CN104679792A - Data permission achievement method - Google Patents
Data permission achievement method Download PDFInfo
- Publication number
- CN104679792A CN104679792A CN201310642062.8A CN201310642062A CN104679792A CN 104679792 A CN104679792 A CN 104679792A CN 201310642062 A CN201310642062 A CN 201310642062A CN 104679792 A CN104679792 A CN 104679792A
- Authority
- CN
- China
- Prior art keywords
- data permission
- sql
- configuration
- data
- implementation method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data permission achievement method. The data permission achievement method comprises the following steps of configuring data permissions; performing sql analysis according to the data permission configuration; obtaining a result set after data permission filtration. According to the data permission achievement method, a user can simply achieve data permission configuration through a unit configuration page, a high-level configuration method is provided for a high-level user, the data permission is controlled through a mode of sql analysis or intervention during page execution or display, and a business developer is not influenced.
Description
Technical field
The present invention relates to data permission technical field, particularly a kind of implementation method of data permission, it is applied to the system needing to control user data access rights, such as: infosystem, and enterprise management software system etc.
Background technology
In existing ERP system, generally can not according to the difference of user, the service authority showing different business datums or each module controls to be that business development personnel write respectively, and efficiency is very low.Also there is following point in prior art:
User does not carry out setting data authority by configuration mode, or configuration mode complexity is not easy to operate, and simple control can not meet the demand of advanced level user;
The business development personnel of each module need to consider data permission on stream, and each sql inquiry, each list will process separately.
Therefore, need to develop a set of business realizing, for different users, them can be made to see different data acquisitions by the mode of configuration; And do not affect the exploitation of business function, be the research direction place of those skilled in the art.
Summary of the invention
Fundamental purpose of the present invention is to provide a kind of implementation method of data permission, solves the problem that different user has different pieces of information authority; And be transparent to service logic developer, business development personnel do not need the problem considering that data permission is relevant.
In order to achieve the above object, the invention provides a kind of implementation method of data permission, it comprises the steps:
Carry out data permission configuration;
Sql parsing is carried out according to data permission configuration;
Data permission sql after resolving is performed;
Obtain the result set after data permission filtration.
Wherein: carry out data permission configuration and comprise following sub-step:
The project needing control authority is set;
Authority items is tied to user, makes user can only see the project being associated with oneself.
Wherein, carry out data permission configuration and also comprise sql is set, authority items is carried out to the sub-step of advanced inquiry.
Wherein, in the step arranging the project needing control authority, arranging the project needing control authority, is a field of setting data storehouse table.
Wherein, carry out sql parsing according to data permission configuration and comprise following sub-step:
Add when configuration sql and explain@filter;
When execution sql statement, call sqlannotation.filter service, according to data permission configuration, sql statement is processed.
Wherein, the step processed sql statement is the value table name in@filter note or expression formula being replaced with data permission configuration.
Wherein, the definition mode that@filter adopts is: single authority items, associated permissions item or comprise the associated permissions item of AND.
Wherein, the data permission sql after parsing is performed in a database.
Compared with prior art:
The present invention is by the unified configuration page, and user simply can realize the configuration of data permission, provides senior collocation method for advanced level user.Perform at the page or when display, pass through to resolve the mode control data authority of sql or intervention, not affecting business development personnel like this.
Accompanying drawing explanation
Fig. 1 is the implementation method process flow diagram of a kind of data permission of one embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing, to above-mentioned being described in more detail with other technical characteristic and advantage of the present invention.
As shown in Figure 1, the implementation method process flow diagram of a kind of data permission provided for the embodiment of the present invention.
A kind of data permission implementation method provided by the invention comprises the steps:
Step S1: carry out data permission configuration; It comprises following sub-step:
Step S11: arrange the project needing control authority is generally some tables of database; Such as, need controllers to the access of depot data, only have the personnel specified can access this warehouse, at this moment need warehouse table to be set to authority project.
Step S12: authority items is tied to user, makes user can only see the project being associated with oneself; The binding data of authority items is generally kept in database association table, and contingency table must comprise two fields, the major key of authority items and the major key of user, data in a corresponding contingency table of binding relationship.Such as, in S11 example, the corresponding relation of warehouse major key and user's major key is a binding relationship; If user Zhang San can access warehouse one, then in corresponding contingency table, data are: the id of Zhang San and the id in warehouse one.
Step S13: arrange authority sql, distributes to respective user; This is the mode of another kind of setting data authority, can configure a sql statement to authority items, and gives certain user by this right assignment; If the result that sql performs is "True", represents corresponding access rights, if be "false", then represented and do not possess access rights.Such as, Zhang San can access in warehouse, Pekinese, at this moment configures sql(from storeware where s.place=' Beijing ') and distribute to Zhang San, then Zhang San has the authority in access warehouse, Beijing.
Step S2: carry out sql parsing according to data permission configuration, the realization of data permission adopts the mode of sql parsing, and it comprises following sub-step:
Step S21: add when configuration sql and explain@filter;
Step S22: when execution sql statement, call sqlannotation.filter service, configure according to data permission, sql statement is processed, carrying out treatment step to sql statement is the value table name in@filter note or expression formula being replaced with data permission configuration, wherein :@filter can adopt following three kinds of definition modes, and correspondingly to resolve;
A. single authority items
select t.*from pl_user t @filter[pl_user]→→
select t.*from(select*from pl_user where iValid=1)t
B. associated permissions item
select t.*from ST_StkRecord t@filter[ST_StkRecorD.cCreatorGuid=Pl_user.cpkid]→→
select t.*from(select*from ST_StkRecorD ST_StkRecorD where exists(select 1 from Pl_user Pl_user whereST_StkRecorD.cCreatorGuid=Pl_user.cpkid andPl_user.cpkid=@sess:userid))t
C. the associated permissions item of AND is comprised
select t.*from ST_StkRecord t@filter[ST_StkRecorD.cCreatorGuid=Pl_user.cpkid andST_StkRecorD.cAuditorGuid=Pl_user.cpkid]→→
select t.*from(select*from ST_StkRecorD ST_StkRecorD where exists(select 1 from Pl_user Pl_user whereST_StkRecorD.cCreatorGuid=Pl_user.cpkid andST_StkRecorD.cAuditorGuid=Pl_user.cpkid andPl_user.cpkid=@sess:userid))t
Step S3: obtain the sql statement after resolving, perform in a database; Generally carry out execution sql statement by the mode of routine call: obtain DataBase combining, obtain inquiry session, open affairs, perform sql, process is abnormal, obtain rreturn value.
Step S4: the result set obtaining sql inquiry, result set is a series of data that user has permission access.Can result set be obtained by program and resolve, result display is showed user in lists or otherwise.
Compared with prior art, the embodiment of the present invention solves the problem that different user has different pieces of information authority; And be transparent to service logic developer, business development personnel do not need the problem considering that data permission is relevant.
More than illustrate just illustrative for the purpose of the present invention; and nonrestrictive, those of ordinary skill in the art understand, when not departing from the spirit and scope that claim limits; many amendments, change or equivalence can be made, but all will fall within protection scope of the present invention.
Claims (8)
1. an implementation method for data permission, is characterized in that, it comprises the steps:
Carry out data permission configuration;
Sql parsing is carried out according to data permission configuration;
Data permission sql after resolving is performed;
Obtain the result set after data permission filtration.
2. the implementation method of a kind of data permission according to claim 1, is characterized in that,
Carry out data permission configuration and comprise following sub-step:
The project needing control authority is set;
Authority items is tied to user, makes user can only see the project being associated with oneself.
3. the implementation method of a kind of data permission according to claim 2, is characterized in that, carries out data permission configuration and also comprises and arrange sql, authority items is carried out to the sub-step of advanced inquiry.
4. the implementation method of a kind of data permission according to claim 2, is characterized in that, in the step arranging the project needing control authority, arranges the project needing control authority, is a field of setting data storehouse table.
5. the implementation method of a kind of data permission according to claim 1, is characterized in that, carries out sql parsing comprise following sub-step according to data permission configuration:
Add when configuration sql and explain@filter;
When execution sql statement, call sqlannotation.filter service, according to data permission configuration, sql statement is processed.
6. the implementation method of a kind of data permission according to claim 5, is characterized in that, the step processed sql statement is the value table name in@filter note or expression formula being replaced with data permission configuration.
7. the implementation method of a kind of data permission according to claim 5, is characterized in that, the definition mode that@filter adopts is: single authority items, associated permissions item or comprise the associated permissions item of AND.
8. the implementation method of a kind of data permission according to claim 5, is characterized in that, performs in a database the data permission sql after resolving.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310642062.8A CN104679792A (en) | 2013-12-03 | 2013-12-03 | Data permission achievement method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310642062.8A CN104679792A (en) | 2013-12-03 | 2013-12-03 | Data permission achievement method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104679792A true CN104679792A (en) | 2015-06-03 |
Family
ID=53314846
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310642062.8A Pending CN104679792A (en) | 2013-12-03 | 2013-12-03 | Data permission achievement method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104679792A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106250782A (en) * | 2016-08-12 | 2016-12-21 | 天津西瑞尔信息工程有限公司 | A kind of data permission control method resolved based on SQL statement and device |
| CN106469282A (en) * | 2015-08-21 | 2017-03-01 | 阿里巴巴集团控股有限公司 | data access authority control method and device |
| CN106778341A (en) * | 2016-12-02 | 2017-05-31 | 华北计算技术研究所(中国电子科技集团公司第十五研究所) | data right management system and method |
| CN108388809A (en) * | 2018-01-17 | 2018-08-10 | 链家网(北京)科技有限公司 | A kind of data area control method and system |
| CN110019335A (en) * | 2017-10-17 | 2019-07-16 | 航天信息股份有限公司 | A kind of method and system carrying out dynamic expansion to SQL query statement based on note |
| CN111339560A (en) * | 2020-02-26 | 2020-06-26 | 中国邮政储蓄银行股份有限公司 | Data isolation method, device and system |
| CN112948849A (en) * | 2021-02-25 | 2021-06-11 | 浙江百应科技有限公司 | Lightweight data authority control method and device and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN102063479A (en) * | 2010-12-22 | 2011-05-18 | 北京中电普华信息技术有限公司 | Method and system for controlling data access right |
| CN103377336A (en) * | 2013-01-21 | 2013-10-30 | 航天数联信息技术(深圳)有限公司 | Method and system for controlling computer system user rights |
-
2013
- 2013-12-03 CN CN201310642062.8A patent/CN104679792A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN102063479A (en) * | 2010-12-22 | 2011-05-18 | 北京中电普华信息技术有限公司 | Method and system for controlling data access right |
| CN103377336A (en) * | 2013-01-21 | 2013-10-30 | 航天数联信息技术(深圳)有限公司 | Method and system for controlling computer system user rights |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106469282A (en) * | 2015-08-21 | 2017-03-01 | 阿里巴巴集团控股有限公司 | data access authority control method and device |
| CN106250782A (en) * | 2016-08-12 | 2016-12-21 | 天津西瑞尔信息工程有限公司 | A kind of data permission control method resolved based on SQL statement and device |
| CN106250782B (en) * | 2016-08-12 | 2019-04-09 | 天津西瑞尔信息工程有限公司 | A kind of data permission control method and device based on SQL statement parsing |
| CN106778341A (en) * | 2016-12-02 | 2017-05-31 | 华北计算技术研究所(中国电子科技集团公司第十五研究所) | data right management system and method |
| CN110019335A (en) * | 2017-10-17 | 2019-07-16 | 航天信息股份有限公司 | A kind of method and system carrying out dynamic expansion to SQL query statement based on note |
| CN110019335B (en) * | 2017-10-17 | 2021-05-28 | 航天信息股份有限公司 | Method and system for dynamically expanding SQL query statement based on annotation |
| CN108388809A (en) * | 2018-01-17 | 2018-08-10 | 链家网(北京)科技有限公司 | A kind of data area control method and system |
| CN111339560A (en) * | 2020-02-26 | 2020-06-26 | 中国邮政储蓄银行股份有限公司 | Data isolation method, device and system |
| CN112948849A (en) * | 2021-02-25 | 2021-06-11 | 浙江百应科技有限公司 | Lightweight data authority control method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104679792A (en) | Data permission achievement method | |
| CN108536761B (en) | Report data query method and server | |
| CN102567539B (en) | Intelligent WEB report implementation method and intelligent WEB report implementation system | |
| CN105487864A (en) | Method and device for automatically generating code | |
| EP3759611A1 (en) | Data retention handling for data object stores | |
| KR101534153B1 (en) | Method of designing business logic, server performing the same and storage media storing the same | |
| CN102810057A (en) | Log recording method | |
| CN104063495A (en) | Form extension method and form extension device | |
| CN103177329A (en) | Rule-based determination and validation in business object processing | |
| US10255338B2 (en) | System and method for file management in data structures | |
| CN110046287A (en) | A kind of the data query method, apparatus and storage medium unrelated with type of database | |
| WO2014074961A2 (en) | Filtering views with predefined query | |
| CN104156640A (en) | Data access right control method | |
| CN103235811A (en) | Data storage method and device | |
| Liduo et al. | Design and implementation of Web Content Management System by J2EE-based three-tier architecture: Applying in maritime and shipping business | |
| CN111177700A (en) | Method and device for controlling row-level authority | |
| EP2691881A2 (en) | Finding a data item of a plurality of data items stored in a digital data storage | |
| CA3091204A1 (en) | Systems and methods for data mart rationalization | |
| Brunozzi | Big data and nosql with amazon dynamodb | |
| CN102799645B (en) | Safe searcher and safe searching method | |
| US20150100888A1 (en) | Providing a common interface for accessing and presenting component configuration settings | |
| US20180173601A1 (en) | Energy consumption analysis based on telemetry data | |
| Cisco | DIST Configuration Databases | |
| Cisco | DIST Configuration Databases | |
| Cisco | DIST Configuration Database |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150603 |
|
| RJ01 | Rejection of invention patent application after publication |