Search

CN-121997354-A - Authorization control method, device and system for dynamic authority and storage medium

CN121997354ACN 121997354 ACN121997354 ACN 121997354ACN-121997354-A

Abstract

A method, device, system and storage medium for controlling dynamic authority authorization are disclosed. The method comprises the steps of obtaining a target business object bound with a life cycle template, associating the life cycle template with a flow template, configuring the life cycle state of the life cycle template with the life cycle dynamic authority, configuring task nodes of the flow template with the flow dynamic authority, responding to the flow operation of the target business object, distributing the flow dynamic authority to actual participants of the target task node according to the flow dynamic authority of the target task node in the flow template when the flow is transferred to the target task node, responding to the task node to trigger the life cycle state change of the target business object, and distributing the life cycle dynamic authority to the actual participants of the target life cycle state according to the changed target life cycle state. The application has the technical effect of improving the enterprise authority management efficiency.

Inventors

  • Zhang Hujian
  • LI XUWEN
  • XING JUN

Assignees

  • 上海易立德信息技术股份有限公司

Dates

Publication Date
20260508
Application Date
20251231

Claims (10)

  1. 1. The authorization control method of the dynamic authority is characterized by comprising the following steps: Obtaining a target business object, wherein the target business object is configured to bind a lifecycle template, and the lifecycle template is configured as an association flow template; The life cycle template is used for defining the life cycle state of the target service object, the life cycle state is configured with life cycle dynamic authorities, the flow template is used for defining service flows and task nodes associated with the target service object, and the task nodes are configured with flow dynamic authorities; In response to flow execution of the target business object, determining an actual participant of the target task node when the flow is transferred to the target task node, and allocating the flow dynamic authority to the actual participant of the target task node according to the flow dynamic authority of the target task node in the flow template, and/or, And responding to the task node to trigger the life cycle state change of the target business object, determining an actual participant in the target life cycle state according to the changed target life cycle state, and distributing the life cycle dynamic permission to the actual participant in the target life cycle state according to the life cycle dynamic permission of the target life cycle state in the life cycle template.
  2. 2. The method for controlling authority of dynamic authority according to claim 1, wherein the allocating the flow dynamic authority to the actual participant of the target task node according to the flow dynamic authority of the target task node in the flow template comprises: Acquiring first authority information pre-configured by the target task node; writing the actual participant of the target task node and the first authority information into a flow dynamic authority field of the target service object; The assigning the lifecycle dynamic rights to the actual participant of the target lifecycle state according to the lifecycle dynamic rights of the target lifecycle state in the lifecycle template comprises: acquiring second authority information pre-configured by the target life cycle state; and writing the actual participant of the target life cycle state and the second authority information into a life cycle dynamic authority field of the target service object.
  3. 3. The method of claim 2, wherein the first rights information and the second rights information are configured to define an operation rights type of an actual participant, the operation rights type including at least one of reading, modifying, and downloading.
  4. 4. The authorization control method of dynamic rights according to claim 2, further comprising the steps of: Removing the flow dynamic rights of the actual participants of the target task node from the target business object in response to completion of the target task node, and/or, In response to the end of the target lifecycle state, the lifecycle dynamic rights of the actual participant of the target lifecycle state are removed from the target business object.
  5. 5. The authorization control method of dynamic rights according to claim 1, further comprising: receiving an operation request aiming at the target service object, and acquiring the static authority, the flow dynamic authority and the life cycle dynamic authority of the target service object; Judging whether to allow the operation request or not based on preset authority calculation logic; Wherein the rights calculation logic comprises: rejecting the operation request when the static authority, the flow dynamic authority and the life cycle dynamic authority are not verified; or when any authority of the static authority, the flow dynamic authority and the life cycle dynamic authority passes verification, the operation request is allowed.
  6. 6. The method for controlling the authorization of dynamic rights according to claim 5, further comprising: in response to receiving a task transfer request for the target task node, updating an actual participant of the target task node from an original processor to a task proxy; and modifying the flow dynamic authority field of the target business object, and transferring the flow dynamic authority of the original processor to the task proxy.
  7. 7. The method for controlling the authority of dynamic authorities as claimed in claim 1, wherein said determining the actual participant of the target task node comprises: analyzing and determining actual user authentication information according to the participant types configured in the flow template, wherein the participant types comprise users, organizations, roles or groups; and when the actual participant is a temporary addition user which is not preset in the flow template, automatically distributing the flow dynamic authority of the target task node for the temporary addition user.
  8. 8. An authorization control device for dynamic rights, comprising: The system comprises an acquisition unit, a process module and a task module, wherein the acquisition unit is used for acquiring a target service object, the target service object is configured to bind a life cycle template, and the life cycle template is configured to be an associated process template, the life cycle template is used for defining the life cycle state of the target service object, the life cycle state is configured with life cycle dynamic permission, the process template is used for defining a service process and a task node associated with the target service object, and the task node is configured with process dynamic permission; The first response unit is used for responding to the flow operation of the target business object, determining an actual participant of the target task node when the flow is transferred to the target task node, and distributing the flow dynamic authority for the actual participant of the target task node according to the flow dynamic authority of the target task node in the flow template; The second response unit is used for responding to the task node to trigger the life cycle state change of the target business object, determining the actual participant of the target life cycle state according to the changed target life cycle state, and distributing the life cycle dynamic permission to the actual participant of the target life cycle state according to the life cycle dynamic permission of the target life cycle state in the life cycle template.
  9. 9. An authorization control system for dynamic rights, comprising: The business object management module is used for managing a target business object, binding the target business object and a life cycle template, and associating the life cycle template and a flow template; The lifecycle management module is used for managing the lifecycle template, wherein the lifecycle template is used for defining the lifecycle state of the target business object, and the lifecycle state is configured with lifecycle dynamic rights; The system comprises a flow management module, a target business object, a target task node, a target business object and a target business object, wherein the flow management module is used for managing the flow template, the flow template is used for defining a business flow and a task node which are associated with the target business object, and the task node is configured with flow dynamic authority; the system comprises a process template, a flow management module, a process dynamic authority, a life cycle state change module and a life cycle state change module, wherein the process template is used for determining a target life cycle state of a target task node according to a process flow, the actual participant of the target task node is determined according to the process flow to the target task node, the process dynamic authority is distributed to the actual participant of the target task node according to the process dynamic authority of the target task node in the process template, the life cycle state change of the target service object is triggered by the task node, the actual participant of the target life cycle state is determined according to the changed target life cycle state, and the life cycle dynamic authority is distributed to the actual participant of the target life cycle state according to the life cycle dynamic authority of the target life cycle state in the life cycle template.
  10. 10. A computer-readable storage medium comprising instructions which, when read by a processor, perform the dynamic rights authorization control method of any one of claims 1 to 7.

Description

Authorization control method, device and system for dynamic authority and storage medium Technical Field The embodiment of the disclosure relates to the technical field of rights management, in particular to a method, a device, a system and a storage medium for controlling dynamic rights. Background With the deep digital transformation of enterprises, core business systems such as product life cycle management (PLM), enterprise Resource Planning (ERP) and the like are widely applied in enterprise operation, and the core function of the core business systems is to perform full life cycle fine management on business objects such as components, documents and the like. In the prior art, a static permission control mechanism based on roles is generally adopted, and fixed access permissions are pre-allocated according to team or organization architecture to which a user belongs. However, the business objects often involve complex approval processes and state changes in the actual circulation process, and for scenes such as cross-department collaboration, expert review or temporary signing, the static authority mechanism often lacks flexibility, so that an actual processor cannot access the business objects. Moreover, in order to cope with the temporary permission requirement in the process, the existing practice often needs frequent manual intervention or special treatment at the code level, and excessive authorization and data security risks are easily caused. Therefore, the problem of how to improve the flexibility of the rights of the business objects in the circulation process is of great concern. Disclosure of Invention In view of this, the embodiments of the present disclosure provide a method, an apparatus, a system, and a storage medium for controlling dynamic rights, so as to improve the rights management efficiency of an enterprise in the process of production and marketing. The method comprises the steps of obtaining a target business object, wherein the target business object is configured to be bound with a life cycle template, the life cycle template is configured to be associated with a flow template, the life cycle template is used for defining the life cycle state of the target business object, the life cycle state is configured with life cycle dynamic rights, the flow template is used for defining business flows and task nodes associated with the target business object, the task nodes are configured with flow dynamic rights, responding to flow operation of the target business object, determining actual participants of the target task node when the flow is transferred to the target task node, distributing flow dynamic rights to the actual participants of the target task node according to the flow dynamic rights of the target task node in the flow template, and/or responding to the task node to trigger life cycle state change of the target business object, determining the actual participants of the target life cycle state according to the changed target life cycle state, and distributing the life cycle dynamic rights to the actual participants of the target life cycle state according to the life cycle dynamic rights of the target life cycle state in the life cycle template. According to the authorization control method of the dynamic authority, the dynamic authorization mode of the static authority, the flow dynamic authority and the life cycle dynamic authority is constructed by refining the authority control granularity to the flow node and the life cycle state, so that the problems of insufficient flexibility and frequent manual intervention in complex service circulation of traditional static authority management can be solved, potential safety hazards caused by temporary authorization, excessive authorization and constant authorization due to change of circulation stages can be avoided, and double promotion of service efficiency and data security is realized. Optionally, according to the flow dynamic authority of the target task node in the flow template, the flow dynamic authority is allocated to the actual participant of the target task node, which comprises the steps of acquiring first authority information preconfigured by the target task node, writing the actual participant of the target task node and the first authority information into a flow dynamic authority field of the target service object, and according to the life cycle dynamic authority of the target life cycle state in the life cycle template, the life cycle dynamic authority is allocated to the actual participant of the target life cycle state, which comprises the steps of acquiring second authority information preconfigured by the target life cycle state, and writing the actual participant of the target life cycle state and the second authority information into a life cycle dynamic authority field of the target service object. Optionally, the first rights information and the second rights information are configured to define