User Manual-1909Authority Management用友网络科技股份有限公司 2 Copyright © yonyou Network Technology Co., Ltd. All rights reserved. Without the written permission of yonyou Group, any part or the whole content of this manual may not be reproduced, printed, translated or reduced for any purpose. Please note that the content of this manual may be changed without prior notice, and its content does not represent the commitment made by yonyou Group. 用友网络科技股份有限公司 3Table of Contents CHANGE RECORD .............................................................................................................................................. 6 CHAPTER I OVERVIEW ............................................................................................................................... 7 1.1 INTRODUCTION TO RBAC ......................................................................................................................................... 7 1.2 PERMISSION MODEL .................................................................................................................................................. 7 1.3 VALUE ADVANTAGES ................................................................................................................................................. 8 1.3.1 User and User Group ........................................................................................................................................ 9 1.3.2 Role and Role Group ......................................................................................................................................... 9 1.3.3 Role Classification .......................................................................................................................................... 10 1.3.4 Application Permission ................................................................................................................................... 11 1.3.5 Data Permission .............................................................................................................................................. 11 1.3.6 Duties .............................................................................................................................................................. 12 CHAPTER II CREATE GROUP ADMINISTRATOR .................................................................................... 13 2.1 CREATE SYSTEM ADMINISTRATOR (NOT LIGHTWEIGHT) ......................................................................................... 13 2.2 CREATE GROUP ADMINISTRATOR ............................................................................................................................ 14 CHAPTER III APPLICATION PROCESS .......................................................................................................... 16 3.1 APPLICATION FLOWCHART ...................................................................................................................................... 17 3.2 OPERATING STEPS ................................................................................................................................................... 17 3.2.1 Add User Group............................................................................................................................................... 18 3.2.2 Add Users ........................................................................................................................................................ 18 3.2.3 Add Duties ....................................................................................................................................................... 21 3.2.4 Allocate Application ........................................................................................................................................ 22 3.2.5 Add Role Group ............................................................................................................................................... 24 3.2.6 Add Role .......................................................................................................................................................... 25 3.2.7 Role Batch Creation ........................................................................................................................................ 32 3.2.8 Allocate Duties ................................................................................................................................................ 34 3.2.9 Allocate Organization ...................................................................................................................................... 35 3.2.10 Assign Data Permissions ............................................................................................................................... 37 3.2.11 Allocate Parameter Maintenance Permissions (Not Lightweight) ................................................................. 40 3.2.12 Associate Users ............................................................................................................................................. 40 3.2.13 Allocate Role ................................................................................................................................................. 41 3.2.14 Users to Be Processed ................................................................................................................................... 43 CHAPTER III TYPICAL APPLICATIONS.................................................................................................. 45 4.1 HOW TO CREATE A REGULAR ADMINISTRATOR ......................................................................................................... 45 4.1.1 Scenario 1 – Decentralized Management Based on Group Organization Structure ....................................... 45 4.1.2 Scenario 2 – Decentralized Management Based on Business Field ................................................................ 47 4.2 HOW TO CREATE A BUYER ........................................................................................................................................ 48 CHAPTER IV OTHER FUNCTIONS .............................................................................................................. 50 5.1 USER MANAGEMENT ............................................................................................................................................... 50 5.1.1 User Maintenance ........................................................................................................................................... 50 用友网络科技股份有限公司 4 5.1.2 Share within Group.......................................................................................................................................... 50 5.1.3 Share between Groups ..................................................................................................................................... 52 5.1.4 User Transfer ................................................................................................................................................... 54 5.2 AUTHORIZATION MANAGEMENT.............................................................................................................................. 56 5.2.1 User Permission Assignment ........................................................................................................................... 56 5.2.2 Special Data Permissions ................................................................................................................................ 57 5.3 BUSINESS FUNCTION AUTHENTICATION .................................................................................................................. 59 5.3.1 Application Scenarios ...................................................................................................................................... 59 5.3.2 Key Function Settings ...................................................................................................................................... 59 5.3.3 Key Data Settings ............................................................................................................................................ 59 5.4 PERMISSION QUERY ................................................................................................................................................. 59 5.4.1 Query Application by User .............................................................................................................................. 59 5.4.2 Query Data Permission by User ...................................................................................................................... 60 5.5 PERMISSION CHANGE APPLICATION ......................................................................................................................... 60 5.5.1 Application Scenarios ...................................................................................................................................... 60 5.5.2 User Permission Change Applications ............................................................................................................ 60 5.5.3 Role Permission Change Application .............................................................................................................. 62 ADDENDIX: SEE THIS LIST OF OTHER MANUALS FOR THIS ARTICLE .................................................. 64 用友网络科技股份有限公司 5Introduction This manual is a guide to plan execution, solution preparation and implementation for implementation consultants and key corporate users. The manual is developed around the main business scenarios that the applications can solve. Based on this, the manual shows the key functions of the application, and provides the idea of matching business needs with product functions. This manual consists of five parts. The first part is an overview of the product and its value. The second part is an introduction to the creation of a group administrator. The third part is the application process of the permission management. The fourth part illustrates how to use the permission management through typical examples. The fifth part adopts intra-group and inter-group users sharing to introduce group user changes, authorization management, and permission inquiry, etc. Additionally, in order to deepen users' understanding of the content, this manual not only explains key terms but also provides supplementary explanations in the appendix for key terms that may need cross reference. As a result, users can perform queries easily. To highlight the key points, this manual focuses on solutions and describes only the important control points in product operations. If you want to know more about the product application of specific modules, please refer to this manual for more information: 1. User Manual - Organization Management further elaborates on the key concepts of the product (such as groups, organizations, business delegation, etc.) and the ideas of modeling. It is an important reference for plan implementation and blueprint design. 2. User Manual - Process Management provides the guidance for transaction types and process design tools. 3. User's Manual - Basic Data provides further understandings of basic data and its application. 用友网络科技股份有限公司 6 Change Record Editor Ding Xifang, Ma Donghui Version Reviser Reviewer Starting and Ending Time Revised/Approved Chapters Revised/Approved Contents 1909 Ma Donghui Li Conghui November 2019 No No change 用友网络科技股份有限公司 7Chapter I Overview The UAP permission model is a permission product system centering around roles based on RBAC (Role-Based Access Control). 1.1 Introduction to RBAC The basic concept involved in the RBAC authorization model is to grant and cancel user permissions by assigning and canceling roles. Roles are divided based on function positions, and resource access permissions are encapsulated in roles. Users can access system resources and perform operations on system resources indirectly by assigning roles. Authorized personnel can define various roles and set corresponding access permissions as required. Different roles can then be allocated to users based on their job natures and duties in order to finish author...
