CN-122020699-A - Permission distribution method and system based on SAP platform

Abstract

The application provides a permission distribution method and a permission distribution system based on an SAP platform, which belong to the technical field of permission management, wherein the method comprises the steps of responding to a permission application request of a user, wherein the permission application request at least comprises a system type, an application mode and permission content; analyzing the authority content through a feature point analysis algorithm, automatically distributing the authority application request to a corresponding business department auditing node according to an analysis result, executing primary auditing on the distributed authority application request at the business department auditing node, deciding whether to execute advanced auditing according to the importance of the authority application request and outputting a final approval result, calling the authority configuration function of the SAP platform through an RFC interface when the final approval result is approval passing, and executing automatic authority configuration operation. The application simplifies the flow, improves the efficiency, reduces the risk and ensures the safety and compliance of the authority management through intelligent application, automatic allocation and configuration.

Inventors

• QI LUFENG
• LI MUXIN
• ZHAO XIN
• WANG ZONGGUANG
• WANG CHONGYING
• WU JIANG
• ZHAO HONGWEI
• YAO HUIQUN
• LIU ZONGSHUN
• XIA GUANGMING
• GONG YUANCHAO

Assignees

• 山东鲁软数字科技有限公司

Dates

Publication Date

20260512

Application Date

20251210

Claims (10)

1. 1. The permission distribution method based on the SAP platform is characterized by comprising the following steps: S1, responding to a permission application request of a user, wherein the permission application request at least comprises a system type, an application mode and permission content; S2, analyzing the authority content through a feature point analysis algorithm, and automatically distributing the authority application request to a corresponding business department auditing node according to an analysis result; s3, performing primary auditing on the assigned authority application request at a business department auditing node; S4, deciding whether to execute high-level examination or not according to the importance of the authority application request, and outputting a final examination and approval result; S5, when the final approval result is approval passing, invoking the authority configuration function of the SAP platform through the RFC interface, and executing automatic authority configuration operation.
2. 2. The SAP platform-based rights assignment method as claimed in claim 1, wherein the step S1 comprises the specific steps of: S11, responding to a user selection application mode through a selection component, wherein the application mode comprises a filling mode and a template uploading mode; S12, responding to a filling mode selected by a user, receiving post information input by the user, automatically inquiring and filling corresponding standard authority details according to a preset post-authority mapping table, and generating authority content; S13, responding to a template uploading mode selected by a user, receiving a permission template file uploaded by the user, analyzing permission data, and generating permission content; S14, automatically acquiring identity information, organization unit information and application department information of the current user, associating the identity information, organization unit information and application department information with the authority content, and generating an authority application request.
3. 3. The SAP platform-based rights assignment method as claimed in claim 2, wherein step S12 specifically includes: S121, storing a post-authority mapping table in a configuration table of an SAP platform in advance; S122, executing a query statement SELECT auth_ List FROM ZROLE _ MAP WHERE Position =P according to the input post information P of a user, and obtaining a corresponding authority List auth_list; S123, automatically filling the rights object and the transaction code in the rights List Auth_List into a change content area of the rights application form.
4. 4. The SAP platform-based rights assignment method as claimed in claim 1, wherein the step S2 comprises the specific steps of: S21, pre-establishing a rights feature Keyword library, wherein the rights feature Keyword library defines a mapping relation F between keywords and an SAP service Module; s22, carrying out text analysis on the authority content, and identifying authority characteristic keywords; S23, automatically assigning the authority application request to one or more corresponding service department auditing nodes according to the identified authority feature keywords and the corresponding mapping relation F, and performing refinement assignment if the authority content belongs to different SAP service sub-modules under the same superior SAP service module; s24, for the authority application related to the workflow system, assigning the authority application to the corresponding business process auditing node according to the preset process number and the corresponding number range carried in the authority content.
5. 5. The SAP platform-based rights assignment method as claimed in claim 4, wherein the specific steps of refining the assignment in step S23 are as follows: S231, scanning the authority content again after the authority content is allocated to the first SAP service module M1; S232, if a keyword K_sub related to a second SAP service sub-module M1_S subordinate to the first SAP service module M1 is identified, creating a permission item containing the keyword K_sub as a sub-application; s233, additionally assigning the sub-application to a sub-audit node or sub-audit flow corresponding to the second SAP service sub-module M1_S.
6. 6. The SAP platform-based rights assignment method as claimed in claim 1, wherein the step S3 comprises the specific steps of: s31, auditing the node in a business department, and only displaying the assigned authority application request; S32, checking the displayed authority application request by a business auditor, and judging whether the corresponding authority application request accords with business rules and requirements of the business department; If yes, go to step S33; if not, go to step S34; s33, performing primary auditing operation, wherein the primary auditing operation at least comprises approval, rejection and return modification, and entering step S4; s34, forwarding the authority content in the authority application request to the corresponding business department auditing node, and returning to the step S31.
7. 7. The SAP platform-based rights assignment method as claimed in claim 1, wherein the step S4 is specifically as follows: S41, receiving a permission application request primarily audited by a service department node; s42, carrying out importance evaluation on the authority content based on a preset rule to generate an importance grade mark, wherein the rule at least comprises judging whether the authority relates to financial posting, main data modification or system key configuration; if the importance level is identified as the ordinary authority, the step S43 is entered; if the importance level mark is the core sensitive authority, the step S44 is entered; s43, taking the primary auditing result as a final auditing result; S44, automatically submitting the application request to a preset high-level approval process, approving by a preset higher-level approval node, and taking an approval result of the high-level approval process as a final approval result.
8. 8. The SAP platform-based rights assignment method as claimed in claim 1, wherein the step S5 comprises the specific steps of: S51, automatically triggering a permission configuration flow when a final approval result is passed; s52, calling a standard authority management function of the SAP system through an RFC interface, and inquiring a current effective authority set CurrentRoleSet of an application user; S53, comparing the approved authority set ApprovedRoleSet with the current valid authority set CurrentRoleSet to obtain a role set AddSet = ApprovedRoleSet-CurrentRoleSet to be added and a role set RemoveSet = CurrentRoleSet-ApprovedRoleSet to be removed; S54, after the roles in the role set AddSet to be added are allocated to the users in batches, the roles in the role set RemoveSet to be removed are removed from the user permission in batches; s55, after the authority configuration operation is executed, inquiring an SAP system through an RFC interface to verify a configuration result; S56, recording the configuration operation process, the configuration result and the verification information to a system log, and sending a configuration result notification to the authority applicant and the appointed manager.
9. 9. The SAP platform-based rights assignment method as claimed in claim 8, wherein the step S54 comprises the specific steps of: S541, checking the number of roles Count (AddSet) in the role set AddSet to be added before executing batch addition; S542, if the number of roles Count (AddSet) is greater than a preset threshold N, splitting a role set AddSet to be newly added into a plurality of subsets [ SubAddSet, subAddSet, the.], wherein the number of roles contained in each subset is less than or equal to N; s543, sequentially calling RFC interfaces to execute role allocation operation according to the subset sequence.
10. 10. An SAP platform-based rights distribution system, comprising: The authority application processing module is used for receiving an authority application request of a user and generating corresponding authority content according to different application modes; The intelligent dispatch module is used for analyzing the characteristic points of the authority content and automatically routing the authority application request to a corresponding business department auditing node according to an analysis result; The auditing processing module is used for executing primary auditing on the assigned authority application request at the corresponding business department auditing node, deciding whether to execute advanced auditing according to the authority importance, and outputting a final auditing result; And the permission configuration module is used for calling the permission configuration function of the SAP platform through the RFC interface when the final approval result is passing and executing automatic permission configuration and verification operation.

Description

Permission distribution method and system based on SAP platform Technical Field The application belongs to the technical field of rights management, and particularly relates to a rights allocation method and system based on an SAP platform. Background SAP is a short term for Systems, applications, and Products in Data Processing, system, application and product data processing. In modern enterprise informatization management, an SAP system is used as a core enterprise resource planning platform, and authority management of the SAP system is important to guaranteeing data security and standardizing business processes. The traditional SAP authority allocation generally adopts a mode of three-level approval and centralized management and control, namely a user initiates an authority application through an enterprise portal or a system interface, sequentially passes through multi-level manual approval of department responsible persons, business departments, information technology departments and the like, and finally, the information department personnel manually performs authority configuration in an SAP system and records the authority application in the whole process to meet compliance requirements. Although the mode realizes the separation and supervision of the authorities to a certain extent, the following obvious defects exist in practical application: First, the SAP system has a plurality of modules (such as financial FI, human resources HR, material management MM, etc.), and the rights object and the transaction code are complicated. Common users are difficult to accurately identify the authority types required by own business, often need to independently submit applications for multiple times and multiple paths, which results in difficult application operation, low efficiency and easy application errors or omission. Second, traditional linear approval processes involve multiple departments, and cross-department communication coordination is costly. In the approval link, an approver often needs to face an application form containing a plurality of irrelevant module authorities and cannot focus on authority examination in the local authority responsibility range, so that the whole approval period is prolonged, and the approval misjudgment risk caused by mismatching of the professional field is increased. And finally, the intelligent recognition and dynamic grading approval mechanism for the authority application is lacking, and the efficiency and the safety are difficult to balance. Therefore, a solution that can simplify the operation, intelligently distribute, optimize the flow and implement the automatic security configuration is needed to overcome the drawbacks of the prior art such as low efficiency, complex operation and insufficient risk control. Disclosure of Invention In a first aspect, an embodiment of the present application provides a method for assigning rights based on an SAP platform, including the following steps: S1, responding to a permission application request of a user, wherein the permission application request at least comprises a system type, an application mode and permission content; S2, analyzing the authority content through a feature point analysis algorithm, and automatically distributing the authority application request to a corresponding business department auditing node according to an analysis result; s3, performing primary auditing on the assigned authority application request at a business department auditing node; S4, deciding whether to execute high-level examination or not according to the importance of the authority application request, and outputting a final examination and approval result; S5, when the final approval result is approval passing, invoking the authority configuration function of the SAP platform through the RFC interface, and executing automatic authority configuration operation. Further, the specific steps of step S1 are as follows: S11, responding to a user selection application mode through a selection component, wherein the application mode comprises a filling mode and a template uploading mode; S12, responding to a filling mode selected by a user, receiving post information input by the user, automatically inquiring and filling corresponding standard authority details according to a preset post-authority mapping table, and generating authority content; S13, responding to a template uploading mode selected by a user, receiving a permission template file uploaded by the user, analyzing permission data, and generating permission content; S14, automatically acquiring identity information, organization unit information and application department information of the current user, associating the identity information, organization unit information and application department information with the authority content, and generating an authority application request. Further, step S12 specifically includes: S121, storing a post-authority mapping table in a