CN116186678A

CN116186678A - Verification method and device for object sharing request, electronic equipment and storage medium

Info

Publication number: CN116186678A
Application number: CN202211617057.7A
Authority: CN
Inventors: 雍菲; 谭莉川; 郝鹏; 胡奕; 陈亚敏; 娄云飞; 赵娥; 苏宁; 田蓝; 王京鹏
Original assignee: China Construction Bank Corp; CCB Finetech Co Ltd
Current assignee: China Construction Bank Corp; CCB Finetech Co Ltd
Priority date: 2022-12-13
Filing date: 2022-12-13
Publication date: 2023-05-30

Abstract

The disclosure provides a verification method and device for an object sharing request, electronic equipment and a storage medium, and can be applied to the technical field of computers and the technical field of finance. The verification method of the object sharing request comprises the following steps: in response to receiving an object sharing request initiated by a target user by utilizing a target terminal, determining a target terminal authority rule corresponding to a target terminal type of the target terminal according to the object sharing request, wherein the object sharing request comprises target object information and the object sharing type, the target terminal corresponds to the target terminal type, and the target user corresponds to the target user type; under the condition that the target object information meets the target terminal authority rule, determining a target user authority rule corresponding to the target user type; verifying the object sharing request according to the target user authority rule and the object sharing type to obtain a verification result; in the case where the verification result characterizes that the object sharing request passes verification, the execution of the object sharing request is permitted.

Description

Verification method and device for object sharing request, electronic equipment and storage medium

Technical Field

The present disclosure relates to the field of computer technology and financial technology, and more particularly, to a method and apparatus for verifying an object sharing request, an electronic device, a computer-readable storage medium, and a computer program product.

Background

With the development of computer technology, there is a need for sharing resources between different users.

Resources may refer to all software, hardware, and data resources in a network. Sharing may refer to users in a network being able to use these resources in part or in whole. Resource sharing may refer to the fact that multiple users may commonly use resources in a computer system.

In the process of implementing the disclosed concept, the inventor finds that at least the following problems exist in the related art: because the sharing range of the resources cannot be controlled, the efficiency and the safety of the resource sharing cannot be ensured.

Disclosure of Invention

In view of this, the present disclosure provides a method and apparatus for verifying an object sharing request, an electronic device, a computer-readable storage medium, and a computer program product.

According to one aspect of the present disclosure, there is provided a method of verifying an object sharing request, including:

in response to receiving an object sharing request initiated by a target user by using a target terminal, determining a target terminal authority rule corresponding to a target terminal type of the target terminal according to the object sharing request, wherein the object sharing request comprises target object information and an object sharing type, the target terminal corresponds to the target terminal type, and the target user corresponds to the target user type;

Under the condition that the target object information meets the target terminal authority rule, determining a target user authority rule corresponding to a target user type;

verifying the object sharing request according to the target user authority rule and the object sharing type to obtain a verification result; and

and permitting the execution of the object sharing request when the verification result indicates that the object sharing request passes verification.

According to an embodiment of the present disclosure, the target object information includes source address information, and the source address information is used to characterize an internet protocol address of the target terminal.

According to an embodiment of the present disclosure, the determining, in response to receiving an object sharing request initiated by a target user using a target terminal, a target terminal permission rule corresponding to a target terminal type of the target terminal according to the object sharing request includes:

determining the target terminal type corresponding to the target terminal according to a preset terminal mapping relation and the source address information, wherein the preset terminal mapping relation comprises at least one preset terminal network segment and preset terminal types corresponding to the at least one preset terminal network segment respectively; and

And determining the target terminal authority rule according to a preset terminal authority mapping relation and the target terminal type, wherein the preset terminal authority mapping relation comprises the at least one preset terminal type and preset terminal authority rules corresponding to the at least one preset terminal type.

According to an embodiment of the present disclosure, the preset terminal types include a general access terminal, a sandbox access terminal, a data analysis terminal, and a data export terminal.

According to an embodiment of the present disclosure, the determining, according to a preset terminal mapping relationship and the source address information, the target terminal type corresponding to the target terminal includes:

under the condition that the source address information is located in a first preset terminal network segment, determining that the target terminal type belongs to the common access terminal;

under the condition that the source address information is located in a second preset terminal network segment, determining that the target terminal type belongs to the sandbox access terminal;

determining that the target terminal type belongs to the data analysis terminal under the condition that the source address information is located in a third preset terminal network segment; and

and under the condition that the source address information is positioned in a fourth preset terminal network segment, determining that the target terminal type belongs to the data export terminal.

According to an embodiment of the present disclosure, the method further includes, before determining the target user permission rule corresponding to the target user type, in the case where it is determined that the target object information satisfies the target terminal permission rule:

comparing the target object information with the target terminal authority rule to obtain a first comparison result;

determining that the target object information meets the target terminal authority rule under the condition that the first comparison result indicates that the target object information is consistent with the target terminal authority rule; and

and under the condition that the first comparison result indicates that the target object information is inconsistent with the target terminal authority rule, determining that the target object information does not meet the target terminal authority rule.

According to an embodiment of the present disclosure, the target object information includes a target user identification, where the target user identification is used to characterize an identification number of the target user.

According to an embodiment of the present disclosure, in the case where it is determined that the target object information satisfies the target terminal authority rule, determining the target user authority rule corresponding to the target user type includes:

Determining a target user type corresponding to the target user according to a preset user mapping relation and the target user identifier, wherein the preset user mapping relation comprises at least one preset user identifier and preset user types corresponding to the at least one preset user identifier respectively; and

and determining the target user permission rule according to a preset user permission mapping relation and the target user type, wherein the preset user permission mapping relation comprises the at least one preset user type and preset user permission rules corresponding to the at least one preset user type.

According to an embodiment of the present disclosure, the determining, according to a preset user mapping relationship and the target user identifier, a target user type corresponding to the target user includes:

respectively matching the target user identifier with each preset user identifier in the at least one preset user identifier to obtain a matching result; and

and under the condition that the matching result represents successful matching, determining the preset user type corresponding to the matching result as the target user type.

According to an embodiment of the present disclosure, the verifying the object sharing request according to the target user permission rule and the object sharing type, to obtain a verification result includes:

In case the above-mentioned target terminal type belongs to a data deriving terminal or a normal access terminal,

comparing the target user type, the object sharing type and the target user permission rule to obtain a second comparison result;

obtaining the verification result representing that the object sharing request passes verification under the condition that the second comparison result represents the target user type and the object sharing type is consistent with the target user authority rule; and

and obtaining the verification result which indicates that the object sharing request is not verified under the condition that the second comparison result indicates that the target user type and the object sharing type are inconsistent with the target user authority rule.

According to an embodiment of the present disclosure, the above-described object sharing type is used to characterize the type of object sharing operation.

According to an embodiment of the present disclosure, the above-described object sharing operation includes at least one of: the terminal object sharing operation comprises a terminal object uploading operation and a system object sharing operation, wherein the system object sharing operation comprises a system object uploading operation, an object viewing operation, an object downloading operation and an object previewing operation.

According to an embodiment of the present disclosure, in a case where the target terminal type belongs to a sandbox access terminal or a data analysis terminal, the method further includes:

rejecting the object sharing request when the object sharing operation is the terminal object uploading operation; and

and rejecting the object sharing request when the object sharing operation is the system object uploading operation.

According to another aspect of the present disclosure, there is provided an authentication apparatus of an object sharing request, including:

the first determining module is used for determining a target terminal authority rule corresponding to a target terminal type of a target terminal according to an object sharing request initiated by a target user by utilizing the target terminal in response to receiving the object sharing request, wherein the object sharing request comprises target object information and the object sharing type, the target terminal corresponds to the target terminal type, and the target user corresponds to the target user type;

the second determining module is used for determining a target user permission rule corresponding to the target user type under the condition that the target object information meets the target terminal permission rule;

The verification module is used for verifying the object sharing request according to the target user authority rule and the object sharing type to obtain a verification result; and

and the permission module is used for permitting the execution of the object sharing request when the verification result indicates that the object sharing request passes verification.

According to another aspect of the present disclosure, there is provided an electronic device including:

one or more processors;

a memory for storing one or more instructions,

wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement a method as described in the present disclosure.

According to another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to implement a method as described in the present disclosure.

According to another aspect of the present disclosure, there is provided a computer program product comprising computer executable instructions which, when executed, are adapted to carry out the method as described in the present disclosure.

According to the embodiment of the present disclosure, since the target terminal authority rule is determined according to the object sharing request, the target terminal authority rule can correspond to the target terminal type of the target terminal, thereby realizing verification of the object sharing authority of the target terminal. On the basis, the target user permission rule is determined under the condition that the target object information meets the target terminal permission rule, so that the target user permission rule can correspond to the target user type, and verification of the object sharing permission of the target user is realized. The target terminal authority rule and the target user authority rule are utilized to verify the object sharing request, so that the technical problem that the efficiency and the safety of resource sharing cannot be guaranteed due to the fact that the sharing range of resources cannot be controlled in the related technology is at least partially solved, the complexity of the verification process of the object sharing request is reduced, and the efficiency and the safety of resource sharing are further guaranteed.

Drawings

The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments thereof with reference to the accompanying drawings in which:

FIG. 1 schematically illustrates a system architecture to which a verification method of an object sharing request may be applied, according to an embodiment of the present disclosure;

FIG. 2 schematically illustrates a flow diagram of a method of validation of an object sharing request, in accordance with an embodiment of the present disclosure;

FIG. 3 schematically illustrates a flow chart of a method of determining a target terminal permission rule corresponding to a target terminal type of a target terminal according to an object sharing request according to an embodiment of the disclosure;

fig. 4 schematically illustrates a flowchart of a method for determining a target terminal type corresponding to a target terminal according to a preset terminal mapping relationship and source address information according to an embodiment of the present disclosure;

FIG. 5 schematically illustrates a flow chart of a method of determining a target user permission rule corresponding to a target user type in the event that it is determined that target object information meets a target terminal permission rule, in accordance with an embodiment of the present disclosure;

FIG. 6 schematically illustrates an example schematic diagram of a validation process of an object sharing request according to an embodiment of the disclosure;

FIG. 7 schematically illustrates a block diagram of an authentication device of an object sharing request, according to an embodiment of the disclosure; and

fig. 8 schematically illustrates a block diagram of an electronic device adapted to implement a verification method of an object sharing request, according to an embodiment of the disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.

Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a formulation similar to at least one of "A, B or C, etc." is used, in general such a formulation should be interpreted in accordance with the ordinary understanding of one skilled in the art (e.g. "a system with at least one of A, B or C" would include but not be limited to systems with a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).

In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related personal information of the user all conform to the regulations of related laws and regulations, necessary security measures are taken, and the public order harmony is not violated.

In the technical scheme of the disclosure, the authorization or consent of the user is obtained before the personal information of the user is obtained or acquired.

Shared resources may refer to the behavior of a computer resource of a computer that enables other computers located in the same computer network to use. Shared resources are an important component of a clustered system, and may include hardware, software, and data resources that can be used in part or in whole by users in the clustered system.

A computer network includes several computers interconnected to each other by a communication network, and a user on each computer can use resources on other computers for resource sharing. For example, device sharing may be performed so that a user may use an external device such as a printer; the data sharing can be performed, so that the user can access the shared database; file sharing may be performed so that a user may access file resources on a shared server, etc.

However, in implementing the concepts of the present disclosure, the inventors found that there are at least the following problems in the related art: because the sharing range of the resources cannot be controlled, the efficiency and the safety of the resource sharing cannot be ensured.

In order to at least partially solve the technical problems in the related art, the present disclosure provides a method and apparatus for verifying an object sharing request, an electronic device, and a storage medium, which can be applied to the fields of computer technology and financial technology. The verification method of the object sharing request comprises the following steps: in response to receiving an object sharing request initiated by a target user by utilizing a target terminal, determining a target terminal authority rule corresponding to a target terminal type of the target terminal according to the object sharing request, wherein the object sharing request comprises target object information and the object sharing type, the target terminal corresponds to the target terminal type, and the target user corresponds to the target user type; under the condition that the target object information meets the target terminal authority rule, determining a target user authority rule corresponding to the target user type; verifying the object sharing request according to the target user authority rule and the object sharing type to obtain a verification result; in the case where the verification result characterizes that the object sharing request passes verification, the execution of the object sharing request is permitted.

It should be noted that, the method and the device for verifying the object sharing request provided by the embodiments of the present disclosure may be used in the fields of computer technology and financial technology, for example, in the field of network technology. The method and the device for verifying the object sharing request provided by the embodiment of the disclosure can also be applied to any field except the field of computer technology and the field of financial science and technology, for example, the field of information security. The application fields of the verification method and the verification device for the object sharing request provided by the embodiment of the disclosure are not limited.

Fig. 1 schematically illustrates a system architecture to which a verification method of an object sharing request may be applied according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.

As shown in fig. 1, a system architecture 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 is a medium used to provide a communication link between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.

The user may interact with the server 105 through the network 104 using at least one of the first terminal device 101, the second terminal device 102, the third terminal device 103, to receive or send messages, etc. Various communication client applications, such as a shopping class application, a web browser application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only) may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.

The first terminal device 101, the second terminal device 102, the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.

The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by the user using the first terminal device 101, the second terminal device 102, and the third terminal device 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.

It should be noted that, the method for verifying the object sharing request provided by the embodiment of the present disclosure may be generally performed by the server 105. Accordingly, the verification device of the object sharing request provided by the embodiments of the present disclosure may be generally disposed in the server 105. The method for verifying an object sharing request provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105. Accordingly, the verification apparatus of the object sharing request provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105.

Alternatively, the verification method of the object sharing request provided by the embodiment of the present disclosure may also be performed by the first terminal device 101, the second terminal device 102, or the third terminal device 103, or may also be performed by other terminal devices different from the first terminal device 101, the second terminal device 102, or the third terminal device 103. Accordingly, the verification apparatus of the object sharing request provided by the embodiment of the present disclosure may also be provided in the first terminal device 101, the second terminal device 102, or the third terminal device 103, or in other terminal devices different from the first terminal device 101, the second terminal device 102, or the third terminal device 103.

It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

It should be noted that the sequence numbers of the respective operations in the following methods are merely representative of the operations for the purpose of description, and should not be construed as representing the order of execution of the respective operations. The method need not be performed in the exact order shown unless explicitly stated.

Fig. 2 schematically illustrates a flowchart of a method of validating an object sharing request, according to an embodiment of the disclosure.

As shown in fig. 2, the verification method 200 of the object sharing request may include operations S210 to S240.

In operation S210, in response to receiving an object sharing request from a target user initiated with a target terminal, a target terminal authority rule corresponding to a target terminal type of the target terminal is determined according to the object sharing request. The object sharing request includes target object information and an object sharing type, the target terminal corresponds to a target terminal type, and the target user corresponds to a target user type.

In operation S220, in case it is determined that the target object information satisfies the target terminal authority rule, a target user authority rule corresponding to the target user type is determined.

In operation S230, the object sharing request is verified according to the target user authority rule and the object sharing type, and a verification result is obtained.

In operation S240, in the case where the verification result characterizes that the object sharing request verification passes, the execution of the object sharing request is permitted.

According to the embodiment of the disclosure, a code for generating an object sharing request may be written in a script in advance, and in response to detecting an object sharing operation performed by a target user using a target terminal, the target terminal may run the script to generate an object sharing request message, and may send the object sharing request message to a server, so that the server may verify an object sharing request corresponding to the object sharing operation according to the object sharing request message.

According to an embodiment of the present disclosure, the object sharing operation may include at least one of: terminal object sharing operation and system object sharing operation. The terminal object sharing operation may refer to a user operation performed on a target object between the terminal a and the terminal B. The system object sharing operation may refer to one of the following: user operations performed on the target object between terminal C and system D, and user operations performed on the target object between system E and system F.

According to embodiments of the present disclosure, the target object may refer to an electronic file to be subjected to a sharing operation. The target object may comprise one of: text files, image files, graphics files, video files, audio files, hypermedia link files, program files, and data files. The user operation may include at least one of: uploading operation, viewing operation, downloading operation and preview operation.

According to embodiments of the present disclosure, the object sharing request may include target object information and an object sharing type. The target object information may include source address information and a target user identification. The source address information may be used to characterize the internet protocol address (Internet Protocol Address, IP) of the target terminal. The target user identification may be used to characterize an identification number (Identity Document, ID) of the target user.

According to embodiments of the present disclosure, a target terminal may correspond to a target terminal type. The target terminal type may be determined from the source address information. The target terminal type may include one of: the system comprises a common access terminal, a sandbox access terminal, a data analysis terminal and a data export terminal. The target user may correspond to a target user type. The target user type may include one of: a first user type, a second user type, and a third user type. The target user type may be determined based on the target user identification.

According to the embodiments of the present disclosure, after receiving the object sharing request, a target terminal authority rule corresponding to a target terminal type of a target terminal may be determined according to the object sharing request. For example, the target terminal type may be determined according to the object sharing request. And determining the permission rule of the target terminal according to the type of the target terminal. The target terminal authority rule may include a mapping rule between a target terminal type, an object sharing type, and an object sharing authority. After determining the target terminal permission rule, the object sharing request may be verified according to the target terminal permission rule to determine whether the target object information satisfies the target terminal permission rule.

According to the embodiment of the disclosure, in the case that it is determined that the target object information satisfies the target terminal authority rule, the target user authority rule corresponding to the target user type may be determined according to the object sharing request. For example, the target user type may be determined based on the object sharing request. And determining the permission rule of the target user according to the type of the target user. The target user rights rule may include a mapping rule between a target user type, an object sharing type, and an object sharing right. After the target user permission rule is determined, the object sharing request can be verified according to the target user permission rule and the object sharing type, and a verification result is obtained. The validation results may be used to characterize whether the object sharing request is validated.

According to the embodiment of the disclosure, in the case that the verification result characterizes that the object sharing request passes verification, the execution of the object sharing request can be permitted. In the case where the verification result characterizes that the object sharing request is not verified, the execution of the object sharing request may be prohibited.

A method 200 of validating an object sharing request according to an embodiment of the invention is further described below with reference to fig. 3-6.

According to embodiments of the present disclosure, object sharing types are used to characterize the types of object sharing operations. The object sharing operation includes at least one of: the terminal object sharing operation comprises a terminal object uploading operation, and the system object sharing operation comprises a system object uploading operation, an object viewing operation, an object downloading operation and an object previewing operation.

According to embodiments of the present disclosure, the terminal object upload operation may refer to a user operation of transferring a target object from a local computer to a remote computer.

According to embodiments of the present disclosure, a system object upload operation may refer to a user operation of transferring a target object from a local computer to a system server. The object viewing operation may refer to a user operation of applying for viewing a target object from a system server using a local computer. The object download operation may refer to a user operation of copying the target object from the system server to the local computer. The object preview operation may refer to a user operation of applying for viewing brief information of a target object to a system server using a local computer.

According to an embodiment of the present disclosure, operation S210 may include the following operations.

And determining the type of the target terminal corresponding to the target terminal according to the preset terminal mapping relation and the source address information. The preset terminal mapping relation comprises at least one preset terminal network segment and preset terminal types corresponding to the at least one preset terminal network segment respectively. And determining a target terminal authority rule according to the preset terminal authority mapping relation and the target terminal type. The preset terminal authority mapping relation comprises at least one preset terminal type and preset terminal authority rules corresponding to the at least one preset terminal type respectively.

According to embodiments of the present disclosure, the target object information may include source address information, which may be used to characterize the internet protocol address of the target terminal.

According to the embodiment of the disclosure, the preset terminal mapping relationship may be determined according to at least one preset terminal network segment and a preset terminal type corresponding to each of the at least one preset terminal network segment. For example, the at least one pre-set terminal network segment may comprise pre-set terminal network segment 1, pre-set terminal network segments 2, …, pre-set terminal network segments N, …, pre-set terminal network segment N. N may be an integer greater than or equal to 1, N ε {1,2, …, (N-1), N }. The preset terminal types corresponding to the at least one preset terminal network segment may include preset terminal type 1, preset terminal types 2 and …, preset terminal types N and …, and preset terminal type N. In this case, the preset terminal mapping relationship may include a mapping relationship between the preset terminal network segment 1 and the preset terminal type 1, a mapping relationship between the preset terminal network segment 2 and the preset terminal type 2, …, a mapping relationship between the preset terminal network segment N and the preset terminal type N, …, and a mapping relationship between the preset terminal network segment N and the preset terminal type N.

According to the embodiment of the disclosure, the preset terminal authority mapping relation can be determined according to at least one preset terminal type and preset terminal authority rules corresponding to the at least one preset terminal type. For example, the at least one preset terminal type may include preset terminal type 1, preset terminal type 2, …, preset terminal types N, …, preset terminal type N. The preset terminal authority rules corresponding to the at least one preset terminal type may include a preset terminal authority rule 1, preset terminal authority rules 2 and …, preset terminal authority rules N and …, and preset terminal authority rule N. In this case, the preset terminal authority mapping relationship may include a mapping relationship between the preset terminal type 1 and the preset terminal authority rule 1, a mapping relationship between the preset terminal type 2 and the preset terminal authority rule 2, …, a mapping relationship between the preset terminal type N and the preset terminal authority rule N, …, and a mapping relationship between the preset terminal type N and the preset terminal authority rule N.

According to the embodiment of the disclosure, after the preset terminal mapping relationship and the preset terminal authority mapping relationship are determined, the preset terminal mapping relationship and the preset terminal authority mapping relationship may be stored to the data source. In response to receiving the object sharing request, a preset terminal mapping relationship and a preset terminal authority mapping relationship can be obtained from the data source. The data source may include at least one of: local databases, cloud databases, and network resources. For example, a data interface may be invoked. And acquiring a preset terminal mapping relation and a preset terminal authority mapping relation from a data source by utilizing a data interface.

According to the embodiment of the disclosure, after the preset terminal mapping relationship is obtained, the source address information in the target object information of the object sharing request can be respectively matched with the preset terminal network segment 1, the preset terminal network segments 2 and …, the preset terminal network segments N and … and the preset terminal network segment N in the preset terminal mapping relationship, so as to determine the matched terminal network segment. And determining the type of the matched terminal corresponding to the network segment of the matched terminal according to the preset terminal mapping relation. And determining the target terminal type according to the matched terminal type.

According to the embodiment of the disclosure, after determining the target terminal type, the target terminal type and at least one preset terminal type in the preset terminal authority mapping relationship can be respectively matched to determine the matched terminal type. And determining a matching terminal authority rule corresponding to the matching terminal type according to a preset terminal authority mapping relation. And determining the target terminal authority rule according to the matched terminal authority rule. The target terminal permission rules may be used to characterize whether the target terminal has permissions corresponding to the object sharing operations.

According to the embodiment of the disclosure, since the target terminal type is determined according to the preset terminal mapping relation and the source address information, the target terminal type can be automatically determined according to the source address information in the target object information, and therefore the efficiency and the accuracy of determining the target terminal type are improved. On the basis, the target terminal authority rule is determined according to the target terminal type, so that the target terminal authority rule can be automatically determined according to the target terminal type, the efficiency and the accuracy of determining the target terminal authority rule are improved, and the efficiency of the verification process of the object sharing request is further ensured.

Fig. 3 schematically illustrates a flowchart of a method of determining a target terminal permission rule corresponding to a target terminal type of a target terminal according to an object sharing request according to an embodiment of the present disclosure.

As shown in fig. 3, in 300, a preset terminal mapping relationship 303 may be determined according to at least one preset terminal network segment 301 and a preset terminal type 302 corresponding to each of the at least one preset terminal network segment 301. The preset terminal authority mapping relation 305 may be determined according to at least one preset terminal type 302 and preset terminal authority rules 304 corresponding to the at least one preset terminal type 302, respectively.

In response to receiving the object sharing request 306, the target terminal type 307 may be determined according to the preset terminal mapping relationship 303 and the source address information 3061 in the object sharing request 306. And determining a target terminal authority rule 308 according to the preset terminal authority mapping relation 305 and the target terminal type 307.

According to an embodiment of the present disclosure, determining a target terminal type corresponding to a target terminal according to a preset terminal mapping relationship and source address information may include the following operations.

And under the condition that the source address information is positioned in the first preset terminal network segment, determining that the target terminal type belongs to the common access terminal. And under the condition that the source address information is located in a second preset terminal network segment, determining that the target terminal type belongs to the sandbox access terminal. And under the condition that the source address information is positioned in a third preset terminal network segment, determining that the target terminal type belongs to the data analysis terminal. And under the condition that the source address information is positioned in the fourth preset terminal network segment, determining that the target terminal type belongs to the data export terminal.

According to an embodiment of the present disclosure, the preset terminal types may include a general access terminal, a sandbox access terminal, a data analysis terminal, and a data derivation terminal.

According to embodiments of the present disclosure, the end network segments may be characterized using w.x.y.z. W, X, Y, Z E [0, 255]. The first preset terminal network segment, the second preset terminal network segment, the third preset terminal network segment, and the fourth preset terminal network segment may be set according to actual service requirements, which is not limited herein.

For example, the first pre-set terminal network segment may be set to W e 0, 10, X e 0, 10, Z e 0, 255, i.e. the first pre-set terminal network segment may include an internet protocol address in the range of 0.0.0.0-10.10.10.255. The second preset terminal network segment may be set to W e 10, 20, X e 10, 20, Z e 0, 255, i.e. the second preset terminal network segment may include an internet protocol address in the range of 10.10.10.0-20.20.20.255. The third preset terminal network segment may be set to W e [20, 30], X e [20, 30], Z e [0, 255], i.e. the third preset terminal network segment may include an internet protocol address in the range of 20.20.20.0-30.30.30.255. The fourth preset terminal network segment may be set to W e [30, 40], X e [30, 40], Z e [0, 255], i.e. the fourth preset terminal network segment may include an internet protocol address in the range of 30.30.30.0-40.40.40.255.

According to the embodiment of the disclosure, since the target terminal type is determined according to the preset terminal mapping relation and the source address information, by dividing different preset terminal network segments, the target terminal type can be automatically determined according to the relation between the source address information and the different preset terminal network segments, so that the efficiency and the accuracy of determining the target terminal type are improved.

According to an embodiment of the present disclosure, in case that the target terminal type belongs to a sandbox access terminal or a data analysis terminal, the verification method 200 of the object sharing request may further include the following operations.

And rejecting the object sharing request when the object sharing operation is a terminal object uploading operation. In the case where the object sharing operation is a system object upload operation, the object sharing request is denied.

According to the embodiments of the present disclosure, after the target terminal type is obtained, in the case where the target terminal type belongs to the sandbox access terminal or the data analysis terminal, the execution of the object sharing request may be refused for the terminal object uploading operation and the system object uploading operation.

According to the embodiment of the disclosure, under the condition that the target terminal type belongs to the sandbox access terminal or the data analysis terminal, the object sharing operation can be refused to be the object sharing request of the terminal object uploading operation or the system object uploading operation, so that uploading of sensitive materials is avoided, and further the safety of resource sharing is guaranteed.

Fig. 4 schematically illustrates a flowchart of a method for determining a target terminal type corresponding to a target terminal according to a preset terminal mapping relationship and source address information according to an embodiment of the present disclosure.

As shown in fig. 4, in 400, in response to receiving an object sharing request 401, source address information 4011 in the object sharing request 401 may be acquired. After the source address information 4011 is obtained, operation S410 may be performed.

In operation S410, if the source address information is located in the first preset terminal network segment i, it is determined that the target terminal type belongs to the common access terminal 402; if not, operation S420 is performed.

In operation S420, the source address information is located in the second preset terminal network segment? If yes, determining that the target terminal type belongs to the sandbox access terminal 403; if not, operation S430 is performed.

In operation S430, the source address information is located in the third preset terminal segment? If yes, determining that the target terminal type belongs to the data analysis terminal 404; if not, operation S440 is performed.

In operation S430, the source address information is located in the fourth preset terminal segment? If yes, determining that the target terminal type belongs to the data export terminal 405; if not, ending executing the target type determining operation.

According to an embodiment of the present disclosure, operation S220 may include the following operations.

And determining the type of the target user corresponding to the target user according to the preset user mapping relation and the target user identification. The preset user mapping relation comprises at least one preset user identifier and preset user types corresponding to the at least one preset user identifier respectively. And determining a target user authority rule according to the preset user authority mapping relation and the target user type. The preset user authority mapping relation comprises at least one preset user type and preset user authority rules corresponding to the at least one preset user type respectively.

According to embodiments of the present disclosure, the target object information may include a target user identification, which may be used to characterize the identification number of the target user.

According to the embodiment of the disclosure, the preset user mapping relationship may be determined according to at least one preset user identifier and a preset user type corresponding to the at least one preset user identifier. For example, the at least one preset user identification may include preset user identification 1, preset user identifications 2, …, preset user identifications M, …, preset user identification M. M may be an integer greater than or equal to 1, M ε {1,2, …, (M-1), M }. The preset user types corresponding to the at least one preset user identifier may include preset user type 1, preset user types 2, …, preset user types M, …, and preset user type M. In this case, the preset user mapping relationship may include a mapping relationship between the preset user identifier 1 and the preset user type 1, a mapping relationship between the preset user identifier 2 and the preset user type 2, …, a mapping relationship between the preset user identifier M and the preset user type M, …, and a mapping relationship between the preset user identifier M and the preset user type M.

According to the embodiment of the disclosure, the preset user permission mapping relationship may be determined according to at least one preset user type and preset user permission rules corresponding to the at least one preset user type. For example, the at least one preset user type may include preset user type 1, preset user types 2, …, preset user types M, …, preset user type M. The preset user permission rules corresponding to the at least one preset user type may include preset user permission rule 1, preset user permission rules 2, …, preset user permission rules M, …, and preset user permission rule M. In this case, the preset user authority mapping relationship may include a mapping relationship between the preset user type 1 and the preset user authority rule 1, a mapping relationship between the preset user type 2 and the preset user authority rule 2, …, a mapping relationship between the preset user type M and the preset user authority rule M, …, and a mapping relationship between the preset user type M and the preset user authority rule M.

According to an embodiment of the present disclosure, the preset user type may include at least one of: audit department contacts and external auditors. The external auditor may be at least one of: and (5) an external examination manager and an external examination team member. Audit department contacts may be contacts assigned external audits, providing shared data to external auditors. An external audit administrator may refer to an administrator who externally audits a certain audit item. An external audit team member may refer to a participant that participates in an external audit of a certain audit project.

According to an embodiment of the present disclosure, after determining the preset user mapping relationship and the preset user authority mapping relationship, the preset user mapping relationship and the preset user authority mapping relationship may be stored to the data source. In response to receiving the object sharing request, a preset user mapping relationship and a preset user authority mapping relationship of a preset user mapping relationship can be obtained from the data source. The data source may include at least one of: local databases, cloud databases, and network resources. For example, a data interface may be invoked. And acquiring a preset user mapping relation and a preset user authority mapping relation from the data source by using the data interface.

According to the embodiment of the disclosure, the target user type is determined according to the preset user mapping relation and the target user identification, so that the target user type can be automatically determined according to the target user identification in the target object information, and the efficiency and the accuracy of determining the target user type are improved. On the basis, the target user permission rule is determined according to the target user type, so that the target user permission rule can be automatically determined according to the target user type, the efficiency and the accuracy of determining the target user permission rule are improved, and the efficiency of the verification process of the object sharing request is further ensured.

According to an embodiment of the present disclosure, determining a target user type corresponding to a target user according to a preset user mapping relationship and a target user identification may include the following operations.

And respectively matching the target user identifier with each preset user identifier in the at least one preset user identifier to obtain a matching result. And under the condition that the matching result represents successful matching, determining the preset user type corresponding to the matching result as the target user type.

According to the embodiment of the disclosure, after the preset user mapping relationship is obtained, the target user identifier in the target object information of the object sharing request and the preset user mapping relationship are automatically and respectively matched with the preset user identifiers 2 and …, the preset user identifiers M and … and the preset user identifier M, so as to determine the matched user identifier. And determining the type of the matched user corresponding to the matched user identification according to the preset user mapping relation. And determining the target user type according to the matched user type.

According to the embodiment of the disclosure, after determining the target user type, the target user type and at least one preset user type in the preset user authority mapping relationship can be respectively matched to determine the matched user type. And determining a matching user authority rule corresponding to the matching user type according to the preset user authority mapping relation. And determining the target user permission rule according to the matched user permission rule. The target user permission rules may be used to characterize whether the target user has permissions corresponding to the object sharing operations.

According to the embodiment of the disclosure, the target user identifier is respectively matched with each preset user identifier in at least one preset user identifier to obtain the matching result, and the target user type is determined according to the preset user type corresponding to the matching result under the condition that the matching result is successfully represented by the matching result, so that the target user type can be automatically determined, and the efficiency and the accuracy of determining the target user type are improved.

Fig. 5 schematically illustrates a flowchart of a method of determining a target user permission rule corresponding to a target user type in the case where it is determined that target object information satisfies a target terminal permission rule according to an embodiment of the present disclosure.

As shown in fig. 5, in 500, a preset user mapping relation 503 may be determined according to at least one preset user identifier 501 and a preset user type 502 corresponding to each of the at least one preset user identifier 501. The preset user permission mapping relationship 505 may be determined according to at least one preset user type 502 and preset user permission rules 504 corresponding to each of the at least one preset user type 502.

In response to receiving the object sharing request 506, a target user type 507 may be determined based on the preset user mapping 503 and a target user identification 5061 in the object sharing request 506. And determining a target user authority rule 508 according to the preset user authority mapping relation 505 and the target user type 507.

According to an embodiment of the present disclosure, the verification method 200 of the object sharing request may further include the following operations.

And comparing the target object information with the target terminal authority rule to obtain a first comparison result. And under the condition that the first comparison result represents that the target object information is consistent with the target terminal authority rule, determining that the target object information meets the target terminal authority rule. And under the condition that the first comparison result represents that the target object information is inconsistent with the target terminal authority rule, determining that the target object information does not meet the target terminal authority rule.

According to an embodiment of the present disclosure, the first comparison result may be used to characterize whether the target object information is consistent with the target terminal permission rule.

According to an embodiment of the present disclosure, the target terminal permission rule may include at least one of: common access terminal authority rules, sandbox access terminal authority rules, data analysis terminal authority rules and data export terminal authority rules. The general access terminal rights rule may include at least one of: the method comprises the steps of prohibiting terminal object uploading operation, license system object uploading operation, license object viewing operation, license object downloading operation and license object previewing operation. The sandbox access terminal rights rules may include at least one of: the method comprises the steps of prohibiting terminal object uploading operation, prohibiting system object uploading operation, prohibiting object viewing operation, prohibiting object downloading operation and prohibiting object previewing operation. The data analysis terminal authority rule may include at least one of: the method comprises the steps of prohibiting terminal object uploading operation, prohibiting system object uploading operation, permitting object viewing operation, permitting object downloading operation and permitting object previewing operation.

According to the embodiment of the disclosure, since the first comparison result is obtained by comparing the target object information with the target terminal permission rule, and under the condition that the first comparison result characterizes that the target object information is consistent with the target terminal permission rule, the target object information is determined to meet the target terminal permission rule, so that the complexity of a terminal permission verification process is reduced, the complexity of a verification process of an object sharing request is further reduced, and the resource sharing safety is ensured.

In accordance with an embodiment of the present disclosure, in case that the target terminal type belongs to the data export terminal or the general access terminal, operation S230 may include the following operations.

And comparing the target user type, the object sharing type and the target user permission rule to obtain a second comparison result. And under the condition that the second comparison result represents the type of the target user and the object sharing type is consistent with the permission rule of the target user, obtaining a verification result representing that the object sharing request passes verification. And under the condition that the second comparison result represents the type of the target user and the object sharing type is inconsistent with the permission rule of the target user, obtaining a verification result representing that the object sharing request is not verified.

According to embodiments of the present disclosure, the second comparison result may be used to characterize whether the target user type, the object sharing type, and the target user permission rules are consistent.

According to an embodiment of the present disclosure, the target user permission rules may include at least one of: the method comprises the steps of common access terminal user authority rules, sandbox access terminal user authority rules, data analysis terminal user authority rules and data export terminal user authority rules. The data-derived end-user entitlement rules may include at least one of: audit department contact entitlement rules, external audit administrator entitlement rules, and external audit team member entitlement rules. The audit contact rights rule may include at least one of: and permitting terminal object uploading operation and permitting system object uploading operation. The review administrator entitlement rules may include at least one of: and permitting terminal object uploading operation and permitting system object uploading operation. The review team member entitlement rules may include at least one of: and prohibiting terminal object uploading operation and prohibiting system object uploading operation.

According to the embodiment of the disclosure, since the second comparison result is obtained by comparing the target user type, the object sharing type and the target user permission rule, the verification result is obtained according to the second comparison result, and the execution of the object sharing request is permitted under the condition that the verification result characterizes that the object sharing request passes the verification, the complexity of the user permission verification process is reduced, the complexity of the verification process of the object sharing request is further reduced, and the resource sharing security is ensured.

Fig. 6 schematically illustrates an example schematic diagram of a validation process of an object sharing request according to an embodiment of the disclosure.

As shown in fig. 6, in 600, in response to receiving an object sharing request, target object information 601 and an object sharing type 611 in the object sharing request may be acquired. The target object information 601 may include source address information 6011 and a target user identification 6012.

After obtaining the source address information 6011, the target terminal type 603 may be determined according to the preset terminal mapping relation 602 and the source address information 6011. After determining the target terminal type 603, a target terminal permission rule 605 may be determined according to the preset terminal permission mapping relation 604 and the target terminal type 603.

After determining the target terminal permission rule 605, the target object information 601 may be compared with the target terminal permission rule 605 to obtain a first comparison result 606. In case the first comparison result 606 characterizes that the target object information 601 and the target terminal permission rule 605 coincide, it may be determined that the target object information 601 satisfies the target terminal permission rule 605.

In case that it is determined that the target object information 601 satisfies the target terminal authority rule 605, the target user type 608 may be determined according to the preset user mapping relation 607 and the target user identification 6012. After determining the target user type 608, a target user permission rule 610 may be determined according to the preset user permission mapping 609 and the target user type 608.

After determining the target user permission rule 610, in case the target terminal type 603 belongs to a data export terminal or a normal access terminal, the target user type 608, the object sharing type 611 may be compared with the target user permission rule 610, resulting in a second comparison result 612.

In case it is determined that the second comparison result 612 characterizes the target user type 608, the object sharing type 611 is consistent with the target user entitlement rule 610, a verification result 613 characterizing that the object sharing request is verified is obtained. In the case where the verification result 613 characterizes that the object sharing request passes the verification, the execution of the object sharing request is permitted.

The above is only an exemplary embodiment, but is not limited thereto, and other object sharing request verification methods known in the art may be included as long as the efficiency and security of resource sharing can be ensured.

Fig. 7 schematically illustrates a block diagram of an authentication apparatus of an object sharing request according to an embodiment of the present disclosure.

As shown in fig. 7, the verification apparatus 700 of the object sharing request may include a first determination module 710, a second determination module 720, a verification module 730, and a permission module 740.

The first determining module 710 is configured to determine, in response to receiving an object sharing request initiated by a target user using a target terminal, a target terminal permission rule corresponding to a target terminal type of the target terminal according to the object sharing request. The object sharing request includes target object information and an object sharing type, the target terminal corresponds to a target terminal type, and the target user corresponds to a target user type.

The second determining module 720 is configured to determine a target user permission rule corresponding to the target user type if it is determined that the target object information meets the target terminal permission rule.

And the verification module 730 is configured to verify the object sharing request according to the target user permission rule and the object sharing type, so as to obtain a verification result.

And a permission module 740 for permitting execution of the object sharing request in the case that the verification result characterizes that the object sharing request passes verification.

According to an embodiment of the present disclosure, the target object information includes source address information for characterizing an internet protocol address of the target terminal.

According to an embodiment of the present disclosure, the first determination module 710 may include a first determination unit and a second determination unit.

And the first determining unit is used for determining the type of the target terminal corresponding to the target terminal according to the preset terminal mapping relation and the source address information. The preset terminal mapping relation comprises at least one preset terminal network segment and preset terminal types corresponding to the at least one preset terminal network segment respectively.

And the second determining unit is used for determining a target terminal authority rule according to the preset terminal authority mapping relation and the target terminal type. The preset terminal authority mapping relation comprises at least one preset terminal type and preset terminal authority rules corresponding to the at least one preset terminal type respectively.

According to an embodiment of the present disclosure, the preset terminal types include a general access terminal, a sandbox access terminal, a data analysis terminal, and a data derivation terminal.

According to an embodiment of the present disclosure, the first determination unit may include a first determination subunit, a second determination subunit, a third determination subunit, and a fourth determination subunit.

And the first determining subunit is used for determining that the target terminal type belongs to the common access terminal under the condition that the source address information is located in the first preset terminal network segment.

And the second determining subunit is configured to determine that the target terminal type belongs to the sandbox access terminal when the source address information is located in the second preset terminal network segment.

And the third determining subunit is configured to determine that the target terminal type belongs to the data analysis terminal when the source address information is located in a third preset terminal network segment.

And the fourth determining subunit is configured to determine that the target terminal type belongs to the data export terminal when the source address information is located in the fourth preset terminal network segment.

According to an embodiment of the present disclosure, the verification apparatus 700 of an object sharing request may further include a comparison module, a third determination module, and a fourth determination module.

And the comparison module is used for comparing the target object information with the target terminal authority rule to obtain a first comparison result.

And the third determining module is used for determining that the target object information meets the target terminal authority rule under the condition that the first comparison result represents that the target object information is consistent with the target terminal authority rule.

And the fourth determining module is used for determining that the target object information does not meet the target terminal authority rule under the condition that the first comparison result represents that the target object information is inconsistent with the target terminal authority rule.

According to an embodiment of the present disclosure, the target object information includes a target user identification, which is used to characterize an identification number of the target user.

According to an embodiment of the present disclosure, the second determining module 720 may include a third determining unit and a fourth determining unit.

And the third determining unit is used for determining the type of the target user corresponding to the target user according to the preset user mapping relation and the target user identification. The preset user mapping relation comprises at least one preset user identifier and preset user types corresponding to the at least one preset user identifier respectively.

And the fourth determining unit is used for determining a target user authority rule according to the preset user authority mapping relation and the target user type. The preset user authority mapping relation comprises at least one preset user type and preset user authority rules corresponding to the at least one preset user type respectively.

According to an embodiment of the present disclosure, the third determination unit may include a matching subunit and a fifth determination subunit.

And the matching subunit is used for respectively matching the target user identifier with each preset user identifier in the at least one preset user identifier to obtain a matching result.

And the fifth determining subunit is used for determining the preset user type corresponding to the matching result as the target user type under the condition that the matching result represents that the matching is successful.

According to an embodiment of the present disclosure, in case that the target terminal type belongs to the data export terminal or the normal access terminal, the authentication module 730 may include a comparison unit, a first obtaining unit, and a second obtaining unit.

And the comparison unit is used for comparing the target user type, the object sharing type and the target user permission rule to obtain a second comparison result.

The first obtaining unit is used for obtaining a verification result representing that the object sharing request passes verification under the condition that the second comparison result represents the type of the target user and the object sharing type is consistent with the permission rule of the target user.

And the second obtaining unit is used for obtaining a verification result representing that the object sharing request is not verified under the condition that the second comparison result represents the type of the target user and the object sharing type is inconsistent with the permission rule of the target user.

According to an embodiment of the present disclosure, in case that the target terminal type belongs to a sandbox access terminal or a data analysis terminal, the verification apparatus 700 of the object sharing request may further include a first rejection module and a second rejection module.

And the first rejecting module is used for rejecting the object sharing request under the condition that the object sharing operation is the terminal object uploading operation.

And the second rejecting module is used for rejecting the object sharing request under the condition that the object sharing operation is the system object uploading operation.

Any number of modules, sub-modules, units, sub-units, or at least some of the functionality of any number of the sub-units according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented as split into multiple modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or in any other reasonable manner of hardware or firmware that integrates or encapsulates the circuit, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be at least partially implemented as computer program modules, which when executed, may perform the corresponding functions.

For example, any of the first determination module 710, the second determination module 720, the verification module 730, and the license module 740 may be combined in one module/unit/sub-unit, or any of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least some of the functionality of one or more of these modules/units/sub-units may be combined with at least some of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to embodiments of the present disclosure, at least one of the first determination module 710, the second determination module 720, the verification module 730, and the licensing module 740 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the first determination module 710, the second determination module 720, the verification module 730, and the license module 740 may be at least partially implemented as a computer program module, which when executed, may perform the corresponding functions.

It should be noted that, in the embodiment of the present disclosure, the verification device portion of the object sharing request corresponds to the verification method portion of the object sharing request in the embodiment of the present disclosure, and the description of the verification device portion of the object sharing request specifically refers to the verification method portion of the object sharing request, which is not described herein again.

Fig. 8 schematically illustrates a block diagram of an electronic device adapted to implement a verification method of an object sharing request, according to an embodiment of the disclosure. The electronic device shown in fig. 8 is merely an example and should not be construed to limit the functionality and scope of use of the disclosed embodiments.

As shown in fig. 8, a computer electronic device 800 according to an embodiment of the present disclosure includes a processor 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage section 809 into a Random Access Memory (RAM) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 801 may also include on-board memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the disclosure.

In the RAM 803, various programs and data required for the operation of the electronic device 800 are stored. The processor 801, the ROM802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM802 and/or the RAM 803. Note that the program may be stored in one or more memories other than the ROM802 and the RAM 803. The processor 801 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.

According to an embodiment of the present disclosure, the electronic device 800 may also include an input/output (I/O) interface 805, the input/output (I/O) interface 805 also being connected to the bus 804. The electronic device 800 may also include one or more of the following components connected to the I/O interface 805: an input portion 806 including a keyboard, mouse, etc.; an output portion 807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 808 including a hard disk or the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. The drive 810 is also connected to the I/O interface 805 as needed. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as needed so that a computer program read out therefrom is mounted into the storage section 808 as needed.

According to embodiments of the present disclosure, the method flow according to embodiments of the present disclosure may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section 809, and/or installed from the removable media 811. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 801. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.

According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 802 and/or RAM 803 and/or one or more memories other than ROM 802 and RAM 803 described above.

Embodiments of the present disclosure also include a computer program product comprising a computer program comprising program code for performing the methods provided by the embodiments of the present disclosure, the program code for causing an electronic device to implement the method of verifying an object sharing request provided by the embodiments of the present disclosure when the computer program product is run on the electronic device.

The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 801. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, and/or from a removable medium 811 via a communication portion 809. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be combined in various combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.

The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims

1. A method of validating an object sharing request, comprising:

in response to receiving an object sharing request initiated by a target user by utilizing a target terminal, determining a target terminal authority rule corresponding to a target terminal type of the target terminal according to the object sharing request, wherein the object sharing request comprises target object information and an object sharing type, the target terminal corresponds to the target terminal type, and the target user corresponds to the target user type;

and in the case that the verification result indicates that the object sharing request passes verification, permitting the execution of the object sharing request.

2. The method of claim 1, wherein the target object information comprises source address information characterizing an internet protocol address of the target terminal;

wherein, the responding to receiving the object sharing request initiated by the target user by using the target terminal, determining the target terminal permission rule corresponding to the target terminal type of the target terminal according to the object sharing request comprises:

3. The method of claim 2, wherein the preset terminal types include a general access terminal, a sandbox access terminal, a data analysis terminal, and a data derivation terminal;

wherein, the determining the target terminal type corresponding to the target terminal according to the preset terminal mapping relation and the source address information includes:

and determining that the target terminal type belongs to the data export terminal under the condition that the source address information is located in a fourth preset terminal network segment.

4. A method according to any one of claims 1 to 3, further comprising, in the case where it is determined that the target object information satisfies the target terminal authority rule, determining a target user authority rule corresponding to a target user type, before:

under the condition that the first comparison result represents that the target object information is consistent with the target terminal authority rule, determining that the target object information meets the target terminal authority rule; and

and under the condition that the first comparison result represents that the target object information is inconsistent with the target terminal authority rule, determining that the target object information does not meet the target terminal authority rule.

5. The method of claim 1, wherein the target object information includes a target user identification, the target user identification being used to characterize an identification number of the target user;

wherein, when the target object information is determined to meet the target terminal authority rule, determining the target user authority rule corresponding to the target user type includes:

determining a target user type corresponding to the target user according to a preset user mapping relation and the target user identification, wherein the preset user mapping relation comprises at least one preset user identification and preset user types corresponding to the at least one preset user identification respectively; and

6. The method of claim 5, wherein the determining, according to a preset user mapping relationship and the target user identifier, a target user type corresponding to the target user comprises:

7. The method according to claim 5 or 6, wherein said verifying the object sharing request according to the target user rights rule and the object sharing type, obtaining a verification result includes:

in case the target terminal type belongs to a data deriving terminal or a normal access terminal,

and under the condition that the second comparison result represents the target user type and the object sharing type is inconsistent with the target user authority rule, obtaining the verification result representing that the object sharing request is not verified.

8. The method of claim 1, wherein the object sharing type is used to characterize a type of object sharing operation;

wherein the object sharing operation includes at least one of: the terminal object sharing operation comprises a terminal object uploading operation and a system object sharing operation, wherein the system object sharing operation comprises a system object uploading operation, an object viewing operation, an object downloading operation and an object previewing operation.

9. The method of claim 8, further comprising:

in case the target terminal type belongs to a sandbox access terminal or a data analysis terminal,

rejecting the object sharing request under the condition that the object sharing operation is the terminal object uploading operation; and

And rejecting the object sharing request under the condition that the object sharing operation is the system object uploading operation.

10. An apparatus for verifying an object sharing request, comprising:

the second determining module is used for determining a target user permission rule corresponding to a target user type under the condition that the target object information meets the target terminal permission rule;

the verification module is used for verifying the object sharing request according to the target user permission rule and the object sharing type to obtain a verification result; and

and the permission module is used for permitting the execution of the object sharing request under the condition that the verification result characterizes that the object sharing request passes verification.

11. An electronic device, comprising:

one or more processors;

a memory for storing one or more instructions,

wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 to 9.

12. A computer readable storage medium having stored thereon executable instructions which when executed by a processor cause the processor to implement the method of any of claims 1 to 9.

13. A computer program product comprising computer executable instructions for implementing the method of any one of claims 1 to 9 when executed.