CN116776345A

CN116776345A - Data authority setting method, device, equipment and storage medium

Info

Publication number: CN116776345A
Application number: CN202310648163.XA
Authority: CN
Inventors: 刘正中; 刘昌钰; 袁奇林
Original assignee: Zhengcaiyun Co ltd
Current assignee: Zhengcaiyun Co ltd
Priority date: 2023-06-02
Filing date: 2023-06-02
Publication date: 2023-09-19

Abstract

The invention discloses a data authority setting method, a device, equipment and a storage medium; in the scheme, the data authority is abstracted into the data rules, if the requirement of change is required, the dimensionality, the condition rule and the dimensionality fixed value in the data rules can be subjected to self-defined modification, so that the data authority can be adjusted without readjusting the codes by a developer, and the flexibility of setting the data authority is improved; in addition, the scheme can be used for butting a plurality of service parties, each service party can configure the data rule of the role for the user according to the requirement, and the coupling of the data authority setting is improved.

Description

Data authority setting method, device, equipment and storage medium

Technical Field

The present invention relates to the field of data authority setting, and more particularly, to a data authority setting method, apparatus, device, and storage medium.

Background

In the internet system, the rights are generally divided into functional rights and data rights, and the functional rights are more common, because of versatility and multiplexing, there are many general frameworks and designs in the industry. However, for the corresponding data authority, because the data authority is strongly dependent on the relationship between the client organization architecture and the specific service, the implementation is complex, and there is little design architecture which can be completely covered, so that most systems consistently adopt a policy of unnecessary independent control without data authority.

At present, the common data authority setting scheme is hard coding and is specifically divided into the following two types: firstly, splitting a functional page, namely adding a plurality of similar menus according to users with different data authorities in a copying mode, and setting different menus for the different users through functional authority configuration so as to realize control of the data authorities; and secondly, judging in a back-end interface corresponding to the function, and filtering different data lists for users with different data authorities to be transmitted to the users. The hard coding mode has the obvious advantages of low technical difficulty and simple realization. However, the above hard coding method cannot solve the problem of system flexibility no matter which one is selected, and whenever the system has an old requirement to be changed or a new requirement to be added, the corresponding developer has to adjust the code and modify the menu and the page, so that the development cost and the operation and maintenance cost of the hard coding are relatively high. Meanwhile, common general data authority control in industry is mainly used for single service, and service coupling degree is high, and the common general data authority control can be general and extensible at the current service client, but seamless access cannot be achieved at another service client.

Therefore, how to improve the flexibility and the coupling of the data authority setting is a problem to be solved by those skilled in the art.

Disclosure of Invention

The invention aims to provide a data authority setting method, a device, equipment and a storage medium, so as to improve the flexibility and the coupling of data authority setting.

In order to achieve the above object, the present invention provides a data authority setting method, including:

determining a target function of each service party;

setting a target dimension corresponding to each target function;

setting a target condition rule corresponding to the target dimension and a target dimension fixed value to obtain a data rule of each target function;

and setting a target data rule with a corresponding relation for each role, so that a user accesses a corresponding target function based on the target data rule of the role.

Preferably, after determining the target function of each service party, the method further includes:

and receiving a custom dimension selection item and/or a custom dimension fixed value selection item set by an administrator of the service party.

Preferably, the setting a target dimension corresponding to each target function includes:

and setting the target dimension of each target function based on the universal dimension selection item and/or the custom dimension selection item.

Preferably, setting a fixed value of the target dimension corresponding to the target dimension includes:

and setting a target dimension fixed value corresponding to the target dimension based on the universal dimension fixed value selection item and/or the custom dimension fixed value selection item.

Preferably, the user accesses the corresponding target function based on the target data rule of the role, including:

acquiring an access request; the access request is a request for a user to access a target function;

judging whether a target function interface corresponding to the access request is a permission interface or not;

if yes, determining data rules of all roles of the user, modifying the access request according to the data rules, and accessing a corresponding target function based on the modified access request.

Preferably, the determining the data rule of all roles of the user includes:

acquiring the context information of the access request;

and determining the data rules of all roles of the user according to the context information.

Preferably, said modifying said access request according to said data rule comprises:

if the access request uses an XML native sentence of MyBatis, the data rule is encapsulated into a corresponding SQL fragment, and the SQL fragment is injected into the access request;

if the access request uses a QueryWrapper mode of MyBatis-plus, the data rule is injected into the QueryWrapper condition of the access request.

To achieve the above object, the present invention further provides a data right setting device comprising:

the function determining module is used for determining the target function of each service party;

the first setting module is used for setting a target dimension corresponding to each target function;

the second setting module is used for setting a target condition rule corresponding to the target dimension and a target dimension fixed value to obtain a data rule of each target function;

and the third setting module is used for setting the target data rule with the corresponding relation for each role so that the user can access the corresponding target function based on the target data rule of the role.

To achieve the above object, the present invention further provides an electronic device including:

a memory for storing a computer program;

and the processor is used for realizing the steps of the data authority setting method when executing the computer program.

To achieve the above object, the present invention further provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the above-described data right setting method.

As can be seen from the above solutions, the data authority setting method, apparatus, device and storage medium provided by the embodiments of the present invention; in the scheme, the data authority setting scheme can be used for interfacing a plurality of service parties, when the data authority is set, the target functions of the service parties need to be determined, and corresponding target dimensions, target condition rules and target dimension fixed values need to be set for each target function so as to obtain the data rule of each target function, wherein the control range formed by the plurality of data authorities is the data authority; and then setting a target data rule with a corresponding relation for each role so that the user can access the corresponding target function based on the target data rule of the role. Therefore, after the data authority is abstracted into the data rule, if the requirement of change is required, the dimensionality, the condition rule and the dimensionality fixed value in the data rule can be subjected to self-defined modification, so that the data authority can be adjusted without readjusting the codes by a developer, and the flexibility of setting the data authority is improved; in addition, the scheme can be used for butting a plurality of service parties, each service party can configure the data rule of the role for the user according to the requirement, and the coupling of the data authority setting is improved.

Drawings

In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is an overall block diagram of a data rights arrangement scheme in a prior scheme;

FIG. 2 is a flowchart of a method for setting data rights according to an embodiment of the present invention;

FIG. 3 is a schematic view of a rights model disclosed in an embodiment of the present invention;

FIG. 4 is a schematic diagram of a data rule model according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of an overall model of data authority setting disclosed in an embodiment of the present invention;

fig. 6 is a schematic diagram of an overall flow of service access disclosed in an embodiment of the present invention;

FIG. 7 is a flowchart illustrating an overall data authority setting process according to an embodiment of the present invention;

FIG. 8 is a schematic diagram of a data authority setting device according to an embodiment of the present invention;

fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

Referring to fig. 1, an overall structure diagram of a data authority setting scheme in the existing scheme is shown; as can be seen from fig. 1, in the conventional scheme, data authority is set according to logic of function authority, and control is performed based on roles, in this manner, all service data to be controlled respectively correspond to different roles, different roles are given to users, and different data are displayed according to different roles owned by the users when the data are queried. The disadvantages of this solution are mainly:

1. the scheme determines the data authority based on the roles only, other control dimensions are lost, and certain data authority control requirements are difficult to realize, such as: the data authority of the same role in different departments is consistent, so that the data authority of the same role in different departments cannot be controlled respectively;

2. the operation is difficult, if the granularity of control is very fine and the control range is relatively large, a large number of role controls need to be established, and the problem of role explosion can occur;

3. the initial weighting workload is huge;

4. different service parties cannot be accessed quickly.

In order to solve the above problems, the present invention discloses a method, an apparatus, a device and a storage medium for setting data authority, and the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

Referring to fig. 2, a flow chart of a data authority setting method provided by an embodiment of the present invention includes:

s101, determining a target function of each service party;

specifically, the scheme can interface with a plurality of service parties, each service party needs to determine which functions need to control the data authority, in the scheme, the functions needing to access the data authority are called target functions, such as: if the business side considers that the function of checking the order needs to be controlled, the function of checking the order is a target function; the target function is the finest granularity of the data authority, and the scheme can be used for setting a plurality of target functions according to actual requirements in a self-defined mode, and is not particularly limited herein.

S102, setting a target dimension corresponding to each target function;

referring to fig. 3, a schematic view of a rights model is provided in an embodiment of the present invention; as can be seen from fig. 3, the scheme interfaces with multiple service parties, each service party includes multiple functions, and multiple dimensions are set for each function, in this scheme, the data authority actually controls each dimension, and the dimension ultimately corresponds to a screening field of service data of each function, and in this embodiment, the dimension includes not only roles, but also departments, posts, and so on. In the scheme, for distinguishing, the dimension corresponding to the target function is called a target dimension; because the service structures of different service parties are different, the scheme can set different dimensions in advance for different service parties, and can also provide a custom dimension option port for the service parties, and a manager of the service party can set the custom dimension option through the custom dimension option port so as to determine the target dimension through the custom dimension option when the rights are set.

S103, setting a target condition rule corresponding to a target dimension and a target dimension fixed value to obtain a data rule of each target function;

referring to fig. 4, a schematic diagram of a data rule model according to an embodiment of the present invention is provided; as can be seen from fig. 4, the condition rule includes at least: greater than, greater than or equal to, less than or equal to, contain, not equal to; in the present embodiment, for the purpose of discrimination, the condition rule set in the target dimension is referred to as a target condition rule. The target dimension fixed value is a specific value of a dimension, such as: the dimension is a department, and the dimension fixed value corresponding to the dimension is: department A; in this embodiment, in order to distinguish, the fixed dimension value corresponding to the target dimension is referred to as the fixed dimension value, and the fixed dimension value in this embodiment may also be set by user-defined by manual input. The data rule in this scheme is composed of: the data authority of the business data is controlled by a range formed by a plurality of data rules. For example: if the target function is "view order", and the function only allows staff of the a department to view, the target dimension corresponding to the target function is "department", the target condition rule corresponding to the target dimension is "equal", the target dimension fixed value corresponding to the target dimension is "a department", and after the target dimension, the target condition rule and the target dimension fixed value are set, one data rule of the target function can be obtained: staff in department a has the right to view the order data.

S104, setting a target data rule with a corresponding relation for each role so that the user can access the corresponding target function based on the target data rule of the role.

In this embodiment, after a plurality of data rules are set for each function, a data rule having a correspondence relationship with each character may be set, and in this embodiment, a data rule having a correspondence relationship with a character is referred to as a target data rule. After the setting, each role is hung with a plurality of data rules corresponding to each function, and when a user accesses a specific function, corresponding data is returned according to the data rules of the user roles. Referring to fig. 5, an overall model schematic diagram of the data authority setting provided by the embodiment of the present invention is shown in fig. 5, where after setting, each employee may have multiple roles, each role corresponds to multiple functions, each function has multiple dimensions, each dimension has multiple data rules, and an api (Application Programming Interface, application program interface) corresponding to the function is an interface for a user to access the functions. Referring to fig. 6, a schematic diagram of an overall flow of service access provided by an embodiment of the present invention is shown, by which it is seen that a product proposes an access requirement determining function and dimension, a data authority is configured at an operation management end by development, the data authority includes dimensions, expressions, fixed values, etc. of the function, and a provider configures a role to correspond to the data authority.

Specifically, in the scheme, after the login data authority configuration terminal is operated and the data rule of each role is set, when a user accesses a specific function, the corresponding data rule can be obtained according to the role of the user, and service data is assembled and returned according to the data rule. For example: the data rule is: the staff of the A department has the authority to view the order data, and the rule and the role 1 are set to be in a corresponding relation, so that when the user 1 of the B department with the role 1 views the order data, the data rule of the role 1 limits that only the staff of the A department can view the order data, and therefore the user 1 of the B department cannot acquire the order data.

In the scheme, according to most of service requirements, general models such as functions, dimensions, data rules and the like are abstracted, so that decoupling with specific services can be basically achieved, and most of requirement scenes are compatible. After the data authority is abstracted into the data rule, if the requirement is required to be changed, the dimensionality, the condition rule and the dimensionality fixed value in the data rule can be subjected to self-defined modification, so that the data authority can be adjusted without readjusting the codes by a developer, and the flexibility of setting the data authority is improved; in addition, the scheme can be used for butting a plurality of service parties, each service party can configure the data rule of the role for the user according to the requirement, and the coupling of the data authority setting is improved.

Based on the above embodiment, in this embodiment, after determining the target function of each service party, the method further includes: and receiving a custom dimension selection item and/or a custom dimension fixed value selection item set by an administrator of the service party. Correspondingly, in this embodiment, the target dimension of each target function may be set based on the generic dimension selection item and/or the custom dimension selection item. The target dimension fixed value corresponding to the target dimension may be set based on the generic dimension fixed value selection item and/or the custom dimension fixed value selection item.

Specifically, the general dimension option and the general dimension fixed value option include dimensions and dimension fixed values which can meet most service requirements, however, because service structures of different service parties are different, the general dimension and dimension fixed values may not meet specific service requirements, so in the scheme, an open port is provided for the service party, the service party can set custom dimension option and/or custom dimension fixed value option based on the port custom, each custom dimension option corresponds to one custom dimension, and each custom dimension fixed value option corresponds to one dimension fixed value; then the target dimension and the target dimension fixed value may be selected from the custom dimension option and the custom dimension fixed value option as well as from the generic dimension option and the generic dimension fixed value option when setting the data rule.

That is to say: according to the authority model, the operation configuration corresponds to a fixed value of a function used by the service in a dimension, and finally the configuration generates a data rule corresponding to the function; and then the system administrator of each service end defaults to assign all data control authorities under the function, the system administrator creates roles, and opens proper data authorities for each role. Furthermore, the scheme also provides an authority SDK (oftware Development Kit, software development kit), wherein the SDK is an access port of a service party, is a module for really realizing data authority setting and control, provides a user-defined dimension and a fixed value port, and the service party can use a user-defined dimension selection item and a user-defined dimension fixed value selection item to configure roles for the user as long as the port is realized by the service party, so that the dilemma that other data control devices are higher in coupling service and cannot support multiple applications (the application refers to services with different service backgrounds) is solved, and the multi-application universality is really realized.

Based on any of the above embodiments, in this embodiment, the process of accessing the corresponding target function by the user based on the target data rule of the role specifically includes the following: acquiring an access request; the access request is a request for a user to access a target function; judging whether a target function interface corresponding to the access request is a permission interface or not; if yes, determining data rules of all roles of the user, modifying the access request according to the data rules, and accessing the corresponding target function based on the modified access request.

Specifically, the SDK provides a custom annotation, the access party realizes that the annotation controls whether each specific functional interface is effective, if the interface is effective, the access to the interface is determined to need to control the data authority, and if the interface is not effective, the access to the interface is determined to not need to control the data authority; in this embodiment, the API configured by the operation management end by default controls the data authority, and may be closed by annotation, as shown in fig. 5, where the API corresponding to the function configured by the operation management end is an interface that needs to control the data authority, and in this embodiment, the interface that needs to control the data authority is referred to as an authority interface. Therefore, in the scheme, after the SDK intercepts the access request, the access request can be matched with the authority API configured by operation through regular, if the access request is not matched, the interface requested by the access request is not the authority interface of the controlled data authority, at the moment, the access request can be directly released, and the user is allowed to directly acquire the corresponding service data; if the access request is matched, the interface requested by the access request is the authority interface of the controlled data authority, the context information of the access request is required to be acquired at the moment, and the data rules of all roles of the user are determined according to the context information.

It should be noted that, the SDK has a context port, and the access party needs to implement this port, and according to the context of the current cached user encapsulation data authority, the role of the user can be determined according to the context, where the context includes a service structure, such as: including several departments, in particular what departments, etc.; when the SDK determines the data rule of all the roles of the user, the SDK can acquire the context information of the current access request according to the context port, and determine all the roles of the corresponding user according to the context information, thereby determining the data authority of all the roles, wherein the data authority is the data rule with the corresponding relationship with the roles.

In this embodiment, if the access request uses XML (Extensible Markup Language ) native statements of MyBatis, the data rule is encapsulated into corresponding SQL (Structured Query Language, database language) fragments, and the SQL fragments are injected into the access request; if the access request uses the query wrapper mode of MyBatis-plus, the data rule is injected into the query wrapper condition of the access request. The service side uses the data queried by the modified access request (SQL or QueryWrapper injected by SDK), namely the data after controlling the data authority. Wherein: myBatis is a Java-based (programming language) persistence layer framework that supports custom SQL, stored procedures, and high-level mapping. MyBatis-Plus: myBatis-Plus (opens new window) (MP for short) is a MyBatis (opens new window) enhancement tool, and only enhancement is performed on the basis of MyBatis without change, so that development is simplified and efficiency is improved.

It should be noted that, the SDK further has a rest interface built in the SDK, where the rest interface obtains the configuration of the data rights and configures the data rights, when the user administrator configures the data rights on the page, the user administrator requests to access the server, the server walks into the built-in interface according to the request of regular fuzzy matching, queries the data rights list and the dimension option, and after the user administrator configures the data rules of the role based on the dimension option, the user administrator reads the selected specific configuration result through the option port and invokes the built-in save interface to save the corresponding configuration result. Referring to fig. 7, an overall flow chart of data authority setting provided by an embodiment of the present invention is shown, where after a user logs in to view the data authority setting, the SDK invokes a server to obtain data authority configuration information, the server obtains data authority configuration of a service party according to parameters, the SDK encapsulates option information according to an open port, displays a data authority list on the page, the user configures authority according to content displayed on the page (a process of configuring authority includes a process of setting data rules for each role), the SDK encapsulates the configuration according to the open port, and the server saves corresponding data authority configuration and returns a configuration result to the user for viewing; if the user wants to check the specific function, the SDK calls the service side to acquire the SQL interface, the service side assembles the data authority configuration of the function, the SDK automatically splices and inquires the SQL, and the inquired service data is displayed.

It should be noted that, in the hard coding manner of the original scheme, the general flow of authority control for data needs to be performed by the service party is as follows: the business side needs review, product scheme review, technical side review (interactive review), code realization, test flow and publishing, and the business side needs to go through a complete development cycle flow and generally goes through a development cycle of 1 month for data authority control. When the company has a plurality of service parties and a plurality of application demands, each service application needs to realize a set of own data authority function, and the existing capability is not reused, so that the resource waste is caused. In this scheme, the general flow of authority control for data is required by the service party:

1. operating and configuring the function data authority to be controlled;

2. the service side accesses the SDK, the service dimension and the port are customized, and the functional interface of the authority control inquires the API provided by the SDK;

3. the administrator role controls the rights.

Therefore, the whole flow of the scheme can be completed within 1 day only by the cost of accessing the SDK, so that the cost is reduced rapidly and efficiently. Meanwhile, all systems in the company have a complete and unified authority control system. Specifically, the scheme abstracts the data authority control into individual data rules, and only needs to configure the data rules to configure the data authority, and has the main beneficial effects that:

1. the method has the advantages that most modules of the data authority are subjected to general abstraction, and quick copying, migration and access can be realized.

2. The data authority is multidimensional, common needs are controlled according to organization, roles and users, and when the service needs to control data at more than one angle, the corresponding model only needs to increase the dimension, and the data rule is set for the dimension.

3. The access is convenient, the service party only needs to access the provided SDK, inquires the function interface which needs to do authority control to use the API provided by the SDK, or marks the custom mark on the XML inquiry method.

The data authority setting device, the device and the storage medium provided by the embodiments of the present invention are described below, and the data authority setting device, the device and the storage medium described below and the data authority setting method described above may be referred to each other.

Referring to fig. 8, a schematic structural diagram of a data authority setting device according to an embodiment of the present invention includes:

a function determining module 11, configured to determine a target function of each service party;

a first setting module 12 for setting a target dimension corresponding to each target function;

the second setting module 13 is configured to set a target condition rule and a target dimension fixed value corresponding to the target dimension, so as to obtain a data rule of each target function;

a third setting module 14 is configured to set a target data rule having a corresponding relationship for each character, so that the user accesses a corresponding target function based on the target data rule of the character.

In another embodiment of the present invention, the apparatus further comprises:

the receiving module is used for receiving the custom dimension selection items and/or custom dimension fixed value selection items set by the administrator of the service party.

In another embodiment of the present invention, the first setting module is specifically configured to: and setting the target dimension of each target function based on the universal dimension selection item and/or the custom dimension selection item.

In another embodiment of the present invention, the second setting module is specifically configured to: and setting a target dimension fixed value corresponding to the target dimension based on the universal dimension fixed value selection item and/or the custom dimension fixed value selection item.

the acquisition module is used for acquiring the access request; the access request is a request for a user to access a target function;

the judging module is used for judging whether the target function interface corresponding to the access request is a permission interface or not; if yes, triggering a rule determining module;

a rule determining module for determining data rules of all roles of the user;

the modification module is used for modifying the access request according to the data rule;

and the access module is used for accessing the corresponding target function based on the modified access request.

In another embodiment of the present invention, the rule determining module is specifically configured to: acquiring the context information of the access request; and determining the data rules of all roles of the user according to the context information.

In another embodiment of the present invention, the modification module is specifically configured to: if the access request uses an XML native sentence of MyBatis, the data rule is encapsulated into a corresponding SQL fragment, and the SQL fragment is injected into the access request; if the access request uses the QueryWrapper mode of MyBatis-plus, the data rule is injected into the QueryWrapper condition of the access request.

Referring to fig. 9, an electronic device structure schematic diagram provided in an embodiment of the present invention includes:

a memory 21 for storing a computer program;

a processor 22 for implementing the steps of the data right setting method according to any of the method embodiments described above when executing the computer program.

In this embodiment, the device may be a server or a terminal device.

The device may include a memory 21, a processor 22, and a bus 23.

The memory 21 includes at least one type of readable storage medium including flash memory, a hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 21 may in some embodiments be an internal storage unit of the device, such as a hard disk of the device. The memory 21 may in other embodiments also be an external storage device of the device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the device. Further, the memory 21 may also include both an internal storage unit of the device and an external storage device. The memory 21 may be used not only for storing application software installed in the device and various types of data, such as program codes for executing a data authority setting method, and the like, but also for temporarily storing data that has been output or is to be output.

The processor 22 may in some embodiments be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor or other data processing chip for running program code or processing data stored in the memory 21, such as program code for performing a data authority setting method or the like.

The bus 23 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 9, but not only one bus or one type of bus.

Further, the device may also include a network interface 24, and the network interface 24 may optionally include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the device and other electronic devices.

Optionally, the device may further comprise a user interface 25, the user interface 25 may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 25 may further comprise a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the device and for displaying a visual user interface.

Fig. 9 shows only a device having components 21-25, and it will be understood by those skilled in the art that the configuration shown in fig. 9 is not limiting of the device and may include fewer or more components than shown, or may combine certain components, or a different arrangement of components.

In another embodiment of the present invention, a computer readable storage medium is disclosed, on which a computer program is stored, which when executed by a processor, implements the steps of the data right setting method described in any of the method embodiments above.

Wherein the storage medium may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A data authority setting method, characterized by comprising:

determining a target function of each service party;

setting a target dimension corresponding to each target function;

2. The data authority setting method according to claim 1, wherein after determining the target function of each service party, further comprising:

3. The data right setting method according to claim 2, wherein the setting of the target dimension corresponding to each target function includes:

4. The data right setting method according to claim 2, wherein setting a target dimension fixed value corresponding to the target dimension comprises:

5. The data authority setting method according to any one of claims 1 to 4, wherein the user accesses a corresponding target function based on a target data rule of a character, comprising:

6. The data right setting method according to claim 5, wherein the determining the data rule of all roles of the user includes:

acquiring the context information of the access request;

7. The data right setting method according to claim 5, wherein said modifying the access request according to the data rule includes:

8. A data right setting device, characterized by comprising:

9. An electronic device, comprising:

a memory for storing a computer program;

a processor for implementing the steps of the data right setting method according to any one of claims 1 to 7 when executing the computer program.

10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the data right setting method according to any of claims 1 to 7.