Method, device, electronic device and computer program product for configuring a permissions menu

By configuring M primary roles and generating secondary roles in the ALG system of the air transport industry, the problem of inconsistent user permission configuration was solved, the precise matching and security management of permission menus were achieved, and the uniformity and controllability of user permissions were ensured.

CN122241670APending Publication Date: 2026-06-19TRAVELSKY TECHNOLOGY LIMITED

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
TRAVELSKY TECHNOLOGY LIMITED
Filing Date
2026-03-18
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

In existing ALG systems in the air transport industry, the lack of a unified standard for user permission configuration leads to inconsistent permission granularity, chaotic naming, and logical conflicts. Furthermore, changes in user roles can easily result in data leaks or permission mismatches, making it impossible to effectively manage the display of permission menus and their matching with users.

Method used

By obtaining the business type configuration of the target organization, M first roles are configured, role demotion instructions are received to adjust permissions, M groups of second roles are generated, and Q target second roles are extracted from the M groups of second roles according to the menu configuration instructions. The permission menu is configured to be displayed to the target users to ensure the accuracy and security of permission matching.

Benefits of technology

It improves the accuracy and security of matching permission menus, avoids inconsistencies in permissions and data leaks, and achieves uniformity and traceability in permission management.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122241670A_ABST
    Figure CN122241670A_ABST
Patent Text Reader

Abstract

This application discloses a method, apparatus, electronic device, and computer program product for configuring a permission menu. Relating to the field of aviation information technology, the method includes: obtaining the business types set by a target organization; configuring M first roles according to the business types; receiving a role demotion instruction; adjusting the permissions of each first role according to the role demotion instruction to obtain M groups of second roles, wherein the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role; receiving a menu configuration instruction; extracting Q target second roles from the M groups of second roles according to the menu configuration instruction; and configuring a permission menu according to the Q target second roles, wherein the permission menu is a page that displays permissions to the target user. This application solves the technical problem in related technologies where the permission menu displayed to the user is inconsistent with the user's matching permissions.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of aviation information technology, and more specifically, to a method, apparatus, electronic device, and computer program product for configuring a permission menu. Background Technology

[0002] With the deepening of information technology development in the air transport industry, the Passenger Service System (PSS), as a core business support platform for aviation organizations, is widely used in key business processes such as flight management and ticket booking. The Open Universal Control Front-End (Airline GUI, ALG), as the front-end application of the PSS system, provides a unified access point for multiple accounts. Its stability and security directly affect the daily operational efficiency and user data security of aviation organizations.

[0003] Currently, the user permission control mechanism in the ALG system relies on each aviation organization for self-maintenance. Although the system provides role permission configuration functions, it lacks standardized constraints on role definitions. Significant differences exist in the internal organizational structure, departmental setup, and job responsibilities of each organization, resulting in a lack of unified standards for configuring user role permissions. Organizations arbitrarily add or delete functional modules and adjust button permissions based on subjective needs, leading to inconsistent permission granularity, naming confusion, and logical conflicts for the same business function across different organizations. Furthermore, in scenarios such as changes in user positions, if organizations fail to promptly identify and modify the original role permissions, it can easily result in newly appointed staff still accessing sensitive business data, causing serious data leaks or security risks due to a mismatch between rights and responsibilities.

[0004] Furthermore, when the ALG system adds or removes a business function, the permission configuration for each account must be manually adjusted one by one, and the visibility and operation permissions for that function must be set for each organization separately. This process is not only time-consuming and labor-intensive, but also highly susceptible to human error, resulting in some organizations having missing functions or unauthorized access, leading to inconsistent permission coverage.

[0005] There is currently no effective solution to the technical problem that the permission menu displayed to users in related technologies is inconsistent with the permissions matched by the users. Summary of the Invention

[0006] The main objective of this application is to provide a method, apparatus, electronic device, and computer program product for configuring a permission menu, so as to solve the technical problem in the related art that the permission menu displayed to the user is inconsistent with the user's permissions.

[0007] To achieve the above objectives, according to one aspect of this application, a method for configuring a permission menu is provided. The method includes: obtaining the business types set by the target organization; configuring M first roles according to the business types, where M is a positive integer; receiving a role demotion instruction; adjusting the permissions of each first role according to the role demotion instruction to obtain M groups of second roles, where each group of second roles corresponds to one first role, and the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role; receiving a menu configuration instruction; extracting Q target second roles from the M groups of second roles according to the menu configuration instruction, where Q is less than M and Q is a positive integer; configuring a permission menu according to the Q target second roles, where the permission menu is a page that displays permissions to the target user.

[0008] Optionally, configuring M first roles according to business type includes: extracting business permission data configured by the target organization from the business type to obtain M sets of business permission data, wherein each set of business permission data is used to indicate the business permission scope of each first role; obtaining role templates, configuring the role templates according to the M sets of business permission data to obtain M first roles.

[0009] Optionally, the permissions of each first role are adjusted according to the role demotion instruction to obtain M groups of second roles, including: for a first role, obtaining a set of business permission data corresponding to the first role, and extracting N business permission data from the set of business permission data, where N is a positive integer; receiving Y functional information of the first role configured by the target organization, and extracting business permission data from the N business permission data according to each functional information to obtain Y groups of business permission data, where Y is a positive integer; obtaining a role template, and configuring the role template according to each set of business permission data to obtain a group of second roles associated with the first role.

[0010] Optionally, extracting Q target second roles from M groups of second roles according to the menu configuration instructions includes: parsing the menu configuration instructions to obtain the user information of the target user; extracting organizational information from the user information, wherein the organizational information refers to the department category of the target user in the target organization; obtaining the department category corresponding to each first role, and extracting Q first roles from the M first roles according to the organizational information and the M department categories; and filtering Q target second roles from the Q groups of second roles corresponding to the Q first roles according to the user information.

[0011] Optionally, obtaining the permission menu based on the configuration of the Q target second roles includes: obtaining Q groups of business permission data for the first roles corresponding to the Q target second roles, and performing a union calculation on the Q groups of business permission data to obtain G business permission data, where G is a positive integer; obtaining a resource database, and extracting resource data from the resource database based on the G business permission data; and configuring the target menu with resources based on the resource data to obtain the permission menu.

[0012] Optionally, the target menu is obtained as follows: P first menus are constructed based on each set of business permission data, resulting in Q sets of first menus, where each set of first menus includes P first menus, and P is a positive integer; for a target second role, a set of weighted business permission data corresponding to the target second role is obtained, and sub-menus associated with the first menu corresponding to the target second role are constructed based on each set of weighted business permission data; a page template is obtained, and the page template is configured according to the sub-menus corresponding to the Q sets of first menus to obtain the target menu.

[0013] Optionally, after configuring M first roles according to business type, the method further includes: receiving a permission adjustment instruction, determining the role to be adjusted according to the permission adjustment instruction, wherein the permission adjustment instruction refers to an instruction to adjust the business permission data of the role to be adjusted; extracting change parameters from the permission adjustment instruction, adjusting a set of business permission data of the role to be adjusted according to the change parameters, and obtaining the updated business permission data.

[0014] To achieve the above objectives, according to another aspect of this application, a permission menu configuration device is provided. The device includes: an acquisition unit, configured to acquire the business type set by a target organization, and configure M first roles according to the business type, where M is a positive integer; a first receiving unit, configured to receive a role demotion instruction, and adjust the permissions of each first role according to the role demotion instruction to obtain M groups of second roles, wherein each group of second roles corresponds to one first role, and the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role; a second receiving unit, configured to receive a menu configuration instruction, and extract Q target second roles from the M groups of second roles according to the menu configuration instruction, where Q is less than M and Q is a positive integer; and a configuration unit, configured to configure a permission menu according to the Q target second roles, wherein the permission menu is a page that displays permissions to the target user.

[0015] According to another aspect of the present invention, a computer-readable storage medium is also provided, the computer-readable storage medium including a stored executable program, wherein, when the executable program is running, a configuration method for controlling the device where the computer-readable storage medium is located to execute any of the above-mentioned permission menus is provided.

[0016] According to another aspect of the present invention, an electronic device is also provided, including one or more processors and a memory, the memory storing an executable program, and the processor for running the program, wherein when the one or more programs are executed by the one or more processors, the one or more processors implement any of the above-described permission menu configuration methods.

[0017] According to another aspect of the present invention, a computer program product is also provided, the computer program product including a computer program, wherein when the computer program is executed by a processor, it implements the configuration method of any of the above-mentioned permission menus.

[0018] In this embodiment, a permission menu configuration method is adopted. By obtaining the business type set by the target organization, M first roles are configured according to the business type, where M is a positive integer. A role demotion instruction is received, and the permissions of each first role are adjusted according to the instruction to obtain M groups of second roles. Each group of second roles corresponds to one first role, and the role permission data of each second role in each group is a subset of the role permission data of each first role. A menu configuration instruction is received, and Q target second roles are extracted from the M groups of second roles, where Q is less than M and Q is a positive integer. A permission menu is configured based on the Q target second roles. The permission menu points to a page displaying permissions to the target user. This solves the technical problem in related technologies where the permission menu displayed to the user does not match the user's permissions. By configuring first roles according to the business type set by the target organization, adjusting the permissions of each first role to obtain second roles, and configuring the permission menu based on the selected target second roles, the technical effect of improving the matching accuracy and security of the permission menu is achieved. Attached Figure Description

[0019] The accompanying drawings, which form part of this application, are used to provide a further understanding of this application. The illustrative embodiments and descriptions of this application are used to explain this application and do not constitute an undue limitation of this application. In the drawings:

[0020] Figure 1 This is a hardware structure block diagram of a computer terminal (or mobile device) for implementing a configuration method for a permissions menu;

[0021] Figure 2 This is a flowchart of a permission menu configuration method provided according to an embodiment of this application;

[0022] Figure 3 This is a schematic diagram of a configuration system for optional permission menus provided according to embodiments of this application;

[0023] Figure 4This is a schematic diagram of an optional permission menu configuration method provided according to an embodiment of this application;

[0024] Figure 5 This is a schematic diagram of a permission menu configuration device provided according to an embodiment of this application;

[0025] Figure 6 This is a structural block diagram of an electronic device according to an embodiment of this application. Detailed Implementation

[0026] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative effort should fall within the scope of protection of the present application.

[0027] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0028] It should be noted that all information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for display, data used for analysis, etc.) involved in this application are information and data authorized by the user or fully authorized by all parties. For example, this system has interfaces with relevant users or organizations to provide users with corresponding operation data for them to choose to agree to or refuse automated decision-making results. Before obtaining relevant information, a request for obtaining the information needs to be sent to the aforementioned user or organization through the interface, and the relevant information is obtained after receiving consent from the aforementioned user or organization; if the user chooses to refuse, the expert decision-making process is initiated. Users can view the purpose of data use in real time through authorization decoding and have the right to withdraw authorization or delete data at any time. After the authorization is withdrawn, the system will terminate the relevant data processing within 24 hours.

[0029] It should be noted that the information collected in this application is information and data authorized by the user or fully authorized by all parties, and the collection, storage, use, processing, transmission, provision, disclosure and application of the relevant data all comply with the relevant laws, regulations and standards of the relevant regions, take necessary confidentiality measures, do not violate public order and good morals, and provide corresponding operation access points for users to choose to authorize use or refuse use.

[0030] Example 1

[0031] According to an embodiment of this application, a method embodiment for configuring a permission menu is also provided. It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions. Although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in a different order than that shown here.

[0032] The method embodiment provided in Embodiment 1 of this application can be executed on a mobile terminal, computer terminal, or similar computing device. Figure 1 This is a hardware structure block diagram of a computer terminal (or mobile device) used to implement a permission menu configuration method, such as... Figure 1 As shown, computer terminal 10 (or mobile device) may include one or more ( Figure 1 The processor 102 (which may include, but is not limited to, a microprocessor MCU (Microcontroller Unit) or a programmable gate array (FPGA)) is shown as 102a, 102b, ..., 102n. It also includes a memory 104 for storing data and a transmission device 106 for communication functions. In addition, it may include: a display, an input / output interface, a Universal Serial Bus (USB) port (which may be included as one of the ports of a BUS bus), a network interface, a keyboard, a cursor control device, a power supply, and / or a camera. Those skilled in the art will understand that... Figure 1 The structure shown is for illustrative purposes only and does not limit the structure of the aforementioned electronic device. For example, computer terminal 10 may also include... Figure 1 The more or fewer components shown, or having the same Figure 1 The different configurations shown.

[0033] It should be noted that the aforementioned one or more processors 102 and / or other data processing circuits are generally referred to herein as "data processing circuits". These data processing circuits may be embodied, in whole or in part, in software, hardware, firmware, or any other combination thereof. Furthermore, the data processing circuits may be a single, independent processing module, or may be integrated, in whole or in part, into any other element within the computer terminal 10 (or mobile device). As involved in the embodiments of this application, the data processing circuits serve as a processor control mechanism (e.g., selection of a variable resistor termination path connected to an interface).

[0034] The memory 104 can be used to store software programs and modules of application software, such as the program instructions / data storage device corresponding to the permission menu configuration method in this embodiment. The processor 102 executes various functional applications and data processing by running the software programs and modules stored in the memory 104, thereby implementing the above-mentioned permission menu configuration method. The memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include memory remotely located relative to the processor 102, and these remote memories can be connected to the computer terminal 10 via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

[0035] The transmission device 106 is used to receive or send data via a network. Specific examples of the network described above may include a wireless network provided by the communication provider of the computer terminal 10. In one example, the transmission device 106 includes a network interface controller (NIC) and a network interface, which can be connected to other network devices via a base station to communicate with the Internet. In another example, the transmission device 106 may be a radio frequency (RF) module, used for wireless communication with the Internet.

[0036] The display can be, for example, a touchscreen liquid crystal display (LCD), which allows the user to interact with the user interface of the computer terminal 10 (or mobile device).

[0037] Under the aforementioned operating environment, this application provides the following: Figure 2 The configuration method for the permissions menu is shown. Figure 2 This is a flowchart of a permission menu configuration method provided according to an embodiment of this application, such as... Figure 2 As shown, the method includes the following steps:

[0038] Step S201: Obtain the business type set by the target organization, and configure M first roles according to the business type, where M is a positive integer.

[0039] It should be noted that the target organization can refer to an aviation organization that requires access control. The business type refers to a business function category defined by the target organization and based on aviation industry standards, such as "ticketing operations," "reservation management," "fare publication," and "system management." Each business type represents a set of business operations with highly related functional logic and clearly defined responsibilities. The first role refers to a user role with fixed access scope derived from the above business types. It is not directly assigned to users within the target organization but exists as a "permission baseline." The access content of each first role consists of all first-level menus and corresponding resources (such as buttons, fields, and tabs) under a business type. For example, the first role corresponding to the "ticketing operations" business type includes resources such as "refund button," "ticket printing," and "rescheduling confirmation."

[0040] When a target organization needs to modify permissions, the first step is to obtain the organization's business type. Then, based on the business type, the corresponding business permission data can be extracted. Finally, the corresponding first role can be constructed using the corresponding business permission data. For example, business type: "ticket operation" → corresponding first role ST_BIZ_TKT (ticket operator), thus obtaining the corresponding first role; business type: "fare publication" → corresponding first role ST_BIZ_RATE (fare publisher); business type: "system management" → corresponding first role ST_ADMIN (permission administrator).

[0041] Step S202: Receive a role demotion instruction, adjust the permissions of each first role according to the role demotion instruction, and obtain M groups of second roles. Each group of second roles corresponds to one first role, and the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role.

[0042] It should be noted that a role reduction instruction refers to a permission reduction request initiated by the target organization. For example, under the "Ticket Operator" role (the first role), unchecking the "Bulk Refund" button while retaining functions such as "One-Way Refund" and "Ticket Printing" is a one-way reduction, meaning it does not add resources not included in the first role. The second role, also known as a reduced role, is a subset of roles with a smaller permission scope, generated based on the first role. This role serves as a "tailored version" of the first role, and its permission data originates from the corresponding first role. Furthermore, a first role can generate multiple second roles to adapt to the refined needs of different positions (e.g., ordinary ticket clerk, senior ticket clerk, intern ticket clerk).

[0043] When a command is received to reduce the permissions of a first role, a new second role can be generated for each first role, thereby configuring permissions of different granularities for different employees in the target organization.

[0044] Step S203: Receive menu configuration instructions, and extract Q target second roles from the second roles in group M according to the menu configuration instructions, where Q is less than M and Q is a positive integer.

[0045] When it is necessary to configure permission menus for target users in a target organization, the first step is to receive a menu configuration instruction initiated by the target organization. Then, based on the instruction, multiple second roles matching the target user's work number can be obtained. For example, if the target user's work number is associated with two permissions, "ordinary ticket operation" and "reservation inquiry", the target second role obtained at this time is the two second roles corresponding to the above two permissions.

[0046] Step S204: Obtain the permission menu based on the Q target second role configurations, where the permission menu is a page that displays permissions to the target user.

[0047] Specifically, after obtaining the target second role matched with the target user, the business permission data corresponding to these target second roles can be aggregated and assembled into a set of functional navigation and operation controls according to a three-level menu structure (i.e., level 1 → level 2 → level 3), which is the permission menu. For example, firstly, the business permission data of all target second roles is merged, then a navigation tree is built based on the resources (which may include buttons, fields, menu items, etc.) corresponding to the business permission data, and finally, a complete page containing only the elements that the user has the right to access is rendered.

[0048] The permission menu configuration method provided in this application embodiment obtains the business type set by the target organization, configures M first roles according to the business type, where M is a positive integer; receives a role demotion instruction, adjusts the permissions of each first role according to the role demotion instruction, and obtains M groups of second roles, where each group of second roles corresponds to one first role, and the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role; receives a menu configuration instruction, extracts Q target second roles from the M groups of second roles according to the menu configuration instruction, where Q is less than M and Q is a positive integer; and configures a permission menu according to the Q target second roles, where the permission menu is a page that displays permissions to the target user. This solves the technical problem in related technologies where the permission menu displayed to the user is inconsistent with the user's matching permissions. By configuring first roles according to the business type set by the target organization, adjusting the permissions of each first role to obtain second roles, and configuring the permission menu according to the selected target second roles, the technical effect of improving the matching accuracy and security of the permission menu is achieved.

[0049] Optionally, in the permission menu configuration method provided in this application embodiment, configuring M first roles according to business type includes: extracting business permission data configured by the target organization from the business type to obtain M sets of business permission data, wherein each set of business permission data is used to indicate the business permission scope of each first role; obtaining role templates, configuring the role templates according to the M sets of business permission data to obtain M first roles.

[0050] Specifically, after obtaining the business types set by the target organization, since business types refer to core functional categories defined based on the division of labor in the aviation industry, such as "ticket operation", "reservation management", and "fare publication", the corresponding business permission data can be extracted from the above business types. For example, if the target organization has opened two business types, "ticket operation" and "system management", then its configured business permission data is the permission data corresponding to the above two business types. Among them, the business permission data records the permission scope included in different business types. For example, the "ticket operation" group includes "refund button", "rescheduling menu", "printing permission", etc., which are the functions that can be accessed.

[0051] Furthermore, after obtaining multiple sets of business permission data, role templates can be obtained first. Then, based on each set of business permission data, resources that are not related to the business type in the template are filtered out, and only the business-related parts are retained to form a specific, complete, and assignable role instance, thereby obtaining the corresponding first role. The permission scope of each role precisely corresponds to a business type, ensuring the consistency of the permission structure and realizing the customization of permissions due to differences in organizational business, avoiding errors and inconsistencies caused by manually creating roles.

[0052] This embodiment obtains the first role by configuring it according to business permission data. This ensures that the permission scope of each first role is strictly derived from the preset standard template and fully matches the actual business needs of the target organization. This not only guarantees the uniformity and security of the permission system, but also avoids redundancy and deviation from manual configuration. It provides a reliable, standardized and manageable permission baseline for the subsequent creation of roles with reduced permissions.

[0053] Optionally, in the permission menu configuration method provided in this application embodiment, adjusting the permissions of each first role according to the role demotion instruction to obtain M groups of second roles includes: for a first role, obtaining a set of business permission data corresponding to the first role, extracting N business permission data from the set of business permission data, where N is a positive integer; receiving Y functional information of the first role configured by the target organization, extracting business permission data from the N business permission data according to each functional information to obtain Y groups of business permission data, where Y is a positive integer; obtaining a role template, configuring the role template according to each set of business permission data to obtain a group of second roles associated with the first role.

[0054] Specifically, after obtaining multiple primary roles, if it is necessary to adjust the permissions of a certain primary role, the first step is to obtain a set of business permission data contained in the primary role. Then, from the business permission data of the primary role, select functional units that can be further de-authorized and can be used independently. Each unit corresponds to a specific permission item, thereby breaking down all the permissions of the primary role into independent and operable units, providing a basis for precise control of permissions.

[0055] Furthermore, functional information refers to the job responsibilities defined by the target organization for different positions under the first role, such as "general ticket clerk" and "reviewer," with each function representing a specific job purpose. After obtaining multiple functional information for the first role, the set of permission items belonging to that position can be selected based on this functional information, thus obtaining multiple sets of business permission data. For example, "general ticket clerk" retains 5 business permission data, and "reviewer" retains 3 business permission data, forming 2 independent sets of permission data. Through the division of job functions, the permissions of the first role are divided according to actual work needs, so that each function corresponds to a unique set of permissions. Finally, the structural framework (i.e., role template) used to quickly generate roles is configured through each set of business permission data to obtain a set of second roles associated with the first role.

[0056] This embodiment generates independent second roles based on the permissions corresponding to different functions, making the structure of each de-authorized role consistent. This avoids format confusion or permission mismatch caused by manually creating roles, and realizes refined and responsibility-oriented de-authorization operations for the first role. This ensures that each second role truly reflects the actual work needs of different positions within the target organization, guaranteeing the accuracy of permission control while maintaining the standardization and traceability of role generation.

[0057] Optionally, in the permission menu configuration method provided in this application embodiment, extracting Q target second roles from M groups of second roles according to the menu configuration instruction includes: parsing the menu configuration instruction to obtain user information of the target user; extracting organizational information from the user information, wherein the organizational information refers to the department category of the target user in the target organization; obtaining the department category corresponding to each first role, and extracting Q first roles from the M first roles according to the organizational information and the M department categories; and filtering Q target second roles from the Q groups of second roles corresponding to the Q first roles according to the user information.

[0058] Specifically, after obtaining multiple sets of second roles corresponding to each first role, if it is necessary to configure permission menus for the target user, the menu configuration instruction can first be parsed upon receipt to obtain the target user's user information. This user information can refer to records associated with the target user's work ID, including account name, department, and job title. Then, the department category of the target user within the target organization is extracted from this user information, i.e., organizational information is obtained. The department category can refer to the functional type of the department, such as "ticketing operations," "system management," or "customer service." By identifying the user's department, it is determined which business scope their job responsibilities fall under, providing a basis for subsequently matching a suitable first role.

[0059] Furthermore, the department category corresponding to each primary role is obtained. For example, the primary role of "Ticket Operator" matches departments such as "Ticketing Department" and "Settlement Department." Then, based on the organizational information and the department category corresponding to the primary role, at least one primary role is extracted from the primary roles to prevent role mismatch and improve authorization efficiency and accuracy. Finally, based on the user information, the specific weighted role that is completely matched with the user's position and is ultimately assigned to the user is selected from the secondary roles corresponding to the selected primary roles. This is the target secondary role.

[0060] This embodiment automatically and accurately matches de-authorized roles during the user authorization stage by filtering the target second role based on department category. This avoids the mismatch, overreach, or insufficient permissions that may occur when manually selecting roles, thus improving the security of permission allocation.

[0061] Optionally, in the permission menu configuration method provided in this application embodiment, configuring the permission menu according to Q target second roles includes: obtaining Q groups of business permission data for the first roles corresponding to the Q target second roles, and performing a union calculation on the Q groups of business permission data to obtain G business permission data, where G is a positive integer; obtaining a resource database, and extracting resource data from the resource database according to the G business permission data; configuring resources for the target menu according to the resource data to obtain the permission menu.

[0062] Specifically, after obtaining the target second role matched with the target user, in order to configure the permission menu, the business permission data of the first role corresponding to each target second role can be obtained first. Then, the business permission data of the corresponding first role is summarized and deduplicated to form a complete permission list, thereby obtaining multiple business permission data.

[0063] Furthermore, after acquiring the resource database storing all resources, resource data is extracted from the resource database based on the summarized business permission data. Each resource in the resource database corresponds to attributes such as resource name, visibility, usage scope, and read / write type. Resource data refers to permission units that can be displayed or invoked by the front end, such as the front-end button for the "refund button," back-end interface, and permission identifier, providing data support for page rendering. Finally, resource configuration is performed on the target menu based on the resource data. That is, based on the extracted resource data, it is determined item by item which menu items and function buttons should appear on the interface and which should be hidden. A complete menu structure is dynamically assembled according to the hierarchical relationship, resulting in a permission menu that only contains functions that the user has permission to access and does not display or load functions that the user does not have permission for. The target menu refers to the interface framework seen by the user after logging in, which can include a first-level, second-level, and third-level menu tree.

[0064] This embodiment converts permission data into visual interface elements, enabling the precise construction of the permission menu when a user logs in. This ensures that the interface content seen by the user is consistent with their actual authorization, avoiding interference or misoperation caused by the display of redundant functions, and preventing the omission of authorization functions. It achieves a complete closed loop of permission control from backend configuration to frontend display.

[0065] Optionally, in the permission menu configuration method provided in this application embodiment, the target menu is obtained in the following way: P first menus are constructed according to each group of business permission data to obtain Q groups of first menus, wherein each group of first menus includes P first menus, and P is a positive integer; for a target second role, a set of weighted business permission data corresponding to the target second role is obtained, and sub-menus associated with the first menu corresponding to the target second role are constructed according to each set of weighted business permission data; a page template is obtained, and the page template is configured according to the sub-menus corresponding to the Q groups of first menus to obtain the target menu.

[0066] Before constructing the permission menu, the target menu also needs to be configured. Specifically, after obtaining multiple sets of business permission data matching the target user, a first menu (i.e., a level-one menu) can be constructed based on each set of business permission data, thus obtaining multiple sets of first menus. It should be noted that the configured menu can be divided according to functional hierarchy. The first-level menu represents a business permission data (such as "order management"), and the second- or third-level menus are its subordinate functional items. Each first menu is a complete, unweighted menu tree.

[0067] Furthermore, after obtaining the first menu, a set of weighted business permission data corresponding to the target second role can be acquired. This means obtaining the set of permission items retained by the second role (the weighted role) after some resources have been deleted from the first role. Then, based on each set of weighted business permission data, sub-menus associated with the first menu corresponding to the target second role are constructed, i.e., second- or third-level menus are built. Finally, based on the sub-menus corresponding to each first menu, a fixed structural framework (i.e., page template) for displaying menus and functions is configured. This involves merging the sub-menu structures of the target second role and filling them into the page template to obtain the target menu. The page template may include a navigation bar layout, menu containers, etc.

[0068] This embodiment constructs a target menu to achieve a hierarchical access control menu. This ensures that every menu item seen by the user after logging in undergoes strict access control verification. The structure is clear and conforms to system specifications, avoiding the problem of disconnect between access control and interface display. It also achieves secure, accurate, and non-redundant presentation of multi-role permissions within a unified interface framework.

[0069] Optionally, in the permission menu configuration method provided in this application embodiment, after configuring M first roles according to business type, the method further includes: receiving a permission adjustment instruction, determining the role to be adjusted according to the permission adjustment instruction, wherein the permission adjustment instruction refers to an instruction to adjust the business permission data of the role to be adjusted; extracting change parameters from the permission adjustment instruction, adjusting a set of business permission data of the role to be adjusted according to the change parameters, and obtaining updated business permission data.

[0070] Specifically, when it is necessary to delete or add permissions for a certain primary role, a permission adjustment instruction can be received to modify the permissions of a certain role. Then, the role whose permissions need to be modified can be determined based on the instruction. Then, change parameters indicating the specific modification content can be extracted from the above permission adjustment instruction, such as setting "ID number display" to invisible, etc. Then, the business permission data of the role to be adjusted can be adjusted according to the change parameters to obtain the updated business permission data.

[0071] This embodiment achieves controllable and traceable permissions by modifying the permissions of the first role, thereby synchronously affecting all second roles derived from this role, reducing the global permission maintenance cost, and ensuring the uniformity and timeliness of the permission system.

[0072] This application also provides a permission menu configuration system. Figure 3 This is a schematic diagram of a configuration system for optional permission menus provided according to embodiments of this application, such as... Figure 3 As shown, the system includes: a menu and resource module, a first role permission module, a second role permission module, and an authorization module. The system can execute an optional permission menu configuration method. Figure 4 This is a schematic diagram illustrating an optional permission menu configuration method provided according to an embodiment of this application, such as... Figure 4 As shown, the method includes:

[0073] When a target user needs to view the permission menu generated based on business permission data in the aviation system, after the target user logs in and passes authentication, the system first obtains the target user's matching first and second roles. Since the second role is maintained by the organization administrator, and there are no users in the target organization who can reduce the administrator's privileges, the administrator is specially handled; this standard role can enter the aviation system without needing to reduce privileges. Therefore, after filtering out first roles not configured in the aviation system, it is necessary to determine if the target user is an organization administrator. If the target user is an organization administrator, the system directly obtains the business permission data for the organization administrator's first role and generates the permission menu based on the resources corresponding to this data. Conversely, if the target user is not an organization administrator, the system obtains the target user's matching second role, then filters out first roles without a configured second role, and determines if a second role belonging to the aviation system exists. If a second role belonging to the aviation system exists, the system obtains the corresponding reduced-privilege business permission data and generates the permission menu based on this data; otherwise, the target user's login to the aviation system is denied.

[0074] For example, after the target user's identity is verified, the binding information of the target user's work number is queried. The query results show that the target user belongs to organization A, the department is "Ticketing Operations Department", the first bound role is "Ticket Operator", and the second role "Ordinary Ticketing Staff" has been authorized under the first role. Then, based on the binding relationship, the reduced business permission data of the second role "Ordinary Ticketing Staff" is extracted. The second role comes from the first role, and the original permissions include "Order Inquiry", "Refund", "Reschedule", and "ID Number Display", etc. However, when the second role was created, the permission administrator has canceled the permissions for the "Reschedule" and "ID Number Display" resources.

[0075] Furthermore, the resource database is accessed, and the complete resource data is queried one by one according to the aforementioned permissions. Resource data includes resource name, URL (Uniform Resource Locator), visibility, scope of use, and read / write type. The URL determines whether a menu item has permission; the scope of use controls the refresh of permissions for the first role; visibility controls the online and offline status of functions; and read / write type distinguishes whether the functions controlled by the resource will write data. For example, the "Refund" resource is "visible" and its scope of use is "all"; the "ID Number Display" resource is "invisible" and is not displayed. Then, based on the first-level menu "Order Management" associated with the first role "Ticket Operator," sub-menus are filtered layer by layer according to the hierarchical structure: the first-level menu "Order Management" is retained and displayed; the second-level menus "Query" and "Refund" are retained because their corresponding resources are visible; "Reschedule" is hidden because its resource is invisible; and only authorized items are retained for the third-level menus and buttons. Finally, the page template is invoked, and the filtered menu and resource data are injected into the template to generate the current user's operation interface, which is the permission menu. The menu displays buttons such as "Order Inquiry", "Refund", and "Fare View", but there is no "Reschedule" entry and no ID number field. All functions are within the permission scope of the "Ordinary Ticket Agent" second role.

[0076] Further, check if the user has the permissions of an administrator. The target user is a regular business user, not a "Ticketing Administrator" (first role), therefore no special login logic is enabled; authorization from a second role is required to access the system. If the second role is not authorized, login is denied with the message "No valid permissions." If the "Electronic Ticket Verification" function is implemented and added to the "Order Management" menu with a "Visible" status and "All" scope, it can be added to the business permission data of the "Ticket Operator" (first role). The target user can then synchronize this new resource upon their next login, and the "Electronic Ticket Verification" button will appear on the interface without manual intervention.

[0077] When a target user is transferred to the "Customer Service Department," their account information will be updated to "Customer Service Representative." When the target user logs in again, the permission menu will be regenerated based on their newly bound first role "Customer Service Representative" and corresponding second role. The original second role "Regular Ticketing Staff" will be unbound, and the interface will switch entirely to the customer service function view, with all original ticketing functions disappearing.

[0078] It should be noted that the resources of the reduced-weight business permission data associated with the second role and the resources of the business permission data associated with the first role can be determined through the authorization module. The authorization module needs to obtain these resources through interactions with the menu and resource module, the first role's permission module, and the second role's permission module. These resources can be buttons, fields, etc., and a role possessing these resources indicates the function of controlling the display of the permission menu. Resources can be divided into business resources and public resources. Business resources are functions open to a specific first role, while public resources are functions available to all users.

[0079] The resource also defines two states for controlling the resource permissions of the first role: visibility and scope of use. Visibility includes both visible and invisible states, which control the resource's online and offline status. When a resource is online, both the first and second roles can use it. If a resource is set to invisible, the first and second roles cannot see the functions controlled by this resource. If a resource is already in an invisible state and needs to be brought back online, only the resource's state needs to be modified. After remaining invisible for a period of time, the resource and its associated code can be completely deleted and taken offline. Scope of use can be defined in various types; for example, if a function is used for function maintenance, the scope of use can be set to operations and maintenance.

[0080] Users can include institutional users and carrier users. Institutional users are further divided into business users and management users. Business users are ordinary users who operate various business functions, while management users are administrators who maintain the permissions of business users within the organization. Carrier users are divided into customer service users and operations and maintenance users. Customer service users can operate all business functions of institutional users, but cannot operate operations and maintenance-related functions, while operations and maintenance users can operate operations and maintenance-related functions. When standard role permissions change, the resources under the corresponding standard role can be refreshed based on the resource's usage scope and visibility attributes.

[0081] Each primary role corresponds to a set of business types, and each set of business types is assigned to a primary menu. Setting primary role permissions means configuring the primary menu controlled by the primary role. In other words, the primary role can control the resource permissions under the corresponding primary menu, and the secondary role can reduce the permissions based on the resource permission scope limited by the primary role.

[0082] This embodiment achieves standardization and consistency in permission management by using a first role to control permission boundaries, a second role to reduce permissions, and synchronizing resource status and usage scope with standard role permissions, thus avoiding role redundancy and permission confusion.

[0083] It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and although a logical order is shown in the flowchart, in some cases the steps shown or described may be executed in a different order than that shown here.

[0084] Example 2

[0085] This application also provides a permission menu configuration device. It should be noted that the permission menu configuration device of this application can be used to execute the permission menu configuration method provided in this application. The permission menu configuration device provided in this application will be described below.

[0086] According to an embodiment of this application, an apparatus for implementing the above-described permission menu configuration method is also provided. Figure 5 This is a schematic diagram of a permission menu configuration device provided according to an embodiment of this application, such as... Figure 5 As shown, the device includes: an acquisition unit 50, a first receiving unit 51, a second receiving unit 52, and a configuration unit 53.

[0087] Acquisition unit 50 is used to acquire the business type set by the target organization and configure M first roles according to the business type, where M is a positive integer;

[0088] The first receiving unit 51 is used to receive a role demotion instruction, adjust the permissions of each first role according to the role demotion instruction, and obtain M groups of second roles. Each group of second roles corresponds to one first role, and the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role.

[0089] The second receiving unit 52 is used to receive menu configuration instructions and extract Q target second roles from the M groups of second roles according to the menu configuration instructions, where Q is less than M and Q is a positive integer.

[0090] Configuration unit 53 is used to obtain the permission menu based on the configuration of Q target second roles, wherein the permission menu is a page that displays permissions to the target user.

[0091] The permission menu configuration device provided in this application embodiment obtains the business type set by the target organization through the acquisition unit 50, and configures M first roles according to the business type, where M is a positive integer; the first receiving unit 51 receives a role weight reduction instruction, and adjusts the permissions of each first role according to the role weight reduction instruction to obtain M groups of second roles, where each group of second roles corresponds to one first role, and the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role; the second receiving unit 52 receives a menu configuration instruction, and extracts Q target second roles from the M groups of second roles according to the menu configuration instruction, where Q is less than M and Q is a positive integer; the configuration unit 53 configures a permission menu according to the Q target second roles, where the permission menu is a page that displays permissions to the target user, thereby solving the technical problem in related technologies where the permission menu displayed to the user is inconsistent with the user's matching permissions. By configuring the first roles according to the business type set by the target organization, adjusting the permissions of each first role to obtain the second roles, and configuring the permission menu according to the selected target second roles, the technical effect of improving the matching accuracy and security of the permission menu is achieved.

[0092] Optionally, in the permission menu configuration device provided in this application embodiment, the acquisition unit 50 includes: a first extraction module, used to extract the business permission data configured by the target organization from the business type to obtain M sets of business permission data, wherein each set of business permission data is used to indicate the business permission scope of each first role; and a first acquisition module, used to acquire role templates and configure the role templates according to the M sets of business permission data to obtain M first roles.

[0093] Optionally, in the permission menu configuration device provided in this application embodiment, the first receiving unit 51 includes: a second obtaining module, used to obtain a set of business permission data corresponding to a first role, and extract N business permission data from the set of business permission data, where N is a positive integer; a receiving module, used to receive Y functional information of the first role configured by the target organization, and extract business permission data from the N business permission data according to each functional information to obtain Y sets of business permission data, where Y is a positive integer; and a third obtaining module, used to obtain a role template, and configure the role template according to each set of business permission data to obtain a set of second roles associated with the first role.

[0094] Optionally, in the permission menu configuration device provided in this application embodiment, the second acquisition unit 52 includes: a parsing module, used to parse the menu configuration instructions to obtain the user information of the target user; a second extraction module, used to extract organizational information from the user information, wherein the organizational information refers to the department category of the target user in the target organization; a fourth acquisition module, used to acquire the department category corresponding to each first role, and extract Q first roles from the M first roles according to the organizational information and M department categories; and a filtering module, used to filter Q target second roles from the Q groups of second roles corresponding to the Q first roles according to the user information.

[0095] Optionally, in the permission menu configuration device provided in this application embodiment, the configuration unit 53 includes: a fifth acquisition module, used to acquire Q groups of business permission data of the first role corresponding to Q target second roles, and perform union calculation on the Q groups of business permission data to obtain G business permission data, where G is a positive integer; a sixth acquisition module, used to acquire a resource database, and extract resource data from the resource database according to the G business permission data; and a configuration module, used to configure the target menu according to the resource data to obtain the permission menu.

[0096] Optionally, in the permission menu configuration device provided in this application embodiment, the configuration unit 53 includes: a construction module, configured to construct P first menus based on each group of business permission data to obtain Q groups of first menus, wherein each group of first menus includes P first menus, and P is a positive integer; a sixth acquisition module, configured to acquire a set of weighted business permission data corresponding to a target second role for a target second role, and construct sub-menus associated with the first menu corresponding to the target second role based on each set of weighted business permission data; and a seventh acquisition module, configured to acquire a page template, configure the page template according to the sub-menus corresponding to the Q groups of first menus to obtain the target menu.

[0097] Optionally, in the permission menu configuration device provided in the embodiments of this application, the device further includes: a third receiving unit, configured to receive a permission adjustment instruction after configuring M first roles according to the service type, and determine the role to be adjusted according to the permission adjustment instruction, wherein the permission adjustment instruction refers to an instruction to adjust the service permission data of the role to be adjusted; and an extraction unit, configured to extract change parameters from the permission adjustment instruction, and adjust a set of service permission data of the role to be adjusted according to the change parameters to obtain updated service permission data.

[0098] It should be noted that the acquisition unit 50, the first receiving unit 51, the second receiving unit 52, and the configuration unit 53 mentioned above correspond to steps S201 to S204 in Embodiment 1. The instances and application scenarios implemented by the above units and the corresponding steps are the same, but are not limited to the content disclosed in Embodiment 1. It should be noted that the above modules or units can be hardware or software components stored in memory (e.g., memory 104) and processed by one or more processors (e.g., processors 102a, 102b, ..., 102n). The above units can also be part of a device and can run in the computer terminal 10 provided in Embodiment 1.

[0099] Example 3

[0100] Embodiments of this application may provide a computer terminal, which may be any computer terminal device in a group of computer terminals. Optionally, in this embodiment, the aforementioned computer terminal may also be replaced with a mobile terminal or an electronic device, etc.

[0101] Optionally, in this embodiment, the computer terminal may be located in at least one of a plurality of network devices in a computer network.

[0102] In this embodiment, the computer terminal described above can execute the following steps in the permission menu configuration method: obtaining the business type set by the target organization, configuring M first roles according to the business type, where M is a positive integer; receiving a role demotion instruction, adjusting the permissions of each first role according to the role demotion instruction to obtain M groups of second roles, where each group of second roles corresponds to one first role, and the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role; receiving a menu configuration instruction, extracting Q target second roles from the M groups of second roles according to the menu configuration instruction, where Q is less than M and Q is a positive integer; configuring a permission menu according to the Q target second roles, where the permission menu is a page that displays permissions to the target user.

[0103] Optionally, the computer terminal described above can execute the following steps in the permission menu configuration method: extract the business permission data configured by the target organization from the business type to obtain M sets of business permission data, wherein each set of business permission data is used to indicate the business permission scope of each first role; obtain the role template, and configure the role template according to the M sets of business permission data to obtain M first roles.

[0104] Optionally, the computer terminal described above can execute the following steps in the permission menu configuration method: For a first role, obtain a set of business permission data corresponding to the first role, and extract N business permission data from the set of business permission data, where N is a positive integer; receive Y functional information of the first role configured by the target organization, and extract business permission data from the N business permission data according to each functional information to obtain Y sets of business permission data, where Y is a positive integer; obtain a role template, and configure the role template according to each set of business permission data to obtain a set of second roles associated with the first role.

[0105] Optionally, the computer terminal described above can execute the following steps in the permission menu configuration method: parse the menu configuration instructions to obtain the user information of the target user; extract organizational information from the user information, wherein the organizational information refers to the department category of the target user in the target organization; obtain the department category corresponding to each first role, and extract Q first roles from the M first roles based on the organizational information and M department categories; and filter Q target second roles from the Q groups of second roles corresponding to the Q first roles based on the user information.

[0106] Optionally, the computer terminal described above can execute the following steps in the permission menu configuration method: obtain Q groups of business permission data for the first role corresponding to Q target second roles, and perform a union calculation on the Q groups of business permission data to obtain G business permission data, where G is a positive integer; obtain the resource database, and extract resource data from the resource database according to the G business permission data; configure the target menu according to the resource data to obtain the permission menu.

[0107] Optionally, the computer terminal described above can execute the following steps in the permission menu configuration method: Construct P first menus based on each set of business permission data to obtain Q sets of first menus, where each set of first menus includes P first menus, and P is a positive integer; for a target second role, obtain a set of weighted business permission data corresponding to the target second role, and construct sub-menus associated with the first menu corresponding to the target second role based on each set of weighted business permission data; obtain a page template, configure the page template according to the sub-menus corresponding to the Q sets of first menus, and obtain the target menu.

[0108] Optionally, the computer terminal described above can execute the following steps in the permission menu configuration method: receiving a permission adjustment instruction, determining the role to be adjusted according to the permission adjustment instruction, wherein the permission adjustment instruction refers to an instruction to adjust the business permission data of the role to be adjusted; extracting change parameters from the permission adjustment instruction, adjusting a set of business permission data of the role to be adjusted according to the change parameters, and obtaining the updated business permission data.

[0109] Optionally, Figure 6 This is a structural block diagram of an electronic device according to an embodiment of this application. Figure 6 As shown, the electronic device may include: one or more ( Figure 6 (Only one is shown) Processor 602, memory 604, memory controller, and peripheral interface, wherein the peripheral interface is connected to the radio frequency module, audio module and display.

[0110] The memory can be used to store software programs and modules, such as the program instructions / modules corresponding to the permission menu configuration method and apparatus in this embodiment. The processor executes various functional applications and data processing by running the software programs and modules stored in the memory, thereby implementing the aforementioned permission menu configuration method. The memory may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory may further include memory remotely located relative to the processor, and these remote memories can be connected to the terminal via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

[0111] The processor can access the information and application programs stored in the memory via the transmission device to execute the steps described above in the permission menu configuration method.

[0112] Those skilled in the art will understand that Figure 6 The structure shown is for illustrative purposes only. Electronic devices can also be smartphones, tablets, handheld computers, mobile internet devices (MIDs), PADs, and other terminal devices. Figure 6 This does not limit the structure of the aforementioned electronic device. For example, electronic devices may also include components that are more... Figure 6 The more or fewer components shown (such as network interfaces, display devices, etc.), or having the same Figure 6 The different configurations shown.

[0113] Those skilled in the art will understand that all or part of the steps in the various methods of the above embodiments can be implemented by a program instructing the hardware related to the terminal device. The program can be stored in a computer-readable storage medium, which may include: flash drive, read-only memory (ROM), random access memory (RAM), disk or optical disk, etc.

[0114] Example 4

[0115] Embodiments of this application also provide a storage medium. Optionally, in this embodiment, the storage medium can be used to store the program code executed by the permission menu configuration method provided in Embodiment 1.

[0116] Optionally, in this embodiment, the storage medium may be located in any computer terminal in a group of computer terminals in a computer network, or in any mobile terminal in a group of mobile terminals.

[0117] Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: obtaining the business type set by the target organization, configuring M first roles according to the business type, where M is a positive integer; receiving a role demotion instruction, adjusting the permissions of each first role according to the role demotion instruction to obtain M groups of second roles, where each group of second roles corresponds to one first role, and the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role; receiving a menu configuration instruction, extracting Q target second roles from the M groups of second roles according to the menu configuration instruction, where Q is less than M and Q is a positive integer; configuring a permission menu according to the Q target second roles, where the permission menu is a page that displays permissions to the target user.

[0118] This application also provides a computer program product that, when executed on a data processing device, is adapted to perform the steps of configuring a permissions menu.

[0119] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0120] In the above embodiments of this application, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.

[0121] In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are merely illustrative; for example, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the displayed or discussed mutual coupling, direct coupling, or communication connection may be through some interfaces; the indirect coupling or communication connection between units or modules may be electrical or other forms.

[0122] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0123] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0124] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as a USB flash drive, read-only memory (ROM), random access memory (RAM), portable hard drive, magnetic disk, or optical disk.

[0125] The above description is only a preferred embodiment of this application. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the principle of this application, and these improvements and modifications should also be considered within the scope of protection of this application.

Claims

1. A method for configuring a permission menu, characterized in that, include: Obtain the business type set by the target organization, and configure M first roles according to the business type, where M is a positive integer; Receive a role demotion instruction, adjust the permissions of each first role according to the role demotion instruction, and obtain M groups of second roles, wherein each group of second roles corresponds to one first role, and the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role. Receive menu configuration instructions, and extract Q target second roles from the M groups of second roles according to the menu configuration instructions, where Q is less than M and Q is a positive integer; The permission menu is obtained based on the second role configuration of the Q targets, wherein the permission menu is a page that displays permissions to the target user.

2. The method according to claim 1, characterized in that, Based on the aforementioned business type, M first roles are configured, including: The business permission data configured by the target organization is extracted from the business type to obtain M sets of business permission data, wherein each set of business permission data is used to indicate the business permission scope of each first role; Obtain the role template, and configure the role template according to the M groups of business permission data to obtain the M first roles.

3. The method according to claim 1, characterized in that, Based on the role demotion instruction, the permissions of each first role are adjusted to obtain the M group of second roles, which includes: For a first role, obtain a set of business permission data corresponding to the first role, and extract N business permission data from the set of business permission data, where N is a positive integer; Receive Y functional information of the first role configured by the target organization, and extract business permission data from the N business permission data according to each functional information to obtain Y sets of business permission data, where Y is a positive integer; Obtain the role template, configure the role template according to each set of business permission data, and obtain a set of second roles associated with the first role.

4. The method according to claim 1, characterized in that, According to the menu configuration instructions, Q target second roles are extracted from the M group of second roles, including: The menu configuration instructions are parsed to obtain the user information of the target user; Organizational information is extracted from the user information, wherein the organizational information refers to the department category in which the target user belongs to the target organization; Obtain the department category corresponding to each first role, and extract Q first roles from the M first roles based on the organization information and the M department categories; Based on the user information, the Q target second roles are obtained by filtering from the Q groups of second roles corresponding to the Q first roles.

5. The method according to claim 1, characterized in that, The permission menu obtained based on the Q target second role configurations includes: Obtain Q sets of business permission data for the first roles corresponding to the Q target second roles, and perform a union calculation on the Q sets of business permission data to obtain G sets of business permission data, where G is a positive integer; Obtain the resource database, and extract resource data from the resource database based on the G business permission data; The target menu is configured with resources based on the resource data to obtain the permission menu.

6. The method according to claim 5, characterized in that, The target menu is obtained in the following way: Based on each group of business permission data, construct P first menus to obtain Q groups of first menus, where each group of first menus includes P first menus, and P is a positive integer; For a target second role, obtain a set of weighted business permission data corresponding to the target second role, and construct a sub-menu associated with the first menu corresponding to the target second role based on each set of weighted business permission data; Obtain the page template, configure the page template according to the sub-menu corresponding to the first menu of the Q group, and obtain the target menu.

7. The method according to claim 1, characterized in that, After configuring M first roles according to the business type, the method further includes: Receive a permission adjustment instruction, determine the role to be adjusted according to the permission adjustment instruction, wherein the permission adjustment instruction refers to an instruction to adjust the business permission data of the role to be adjusted; The change parameters are extracted from the permission adjustment instruction, and the set of business permission data of the role to be adjusted is adjusted according to the change parameters to obtain the updated business permission data.

8. A permission menu configuration device, characterized in that, include: The acquisition unit is used to acquire the business type set by the target organization, and configure M first roles according to the business type, where M is a positive integer; The first receiving unit is used to receive a role demotion instruction, adjust the permissions of each first role according to the role demotion instruction, and obtain M groups of second roles, wherein each group of second roles corresponds to one first role, and the role permission data of each second role in each group of second roles is a subset of the role permission data of each first role. The second receiving unit is used to receive menu configuration instructions and extract Q target second roles from the M groups of second roles according to the menu configuration instructions, where Q is less than M and Q is a positive integer. The configuration unit is used to obtain a permission menu based on the Q target second roles, wherein the permission menu is a page that displays permissions to the target user.

9. An electronic device, characterized in that, include: Memory, which stores executable programs; A processor for running the program, wherein the program, when running, executes the permission menu configuration method according to any one of claims 1 to 7.

10. A computer program product comprising computer instructions, characterized in that, When the computer instructions are executed by the processor, they implement the steps of the permission menu configuration method according to any one of claims 1 to 7.