CN116776345A - Data authority setting method, device, equipment and storage medium - Google Patents

Abstract

The invention discloses a data authority setting method, a device, equipment and a storage medium; in the scheme, the data authority is abstracted into the data rules, if the requirement of change is required, the dimensionality, the condition rule and the dimensionality fixed value in the data rules can be subjected to self-defined modification, so that the data authority can be adjusted without readjusting the codes by a developer, and the flexibility of setting the data authority is improved; in addition, the scheme can be used for butting a plurality of service parties, each service party can configure the data rule of the role for the user according to the requirement, and the coupling of the data authority setting is improved.

Description

A data permission setting method, device, equipment and storage medium

Technical field

The present invention relates to the field of data permission setting, and more specifically, to a data permission setting method, device, equipment and storage medium.

Background technique

In Internet systems, permissions are generally divided into functional permissions and data permissions. Functional permissions are more common. Because of their versatility and reusability, there are many common frameworks and designs in the industry. But for data permissions, since data permissions strongly depend on the relationship between the customer's organizational structure and specific business, it is often more complicated to implement. There is rarely a design architecture that can completely cover it, so most systems use non-standard systems consistently. Data permissions are not required if necessary, and this policy is controlled individually if necessary.

At present, common data permission setting schemes are hard-coded, which are divided into the following two types: one is to split the function page, that is, according to users with different data permissions, multiple similar menus are added by copying, and then configured through function permissions. Set different menus for different users to control data permissions; second, make judgments in the back-end interface corresponding to the function, and filter different data lists to users with different data permissions. The obvious advantages of the hard-coding method are low technical difficulty and simple implementation. However, no matter which one of the above hard-coding methods is chosen, it cannot solve the problem of system flexibility. Whenever the system has old requirements that need to be changed or new requirements need to be added, the corresponding developers have to adjust the coding. , modify menus and pages. It can be seen that hard coding has relatively high development costs and operation and maintenance costs. At the same time, common data permission controls common in the industry are mostly used by a single business and are highly coupled with the business. They may be universal and scalable on the current business client, but cannot be done on another business client. Seamlessly connected.

Therefore, how to improve the flexibility and coupling of data permission settings is a problem that those skilled in the art need to solve.

Contents of the invention

The purpose of the present invention is to provide a data permission setting method, device, equipment and storage medium to improve the flexibility and coupling of data permission setting.

In order to achieve the above purpose, the present invention provides a data permission setting method, including:

Determine the target functions of each business party;

Set the target dimensions corresponding to each target function;

Set the target condition rules and target dimension fixed values corresponding to the target dimensions to obtain the data rules for each target function;

Set target data rules with corresponding relationships for each role so that users can access the corresponding target functions based on the role's target data rules.

Preferably, after determining the target function of each business party, the method further includes:

Receive custom dimension selections set by the business party's administrator, and/or custom dimension fixed value selections.

Preferably, the target dimensions corresponding to each target function are set, including:

Set the target dimensions for each target feature based on the universal dimension selection and/or the custom dimension selection.

Preferably, setting a fixed value of the target dimension corresponding to the target dimension includes:

Based on the general dimension fixed value selection item and/or the custom dimension fixed value selection item, a target dimension fixed value corresponding to the target dimension is set.

Preferably, the user accesses corresponding target functions based on role-based target data rules, including:

Obtain the access request; the access request is the user's request to access the target function;

Determine whether the target functional interface corresponding to the access request is a permission interface;

If so, the data rules for all roles of the user are determined, and the access request is modified according to the data rules, and the corresponding target function is accessed based on the modified access request.

Preferably, the data rules for determining all roles of the user include:

Obtain contextual information of the access request;

Data rules for all roles of the user are determined based on the contextual information.

Preferably, the modification of the access request according to the data rules includes:

If the access request uses the XML native statement of MyBatis, encapsulate the data rules into corresponding SQL fragments, and inject the SQL fragments into the access request;

If the access request uses the QueryWrapper method of MyBatis-plus, the data rule is injected into the QueryWrapper condition of the access request.

In order to achieve the above object, the present invention further provides a data permission setting device, including:

Function determination module, used to determine the target functions of each business party;

The first setting module is used to set the target dimensions corresponding to each target function;

The second setting module is used to set the target condition rules and target dimension fixed values corresponding to the target dimensions, and obtain the data rules of each target function;

The third setting module is used to set target data rules with corresponding relationships for each role, so that users can access corresponding target functions based on the target data rules of the role.

To achieve the above object, the present invention further provides an electronic device, including:

Memory, used to store computer programs;

A processor, configured to implement the steps of the above data permission setting method when executing the computer program.

In order to achieve the above object, the present invention further provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the steps of the above-mentioned data permission setting method are implemented.

It can be seen from the above solution that embodiments of the present invention provide a data permission setting method, device, equipment and storage medium; in this solution, the data permission setting solution can interface with multiple business parties. When setting data permissions, it is necessary to determine For each target function of the business party, the corresponding target dimensions, target condition rules and target dimension fixed values need to be set to obtain the data rules for each target function. The control scope composed of multiple data permissions is the data permissions. ; Then set target data rules with corresponding relationships for each role so that users can access the corresponding target functions based on the role's target data rules. It can be seen that after this solution abstracts data permissions into data rules, if the requirements need to be changed, the dimensions, condition rules and dimension fixed values in the data rules can be customized and modified to adjust the data permissions without the need for developers to readjust the coding. , improving the flexibility of data permission settings; moreover, this solution can be connected to multiple business parties, and each business party can configure role data rules for users according to needs, improving the coupling of data permission settings.

Description of drawings

In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without exerting creative efforts.

Figure 1 is the overall structure diagram of the data permission setting scheme in the existing scheme;

Figure 2 is a flow chart of a data permission setting method disclosed in an embodiment of the present invention;

Figure 3 is a schematic diagram of a permission model disclosed in an embodiment of the present invention;

Figure 4 is a schematic diagram of a data rule model disclosed in an embodiment of the present invention;

Figure 5 is a schematic diagram of the overall model of data permission setting disclosed in the embodiment of the present invention;

Figure 6 is a schematic diagram of the overall process of business party access disclosed in the embodiment of the present invention;

Figure 7 is an overall flow chart of data permission setting disclosed in the embodiment of the present invention;

Figure 8 is a schematic structural diagram of a data permission setting device disclosed in an embodiment of the present invention;

Figure 9 is a schematic structural diagram of an electronic device disclosed in an embodiment of the present invention.

Detailed ways

Refer to Figure 1, which is the overall structure diagram of the data permission setting scheme in the existing scheme. It can be seen from Figure 1 that the traditional scheme sets data permissions according to the logic of functional permissions and is also controlled based on roles. In this way, all required The controlled business data corresponds to different roles, and different roles are assigned to users. When querying data, different data is displayed according to the different roles the users have. The main disadvantages of this solution are:

1. This solution only determines data permissions based on roles and loses other control dimensions. Some data permission control requirements are difficult to achieve. For example, the data permissions of the same role in different departments are consistent, which makes it impossible to control the same role in different departments. Data permissions are controlled separately;

2. Operation is difficult. If the granularity of control is very fine and the scope of control is large, a large number of role controls need to be established, and the problem of role explosion will occur;

3. The initial empowerment workload is huge;

4. Unable to quickly access different business parties.

In order to solve the above problems, the present invention discloses a data permission setting method, device, equipment and storage medium. The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without making creative efforts fall within the scope of protection of the present invention.

Referring to Figure 2, a flow chart of a data permission setting method provided by an embodiment of the present invention includes:

S101. Determine the target functions of each business party;

Specifically, this solution can be connected to multiple business parties. Each business party first needs to determine which functions require data permission control. In this solution, the functions that require access to data permissions are called target functions, such as: If If the business party believes that the function of viewing orders needs to be controlled, then the function of viewing orders is the target function; the target function is the finest granularity of data permissions. This solution can customize multiple target functions according to actual needs. This is not the case. Specific limitations.

S102. Set the target dimensions corresponding to each target function;

Refer to Figure 3, which is a schematic diagram of a permission model provided by an embodiment of the present invention; it can be seen from Figure 3 that this solution interfaces with multiple business parties, each business party includes multiple functions, and multiple dimensions are set under each function. , In this solution, data permissions actually control each dimension. The dimensions ultimately correspond to the filtering fields of each functional business data. In this embodiment, this dimension not only includes roles, but also includes departments, positions, etc. In order to distinguish this solution, the dimensions corresponding to the target functions are called target dimensions; since different business parties have different business structures, this solution can set different dimensions for different business parties in advance, and can also provide customized dimensions to the business parties. Selection port. Business side managers can use this custom dimension selection port to set custom dimension selections so that when setting permissions, the target dimensions can be determined through the custom dimension selections.

S103. Set the target condition rules and target dimension fixed values corresponding to the target dimensions, and obtain the data rules for each target function;

Refer to Figure 4, which is a schematic diagram of a data rule model provided by an embodiment of the present invention; it can be seen from Figure 4 that the conditional rules at least include: greater than, greater than or equal to, less than, less than or equal to, equal to, containing, and not equal to; in this embodiment , in order to distinguish, the conditional rules set by the target dimension are called target conditional rules. The target dimension fixed value is the specific value of the dimension. For example, if the dimension is department, then the dimension fixed value corresponding to the dimension is: A department; in this embodiment, in order to distinguish, the dimension fixed value corresponding to the target dimension is Called the target dimension fixed value, the dimension fixed value in this solution can also be customized by users through manual input. The data rules in this solution are composed of: target dimension + target condition rule + target dimension fixed value. The data permissions of business data are scope control composed of multiple data rules. For example: If the target function is "View Orders" and this function is only allowed to be viewed by employees in department A, then the target dimension corresponding to the target function is "Department", and the target condition rule corresponding to the target dimension is "equal to". The fixed value of the target dimension corresponding to the target dimension is "Department A". After setting the target dimension, target condition rules and the fixed value of the target dimension, you can get a data rule for the target function: employees of department A have the ability to view order data permission.

S104. Set target data rules with corresponding relationships for each role, so that users can access corresponding target functions based on the target data rules of the role.

In this embodiment, after setting multiple data rules for each function, data rules with corresponding relationships can be set for each role. In this embodiment, the data rules with corresponding relationships with roles are called target data rules. After the above settings, each role has multiple data rules corresponding to each function. When the user accesses a specific function, the corresponding data is returned according to the data rules of the user role. Refer to Figure 5, which is a schematic diagram of the overall model of data permission setting provided by the embodiment of the present invention. It can be seen from Figure 5 that after setting, each employee can have multiple roles, and each role corresponds to multiple functions. Under each function, There are multiple dimensions, and there are multiple data rules under each dimension. The API (Application Programming Interface) corresponding to the function is the interface for users to access the function. Refer to Figure 6, which is a schematic diagram of the overall process of business party access provided by the embodiment of the present invention. From this figure, it can be seen that the product proposes access requirements to determine the functions and dimensions, and the development configures data permissions on the operation management end, including the dimensions of the functions. , expressions, fixed values, etc., the supplier configuration role corresponds to the data permissions.

Specifically, in this solution, the login data permission configuration terminal is operated. After setting the data rules for each role, when the user accesses specific functions, the corresponding data rules can be obtained according to the user's role, and the business can be assembled based on the data rules. Data is returned. For example: the data rule is: employees in department A have the permission to view order data, and set the corresponding relationship between this rule and role 1, then when user 1 with role 1 in department B views order data, due to the data rules of role 1, Only employees in department A can see it, so user 1 in department B cannot get the order data.

In this solution, based on most business needs, general models such as functions, dimensions, and data rules are abstracted, which can basically decouple them from specific businesses and be compatible with most demand scenarios. Moreover, after this solution abstracts data permissions into data rules, if the requirements need to change, the dimensions, condition rules and dimension fixed values in the data rules can be customized and modified to adjust the data permissions without the need for developers to readjust the coding. , improving the flexibility of data permission settings; moreover, this solution can be connected to multiple business parties, and each business party can configure role data rules for users according to needs, improving the coupling of data permission settings.

Based on the above embodiment, in this embodiment, after determining the target function of each business party, the method further includes: receiving custom dimension selection items set by the administrator of the business party, and/or custom dimension fixed value selection items. Correspondingly, in this embodiment, the target dimension of each target function can be set based on the general dimension selection item and/or the custom dimension selection item. The target dimension fixed value corresponding to the target dimension can be set based on the universal dimension fixed value selection and/or the custom dimension fixed value selection.

Specifically, the universal dimension options and universal dimension fixed value options include dimensions and dimension fixed values that can meet most business needs. However, due to the different business structures of different business parties, the universal dimensions and dimension fixed values may Will not meet specific business needs, so in this solution, an open port is provided to the business party, and the business party can customize the custom dimension selection items and/or the custom dimension fixed value selection items based on the port. Each custom The dimension selection item corresponds to a custom dimension, and each custom dimension fixed value selection item corresponds to a dimension fixed value; then when setting data rules, you can not only select the target from the general dimension selection items and general dimension fixed value selection items Dimension and target dimension fixed value. You can also select the target dimension and target dimension fixed value from the custom dimension selection and custom dimension fixed value selection.

That is to say: this solution is based on the permission model. The operation configures the fixed value of the function used by the corresponding business in the dimension, and finally configures and generates the data rules corresponding to the function; then the system administrator of each business end assigns all data controls under this function by default. Permissions, the system administrator creates roles and grants appropriate data permissions to each role. Furthermore, this solution also provides permission SDK (oftware Development Kit), which is the entry point for business parties to access and is a module that truly realizes data permission setting and control. The SDK provides user-defined dimensions and fixed values. Port, as long as the business party implements this port, it can use custom dimension options and custom dimension fixed value options to configure roles for users, thereby breaking through the problem that other data control devices have high coupling services and cannot support multiple applications. (This application specifically refers to services with different business backgrounds), and is truly universal for multiple applications.

Based on any of the above embodiments, in this embodiment, the process of the user accessing the corresponding target function based on the role's target data rules specifically includes the following content: obtaining an access request; the access request is a request for the user to access the target function; judging and accessing Whether the target function interface corresponding to the request is a permission interface; if so, determine the data rules for all roles of the user, modify the access request according to the data rules, and access the corresponding target function based on the modified access request.

Specifically, the SDK provides custom annotations. The access party implements this annotation to control whether each specific functional interface is effective. If the interface is effective, it is deemed that data permissions need to be controlled when accessing the interface. If the interface is not effective, the access is deemed to be This interface does not need to control data permissions; in this embodiment, the API configured on the operation management side will control data permissions by default, which can be turned off through annotations, as shown in Figure 5. At this time, the API corresponding to the function configured on the operation management side That is, it is an interface that needs to control data permissions. In this embodiment, the interface that needs to control data permissions is called a permission interface. Therefore, in this solution, after the SDK intercepts the access request, it can match the permission API of the operation configuration through regular expressions. If it is not matched, it means that the interface requested by the access request is not the permission interface of the controlled data permission. At this time, you can Directly release the access request, allowing the user to directly obtain the corresponding business data; if matched, it means that the interface requested by the access request is the permission interface of the controlled data permission. At this time, it is necessary to obtain the context information of the access request, and based on the context Information determines the data rules for all roles of the user.

It should be noted that the SDK has a context port, and the access party needs to implement this port to encapsulate the data permission context according to the current cached user. The user's role can be determined based on the context. The context includes the business structure, such as: including several departments, specifically What department, etc.; when the SDK determines the data rules of all roles of the user, it can obtain the context information of the current access request based on the context port, determine all roles corresponding to the user based on the context information, and then determine the data permissions of all roles. Data permissions are data rules corresponding to roles.

In this embodiment, if the access request uses MyBatis's XML (Extensible Markup Language, extensible markup language) native statement, the data rules are encapsulated into corresponding SQL (Structured Query Language, database language) fragments, and the SQL fragments are injected Access request; if the access request uses the QueryWrapper (constructor) method of MyBatis-plus, then inject the data rules into the QueryWrapper condition of the access request. The data queried by the business party using the modified access request (SQL or QueryWrapper injected by the SDK) is the data after controlling the data permissions. Among them: MyBatis is a persistence layer framework based on Java (programming language), supporting customized SQL, stored procedures and advanced mapping. MyBatis-Plus: MyBatis-Plus(opens new window) (referred to as MP) is an enhancement tool for MyBatis(opens new window). Based on MyBatis, it only enhances without making changes. It is born to simplify development and improve efficiency.

It should be noted that the SDK also has a built-in REST interface for the client to obtain data permission configuration and configure data permissions. When the user administrator configures the data permissions on the page, he requests access to the server, and the server uses regular fuzzy matching according to the request and enters the built-in interface to query the data permission list and dimension selection items. After the user administrator configures the data rules of the role based on the dimension selection items, the specific configuration results of the selection will be read through the selection item port, and the built-in save interface will be called to save the corresponding configuration results. Refer to Figure 7, which is an overall flow chart of data permission setting provided by the embodiment of the present invention. It can be seen from this figure that after the user logs in to the page to view the data permission settings, the SDK will call the service party to obtain the data permission configuration information, and the service party will obtain the data permission configuration information according to the parameters. Obtain the data permission configuration of the business party. The SDK encapsulates the selected item information based on the open port and displays the data permission list on the page. The user configures permissions based on the content displayed on the page (the process of configuring permissions includes the process of setting data rules for each role). The SDK encapsulates the configuration according to the open port, and the server saves the corresponding data permission configuration and returns the configuration result to the user for viewing; if the user wants to view specific functions, the SDK will call the server to obtain the SQL interface and the server assembles the data permission configuration of the function. The SDK automatically splices query SQL and displays the queried business data.

It should be noted that in the hard-coding method of the original solution, the business side needs to control permissions on the data. The general process goes through: business side requirements review → product plan review → technical side review (interactive review) → code implementation → testing process → release , it can be seen that if the business side wants to control data permissions, it needs to go through a complete development cycle process, which usually takes one month. Moreover, when a company has multiple business parties and multiple application requirements, each business application needs to implement its own set of data permission functions. There is no way to reuse existing capabilities, resulting in a waste of resources. In this solution, the business side needs to perform permission control on data. The general process goes through:

1. Functional data permissions that need to be controlled for operational configuration;

2. The business party accesses the SDK, customizes business dimensions and port implementations, and uses the API provided by the SDK to query the functional interface for permission control;

3. Administrator role controls permissions.

It can be seen that the entire process of this solution only costs the cost of accessing the SDK, and can be completed within one day. It is fast, efficient, and greatly reduces costs. At the same time, all systems in the company have a complete and unified authority control system. Specifically, this solution abstracts data permission control into data rules. To configure data permissions, you only need to configure data rules. The main beneficial effects include:

1. Most modules of data permissions have been universally abstracted to enable rapid copying, migration, and access.

2. Data permissions are multi-dimensional. Commonly, they need to be controlled according to the organization, role, and user. When the business needs to control data from the above and more perspectives, corresponding to this model, only need to add dimensions and set the dimensions. Data rules.

3. Access is convenient. Business parties only need to access the provided SDK, and use the API provided by the SDK to query functional interfaces that require permission control, or add custom tags to the XML query method.

The data permission setting device, equipment and storage medium provided by the embodiment of the present invention are introduced below. The data permission setting device, equipment and storage medium described below and the data permission setting method described above can be referred to each other.

Referring to Figure 8, a schematic structural diagram of a data permission setting device provided by an embodiment of the present invention includes:

Function determination module 11, used to determine the target function of each business party;

The first setting module 12 is used to set the target dimensions corresponding to each target function;

The second setting module 13 is used to set target condition rules and target dimension fixed values corresponding to the target dimensions, and obtain data rules for each target function;

The third setting module 14 is used to set target data rules with corresponding relationships for each role, so that users can access corresponding target functions based on the target data rules of the role.

In another embodiment of the invention, the device further includes:

The receiving module is used to receive the custom dimension selection items set by the administrator of the business party and/or the custom dimension fixed value selection items.

In another embodiment of the present invention, the first setting module is specifically configured to set the target dimension of each target function based on the general dimension selection item and/or the custom dimension selection item.

In another embodiment of the present invention, the second setting module is specifically configured to: based on the general dimension fixed value selection item and/or the custom dimension fixed value selection item, set the target dimension fixed value corresponding to the target dimension. value.

In another embodiment of the invention, the device further includes:

The acquisition module is used to obtain the access request; the access request is the user's request to access the target function;

A judgment module, used to judge whether the target function interface corresponding to the access request is a permission interface; if so, trigger the rule determination module;

A rule determination module, used to determine data rules for all roles of the user;

A modification module, configured to modify the access request according to the data rules;

The access module is used to access the corresponding target function based on the modified access request.

In another embodiment of the present invention, the rule determination module is specifically configured to: obtain context information of the access request; and determine data rules for all roles of the user based on the context information.

In another embodiment of the present invention, the modification module is specifically used to: if the access request uses the XML native statement of MyBatis, encapsulate the data rules into corresponding SQL fragments, and inject the SQL fragment into the access request; if the access request uses The QueryWrapper method of MyBatis-plus injects data rules into the QueryWrapper conditions of the access request.

Referring to Figure 9, a schematic structural diagram of an electronic device provided by an embodiment of the present invention includes:

Memory 21, used to store computer programs;

The processor 22 is configured to implement the steps of the data permission setting method described in any of the above method embodiments when executing the computer program.

In this embodiment, the device may be a server or a terminal device.

The device may include a memory 21, a processor 22 and a bus 23.

The memory 21 includes at least one type of readable storage medium, including flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 21 may in some embodiments be an internal storage unit of the device, such as a hard disk of the device. In other embodiments, the memory 21 may also be an external storage device of the device, such as a plug-in hard disk, a smart memory card (SmartMedia Card, SMC), a secure digital (SD) card, a flash memory card ( Flash Card), etc. Further, the memory 21 may also include both an internal storage unit of the device and an external storage device. The memory 21 can not only be used to store application software installed on the device and various types of data, such as program codes for executing data permission setting methods, etc., but can also be used to temporarily store data that has been output or is to be output.

In some embodiments, the processor 22 may be a central processing unit (CPU), a controller, a microcontroller, a microprocessor or other data processing chips for running program codes or processes stored in the memory 21 Data, such as program code that executes data permission setting methods, etc.

The bus 23 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus. The bus can be divided into address bus, data bus, control bus, etc. For ease of presentation, only one thick line is used in Figure 9, but it does not mean that there is only one bus or one type of bus.

Further, the device may also include a network interface 24. The network interface 24 may optionally include a wired interface and/or a wireless interface (such as a WI-FI interface, a Bluetooth interface, etc.), which are usually used between the device and other electronic devices. Establish a communication connection.

Optionally, the device may also include a user interface 25. The user interface 25 may include a display (Display) and an input unit such as a keyboard (Keyboard). The optional user interface 25 may also include a standard wired interface and a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode, organic light-emitting diode) touch device, or the like. The display may also be appropriately referred to as a display screen or a display unit, and is used for displaying information processed in the device and for displaying a visualized user interface.

Figure 9 only shows the device with components 21-25. Persons skilled in the art can understand that the structure shown in Figure 9 does not constitute a limitation on the device, and may include fewer or more components than shown in the figure. Or combining certain parts, or different parts arrangements.

In another embodiment of the present invention, a computer-readable storage medium is disclosed. A computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, any of the above method embodiments are implemented. Steps for setting data permissions.

Among them, the storage medium can include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk, etc. that can store program codes. medium.

Each embodiment in this specification is described in a progressive manner. Each embodiment focuses on its differences from other embodiments. The same and similar parts between the various embodiments can be referred to each other.

The above description of the disclosed embodiments enables those skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be practiced in other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A data permission setting method, characterized by including: Determine the target functions of each business party; Set the target dimensions corresponding to each target function; Set the target condition rules and target dimension fixed values corresponding to the target dimensions to obtain the data rules for each target function; Set target data rules with corresponding relationships for each role so that users can access the corresponding target functions based on the role's target data rules. 2. The data permission setting method according to claim 1, characterized in that after determining the target function of each business party, it further includes: Receive custom dimension selections set by the business party's administrator, and/or custom dimension fixed value selections. 3. The data permission setting method according to claim 2, characterized in that the setting of target dimensions corresponding to each target function includes: Set the target dimensions for each target feature based on the universal dimension selection and/or the custom dimension selection. 4. The data permission setting method according to claim 2, characterized in that setting a target dimension fixed value corresponding to the target dimension includes: Based on the general dimension fixed value selection item and/or the custom dimension fixed value selection item, a target dimension fixed value corresponding to the target dimension is set. 5. The data permission setting method according to any one of claims 1 to 4, characterized in that the user accesses the corresponding target function based on the target data rules of the role, including: Obtain the access request; the access request is the user's request to access the target function; Determine whether the target functional interface corresponding to the access request is a permission interface; If so, the data rules for all roles of the user are determined, and the access request is modified according to the data rules, and the corresponding target function is accessed based on the modified access request. 6. The data permission setting method according to claim 5, characterized in that the data rules for determining all roles of the user include: Obtain context information of the access request; Data rules for all roles of the user are determined based on the context information. 7. The data permission setting method according to claim 5, characterized in that the modification of the access request according to the data rules includes: If the access request uses the XML native statement of MyBatis, encapsulate the data rules into corresponding SQL fragments, and inject the SQL fragments into the access request; If the access request uses the QueryWrapper method of MyBatis-plus, the data rule is injected into the QueryWrapper condition of the access request. 8. A data permission setting device, characterized in that it includes: Function determination module, used to determine the target functions of each business party; The first setting module is used to set the target dimensions corresponding to each target function; The second setting module is used to set the target condition rules and target dimension fixed values corresponding to the target dimensions, and obtain the data rules of each target function; The third setting module is used to set target data rules with corresponding relationships for each role, so that users can access corresponding target functions based on the target data rules of the role. 9. An electronic device, characterized in that it includes: Memory, used to store computer programs; A processor, configured to implement the steps of the data permission setting method according to any one of claims 1 to 7 when executing the computer program. 10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the data according to any one of claims 1 to 7 is realized. Steps for setting permissions.