Implementation of organization permission system (workflow)

In the workflow management system, the flow of business processes and handling of each node are completed by the participation and collaboration of people or organizations. The workflow management system is the automation of business processes. It automates these processes through computer-related technical means and effectively manages them to improve the efficiency of enterprise operations, reduces development and maintenance costs and increases enterprise competitiveness.

 

In the workflow management system, an enterprise's organization is the carrier for the system to execute activities and complete tasks. The Organization reflects the management level of the enterprise's personnel, and also reflects the personnel and work, the relationship between the responsible permissions. Therefore, organizational unit permissions play an important role in the workflow management system and are indispensable.

 

In the enterprise management system, most of the Organization's permission models follow the RBAC standard. Organizations are divided into institutions, departments, positions, and employees. Permissions are usually associated with roles. Roles, users, and permissions are the basic data elements in the permission model.

 

Role permission management is a virtual concept of enterprise management system informatization. Unlike an organizational unit, an organizational unit actually exists, reflecting the organizational unit composition and the management hierarchy of personnel. Roles are virtualized to facilitate enterprise information management. Most roles are associated with Operation permissions, permissions, and atomic operations of modules.

 

An enterprise's organization is a collection of enterprise personnel established to optimize management and carry out business. It has a certain internal level and affiliated organization. Organization modeling is a modeling of the organizational structure of an enterprise. It uses Abstract models or elements to construct a series of relationships to express the layers and affiliation of entities in an organization. The general organizational unit model defines entities such as "institutions", "departments", and "posts". Second, it defines the dimensions of organizational models, such as distributed administration, party and government, and working groups. Determine different job systems based on different dimensions.

 

In this way, the relationship between companies, organizations, positions, and employees is clearly defined. When assigning permissions, you can set different responsibility ranges based on different nodes in the Organization.

 

An organizational unit is usually structured in multiple dimensions and permissions are associated with roles. A role is a concept virtualized by the enterprise information system. It has certain functional module access permissions, atomic operations, and permission permissions. At an organizational unit level, a role is assigned to an organizational unit Tree node, which has a group of users, users in the same organization have the same operation permissions and responsibilities. According to the hierarchy of upper and lower levels of the Organization, the role also has the inheritance relationship of the upper and lower levels.

 

In the workflow management system, the activities of each node are completed by people. When defining a process, it is specified by a person, role, or organization node. When the business process is handled, the activities are completed based on the set person or a group of people to achieve circulation. The workflow engine completes the flow of processes, the organization permission management completes the Organization modeling, and the role-based permission system management. In the workflow management system, the organizational unit permission system must be integrated.

 

In the eworkflow workflow management system, an organizational unit permission management system is built in to complete the process modeling and the Association of organizational units. When integrating the enterprise information system, you must integrate the Organization permission system of the enterprise information system. Therefore, there are three ways to integrate organizational unit permissions in eworkflow:

 

1. directly use the built-in organization permission system of eworkflow

2. Integrate the Organization permission system in the enterprise information system

3. integrate with the Organization permission API provided by eworkflow.

 

First: directly use the built-in organizational unit permissions of eworkflow

Organization modeling. Organizations are divided into institutions, departments, and positions. Personnel can be attached to any organization, or they can be directly attached to a position or department under an organization. You can set any level based on the actual situation of the enterprise.

A role is associated with a specific operation permission and permission. A role is attached to any node of an organizational unit, so that the people on the same node of the organizational unit have the same operation permissions and scope of duties.

Roles are associated with organizational units and inherit the upper and lower levels of organizational units.

For example, if the roles of common employees are attached to the root node of the enterprise, all employees of the entire enterprise have the operation permissions of common employees. If you need to obtain all employees of the Development Department, is the range of all subnodes. Role inheritance is upward inheritance, and the organizational unit scope is downward acquisition.

 

Type 2: organizational unit permissions integrated with the enterprise information system

Configure the fcuser. xml file to map organization tables, role tables, and user tables of an enterprise to eworkflow.

After the ing is completed, the effect is the same as that of the first one. Organizations, roles, and users directly use tables and records in the enterprise information system.

The ing subject information is:

Organization table(Including institutions, departments, positions, and fields associated with upper and lower levels)

Role table(Role Definition table)

User table(Employee defined table)

User Organization Association Table

User Role Association Table

Organization role Association Table

If no ing is available for the joined table.

 

Third: Use the Organization permission API interface provided by eworkflow to integrate

If the organization model of the enterprise information system is very different from the organization model of eworkflow, The ing relationship cannot be integrated. You can do this by implementing interfaces.

In the interface implementation class, you can directly implement it by function division, or call the API functions in the enterprise information system.

 

The jdbcuserprovider class is the implementation class of eworkflow; The apiuserprovider class is a secondary development implementation class based on the user interface. In the apiuserprovider class, you can call the implementation methods in your system.