Generic Permission Scheme In Province-district-country Integrated Power Grid Dispatching Management System

The power grid has obtained rapid development in recent years. As the installed capacity and the number of plants grow rapidly, the coupling of different dispatching institutions has become much higher, and the traditional electricity management model which makes all dispatching institutions build their management system dispersedly was faced with enormous challenges, for its shortage of repeated construction and information isolated island. Fortunately, the proposal of province-district-country integrated power grid management model has provided an effective solution to this problem. The construction way of the province-district-country integrated power grid dispatching management system which was built with this model is to formulate system operation flow of multi-level dispatching institutions accordantly, and coordinates users manage the system information with different measures. However, the most outstanding challenges in system construction is how to ensure the transmission security of vast quantities of information between different dispatching institutions, and how to implement differentiated access control between different dispatching institutions" users. Therefore, combined with the characteristics and requirements of province-district-country integrated power grid dispatching management system, a generic permission scheme is presented in this paper.Summarized the advantages and disadvantages of RBAC model, Aiming at the problem of permission granularity hardly to be refined, an improved RBAC model with "user-role-page-permission" describe method is proposed. Meanwhile, aiming at the problem of "role flood", another access describe method is proposed, which enables some special users be authorized directly. Realized the disadvantages of single administrator centralized authorization and multi-administrator decentralized authorization, a hierarchical authorization method with "superiors allocate policy" is proposed. The method not only disperses the authorization pressure but it also ensures the consistency of authorization way. Concerned about the possibility of adding new function modules, a function module scalability design method is proposed. Likewise, concerned about the possibility of adding new system permissions and subdividing permission in data field, the breadth and depth permission scalability design methods are proposed respectively. To relieve database pressure and improve system running speed, user permission cache was added. Then, with the aid of reader-writer model, user permission cache synchronization design was realized. Combined with the foundation data support and data management, attention has been paid to key technologies of generic permission scheme design and implementation. For further guarantee of system security, the log management function was added to generic permission scheme. It monitors system operation conditions and enables system administrators discover and repair the potential security vulnerability in real time.Lastly, introduces how the generic permission scheme works in the small plants management system of Yunnan power grid, and proved available in the practical project. This application provides an important reference for similar systems’ permission management design.