiring the on-off state data of the reagent storage device in real time through a door magnetic sensor arranged at the reagent storage device; comparing the collected hand motion image data, weight change data and switch state data with the allowable operation range in the authorized operation record, and judging whether unauthorized operation exists.
6. 6. The method for managing the operation of the chemical reagent based on the role authority as set forth in claim 5, wherein the key event nodes comprise an operation start node, an operation end node, a reagent weight change node and an authority verification failure node; The step of extracting key event nodes from real-time behavior data obtained through monitoring comprises the steps of recording the current moment as an operation starting node when an image acquisition device recognizes that the hand of an operator enters a preset operation area, recording the current moment as an operation ending node when the image acquisition device recognizes that the hand of the operator leaves the preset operation area, and recording the current moment and a weight change value as a reagent weight change node when weight change data acquired by a weight sensor exceeds a preset threshold value.
7. 7. The method for managing operation of chemical reagents based on role authority according to claim 1, wherein the step of isolating and storing the corresponding key event nodes and associated data in the independent storage partition comprises the steps of: creating an exception log table in the database that is independent of the normal log table; When the permission out-of-range deviation is identified, the operator identity information, the reagent identification information, the operation time information and the out-of-range type information corresponding to the key event node are inserted into an abnormal log table; and adding pointer fields pointing to the main key identifiers of the corresponding records in the abnormal log table in the record rows corresponding to the key event nodes in the normal log table to form a hierarchically stored behavior record set.
8. 8. The method for managing the operation of the chemical reagent based on the role authority according to claim 1, wherein the step of performing log aggregation processing on the hierarchically stored behavior record sets comprises the steps of: Extracting abnormal log entries in the independent storage partition from the hierarchically stored behavior record set; according to the operation time information recorded in each abnormal log entry, sequencing a plurality of abnormal log entries corresponding to the same reagent identification information according to the time sequence; Grouping the ordered abnormal log entries according to the identity information of the operators, sequentially detecting whether the identity information of the operators in adjacent groups is the same or not, and inserting responsibility transfer marks between the adjacent groups if the identity information of the operators in the adjacent groups is different to form an abnormal event chain taking the reagent as a dimension.
9. 9. The method for managing operations of a chemical reagent based on role authority as set forth in claim 8, wherein determining a responsibility tracing path based on a timing relationship between each of the plurality of abnormal log entries in the aggregated result and corresponding operator role authority information comprises: Extracting the identity information and the operation time information of an operator corresponding to the first abnormal log entry from the abnormal event chain, and taking the identity information and the operation time information as an initial responsibility person and initial responsibility starting time; Sequentially reading each abnormal log entry along the time sequence of the abnormal event chain, setting the responsibility ending time of the identity information of the previous operator as the corresponding time point of the current responsibility transferring mark when the responsibility transferring mark is detected, taking the identity information of the current operator as the next responsible person, and taking the operation time information of the current operator as the next responsibility starting time; and sequentially iterating until all responsibility transfer marks in the abnormal event chain are processed, and generating a traceable path comprising a responsibility person sequence and responsibility time periods of all responsibility persons.
10. 10. A role authority-based chemical reagent operation management system for implementing the method of any one of claims 1 to 9, comprising: the acquisition module is used for acquiring biological characteristic data and reagent identification information of an operator through the scanning equipment, and matching and acquiring configuration files of corresponding role authorities from a pre-established database to obtain an identity verification result; The permission judging module is used for extracting reagent operation type limitation from the configuration file when the identity verification result accords with a preset role-based access control model, and determining an operation range which is allowed to be executed by an operator for the reagent corresponding to the reagent identification information; The authorization module is used for generating a temporary operation token according to the determined operation range and the acquired reagent identification information, and registering the temporary operation token and the current timestamp in an associated mode as an authorization operation record; The monitoring module is used for monitoring the operation behavior of the real-time reagent based on the authorized operation record, extracting key event nodes from the real-time behavior data obtained by monitoring, and judging whether the key event nodes exceed the operation range or not so as to identify whether permission out-of-range deviation exists or not; The isolation storage module is used for isolating and storing the corresponding key event nodes and associated data to the independent storage partition when the right deviation is identified, and marking the key event nodes and the associated data as abnormal log entries to form a behavior record set of hierarchical storage; The trace-back module is used for carrying out log aggregation processing on the behavior record set stored in a layered manner, and determining a responsibility trace-back path according to the time sequence relation among the abnormal log entries in the aggregation result and the corresponding role authority information of the operator; And the audit module is used for extracting the identity information of the operator, the reagent identification information and the time information in the abnormal log entry according to the responsibility tracing path and generating audit report data.

Description

Role authority-based chemical reagent operation management method and system Technical Field The invention relates to the technical field of chemical reagent operation management, in particular to a method and a system for managing chemical reagent operation based on role authority. Background In the field of laboratory management, the safety and standardization of reagent operation are directly related to the life health of experimenters and the accuracy of experimental data, and especially when dangerous chemicals are involved, serious safety accidents can be caused by overlooking any operation. With the expansion of laboratory scale and the aggravation of personnel flow, how to realize the fine management of the whole process of reagent operation has become the focus of industry attention. At present, a laboratory generally establishes an informationized management system to a certain extent, performs preliminary management and control on operators through account and password login, authority grading and other modes, and part of the system also introduces functions such as reagent bar code scanning, electronic account record and the like to attempt to realize traceability of operation behaviors. These measures improve the management efficiency to a certain extent and reduce the randomness of manual registration. However, the prior art still has significant drawbacks in coping with sophisticated rights control and responsibility traceability in complex laboratory environments. The biggest problem is that a closed-loop management mechanism capable of dynamically binding and hierarchically isolating the identity, role authority, reagent operation behaviors and operation records of operators is lacking. Specifically, most of existing systems are based on static account rights, whether operators have the qualification of executing the current reagent operation cannot be checked in real time, and the conditions of rights out of range or identity impossibility easily occur. Meanwhile, various operation logs are stored in a mixed mode, independent isolation and association analysis capability aiming at abnormal behaviors are lacked, and when abnormal events such as reagent misuse and preparation errors occur, it is difficult to quickly locate responsible persons, operation time and specific links from a large number of logs, a responsible tracing path is fuzzy, and vulnerability frequency is managed. To solve the above-mentioned problems, the prior art attempts to enhance identity authentication by introducing biometric identification or to perform post-audit by means of centralized storage of operation logs. However, these improvements are often isolated, and a dynamic matching mechanism is lacking between identity authentication and operation authority, so that log storage is centralized but abnormal isolation and structural analysis are not performed, and when authority crossing occurs, the system cannot identify and record the authority in time, a large amount of manual investigation is still needed afterwards, the efficiency is low, and key information is easy to miss. Disclosure of Invention Therefore, the technical problem to be solved by the invention is to overcome the defect of difficult responsibility tracing caused by lack of dynamic binding of identity authentication and operation authority and mixed storage of abnormal logs and normal logs in the prior art, and provide the role authority-based chemical reagent operation management method and system, which can realize authority accurate control through real-time isolation of dynamic authority and abnormal behaviors, automatically construct a responsibility tracing path based on the abnormal logs stored in a layered manner, and improve operation safety and audit efficiency. In order to solve the technical problems, the invention provides a chemical reagent operation management method based on role authority, which comprises the following steps: Acquiring biological characteristic data and reagent identification information of an operator through scanning equipment, and matching and acquiring configuration files of corresponding role authorities from a pre-established database to obtain an identity verification result; if the identity verification result accords with a preset role-based access control model, extracting reagent operation type limitation from the configuration file, and determining an operation range which is allowed to be executed by an operator for a reagent corresponding to the reagent identification information; Generating a temporary operation token according to the determined operation range and the acquired reagent identification information, and registering the temporary operation token and the current timestamp in an associated mode as an authorized operation record; monitoring the operation behavior of the real-time reagent based on the authorized operation record, extracting key event nodes from the real-time behavior data o