阅读说明：本技术 文件权限控制方法 (File authority control method ) 是由 周翔 綦洋 曾星星 于 2020-12-04 设计创作，主要内容包括：本发明涉及文件管理技术领域,尤其涉及一种文件权限控制方法。为简化文件的访问权限设置,避免遗漏并实现精准管控,本发明提出一种文件权限控制方法,包括：组织架构内部的权限控制,依据所述组织架构内部的层级关系设置目标文件的纵向控制权限；跨组织横向权限控制,结合所述目标文件所属业务的业务规则设置所述目标文件的横向控制权限；文件权限规则配置,根据所述目标文件所属业务的类别定义所述目标文件的权限规则代码,并对所述权限规则代码进行实施维护。本发明文件权限控制方法方便设置目标文件的控制权限,避免遗漏,可实现目标文件的控制权限的动态变更和精准管控。(The invention relates to the technical field of file management, in particular to a file authority control method. In order to simplify the access authority setting of a file, avoid omission and realize accurate management and control, the invention provides a file authority control method, which comprises the following steps: the method comprises the following steps of (1) performing authority control inside an organization structure, and setting longitudinal control authority of a target file according to a hierarchical relation inside the organization structure; cross-organization transverse authority control, and setting transverse control authority of the target file by combining with a service rule of a service to which the target file belongs; and configuring file authority rules, defining authority rule codes of the target file according to the type of the service to which the target file belongs, and implementing and maintaining the authority rule codes. The file authority control method provided by the invention is convenient for setting the control authority of the target file, avoids omission, and can realize dynamic change and accurate control of the control authority of the target file.)

1. A file authority control method is characterized by comprising the following steps:

the method comprises the following steps of (1) performing authority control inside an organization structure, and setting longitudinal control authority of a target file according to a hierarchical relation inside the organization structure;

cross-organization transverse authority control, and setting transverse control authority of the target file by combining with a service rule of a service to which the target file belongs;

and configuring file authority rules, defining authority rule codes of the target file according to the type of the service to which the target file belongs, and implementing and maintaining the authority rule codes.

2. The file authority control method according to claim 1, wherein the file information of the target file includes a file ID, attribution information, and a business rule code of a business to which the target file belongs.

3. The file authority control method according to claim 2, wherein in the authority control inside the organization structure, the control authority of the organization personnel inside the organization structure on the target file is determined according to the attribution information of the target file.

4. The document authority control method according to claim 3, wherein the attribution information of the target document is stored in four levels of tenant, company, department, and individual.

5. The file authority control method according to any one of claims 1 to 4, wherein in the authority control inside the organization architecture, information of the organization architecture is maintained in the form of an organization architecture tree, and the organization architecture tree includes a company, a department, and a hierarchical relationship between lower companies and departments in lower companies.

6. The method for controlling the file permission according to claim 5, wherein in the cross-organization lateral permission control, user group information of each link in an approval process is acquired according to the approval process of a service to which the target file belongs, and the control permission of a user group to the target file is set according to the user group information.

7. The file right control method according to claim 6, wherein the user group information includes personal information of a current login person and organization information to which the current login person belongs.

8. The file authority control method according to claim 5, wherein in the cross-organization horizontal authority control, the authority of the target file is verified according to the business data and the business rules of the business to which the target file belongs.

Technical Field

The invention relates to the technical field of file management, in particular to a file authority control method.

Background

In the conventional information management system, authority control is mainly performed around a creator (owner) of a file. However, many documents contain sensitive information, such as the quotation information of the applicant contained in the purchase-related document in the purchase service, and therefore, the access right of the applicant needs to be accurately controlled to avoid the leakage of the sensitive information. In the purchasing business, the authority control rule of the purchasing related file is closely connected with the purchasing business rule, and a complex file authority control rule needs to be set by combining the information of a file creator, the affiliated project and the project participant. Taking purchase item files such as bidding documents and bidding documents as an example, the authority rules of the purchase item files are mainly embodied in the following aspects:

1. in the purchasing process, a creator of the bidding document is mainly a project manager, and a department, a company related leader and other project group members of the same project all need to check the bidding document, so the project manager, the project group members, the department and the company related leader all need to have access authority of the bidding document;

2. in the management process of the actual purchasing business, the purchasing project file can be validated only by requiring the examination and approval of other functional departments such as finance and legal affairs, so that access rights need to be opened for all functional parts in the examination and approval process such as finance, legal affair related personnel and leaders; meanwhile, the approval process of the purchase project file is changed and adjusted in stages along with the change of the management and control rules of the company, so that the access authority of related duties and personnel needs to be adjusted in time when the management and control rules of the company are changed;

3. when project related personnel or company organization frameworks are adjusted, purchasing project files are handed over along with purchasing projects, so that the access authority of the related purchasing project files is adjusted;

4. after the bidder purchases the bidding documents or accepts the bidding invitation, the access right needs to be opened for the bidder so that the bidder can view the purchasing item files corresponding to the purchasing items;

5. after the bidder submits the bid document and before the bid opening decryption, anyone except the bidder does not have the access right to check the bid document; after opening the bid and decrypting, the access right of the bid document is required to be opened for the member of the appraiser, the member of the project group and the supervisor.

In summary, in the conventional information management system, the access right of the file is set to be complicated and easy to miss, and when the project related personnel or the company organization framework is adjusted, the access right of the file cannot be dynamically changed and accurately controlled.

Disclosure of Invention

In order to simplify the access authority setting of a file, avoid omission and realize accurate control, the invention provides a file authority control method, which comprises the following steps:

the method comprises the following steps of (1) performing authority control inside an organization structure, and setting longitudinal control authority of a target file according to a hierarchical relation inside the organization structure;

cross-organization transverse authority control, and setting transverse control authority of the target file by combining with a service rule of a service to which the target file belongs;

and configuring file authority rules, defining authority rule codes of the target file according to the type of the service to which the target file belongs, and implementing and maintaining the authority rule codes.

The file authority control method divides the authority control of the file into two categories of the authority control of the vertical layer inside the organization framework and the cross-organization transverse authority control based on the business rule, thereby being convenient for setting the control authority of the target file and avoiding omission; and defining the authority rules of the target file according to the class of the service to which the target file belongs, and maintaining the authority rules of the target file in real time, so that the dynamic change and the accurate control of the control authority of the target file can be realized.

Preferably, the file information of the target file includes a file ID, attribution information, and a business rule code of a business to which the target file belongs. Therefore, when the target file is inquired, the target file can be called according to the file information of the target file, the control authority of a caller on the target file is verified, the calling and verification of the control authority are facilitated, and accurate control and control of the control authority of the target file can be achieved.

Preferably, in the authority control inside the organization structure, the control authority of the organization personnel inside the organization structure on the target file is determined according to the attribution information of the target file. Therefore, the control authority of the target file can be classified according to the hierarchical relation in the organizational structure, and the dynamic change efficiency and the control accuracy of the control authority of the target file can be improved. Furthermore, the attribution information of the target file is stored in a distinguishing way according to four levels of tenants, companies, departments and individuals. Thus, after the attribution information of the target file is determined, the control authority of the target file only follows the attribution information of the target file, and the control authority of the target file does not change due to personnel change in the attribution department or change of the department to which the attribution personnel belong, so that the attribution of the target file can be accurately determined.

Preferably, in the authority control inside the organization structure, the information of the organization structure is maintained in the form of an organization structure tree, and the organization structure tree includes companies, departments and hierarchical relationships between lower companies and departments in lower companies. Therefore, the hierarchical relation among all hierarchies in the organizational structure is clear, the longitudinal control authority of the target file is convenient to set, and omission can be avoided.

Preferably, in the cross-organization transverse authority control, user group information of each link in an approval process is acquired according to the approval process of the service to which the target file belongs, and the control authority of the user group to the target file is set according to the user group information. Therefore, in the cross-organization transverse authority control, the user group information of each link in the approval process is obtained according to the approval process of the business to which the target file belongs, the obtained user group information is accurate, and the accurate control of the control authority of the target file can be further realized. Further, the user group information includes personal information of a current login person and affiliated organization information. The user group information can completely and accurately determine the authority information of the current login person, and accurate control and control of the control authority of the target file are achieved.

Preferably, in the cross-organization horizontal authority control, the authority of the target file is verified according to the service data and the service rule of the service to which the target file belongs. Therefore, when the control authority of the cross-organized user group to the target file is verified, verification can be performed according to the business data and the business rules of the business to which the target file belongs, and the verification accuracy of the control authority of the cross-organized user group to the target file can be improved.

Drawings

Fig. 1 is an exploded view of the file right control method of the present invention.

Detailed Description

The file right control method of the present invention will be described in detail with reference to fig. 1.

As shown in fig. 1, the file authority control method of the present invention includes authority control inside the organization architecture, cross-organization horizontal authority control, and file authority rule configuration. And setting the longitudinal control authority of the target file according to the hierarchical relation inside the organization structure. Preferably, in the authority control inside the organization structure, the control authority of the organization personnel inside the organization structure on the target file is determined according to the attribution information of the target file. Therefore, the control authority of the target file can be classified according to the hierarchical relation in the organizational structure, and the dynamic change efficiency and the control accuracy of the control authority of the target file can be improved. Preferably, the file information of the target file includes a file ID, attribution information, and a business rule code of a business to which the target file belongs. Therefore, when the target file is inquired, the target file can be called according to the file information of the target file, the control authority of a caller on the target file is verified, the calling and verification of the control authority are facilitated, and accurate control and control of the control authority of the target file can be achieved. Preferably, the attribution information of the target file is stored according to four levels of tenants, companies, departments and individuals. Thus, after the attribution information of the target file is determined, the control authority of the target file only follows the attribution information of the target file, and the control authority of the target file does not change due to personnel change in the attribution department or change of the department to which the attribution personnel belong, so that the attribution of the target file can be accurately determined. Preferably, in the authority control inside the organization architecture, the information of the organization architecture is maintained in the form of an organization architecture tree, and the organization architecture tree includes a company, a department, and a hierarchical relationship between lower-level companies and departments in lower-level companies. Therefore, the hierarchical relation among all hierarchies in the organizational structure is clear, the longitudinal control authority of the target file is convenient to set, and omission can be avoided.

And (4) cross-organization transverse authority control, and setting the transverse control authority of the target file by combining the business rule of the business to which the target file belongs. Preferably, in the cross-organization transverse authority control, user group information of each link in the approval process is acquired according to the approval process of the business to which the target file belongs, and the control authority of the user group to the target file is set according to the user group information. Therefore, in the cross-organization transverse authority control, the user group information of each link in the approval process is obtained according to the approval process of the business to which the target file belongs, the obtained user group information is accurate, and the accurate control of the control authority of the target file can be further realized. Preferably, the user group information includes personal information of a current login person and belonging organization information. The user group information can completely and accurately determine the authority information of the current login person, and accurate control and control of the control authority of the target file are achieved. Preferably, in the cross-organization horizontal authority control, the authority of the target file is verified according to the service data and the service rule of the service to which the target file belongs. Therefore, when the control authority of the cross-organized user group to the target file is verified, verification can be performed according to the business data and the business rules of the business to which the target file belongs, and the verification accuracy of the control authority of the cross-organized user group to the target file can be improved.

When the target file is uploaded in the file management system, the file management system stores the attribution of the target file according to four levels of tenants, companies, departments and individuals according to different types of services to which the target file belongs, saves the user ID of an uploader and organization information such as department, company or tenant information to which the uploader belongs when uploading the target file during storage, and forms attribution information of the target file by using the information. Thus, after the attribution information of the target file is determined, the control authority of the target file only follows the attribution information of the target file, and the control authority of the target file does not change due to personnel change in the attribution department or change of the department to which the attribution personnel belong, so that the attribution of the target file can be accurately determined. For example, when the attribution of the target file is a department, the attribution of the target file is not affected after personnel in the department change; when the attribution of the target file is personal, the attribution of the target file is adjusted along with the change of the attribution personnel without being influenced by the change of the department to which the attribution personnel belongs. In the document management system, organization structure information is maintained in the form of an organization structure tree, and the organization structure tree includes companies, departments, and hierarchical relationships between lower companies and departments in the lower companies. Therefore, after the attribution information of the target file is determined, the file management system is matched with the organization architecture information, the upper and lower levels of organization in the attribution organization of the target file can be matched with role constraints to complete the longitudinal authority control of the target file in the organization architecture, and further the upper and lower levels of management and control are achieved. For example, when the target file belongs to the purchasing department, the viewing authority of the superior leaders of all levels of the purchasing department to the target file can be opened according to the attribution information of the target file, so that the superior leaders of all levels of the purchasing department can manage and supervise the purchasing project of the purchasing department.

When the target file is uploaded to a file management system, the service rule of the service of the target file is uploaded, and the service rule code of the service of the target file, namely the service rule code, is marked on the target file. Therefore, when the target file is downloaded, the authority of the target file can be controlled according to the business rule of the business to which the target file belongs. For example, when the service to which the target file belongs is a purchasing service, the authority of the target file can be controlled by combining the service rule of the purchasing service. When the file management system supports the authority verification, a corresponding authority verification interface provided by a service can be called according to a business rule code of a business to which a target file belongs, the authority of the target file is verified according to the existing business data and the business rule of the business to which the target file belongs by combining the uploaded ID and attribution information of the target file, the personal information of the current login person and the organization information of the current login person, and if the authority of the target file passes the verification, the file management system performs subsequent operation on the target file; and if the authority of the target file is not verified, the file management system refuses to perform subsequent operation on the target file.

And for the target file needing to be approved, carrying out authority control on the target file by combining the approval process. Specifically, related information of an approval process of a business to which the target file belongs is inquired according to the ID of the target file and a business rule code of the business to which the target file belongs, so that information of each link in the approval process is obtained, and information of each user group participating in approval in the whole approval process is further obtained; judging whether the current login person belongs to a group participating in examination and approval according to the user group information, the personal information and the affiliated organization information of the current login person, and if the current login person belongs to the group participating in examination and approval, opening the access authority of the current login person to the target file; and if the current login does not belong to the user group participating in the approval, not opening the access authority of the current login person to the target file, and intercepting the access of the current login person.

And configuring file authority rules, defining authority rule codes of the target file according to the class of the service to which the target file belongs, and implementing and maintaining the authority rule codes of the target file. In the file management system, after the authority rule codes are defined for the target files of different service types, real-time maintenance can be carried out. In defining the authority rule code of the target file, a plurality of authority rule codes may be employed, and a logical combination may be employed for the plurality of authority rule codes.

The file authority control method divides the authority control of the file into two categories of the authority control of the vertical layer inside the organization framework and the cross-organization transverse authority control based on the business rule, thereby being convenient for setting the control authority of the target file and avoiding omission; and defining the authority rules of the target file according to the class of the service to which the target file belongs, and maintaining the authority rules of the target file in real time, so that the dynamic change and the accurate control of the control authority of the target file can be realized.