Object permission configuration method and device, electronic equipment and readable storage medium

By obtaining and utilizing target mapping relationships to determine the object set, the problem of low adaptability of process permission management in existing technologies is solved, and more efficient object permission configuration is achieved.

CN116257825BActive Publication Date: 2026-07-10CHINA CONSTRUCTION BANK +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA CONSTRUCTION BANK
Filing Date
2023-02-20
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

In existing technologies, separate coding is required to implement process permission management for new business scenarios, resulting in low adaptability and inability to guarantee the efficiency of process permission management.

Method used

In response to the object permission configuration request, the first target mapping relationship and the second target mapping relationship are obtained. Based on the target process identifier, the target stage number, the first target mapping relationship and the second target mapping relationship, the first object set and the second object set are determined, and the object permission is configured according to the target object identifier.

Benefits of technology

It improves the accuracy and efficiency of object permission configuration, overcomes the problem of low adaptability of process permission management, and ensures the efficiency of process permission management.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116257825B_ABST
    Figure CN116257825B_ABST
Patent Text Reader

Abstract

The object permission configuration method and device, the electronic device and the readable storage medium provided by the present disclosure can be applied to the technical field of computers and the technical field of financial technology. The object permission configuration method comprises: in response to receiving an object permission configuration request, obtaining a target first mapping relationship and a target second mapping relationship according to a target process identifier in the object permission configuration request, wherein the object permission configuration request further comprises a target link number and a request object identifier, and the target link number is associated with the target process identifier; determining a first object set and a second object set according to the target process identifier, the target link number, the target first mapping relationship and the target second mapping relationship; determining a target object set according to the first object set and the second object set, wherein the target object set comprises at least one target object identifier; and performing object permission configuration on a request object corresponding to the request object identifier according to the at least one target object identifier.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to the fields of computer technology and financial technology, and more specifically, to an object permission configuration method and apparatus, electronic device, computer-readable storage medium and computer program product. Background Technology

[0002] With the development of computer technology, various processes within enterprises are becoming increasingly complex. In order to ensure the normal operation of these processes, it is necessary to manage process permissions.

[0003] Workflow permission management can include at least one of the following: static mutual exclusion and dynamic mutual exclusion. Static mutual exclusion can refer to restricting a user from having one or more permissions simultaneously. Dynamic mutual exclusion can refer to restricting a user to performing tasks at one or more stages of the workflow.

[0004] In the process of realizing the present invention, the inventors discovered that the related technologies have at least the following problems: for new business scenarios, separate coding is required to implement process permission management, resulting in low adaptability and inability to guarantee the efficiency of process permission management. Summary of the Invention

[0005] In view of the above, this disclosure provides an object permission configuration method and apparatus, an electronic device, a computer-readable storage medium, and a computer program product.

[0006] According to one aspect of this disclosure, an object permission configuration method is provided, comprising:

[0007] In response to receiving an object permission configuration request, the first target mapping relationship and the second target mapping relationship are obtained according to the target process identifier in the object permission configuration request. The object permission configuration request also includes a target stage number and a request object identifier, and the target stage number is associated with the target process identifier.

[0008] Based on the above target process identifier, the above target step number, the above target first mapping relationship and the above target second mapping relationship, determine the first object set and the second object set;

[0009] Based on the first object set and the second object set mentioned above, a target object set is determined, wherein the target object set includes at least one target object identifier; and

[0010] Based on at least one target object identifier, configure object permissions for the request object corresponding to the aforementioned request object identifier.

[0011] According to embodiments of this disclosure, determining the first object set and the second object set based on the target process identifier, the target stage number, the first target mapping relationship, and the second target mapping relationship includes:

[0012] Based on the aforementioned target process identifier, the aforementioned target stage number, and the aforementioned first target mapping relationship, the aforementioned first object set is determined, wherein the aforementioned first object set includes at least one first object identifier; and

[0013] Based on the aforementioned target stage number, the aforementioned first target mapping relationship, and the aforementioned second target mapping relationship, the aforementioned second object set is determined, wherein the aforementioned second object set includes at least one second object identifier.

[0014] According to embodiments of this disclosure, the determination of the first object set based on the target process identifier, the target stage number, and the target first mapping relationship includes:

[0015] Based on the above target process identifier and the above target step number, at least one first auxiliary step number is determined;

[0016] Based on the aforementioned first mapping relationship and the aforementioned at least one first auxiliary step number, a first object identifier corresponding to each of the aforementioned at least one first auxiliary step number is determined, wherein each of the aforementioned at least one first object identifier has a corresponding first object; and

[0017] The first object set is determined based on the first object identifier corresponding to each of the at least one first auxiliary link number.

[0018] According to embodiments of this disclosure, determining the second object set based on the target link number, the first target mapping relationship, and the second target mapping relationship includes:

[0019] Based on the target process number and the second target mapping relationship, determine the target process identifier corresponding to the target process number.

[0020] Based on the above-mentioned second target mapping relationship and the above-mentioned target link identifier, at least one second auxiliary link number is determined;

[0021] Based on the aforementioned first mapping relationship and the aforementioned at least one second auxiliary link number, a second object identifier corresponding to each of the aforementioned at least one second auxiliary link number is determined, wherein each of the aforementioned at least one second object identifier has a corresponding second object; and

[0022] The set of second objects is determined based on the second object identifiers corresponding to at least one second auxiliary link number.

[0023] According to embodiments of this disclosure, determining the target object set based on the first object set and the second object set includes:

[0024] For each of the at least one first object identifiers mentioned above,

[0025] Based on the first object identifier, the at least one second object identifier is matched to obtain the matching result corresponding to each of the at least one second object identifier;

[0026] In response to the aforementioned matching result indicating that neither the first object identifier nor the at least one second object identifier matches successfully, the first object identifier is determined as the target object identifier, wherein the target object identifier has a corresponding target object; and

[0027] Based on the aforementioned target object identifiers, the aforementioned set of target objects is determined.

[0028] According to embodiments of this disclosure, configuring object permissions for the request object corresponding to the request object identifier based on at least one target object identifier includes:

[0029] The above request object identifier is matched with the above at least one target object identifier respectively to obtain the sub-matching results corresponding to each of the above at least one target object identifier;

[0030] The matching result is determined based on the sub-matching results corresponding to each of the above-mentioned at least one target object identifier;

[0031] If the above matching result indicates that the requested object identifier matches any of the at least one target object identifier, the execution of the object permission configuration request is prohibited; and

[0032] If the above matching result indicates that the above request object identifier does not match with at least one of the above target object identifiers, then the execution of the above object permission configuration request is permitted.

[0033] According to embodiments of this disclosure, the above-mentioned response to receiving an object permission configuration request, and obtaining the first target mapping relationship and the second target mapping relationship based on the target process identifier in the object permission configuration request, includes:

[0034] In response to receiving an object permission configuration request, based on the aforementioned target process identifier, the target first mapping relationship is determined from at least one candidate first mapping relationship; and

[0035] Based on the aforementioned target process identifier, the aforementioned target second mapping relationship is determined among at least one candidate second mapping relationship.

[0036] According to embodiments of this disclosure, the above method further includes:

[0037] Obtain the first mapping relationship and the second mapping relationship of the above targets from the data source.

[0038] According to embodiments of this disclosure, each of the at least one candidate first mapping relationship has a corresponding process identifier, and the candidate first mapping relationship includes at least one first key-value relationship, which is constructed in the following manner:

[0039] For each of the at least one first key-value relationship mentioned above,

[0040] In response to receiving the first service request, the process identifier in the first service request is used to determine the range of stage numbers corresponding to the process identifier; and

[0041] In response to receiving a second service request, the first key-value relationship between the link number and the object identifier in the second service request is determined, wherein the range of the link number includes the link number.

[0042] According to embodiments of this disclosure, each of the at least one candidate second mapping relationship has a corresponding process identifier, and the candidate second mapping relationship includes at least one second key-value relationship, which is constructed in the following manner:

[0043] Based on the above process identifiers, determine the object permission configuration rules and the range of stage numbers corresponding to the above process identifiers;

[0044] Based on the above object permission configuration rules, configure a stage identifier for each stage number corresponding to at least one stage number within the above stage number range; and

[0045] Based on the at least one stage number and the stage identifier corresponding to each of the at least one stage number, the second key-value relationship between the stage number and the stage identifier is determined.

[0046] According to another aspect of this disclosure, an object permission configuration apparatus is provided, comprising:

[0047] The acquisition module is used to respond to receiving an object permission configuration request, and to acquire the first target mapping relationship and the second target mapping relationship according to the target process identifier in the object permission configuration request. The object permission configuration request also includes a target step number and a request object identifier, and the target step number is associated with the target process identifier.

[0048] The first determining module is used to determine the first object set and the second object set based on the above target process identifier, the above target step number, the above target first mapping relationship and the above target second mapping relationship;

[0049] The second determining module is configured to determine a target object set based on the first object set and the second object set, wherein the target object set includes at least one target object identifier; and

[0050] The configuration module is used to configure object permissions for the request object corresponding to the above-mentioned request object identifier based on at least one target object identifier.

[0051] According to another aspect of this disclosure, an electronic device is provided, comprising:

[0052] One or more processors;

[0053] Memory, used to store one or more instructions.

[0054] When one or more of the above instructions are executed by one or more processors, the one or more processors cause the one or more processors to implement the method as described in this disclosure.

[0055] According to another aspect of this disclosure, a computer-readable storage medium is provided having executable instructions stored thereon, which, when executed by a processor, cause the processor to perform the methods described in this disclosure.

[0056] According to another aspect of this disclosure, a computer program product is provided, which includes computer-executable instructions that, when executed, are used to perform the methods described in this disclosure.

[0057] According to embodiments of this disclosure, since the first target mapping relationship and the second target mapping relationship are obtained based on the target process identifier in the object permission configuration request, the first target mapping relationship and the second target mapping relationship can correspond to the target process identifier, which is beneficial to improving the accuracy of subsequent object permission configuration. Furthermore, since the first object set and the second object set are determined based on the target process identifier, the target stage number, the first target mapping relationship, and the second target mapping relationship, and the target object set is determined based on the first object set and the second object set, by using at least one target object identifier, object permission configuration can be achieved for the request object corresponding to the request object identifier. Therefore, this at least partially overcomes the technical problem of low adaptability of process permission management in related technologies, which fails to guarantee the efficiency of process permission management, and improves the efficiency of object permission configuration. Attached Figure Description

[0058] The above and other objects, features and advantages of this disclosure will become clearer from the following description of embodiments with reference to the accompanying drawings, in which:

[0059] Figure 1 This illustration schematically shows a system architecture to which the object permission configuration method can be applied according to embodiments of the present disclosure;

[0060] Figure 2 A flowchart illustrating an object permission configuration method according to an embodiment of the present disclosure is shown schematically;

[0061] Figure 3A This illustration schematically shows an example diagram of a method for constructing at least one first key-value relationship according to an embodiment of the present disclosure;

[0062] Figure 3B This schematically illustrates an example diagram of a method for constructing at least one second key-value relationship according to an embodiment of the present disclosure;

[0063] Figure 3C This illustration schematically shows an example of a method for obtaining a first target mapping relationship and a second target mapping relationship based on a target process identifier in an object permission configuration request in response to receiving an object permission configuration request, according to an embodiment of the present disclosure.

[0064] Figure 4A This illustration schematically shows an example of a method for determining a first set of objects and a second set of objects based on a target process identifier, a target stage number, a first target mapping relationship, and a second target mapping relationship, according to an embodiment of the present disclosure.

[0065] Figure 4B This illustration schematically shows an example of a method for determining a first set of objects and a second set of objects based on a target process identifier, a target stage number, a first target mapping relationship, and a second target mapping relationship, according to another embodiment of this disclosure.

[0066] Figure 5 This illustration schematically shows an example diagram of a method for determining a target object set based on a first object set and a second object set according to an embodiment of the present disclosure;

[0067] Figure 6 This illustration schematically shows an example of a method for configuring object permissions for a request object corresponding to a request object identifier based on at least one target object identifier, according to an embodiment of the present disclosure.

[0068] Figure 7 A block diagram schematically illustrates an object permission configuration apparatus according to embodiments of the present disclosure; and

[0069] Figure 8A block diagram of an electronic device suitable for implementing an object permission configuration method according to an embodiment of the present disclosure is shown schematically. Detailed Implementation

[0070] The embodiments of the present disclosure will now be described with reference to the accompanying drawings. However, it should be understood that these descriptions are exemplary only and are not intended to limit the scope of the disclosure. In the following detailed description, numerous specific details are set forth to provide a thorough understanding of the embodiments of the present disclosure for ease of explanation. However, it will be apparent that one or more embodiments may be practiced without these specific details. Furthermore, descriptions of well-known structures and techniques are omitted in the following description to avoid unnecessarily obscuring the concepts of the present disclosure.

[0071] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit this disclosure. The terms “comprising,” “including,” etc., as used herein indicate the presence of the stated features, steps, operations, and / or components, but do not exclude the presence or addition of one or more other features, steps, operations, or components.

[0072] All terms used herein (including technical and scientific terms) have the meanings commonly understood by those skilled in the art, unless otherwise defined. It should be noted that the terms used herein are to be interpreted in a manner consistent with the context of this specification, and not in an idealized or overly rigid way.

[0073] When using expressions such as "at least one of A, B, and C," the expression should generally be interpreted in accordance with the meaning commonly understood by a person skilled in the art (e.g., "a system having at least one of A, B, and C" should include, but is not limited to, systems having A alone, having B alone, having C alone, having A and B, having A and C, having B and C, and / or having A, B, and C, etc.). Similarly, when using expressions such as "at least one of A, B, or C," the expression should generally be interpreted in accordance with the meaning commonly understood by a person skilled in the art (e.g., "a system having at least one of A, B, or C" should include, but is not limited to, systems having A alone, having B alone, having C alone, having A and B, having A and C, having B and C, and / or having A, B, and C, etc.).

[0074] In the technical solution disclosed herein, the acquisition, storage, and application of user personal information comply with the provisions of relevant laws and regulations, necessary confidentiality measures have been taken, and there is no violation of public order and good morals.

[0075] In the technical solution disclosed herein, the user's authorization or consent is obtained before acquiring or collecting the user's personal information.

[0076] Process access control refers to the process of dividing business operations into predefined tasks and roles, and executing these tasks according to predefined rules. Because internal enterprise processes are often complex and involve numerous steps, the rules for mutually exclusive permissions are diverse, making it impossible to apply a single set of rules to all business processes.

[0077] In terms of specific code implementation, the logic is usually fixed, but this cannot meet the needs of new business scenarios, which leads to repeated development and testing of the code, consuming resources and reducing code stability.

[0078] In related technologies, different dynamic mutual exclusion scenarios need to be numbered, and code segments applicable to each scenario need to be written. The coding method merely superficially integrates and encapsulates various dynamic mutual exclusion rules; in reality, their internal logic operates independently. When a new business scenario emerges, it's necessary to compare it with existing scenarios one by one. If it cannot be generalized, separate coding is required, resulting in low adaptability and failing to guarantee the efficiency of process permission management.

[0079] To at least partially address the technical problems existing in related technologies, this disclosure provides an object permission configuration method and apparatus, electronic device, and readable storage medium, which can be applied to the fields of computer technology and fintech. The object permission configuration method includes: in response to receiving an object permission configuration request, obtaining a first target mapping relationship and a second target mapping relationship based on a target process identifier in the object permission configuration request, wherein the object permission configuration request further includes a target stage number and a request object identifier, the target stage number being associated with the target process identifier; determining a first object set and a second object set based on the target process identifier, the target stage number, the first target mapping relationship, and the second target mapping relationship; determining a target object set based on the first object set and the second object set, wherein the target object set includes at least one target object identifier; and configuring object permissions for the request object corresponding to the request object identifier based on the at least one target object identifier.

[0080] It should be noted that the object permission configuration method and apparatus provided in this disclosure can be used in the fields of computer technology and fintech, such as in the field of network technology. The object permission configuration method and apparatus provided in this disclosure can also be used in any field other than computer technology and fintech, such as in the field of permission management. The application fields of the object permission configuration method and apparatus provided in this disclosure are not limited.

[0081] Figure 1 The illustration schematically depicts a system architecture to which the object permission configuration method can be applied according to embodiments of this disclosure. It should be noted that... Figure 1The examples shown are merely examples of system architectures that can be applied to the embodiments of this disclosure, in order to help those skilled in the art understand the technical content of this disclosure, but do not mean that the embodiments of this disclosure cannot be used in other devices, systems, environments or scenarios.

[0082] like Figure 1 As shown, the system architecture 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired or wireless communication links, or fiber optic cables, etc.

[0083] Users can interact with server 105 via network 104 using at least one of the first terminal device 101, second terminal device 102, and third terminal device 103 to receive or send messages, etc. Various communication client applications can be installed on the first terminal device 101, second terminal device 102, and third terminal device 103, such as shopping applications, web browser applications, search applications, instant messaging tools, email clients, social media platform software, etc. (for example only).

[0084] The first terminal device 101, the second terminal device 102, and the third terminal device 103 can be various electronic devices with displays and support web browsing, including but not limited to smartphones, tablets, laptops, and desktop computers.

[0085] Server 105 can be a server that provides various services, such as a backend management server that supports websites browsed by users using the first terminal device 101, the second terminal device 102, and the third terminal device 103 (this is just an example). The backend management server can analyze and process data such as received user requests, and feed back the processing results (such as web pages, information, or data obtained or generated according to user requests) to the terminal devices.

[0086] It should be noted that the object permission configuration method provided in this embodiment can generally be executed by server 105. Correspondingly, the object permission configuration device provided in this embodiment can generally be located in server 105. The object permission configuration method provided in this embodiment can also be executed by a server or server cluster that is different from server 105 and capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and / or server 105. Correspondingly, the object permission configuration device provided in this embodiment can also be located in a server or server cluster that is different from server 105 and capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and / or server 105.

[0087] Alternatively, the object permission configuration method provided in this embodiment of the present disclosure can also be executed by the first terminal device 101, the second terminal device 102, or the third terminal device 103, or by other terminal devices different from the first terminal device 101, the second terminal device 102, or the third terminal device 103. Correspondingly, the object permission configuration device provided in this embodiment of the present disclosure can also be located in the first terminal device 101, the second terminal device 102, or the third terminal device 103, or in other terminal devices different from the first terminal device 101, the second terminal device 102, or the third terminal device 103.

[0088] It should be understood that Figure 1 The number of terminal devices, networks, and servers shown is merely illustrative. Depending on implementation needs, any number of terminal devices, networks, and servers can be included.

[0089] It should be noted that the sequence numbers of the operations in the following methods are for descriptive purposes only and should not be considered as indicating the execution order of the operations. Unless explicitly stated otherwise, the method does not need to be executed in the exact order shown.

[0090] Figure 2 A flowchart illustrating an object permission configuration method according to an embodiment of the present disclosure is shown schematically.

[0091] like Figure 2 As shown, the object permission configuration method 200 includes operations S210 to S240.

[0092] In operation S210, in response to receiving an object permission configuration request, the first target mapping relationship and the second target mapping relationship are obtained according to the target process identifier in the object permission configuration request. The object permission configuration request also includes the target step number and the request object identifier, and the target step number is associated with the target process identifier.

[0093] In operation S220, the first object set and the second object set are determined based on the target process identifier, the target step number, the first target mapping relationship, and the second target mapping relationship.

[0094] In operation S230, a target object set is determined based on the first object set and the second object set, wherein the target object set includes at least one target object identifier.

[0095] In operation S240, based on at least one target object identifier, object permissions are configured for the request object corresponding to the request object identifier.

[0096] According to embodiments of this disclosure, code for generating an object permission configuration request can be pre-written into a first script. In response to detecting an object permission configuration operation initiated by a terminal device using a request object, the terminal device can run the first script to generate the object permission configuration request. The object permission configuration request may include a request object identifier. After generating the object permission configuration request, it can be sent to a server so that the server can configure object permissions for the request object corresponding to the request object identifier based on the object permission configuration request.

[0097] According to embodiments of this disclosure, an object permission configuration operation may refer to a requesting object selecting a target process among at least one predetermined process. In this case, the object permission configuration request may include a target process identifier. Each of the at least one predetermined process may have its own predetermined process identifier, which can be used to characterize different predetermined processes. In response to a requesting object selecting a target process among at least one predetermined process, the predetermined process identifier corresponding to the predetermined process selected by the requesting object can be determined as the target process identifier.

[0098] Alternatively, the object permission configuration operation can also refer to the requesting object selecting a target stage within a predefined stage corresponding to the target process. In this case, the object permission configuration request may include a target stage number. Each predefined process in at least one predefined process may have at least one predefined stage. Predefined stages can be obtained by modeling the predefined processes. For example, a predefined process may include an "application" stage and an "approval" stage. At least one predefined stage may each have a corresponding predefined stage number. The predefined stage number can be used to characterize different predefined stages. In response to the requesting object selecting a target stage within a predefined stage corresponding to the target process, the predefined stage number corresponding to the predefined stage selected by the requesting object can be determined as the target stage number.

[0099] According to embodiments of this disclosure, after receiving an object permission configuration request, a first target mapping relationship and a second target mapping relationship can be obtained based on the target process identifier in the object permission configuration request. At least one predetermined process identifier each has a corresponding first mapping relationship and a second mapping relationship. A first target mapping relationship can be determined from at least one first mapping relationship based on the target process identifier. The first target mapping relationship may include a first target key-value relationship. The first target key-value relationship can be used to represent the correspondence between a target stage number and a predetermined object identifier. A second target mapping relationship is determined from at least one second mapping relationship based on the target process identifier. The second target mapping relationship may include a second target key-value relationship. The second target key-value relationship can be used to represent the correspondence between a target stage number and a predetermined stage identifier.

[0100] According to embodiments of this disclosure, after obtaining the first target mapping relationship and the second target mapping relationship, a first object set can be determined based on the target process identifier, the target step number, and the first target mapping relationship. The first object set may include at least one first object identifier. The first object identifier can be used to characterize an object that has already processed a step in the target process. Alternatively, a second object set can be determined based on the target step number, the first target mapping relationship, and the second target mapping relationship. The second object set may include at least one second object identifier. The second object identifier can be used to characterize an object capable of repeatedly processing the target process.

[0101] According to embodiments of this disclosure, after obtaining a first object set and a second object set, a target object set can be determined based on the first object set and the second object set. For example, at least one first object identifier in the first object set and at least one second object identifier in the second object set can be matched to obtain at least one target object identifier. The target object set is determined based on the at least one target object identifier. The target object identifier can be used to characterize objects in the target process that cannot be processed.

[0102] According to embodiments of this disclosure, after obtaining the target object set, object permissions can be configured for the request object corresponding to the request object identifier based on at least one target object identifier. For example, the request object identifier can be matched with at least one target object identifier. If at least one target object identifier is identical to the request object identifier, the request object can be considered to lack the permission to process the target stage, and the execution of the object permission configuration request can be prohibited. If at least one target object identifier is not identical to the request object identifier, the request object can be considered to have the permission to process the target stage, and the execution of the object permission configuration request can be permitted.

[0103] According to embodiments of this disclosure, since the first target mapping relationship and the second target mapping relationship are obtained based on the target process identifier in the object permission configuration request, the first target mapping relationship and the second target mapping relationship can correspond to the target process identifier, which is beneficial to improving the accuracy of subsequent object permission configuration. Furthermore, since the first object set and the second object set are determined based on the target process identifier, the target stage number, the first target mapping relationship, and the second target mapping relationship, and the target object set is determined based on the first object set and the second object set, by using at least one target object identifier, object permission configuration can be achieved for the request object corresponding to the request object identifier. Therefore, this at least partially overcomes the technical problem of low adaptability of process permission management in related technologies, which fails to guarantee the efficiency of process permission management, and improves the efficiency of object permission configuration.

[0104] The following is for reference. Figure 3A , Figure 3B , Figure 3C , Figure 4A , Figure 4B , Figure 5 and Figure 6 The object permission configuration method 200 according to an embodiment of the present invention will be further described.

[0105] According to embodiments of this disclosure, at least one first key-value relationship may be constructed in the following manner.

[0106] For each of the at least one first key-value relationships, in response to receiving a first business request, the range of stage numbers corresponding to the process identifier is determined based on the process identifier in the first business request. In response to receiving a second business request, the first key-value relationship between the stage number and the object identifier is determined based on the stage number and the object identifier in the second business request, wherein the range of stage numbers includes the stage number.

[0107] According to embodiments of this disclosure, at least one candidate first mapping relationship may each have a corresponding process identifier. The candidate first mapping relationship may include at least one first key-value relationship.

[0108] According to embodiments of this disclosure, at least one candidate first mapping relationship each has a corresponding process identifier. The candidate first mapping relationship corresponding to the process identifier can be obtained by querying process approval records based on the process identifier.

[0109] According to embodiments of this disclosure, the code for generating a first service request can be pre-written into a second script. In response to detecting a first service operation initiated by an object using a terminal device, the terminal device can run the second script to generate the first service request. The first service request may include a process identifier. After generating the first service request, it can be sent to a server so that the server can determine the range of stage numbers corresponding to the process identifier based on the first service request.

[0110] According to embodiments of this disclosure, the code for generating a second service request can be pre-written into a third script. In response to detecting a second service operation initiated by an object using a terminal device, the terminal device can run the third script to generate the second service request. The second service request may include a stage number and an object identifier. After generating the second service request, it can be sent to a server so that the server can determine a first key-value relationship between the stage number and the object identifier based on the second service request.

[0111] According to embodiments of this disclosure, Table 1 below shows examples of candidate first mapping relationships corresponding to process identifier "α". The process identifier can be represented by "α", and the process sequence corresponding to process identifier "α" can be "stage 001 -> stage 002". In response to receiving a first business request, the stage number range "001~002" corresponding to process identifier "α" can be determined based on the process identifier "α" in the first business request. In response to receiving a second business request, a first key-value relationship between stage number "001" and object identifier "A" can be determined based on stage number "001" and object identifier "A" in the second business request. Alternatively, a first key-value relationship between stage number "002" and object identifier "B" can be determined based on stage number "002" and object identifier "B" in the second business request.

[0112] Process Identifier Step number Object identifier α 001 First α 002 Second

[0113] Table 1

[0114] Figure 3A The illustration shows an example schematic diagram of a method for constructing at least one first key-value relationship according to an embodiment of the present disclosure.

[0115] like Figure 3A As shown in 300A, during the process of constructing at least one first key-value relationship, for each first key-value relationship in the at least one first key-value relationship, in response to receiving a first business request 301, the range of stage numbers 302 corresponding to the process identifier 301_1 can be determined according to the process identifier 301_1 in the first business request 301.

[0116] In response to receiving the second service request 303, the first key-value relationship 304 between the link number 303_1 and the object identifier 303_2 can be determined based on the link number 303_1 and the object identifier 303_2 in the second service request 303.

[0117] According to embodiments of this disclosure, at least one second key-value relationship can be constructed in the following manner.

[0118] Based on the process identifier, determine the object permission configuration rules and the range of stage numbers corresponding to the process identifier. Based on the object permission configuration rules, configure stage identifiers for at least one stage number corresponding to the range of stage numbers. Based on the at least one stage number and the stage identifier corresponding to each of the at least one stage number, determine the second key-value relationship between the stage number and the stage identifier.

[0119] According to embodiments of this disclosure, at least one candidate second mapping relationship may each have a corresponding process identifier. The candidate second mapping relationship may include at least one second key-value relationship.

[0120] According to embodiments of this disclosure, object permission configuration rules may include at least one of the following: static mutual exclusion rules and dynamic mutual exclusion rules. A static mutual exclusion rule may refer to setting two permissions, restricting the object from simultaneously possessing both permissions when granting permissions to the same object. A dynamic mutual exclusion rule may refer to not imposing restrictions when granting permissions to an object, but rather, in actual business activities, restricting the object to perform tasks in only one or a few stages of the process.

[0121] According to embodiments of this disclosure, the candidate second mapping relationship may include a database table. Table 2 below shows an example of a candidate second mapping relationship corresponding to the process identifier "β". The process identifier can be represented by "β", and the process sequence corresponding to the process identifier "β" can be "stage 011 -> stage 012 -> stage 013 -> stage 014". Based on the process identifier "β", the object permission configuration rule "adjacent stages are not the same object" and the stage number range "011~014" corresponding to the process identifier "β" can be determined.

[0122] According to embodiments of this disclosure, based on the object permission configuration rule "adjacent steps are not the same object," step identifiers can be configured for at least one step number corresponding to the step number range "011-014." For example, step identifier "A" can be configured for step number "011," step identifier "B" for step number "012," step identifier "A" for step number "013," and step identifier "B" for step number "014." In this case, steps with the same step identifier can be processed by the same object, while steps with different step identifiers cannot be processed by the same object.

[0123] Process Identifier Step number Link identification β 011 A β 012 B β 013 A β 014 B

[0124] Table 2

[0125] Figure 3B The illustration shows an example schematic diagram of a method for constructing at least one second key-value relationship according to an embodiment of the present disclosure.

[0126] like Figure 3B As shown in 300B, during the process of constructing at least one second key-value relationship, the object permission configuration rule 306 and the stage number range 307 corresponding to the process identifier 305 can be determined based on the process identifier 305.

[0127] After obtaining the object permission configuration rule 306 and the stage number range 307, stage identifiers 309 can be configured for at least one stage number 308 corresponding to the stage number range 307 according to the object permission configuration rule 306.

[0128] After obtaining at least one stage number 308 and a stage identifier 309 corresponding to each stage number, a second key-value relationship 310 between the stage number 308 and the stage identifier 309 can be determined based on the at least one stage number 308 and the stage identifier 309 corresponding to each stage number.

[0129] According to embodiments of this disclosure, operation S210 may include the following operations.

[0130] In response to receiving an object permission configuration request, a target first mapping relationship is determined from at least one candidate first mapping relationship based on the target process identifier. A target second mapping relationship is determined from at least one candidate second mapping relationship based on the target process identifier.

[0131] According to embodiments of this disclosure, since each of the at least one candidate first mapping relationship has a corresponding process identifier, after receiving an object permission configuration request, a target first mapping relationship can be determined from the at least one candidate first mapping relationship based on the target process identifier in the object permission configuration request. The target first key-value relationship can be used to characterize the correspondence between the target stage number and the predetermined object identifier.

[0132] According to embodiments of this disclosure, since each of the at least one candidate second mapping relationship has a corresponding process identifier, upon receiving an object permission configuration request, a target second mapping relationship can be determined from the at least one candidate second mapping relationship based on the target process identifier in the object permission configuration request. The target second key-value relationship can be used to characterize the correspondence between a target stage number and a predetermined stage identifier.

[0133] According to embodiments of this disclosure, operation S210 may further include the following operations.

[0134] Obtain the first target mapping relationship and the second target mapping relationship from the data source.

[0135] According to embodiments of this disclosure, after determining the first target mapping relationship and the second target mapping relationship, the first target mapping relationship and the second target mapping relationship can be obtained from a data source. The method for obtaining the first target mapping relationship and the second target mapping relationship can be set according to actual business needs and is not limited here. For example, the first target mapping relationship can be obtained through real-time data collection. Alternatively, the second target mapping relationship can be obtained from a data source. The second data source can include at least one of the following: a local database, a cloud database, and network resources. For example, a data interface can be called to obtain the second target mapping relationship from the data source. Alternatively, the first target mapping relationship and the second target mapping relationship can be received from other terminal devices. Embodiments of this disclosure do not limit the method for obtaining the first target mapping relationship and the second target mapping relationship.

[0136] According to embodiments of this disclosure, since the target first mapping relationship is determined based on the target process identifier among at least one candidate first mapping relationship, the target first mapping relationship can characterize at least one first key-value relationship between the stage number and the object identifier. Furthermore, since the target second mapping relationship is determined based on the target process identifier among at least one candidate second mapping relationship, the target second mapping relationship can characterize at least one second key-value relationship between the stage number and the stage identifier. Based on this, rules for dynamic mutual exclusion of various permissions can be implemented through configuration, thereby improving the efficiency of object permission configuration.

[0137] According to embodiments of this disclosure, Table 3 below shows an example of a first target mapping relationship corresponding to a target process identifier "θ". The target process identifier can be represented by "θ", and the process sequence corresponding to the target process identifier "θ" can be "stage 011 -> stage 012 -> stage 013". The first target mapping relationship may include a first target key-value relationship between stage number "011" and object identifier "B", a first target key-value relationship between stage number "012" and object identifier "A", and a first target key-value relationship between stage number "013" and object identifier "C".

[0138] Process Identifier Step number Object identifier θ 011 Second θ 012 First θ 013 C

[0139] Table 3

[0140] According to embodiments of this disclosure, Table 4 below shows an example of a second target mapping relationship corresponding to a target process identifier "θ". The target process identifier can be represented by "θ", and the process sequence corresponding to the target process identifier "θ" can be "handling stage 011 -> handling stage 012 -> supervisory stage 013 -> handling stage 014 -> supervisory stage 015". The second target mapping relationship can include a second target key-value relationship between stage number "011" and stage identifier "A", a second target key-value relationship between stage number "012" and stage identifier "A", a second target key-value relationship between stage number "013" and stage identifier "B", a second target key-value relationship between stage number "014" and stage identifier "A", and a second target key-value relationship between stage number "015" and stage identifier "C".

[0141] Process Identifier Step number Link identification θ 011 A θ 012 A θ 013 B θ 014 A θ 015 C

[0142] Table 4

[0143] Figure 3C The illustration shows an example diagram of a method for obtaining a first target mapping relationship and a second target mapping relationship based on a target process identifier in an object permission configuration request in response to receiving an object permission configuration request, according to an embodiment of the present disclosure.

[0144] like Figure 3C As shown, in 300C, in response to receiving an object permission configuration request 311, a target first mapping relationship 313 can be determined from at least one candidate first mapping relationship 312 based on the target process identifier 311_1 in the object permission configuration request 311.

[0145] The target second mapping relationship 315 can be determined from at least one candidate second mapping relationship 314 based on the target process identifier 311_1 in the object permission configuration request 311.

[0146] According to embodiments of this disclosure, operation S220 may include the following operations.

[0147] Based on the target process identifier, target stage number, and target first mapping relationship, a first object set is determined, wherein the first object set includes at least one first object identifier. Based on the target stage number, target first mapping relationship, and target second mapping relationship, a second object set is determined, wherein the second object set includes at least one second object identifier.

[0148] According to embodiments of this disclosure, a target first mapping relationship can be determined based on a target process identifier. At least one first object identifier is determined based on the target stage number and the target first mapping relationship. The first object identifier can be used to characterize an object that has already been processed at a certain stage of the target process.

[0149] According to embodiments of this disclosure, a second target mapping relationship can be determined based on a target process identifier. At least one second object identifier is determined based on the target stage number, the first target mapping relationship, and the second target mapping relationship. The second object identifier can be used to characterize an object capable of repeatedly processing the target process.

[0150] Figure 4A The illustration shows an example diagram of a method for determining a first set of objects and a second set of objects based on a target process identifier, a target stage number, a first target mapping relationship, and a second target mapping relationship, according to an embodiment of the present disclosure.

[0151] like Figure 4A As shown, in 400A, in response to receiving an object permission configuration request 401, the target first mapping relationship 402 and the target second mapping relationship 403 can be obtained.

[0152] After obtaining the first target mapping relationship 402 and the second target mapping relationship 403, the first object set 404 can be determined based on the target process identifier 4011, the target stage number 4012, and the first target mapping relationship 402 in the object permission configuration request 401. The second object set 405 can be determined based on the target stage number 4012, the first target mapping relationship 402, and the second target mapping relationship 403 in the object permission configuration request 401.

[0153] According to embodiments of this disclosure, determining the first object set based on the target process identifier, the target stage number, and the target first mapping relationship may include the following operations.

[0154] Based on the target process identifier and the target step number, at least one first auxiliary step number is determined. Based on the target first mapping relationship and the at least one first auxiliary step number, a first object identifier corresponding to each of the at least one first auxiliary step number is determined, wherein each of the at least one first object identifier has a corresponding first object. Based on the first object identifiers corresponding to each of the at least one first auxiliary step number, a set of first objects is determined.

[0155] According to embodiments of this disclosure, the first object set can be used to characterize the object set that has been processed through the first auxiliary stage. The first auxiliary stage can refer to the stage in the target process that precedes the target stage corresponding to the target stage number. Combining the first target mapping relationship shown in Table 3 above and the second target mapping relationship shown in Table 4 above, taking the target process identifier as "θ" and the target stage number as "014" as an example.

[0156] According to an embodiment of the present disclosure, at least one first auxiliary link number "011", "012", and "013" can be determined according to the target process identifier "θ" and the target link number "014". According to the target first mapping relationship shown in Table 3 and at least one first auxiliary link number "011", "012", and "013", the first object identifier "B", the first object identifier "A" corresponding to the first auxiliary link number "012", and the first object identifier "C" corresponding to the first auxiliary link number "013" can be determined. In this case, a first object set can be determined according to the first object identifiers "B", "A", and "C". The first object set can be represented by {P}, that is, {P} = {A, B, C}.

[0157] According to an embodiment of the present disclosure, since the first object identifier is determined according to the target first mapping relationship and at least one first auxiliary link number, and the first auxiliary link number is determined according to the target process identifier and the target link number, the first object identifier can represent an object that has processed a certain link in the target process. On this basis, since the first object set is determined according to at least one first object identifier, the first object set can represent a set of objects that have processed the first auxiliary link, which is beneficial to determining the target object set according to the first object set and the second object set, and performing object permission configuration on the request object based on the target object set, thereby avoiding secondary development, saving development costs, reducing the operation and maintenance volume of the code and the possibility of code errors caused by frequently modifying the code, and further improving the accuracy of object permission configuration.

[0158] According to an embodiment of the present disclosure, determining the second object set according to the target link number, the target first mapping relationship, and the target second mapping relationship may include the following operations.

[0159] According to the target link number and the target second mapping relationship, determine the target link identifier corresponding to the target link number. According to the target second mapping relationship and the target link identifier, determine at least one second auxiliary link number. According to the target first mapping relationship and at least one second auxiliary link number, determine the second object identifier corresponding to each of at least one second auxiliary link number, where each of at least one second object identifier has a corresponding second object. Determine the second object set according to the second object identifier corresponding to each of at least one second auxiliary link number.

[0160] According to an embodiment of the present disclosure, the second object set can be used to represent a set of objects that can repeatedly process the target process. Taking the target process identifier as "θ" and the target link number as "014" in combination with the target first mapping relationship shown in Table 3 above and the target second mapping relationship shown in Table 4 above as an example.

[0161] According to embodiments of this disclosure, the target link identifier "A" corresponding to the target link identifier "014" can be determined based on the target link identifier "014" and the target second mapping relationship shown in Table 4 above. The second auxiliary link identifiers "011" and "012" can be determined based on the target second mapping relationship shown in Table 4 above and the target link identifier "A". The second object identifier "B" corresponding to the second auxiliary link identifier "011" and the second object identifier "A" corresponding to the second auxiliary link identifier "012" can be determined based on the target first mapping relationship and the second auxiliary link identifiers "011" and "012" shown in Table 3 above. In this case, the second object set can be determined based on the second object identifiers "B" and "A". The second object set can be represented using {Q}, i.e., {Q} = {A, B}.

[0162] According to embodiments of this disclosure, since the second object identifier is determined based on the target first mapping relationship and at least one second auxiliary step number, and the second auxiliary step number is determined based on the target second mapping relationship and the target step identifier, the second object identifier can characterize an object capable of repeatedly processing the target process. Furthermore, since the second object set is determined based on at least one second object identifier, the second object set can characterize a set of objects capable of repeatedly processing the target process. This facilitates subsequent determination of the target object set based on the first and second object sets, and configuration of object permissions for request objects based on the target object set. This avoids secondary development, saves development costs, reduces code maintenance workload and the possibility of frequent code modifications causing errors, thereby improving the accuracy of object permission configuration.

[0163] Figure 4B The illustration shows an example diagram of a method for determining a first set of objects and a second set of objects based on a target process identifier, a target stage number, a first target mapping relationship, and a second target mapping relationship, according to another embodiment of the present disclosure.

[0164] like Figure 4B As shown in 400B, in response to receiving an object permission configuration request 406, the target first mapping relationship 408 and the target second mapping relationship 411 can be obtained.

[0165] After obtaining the first target mapping relationship 408 and the second target mapping relationship 411, at least one first auxiliary step number 407 can be determined based on the target process identifier 4061 and the target step number 4062 in the object permission configuration request 406.

[0166] After obtaining at least one first auxiliary link number 407, the first object identifier 409 corresponding to each of the at least one first auxiliary link number 407 can be determined according to the target first mapping relationship 408 and the at least one first auxiliary link number 407.

[0167] After obtaining the first object identifier 409 corresponding to each of the at least one first auxiliary link number 407, the first object set 410 can be determined based on the first object identifier 409 corresponding to each of the at least one first auxiliary link number 407.

[0168] Based on the target link number 406_2 in the object permission configuration request 406 and the target second mapping relationship 411, the target link identifier 412 corresponding to the target link number 406_2 can be determined.

[0169] After obtaining the target link identifier 412, at least one second auxiliary link number 413 can be determined based on the target second mapping relationship 411 and the target link identifier 412.

[0170] After obtaining at least one second auxiliary link number 413, the second object identifier 414 corresponding to each of the at least one second auxiliary link number 413 can be determined according to the target first mapping relationship 408 and the at least one second auxiliary link number 413.

[0171] After obtaining the second object identifier 414 corresponding to each of the at least one second auxiliary link number 413, the second object set 415 can be determined based on the second object identifier 414 corresponding to each of the at least one second auxiliary link number 413.

[0172] According to embodiments of this disclosure, operation S230 may include the following operations.

[0173] For each of the at least one first object identifiers, at least one second object identifier is matched against it to obtain a matching result corresponding to each of the at least one second object identifier. In response to a matching result indicating that neither the first object identifier nor the at least one second object identifier matches successfully, the first object identifier is determined as the target object identifier, wherein the target object identifier has a corresponding target object. A set of target objects is then determined based on the target object identifier.

[0174] According to the embodiments of this disclosure, and combining the first target mapping relationship shown in Table 3 above and the second target mapping relationship shown in Table 4 above, taking the target process identifier as "θ", the target stage number as "014", the first object set {P} = {A, B, C}, and the second object set {Q} = {A, B} as an example.

[0175] According to an embodiment of the present disclosure, for the first object identifier "C" in the first object set {P}, the second object identifiers "A" and "B" in the second object set {Q} can be respectively matched according to the first object identifier "C" to obtain a matching result. In response to the case where the matching result indicates that the first object identifier "C" fails to match both the second object identifiers "A" and "B", the first object identifier "C" can be determined as the target object identifier. In this case, the target object set can be determined according to the target object identifier "C". The target object set can be used to represent the set of objects that cannot process the target link in the target process. The target object set can be represented by {R}, and by removing the second object set {Q} from the second object set {P}, that is, the target object set {R} = {P} - {Q} = {C}.

[0176] Figure 5 Schematically shows an example schematic diagram of a method for determining a target object set according to a first object set and a second object set according to an embodiment of the present disclosure.

[0177] As Figure 5 shown, in 500, at least one second object identifier 502 can be respectively matched according to the first object identifier 501 to obtain a matching result 503 corresponding to each of the at least one second object identifier 502. After obtaining the matching result 503, operation S510 can be performed.

[0178] In operation S510, does the matching result indicate that the first object identifier fails to match all of the at least one second object identifier?

[0179] If so, the first object identifier 501 can be determined as the target object identifier 504. The target object set 505 can be determined according to the target object identifier 504.

[0180] If not, the process of determining the target object set can be ended.

[0181] According to an embodiment of the present disclosure, operation S240 can include the following operations.

[0182] The request object identifier is respectively matched with at least one target object identifier to obtain a sub-matching result corresponding to each of the at least one target object identifier. According to the sub-matching results corresponding to each of the at least one target object identifier, a matching result is determined. In the case where the matching result indicates that the request object identifier matches any target object identifier among the at least one target object identifier, the execution of the object permission configuration request is prohibited. In the case where the matching result indicates that the request object identifier fails to match all of the at least one target object identifier, the execution of the object permission configuration request is permitted.

[0183] According to an embodiment of the present disclosure, taking the target first mapping relationship shown in Table 3 above and the target second mapping relationship shown in Table 4 above as an example, with the target process identifier being "θ", the target link number being "014", and the target object set {R} = {Bing}.

[0184] According to an embodiment of the present disclosure, the request object identifier can be matched with the target object identifier {Bing} to obtain a matching result. When the matching result indicates that the request object identifier matches the target object identifier {Bing} successfully, the execution of the object permission configuration request can be prohibited. When the matching result indicates that the request object identifier does not match the target object identifier {Bing} successfully, the execution of the object permission configuration request can be permitted.

[0185] According to an embodiment of the present disclosure, since the target object identifier is determined according to the first object identifier when the matching result indicates that the first object identifier does not match any of the at least one second object identifier, the target object identifier can represent an object that cannot process the target link in the target process. On this basis, since the target object set is determined according to the target object identifier, by respectively matching the request object identifier with at least one target object identifier to determine the matching result, the authentication of the object permission configuration request based on the target object set can be achieved, thereby improving the efficiency of object permission configuration.

[0186] Figure 6 Schematically shows an example diagram of a method for performing object permission configuration on a request object corresponding to a request object identifier according to at least one target object identifier according to an embodiment of the present disclosure.

[0187] As Figure 6 shown, in 600, the request object identifier 601 1 in the object permission configuration 601 can be respectively matched with at least one target object identifier 602 to obtain sub-matching results 603 corresponding to each of the at least one target object identifier.

[0188] After the sub-matching results 603 corresponding to each of the at least one target object identifier, the matching result 604 can be determined according to the sub-matching results 603 corresponding to each of the at least one target object identifier. After obtaining the matching result 604, operation S610 can be executed.

[0189] In operation S610, does the matching result indicate that the request object identifier matches any of the at least one target object identifier successfully? <00​​​​​​​The above are merely exemplary embodiments, but are not limited thereto. Other object permission configuration methods known in the art may also be included, as long as they can improve the efficiency and accuracy of object permission configuration.

[0193] Figure 7 A block diagram of an object permission configuration apparatus according to an embodiment of the present disclosure is shown schematically.

[0194] like Figure 7 As shown, the object permission configuration device 700 may include an acquisition module 710, a first determination module 720, a second determination module 730, and a configuration module 740.

[0195] The acquisition module 710 is used to respond to receiving an object permission configuration request, and to obtain the first target mapping relationship and the second target mapping relationship according to the target process identifier in the object permission configuration request. The object permission configuration request also includes the target step number and the request object identifier, and the target step number is associated with the target process identifier.

[0196] The first determining module 720 is used to determine the first object set and the second object set based on the target process identifier, the target step number, the first target mapping relationship, and the second target mapping relationship.

[0197] The second determining module 730 is used to determine a target object set based on the first object set and the second object set, wherein the target object set includes at least one target object identifier.

[0198] Configuration module 740 is used to configure object permissions for the request object corresponding to the request object identifier based on at least one target object identifier.

[0199] According to embodiments of this disclosure, the first determining module 720 may include a first determining unit and a second determining unit.

[0200] The first determining unit is used to determine a first object set based on the target process identifier, the target step number, and the target first mapping relationship, wherein the first object set includes at least one first object identifier.

[0201] The second determining unit is used to determine a second object set based on the target link number, the first target mapping relationship, and the second target mapping relationship, wherein the second object set includes at least one second object identifier.

[0202] According to embodiments of this disclosure, the first determining unit may include a first determining subunit, a second determining subunit, and a third determining subunit.

[0203] The first determining subunit is used to determine at least one first auxiliary step number based on the target process identifier and the target step number.

[0204] The second determining subunit is used to determine a first object identifier corresponding to each of the at least one first auxiliary link number, based on the target first mapping relationship and at least one first auxiliary link number, wherein each of the at least one first object identifier has a corresponding first object.

[0205] The third determining subunit is used to determine the first object set based on the first object identifier corresponding to each of the at least one first auxiliary link number.

[0206] According to embodiments of this disclosure, the second determining unit may include a fourth determining subunit, a fifth determining subunit, and a sixth determining subunit.

[0207] The fourth determining subunit is used to determine the target link identifier corresponding to the target link number based on the target link number and the second target mapping relationship.

[0208] The fifth determining subunit is used to determine at least one second auxiliary link number based on the target second mapping relationship and the target link identifier.

[0209] The sixth determining subunit is used to determine the second object identifier corresponding to each of the at least one second auxiliary link number based on the first target mapping relationship and at least one second auxiliary link number, wherein each of the at least one second object identifier has a corresponding second object.

[0210] The seventh determining subunit is used to determine the second object set based on the second object identifier corresponding to each of the at least one second auxiliary link number.

[0211] According to embodiments of this disclosure, for each of the at least one first object identifier, the second determining module 730 may include a first matching unit, a third determining unit, and a fourth determining unit.

[0212] The first matching unit is used to match at least one second object identifier according to the first object identifier, and obtain the matching result corresponding to each of the at least one second object identifier.

[0213] The third determining unit is used to determine the first object identifier as the target object identifier in response to the matching result indicating that neither the first object identifier nor at least one second object identifier is successfully matched, wherein the target object identifier has a corresponding target object.

[0214] The fourth determining unit is used to determine the set of target objects based on the target object identifier.

[0215] According to embodiments of this disclosure, the configuration module 740 may include a second matching unit, a fifth determining unit, a prohibition unit, and a permission unit.

[0216] The second matching unit is used to match the request object identifier with at least one target object identifier respectively, and obtain the sub-matching result corresponding to each of the at least one target object identifier.

[0217] The fifth determining unit is used to determine the matching result based on the sub-matching results corresponding to at least one target object identifier.

[0218] The prohibition unit is used to prohibit the execution of the object permission configuration request if the matching result indicates that the requested object identifier matches any of the at least one target object identifier.

[0219] The permission unit is used to grant permission to execute the object permission configuration request when the matching result indicates that the request object identifier and at least one target object identifier do not match successfully.

[0220] According to embodiments of this disclosure, the acquisition module 710 may include a sixth determining unit and a seventh determining unit.

[0221] The sixth determining unit is used to, in response to receiving an object permission configuration request, determine the target first mapping relationship from at least one candidate first mapping relationship based on the target process identifier.

[0222] The seventh determining unit is used to determine the target second mapping relationship among at least one candidate second mapping relationship based on the target process identifier.

[0223] According to embodiments of this disclosure, the acquisition module 710 may include an acquisition unit.

[0224] The acquisition unit is used to obtain the first target mapping relationship and the second target mapping relationship from the data source.

[0225] According to embodiments of this disclosure, at least one candidate first mapping relationship has a corresponding process identifier, and the candidate first mapping relationship includes at least one first key-value relationship.

[0226] According to embodiments of this disclosure, at least one first key-value relationship may be constructed in the following manner.

[0227] For each of the at least one first key-value relationships, in response to receiving a first business request, the range of stage numbers corresponding to the process identifier is determined based on the process identifier in the first business request. In response to receiving a second business request, the first key-value relationship between the stage number and the object identifier is determined based on the stage number and the object identifier in the second business request, wherein the range of stage numbers includes the stage number.

[0228] According to embodiments of this disclosure, at least one candidate second mapping relationship has a corresponding process identifier, and the candidate second mapping relationship includes at least one second key-value relationship.

[0229] According to embodiments of this disclosure, at least one second key-value relationship can be constructed in the following manner.

[0230] Based on the process identifier, determine the object permission configuration rules and the range of stage numbers corresponding to the process identifier. Based on the object permission configuration rules, configure stage identifiers for at least one stage number corresponding to the range of stage numbers. Based on the at least one stage number and the stage identifier corresponding to each of the at least one stage number, determine the second key-value relationship between the stage number and the stage identifier.

[0231] Any one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure, or at least part of the functions of any one or more of them, can be implemented in one module. Any one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure can be implemented by dividing them into multiple modules. Any one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure can be at least partially implemented as hardware circuitry, such as Field Programmable Gate Arrays (FPGAs), Programmable Logic Arrays (PLAs), Systems-on-Chip, Systems-on-Substrate, Systems-on-Package, Application-Specific Integrated Circuits (ASICs), or implemented in hardware or firmware by any other reasonable means of integrating or packaging circuitry, or implemented in software, hardware, or firmware, or in any suitable combination of any of these three implementation methods. Alternatively, one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure can be at least partially implemented as computer program modules, which, when run, can perform corresponding functions.

[0232] For example, any plurality of the acquisition module 710, the first determination module 720, the second determination module 730, and the configuration module 740 can be combined into one module / unit / subunit, or any one of these modules / units / subunits can be split into multiple modules / units / subunits. Alternatively, at least part of the functionality of one or more of these modules / units / subunits can be combined with at least part of the functionality of other modules / units / subunits and implemented in one module / unit / subunit. According to embodiments of the present disclosure, at least one of the acquisition module 710, the first determination module 720, the second determination module 730, and the configuration module 740 can be at least partially implemented as hardware circuitry, such as a field-programmable gate array (FPGA), a programmable logic array (PLA), a system-on-a-chip, a system-on-a-substrate, a system-on-package, an application-specific integrated circuit (ASIC), or any other reasonable means of integrating or packaging circuitry, or implemented in software, hardware, or firmware, or in any suitable combination of any of these three implementation methods. Alternatively, at least one of the acquisition module 710, the first determination module 720, the second determination module 730, and the configuration module 740 may be implemented at least partially as a computer program module, which can perform corresponding functions when the computer program module is run.

[0233] It should be noted that the object permission configuration device part in the embodiments of this disclosure corresponds to the object permission configuration method part in the embodiments of this disclosure. For a detailed description of the object permission configuration device part, please refer to the object permission configuration method part, which will not be repeated here.

[0234] Figure 8 A block diagram of an electronic device suitable for implementing an object permission configuration method according to an embodiment of the present disclosure is shown schematically. Figure 8 The electronic device shown is merely an example and should not be construed as limiting the functionality and scope of the embodiments disclosed herein.

[0235] like Figure 8 As shown, a computer electronic device 800 according to an embodiment of the present disclosure includes a processor 801, which can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 802 or a program loaded from a storage portion 809 into a random access memory (RAM) 803. The processor 801 may include, for example, a general-purpose microprocessor (e.g., a CPU), an instruction set processor and / or an associated chipset and / or a special-purpose microprocessor (e.g., an application-specific integrated circuit (ASIC)), etc. The processor 801 may also include onboard memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing different actions of the method flow according to an embodiment of the present disclosure.

[0236] RAM 803 stores various programs and data required for the operation of electronic device 800. Processor 801, ROM 802, and RAM 803 are interconnected via bus 804. Processor 801 performs various operations of the method flow according to embodiments of the present disclosure by executing programs in ROM 802 and / or RAM 803. It should be noted that the programs may also be stored in one or more memories other than ROM 802 and RAM 803. Processor 801 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in said one or more memories.

[0237] According to embodiments of this disclosure, the electronic device 800 may further include an input / output (I / O) interface 805, which is also connected to a bus 804. The electronic device 800 may also include one or more of the following components connected to the I / O interface 805: an input section 806 including a keyboard, mouse, etc.; an output section 807 including a cathode ray tube (CRT), liquid crystal display (LCD), etc., and a speaker, etc.; a storage section 808 including a hard disk, etc.; and a communication section 809 including a network interface card such as a LAN card, modem, etc. The communication section 809 performs communication processing via a network such as the Internet. A drive 810 is also connected to the I / O interface 805 as needed. A removable medium 811, such as a disk, optical disk, magneto-optical disk, semiconductor memory, etc., is installed on the drive 810 as needed so that computer programs read from it can be installed into the storage section 808 as needed.

[0238] According to embodiments of this disclosure, the method flow according to embodiments of this disclosure can be implemented as a computer software program. For example, embodiments of this disclosure include a computer program product comprising a computer program carried on a computer-readable storage medium, the computer program containing program code for performing the methods shown in the flowchart. In such embodiments, the computer program can be downloaded and installed from a network via communication section 809, and / or installed from removable medium 811. When the computer program is executed by processor 801, it performs the functions defined in the system of embodiments of this disclosure. According to embodiments of this disclosure, the systems, devices, apparatuses, modules, units, etc., described above can be implemented by computer program modules.

[0239] This disclosure also provides a computer-readable storage medium, which may be included in the device / apparatus / system described in the above embodiments; or it may exist independently and not assembled into the device / apparatus / system. The computer-readable storage medium carries one or more programs that, when executed, implement the method according to the embodiments of this disclosure.

[0240] According to embodiments of this disclosure, the computer-readable storage medium can be a non-volatile computer-readable storage medium. Examples include, but are not limited to: portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof. In this disclosure, the computer-readable storage medium can be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device.

[0241] For example, according to embodiments of this disclosure, a computer-readable storage medium may include the ROM 802 and / or RAM 803 described above and / or one or more memories other than ROM 802 and RAM 803.

[0242] Embodiments of this disclosure also include a computer program product comprising a computer program containing program code for performing the methods provided in the embodiments of this disclosure. When the computer program product is run on an electronic device, the program code is used to enable the electronic device to implement the object permission configuration method provided in the embodiments of this disclosure.

[0243] When the computer program is executed by the processor 801, it performs the functions defined in the system / apparatus of this disclosure embodiments. According to embodiments of this disclosure, the systems, apparatuses, modules, units, etc., described above can be implemented by computer program modules.

[0244] In one embodiment, the computer program may rely on a tangible storage medium such as an optical storage device or a magnetic storage device. In another embodiment, the computer program may also be transmitted and distributed in the form of signals over a network medium, and may be downloaded and installed via the communication section 809, and / or installed from a removable medium 811. The program code contained in the computer program can be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination thereof.

[0245] According to embodiments of this disclosure, program code for executing the computer programs provided in embodiments of this disclosure can be written in any combination of one or more programming languages. Specifically, these computational programs can be implemented using high-level procedural and / or object-oriented programming languages, and / or assembly / machine languages. Programming languages ​​include, but are not limited to, languages ​​such as Java, C++, Python, "C", or similar programming languages. The program code can execute entirely on the user's computing device, partially on the user's device, partially on a remote computing device, or entirely on a remote computing device or server. In cases involving remote computing devices, the remote computing device can be connected to the user's computing device via any type of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computing device (e.g., via the Internet using an Internet service provider).

[0246] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present disclosure. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram or flowchart, and combinations of blocks in a block diagram or flowchart, may be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions. Those skilled in the art will understand that the features recited in the various embodiments and / or claims of this disclosure can be combined and / or combined in various ways, even if such combinations or combinations are not expressly described in this disclosure. In particular, the features described in the various embodiments and / or claims of this disclosure may be combined and / or combined in various ways without departing from the spirit and teachings of this disclosure. All such combinations and / or combinations fall within the scope of this disclosure.

[0247] The embodiments of this disclosure have been described above. However, these embodiments are for illustrative purposes only and are not intended to limit the scope of this disclosure. Although various embodiments have been described above, this does not mean that the measures in the various embodiments cannot be used advantageously in combination. The scope of this disclosure is defined by the appended claims and their equivalents. Various substitutions and modifications can be made by those skilled in the art without departing from the scope of this disclosure, and all such substitutions and modifications should fall within the scope of this disclosure.

Claims

1. A method for configuring object permissions, comprising: In response to receiving an object permission configuration request, a first target mapping relationship and a second target mapping relationship are obtained based on the target process identifier in the object permission configuration request. The object permission configuration request also includes a target step number and a request object identifier. The target step number is associated with the target process identifier. The first target mapping relationship is used to represent the correspondence between the target step number and the predetermined object identifier. The second target mapping relationship is used to represent the correspondence between the target step number and the predetermined step identifier. Based on the target process identifier, the target step number and the target first mapping relationship, a first object set is determined, wherein the first object set is used to represent the object set that has been processed by the first auxiliary step, and the first object set includes at least one first object identifier; A second object set is determined based on the target process number, the first target mapping relationship, and the second target mapping relationship. The second object set is used to characterize the object set that can repeatedly process the target process. The second object set includes at least one second object identifier. For each of the at least one first object identifiers, the at least one second object identifier is matched according to the first object identifier to obtain a matching result corresponding to each of the at least one second object identifier; In response to the matching result indicating that the first object identifier and the at least one second object identifier are not matched successfully, the first object identifier is determined as the target object identifier, wherein the target object identifier has a corresponding target object; The target object set is determined based on the target object identifier; and Based on the at least one target object identifier, configure object permissions for the request object corresponding to the request object identifier.

2. The method according to claim 1, wherein, The step of determining the first object set based on the target process identifier, the target stage number, and the target first mapping relationship includes: Based on the target process identifier and the target step number, at least one first auxiliary step number is determined in the target second mapping relationship, and the first auxiliary step corresponding to the first auxiliary step number is the step in the target process that is located before the target step corresponding to the target step number. Based on the target first mapping relationship and the at least one first auxiliary link number, determine a first object identifier corresponding to each of the at least one first auxiliary link number, wherein each of the at least one first object identifier has a corresponding first object; and The first object set is determined based on the first object identifier corresponding to at least one of the first auxiliary link numbers.

3. The method according to claim 2, wherein, The step of determining the second object set based on the target link number, the first target mapping relationship, and the second target mapping relationship includes: Based on the target stage number and the second target mapping relationship, determine the target stage identifier corresponding to the target stage number; Based on the target second mapping relationship and the target link identifier, at least one second auxiliary link number with the same target link identifier as the target link number is determined, and the second auxiliary link corresponding to the second auxiliary link number has the same target link identifier as the target link number; Based on the target first mapping relationship and the at least one second auxiliary link number, determine the second object identifier corresponding to each of the at least one second auxiliary link number, wherein each of the at least one second object identifier has a corresponding second object; and The second object set is determined based on the second object identifier corresponding to each of the at least one second auxiliary link number.

4. The method according to any one of claims 1 to 3, wherein, The step of configuring object permissions for the request object corresponding to the request object identifier based on the at least one target object identifier includes: The request object identifier is matched with the at least one target object identifier to obtain sub-matching results corresponding to each of the at least one target object identifier; The matching result is determined based on the sub-matching results corresponding to each of the at least one target object identifier; If the matching result indicates that the requested object identifier matches any of the at least one target object identifier, the execution of the object permission configuration request is prohibited; and If the matching result indicates that the requested object identifier and the at least one target object identifier do not match successfully, the execution of the object permission configuration request is permitted.

5. The method according to claim 1, wherein, The step of responding to receiving an object permission configuration request and obtaining the first target mapping relationship and the second target mapping relationship based on the target process identifier in the object permission configuration request includes: In response to receiving an object permission configuration request, the target first mapping relationship is determined from at least one candidate first mapping relationship based on the target process identifier; and Based on the target process identifier, the target second mapping relationship is determined from at least one candidate second mapping relationship.

6. The method according to claim 5, further comprising: Obtain the first target mapping relationship and the second target mapping relationship from the data source.

7. The method according to claim 5 or 6, wherein, Each of the at least one candidate first mapping relationship has a corresponding process identifier, and the candidate first mapping relationship includes at least one first key-value relationship, which is constructed in the following way: For each of the at least one first key-value relationships, In response to receiving a first service request, the range of stage numbers corresponding to the process identifier is determined based on the process identifier in the first service request; as well as In response to receiving a second service request, the first key-value relationship between the stage number and the object identifier is determined based on the stage number and object identifier in the second service request, wherein the stage number range includes the stage number.

8. The method according to claim 5 or 6, wherein, Each of the at least one candidate second mapping relationship has a corresponding process identifier, and the candidate second mapping relationship includes at least one second key-value relationship, which is constructed in the following way: Based on the process identifier, determine the object permission configuration rules and the range of stage numbers corresponding to the process identifier; According to the object permission configuration rules, configure a process identifier for at least one process number corresponding to the process number range; as well as The second key-value relationship between the at least one stage number and the stage identifier corresponding to each of the at least one stage number is determined.

9. An object permission configuration device, comprising: The acquisition module is used to respond to receiving an object permission configuration request, and to acquire a first target mapping relationship and a second target mapping relationship based on the target process identifier in the object permission configuration request. The object permission configuration request also includes a target step number and a request object identifier. The target step number is associated with the target process identifier. The first target mapping relationship is used to represent the correspondence between the target step number and the predetermined object identifier. The second target mapping relationship is used to represent the correspondence between the target step number and the predetermined step identifier. The first determining unit is configured to determine a first object set based on the target process identifier, the target step number, and the target first mapping relationship, wherein the first object set is used to characterize the object set that has been processed by the first auxiliary step, and the first object set includes at least one first object identifier; The second determining unit is configured to determine a second object set based on the target stage number, the target first mapping relationship, and the target second mapping relationship, wherein the second object set is used to characterize a set of objects capable of repeatedly processing the target process, and the second object set includes at least one second object identifier; the first matching unit is configured to match the at least one second object identifier for each of the at least one first object identifier, based on the first object identifier, to obtain a matching result corresponding to each of the at least one second object identifier; The third determining unit is configured to determine the first object identifier as the target object identifier in response to the matching result indicating that the first object identifier and the at least one second object identifier have not been successfully matched, wherein the target object identifier has a corresponding target object; The fourth determining unit is used to determine the target object set and, based on the target object identifier, the target object set. The configuration module is used to configure object permissions for the request object corresponding to the request object identifier based on the at least one target object identifier.

10. An electronic device, comprising: One or more processors; Memory, used to store one or more instructions. When the one or more instructions are executed by the one or more processors, the one or more processors cause the one or more processors to implement the method of any one of claims 1 to 8.

11. A computer-readable storage medium having executable instructions stored thereon, which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 8.

12. A computer program product comprising computer-executable instructions, which, when executed, are used to implement the method of any one of claims 1 to 8.