CN107403106A - Database fine-grained access control method based on terminal user - Google Patents
Database fine-grained access control method based on terminal user Download PDFInfo
- Publication number
- CN107403106A CN107403106A CN201710585913.8A CN201710585913A CN107403106A CN 107403106 A CN107403106 A CN 107403106A CN 201710585913 A CN201710585913 A CN 201710585913A CN 107403106 A CN107403106 A CN 107403106A
- Authority
- CN
- China
- Prior art keywords
- database
- terminal user
- access
- rule
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The present invention relates to a kind of database fine-grained access control method based on terminal user, belong to database safeguarding technical field.The present invention is by identifying that legal terminal user prevents unauthorized access user, while the database access request sentence by initiating terminal user loads fine-granularity access control rule to reach the fine granularity access request control ability to terminal user.The access privilege control that this method is realized can be realized carries out authentication to terminal user, can be under conditions of data not be carried out with encryption and decryption to the database fine-granularity access control of terminal user's procession level, database protective capacities effectively is enhanced, maintains information system security.
Description
Technical field
The present invention relates to database safeguarding technical field, and in particular to a kind of database particulate based on terminal user
Spend access control method.
Background technology
With the development of information technology, database has obtained more and more extensive application in all trades and professions.Database is being held
While carrying significant data, the important target of attack of criminal is also had become.In order to improve the security protection energy of database
Power, the different pieces of information access rights that can be possessed on the basis of existing Database Security Mechanism according to different terminal users are entered
Row data fine-granularity access control strengthens the ability of database resisting risk.
Database fine-granularity access control technology based on terminal user initiates the end of database access request by identifying
End subscriber, and with this according to the data access authority loading of databases ranks DBMS access control rule of different terminals user come
Accessing data base control ability.By technique, the scope of end-user access core data can be accurately controlled, is
Core data is protected to provide effective preventive means safely.
The research of Develop Data storehouse security protection at present mainly has following several thinkings:First, directly enter line number on the database
Controlled according to encryption and decryption, can be divided into and encryption and decryption is carried out to data in the table and table in whole database, database etc., ensure number
According to safety;Second, by the way of middleware, access control middleware is added between user and database, passes through encryption and decryption number
According to the control of the accessing data bases such as, table level access privilege control;Third, applied using similar network fire wall principle
Tandem data storehouse fire wall between server and database, realize blocking to database user accesses data storehouse, returned data
The access controls such as limitation;But current research also has the following disadvantages:Database encryption process often compares consuming and calculates money
Source, and encrypt after data row often can not normal index, influence database retrieval result;Fail to realize ranks DBMS
Access control;The Access and control strategy of database to terminal user can not be realized.
The content of the invention
(1) technical problems to be solved
The technical problem to be solved in the present invention is:How to design a kind of database fine granularity based on terminal user and access control
Method processed, effectively strengthen database protective capacities, maintenance information system safety.
(2) technical scheme
In order to solve the above-mentioned technical problem, the invention provides a kind of database fine granularity based on terminal user to access control
Method processed, it comprises the following steps:
Step 1:Legal terminal user is configured, creates Access and control strategy of database rule
Access and control strategy of database rule is used for the control of authority for realizing ranks DBMS, according to the difference of data protection mode
Including row control rule, row control rule and field data control rule, include four parts, i.e. table name, operation again per rule-like
Authority, protection data and requirement of shelter;
Step 2:Role is created, the Access and control strategy of database rule for completing based role authorizes
Different roles is created, and terminal user and role, role is associated with Access and control strategy of database rule, complete
The Access and control strategy of database rule of based role authorizes;
Step 3:Data interception storehouse access request, obtain terminal user ID information
When application system responds end users operation and initiates database access request, the number that application system is sent is intercepted
According to storehouse access request, and obtain the terminal user ID information;
Step 4:The terminal user ID information of acquisition is loaded into the database access request sentence of interception;
Step 5:Database access request sentence is parsed, realizes the extraction and database access to terminal user ID information
Sentence parsing is asked, Access and control strategy of database rule loading is carried out to be subsequently based on terminal user;
Step 6:Legal identity certification is carried out to the terminal user ID information extracted, determined according to identity authentication result
Whether allow to continue to access, if authentication is by the database access request of letting pass, continuing executing with step 7, otherwise hindering
Only continue to access, returning result;
Step 7:Role is carried out according to terminal user ID information using the access control rule Authorization result that step 2 is completed
Inquire about, and the Access and control strategy of database rule of the role is distributed to based on the character search inquired;
Step 8:The database that the Access and control strategy of database rule inquired according to step 7 is successfully parsed to step 5
Access request statements are rewritten, and loading of databases access control rule generates new database access request sentence;
Step 9:The new database access request sentence is performed, returns to implementing result.
Preferably, the Access and control strategy of database rule includes the content of table 1:
Table 1
Wherein, " TABLE1 " represents data to be protected table;
" SELECT " represents only have inquiry operation authority to protected data;
" attr1, attr2 " are to need to carry out the Column Properties name of permutation protection for table TABLE1, are separated by with ", ";
" return to * * * " to represent, when unauthorized terminal user accesses protected data, to return according to what requirement of shelter was specified
Back-shaped formula returned data, " * * * " are replaced by protection data for return here;
“keya,keya" it is to need to carry out the row data key words of full line protection for table TABLE1, it is separated by with ", ";
“attr3:keyc,attr4:keyd" it is to need to carry out the configuration data of field data protection for table TABLE1, its
In, att3 represents the Column Properties name in table TABLE1, keyaExpression needs the row data key words of protected field data,
attr3:keyaBoth, which combine, can determine that the protected field data of needs, attr4:keybCan determine that another need by
The field data of protection, different field data are equally separated by with ", ";
Situation for being likely to occur rule conflict, i.e., the configured row attr1 to table TABLE1 only have SELECT power
Limit, and the row key to table TABLE1 is configured simultaneouslyaOnly there is DELETE authorities, now field data attr1:keyaBoth only had
, there is contradiction, are now solved by setting rule prioritization in SELECT authorities and only DELETE authorities, i.e., regulation is for row
Protection prior to row protect.
Preferably, in step 3, terminal user is obtained by restoration and reuse system login page and corresponds to the true of application system
Information of terminal user.
Preferably, in step 4, terminal user ID information is injected into database access request sentence using annotation form
In.
Preferably, in step 5, the database access request sentence parsing includes morphology, syntax and semantics analysis.
Preferably, in step 6, analysis is compared by the legal terminal user parsing with being configured in step 1, verified from step
Whether the terminal user ID information extracted in 5 is legal.
Preferably, in step 9, the new database access request sentence for being loaded with Access and control strategy of database rule is sent
To database, new database access request sentence is performed, and implementing result is returned.
(3) beneficial effect
The present invention is by identifying that legal terminal user prevents unauthorized access user, while the number by initiating terminal user
The fine granularity access request for loading fine-granularity access control rule according to storehouse access request statements to reach to terminal user controls energy
Power.The access privilege control that this method is realized can be realized carries out authentication to terminal user, data can not carried out
To the database fine-granularity access control of terminal user's procession level under conditions of encryption and decryption, database protection is effectively enhanced
Ability, maintain information system security.
Brief description of the drawings
Fig. 1 is the application scenarios schematic diagram of the present invention.
Fig. 2 is flow chart of the method for the present invention;
Fig. 3 is access control based roles rule licensing process schematic diagram of the present invention.
Embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's
Embodiment is described in further detail.
The invention provides a kind of database fine-grained access control method based on terminal user, it is by using terminal
Family identity information is pre-set to prevent unauthorized access user, in combination with the access privilege control rule of ranks DBMS
To realize fine-grained access request control.Verified by integrated terminal subscriber identity information, the data access authority of ranks level
Checking identifies illegal request so as to strengthen database protective capacities, maintenance information system safety.
Application scenarios of the present invention can represent that whole application process of the invention is with Fig. 1:Terminal user is to being deployed in application
Application system on server sends access request, after application system receives the access request of terminal user's initiation, to deployment
Database in database server initiates access request;Database performs access request, and returns result to using system
System, backward terminal user of the application system Jing Guo data processing show result.
The present invention is by the identification terminal user in application system and realizes the fine-granularity access control based on terminal user
Rule control data access request, to strengthen database safeguarding ability, the flow is as shown in Fig. 2 comprise the following steps that:
Step 1:Configurating terminal validated user, create access control rule (Access and control strategy of database rule).
Terminal user can be end host address, application system user (asu) or the KEY values with end host binding, also may be used
To be biometric code of end host user etc..Here legal terminal user is replaced with RUsern, n represents n-th
Individual terminal user.
Access and control strategy of database rule such as refers to the increasing based on ranks DBMS, deletes, changes, looking at the access control right rule,
Formed according to the core data for being actually needed protection and based on database table structure establishment, this rule can realize ranks DBMS
Control of authority.This rule can be divided into row control rule, row control rule, field data control according to the difference of data protection mode
System rule.It is divided into four parts, i.e. table name, operating right, protection data and requirement of shelter again per rule-like.
Access and control strategy of database rule is as shown in table 1:
The Access and control strategy of database of table 1 rule
Wherein, " TABLE1 " represents data to be protected table;
" SELECT " represents only have inquiry operation authority to protected data;
" attr1, attr2 " are to need to carry out the Column Properties name of permutation protection for table TABLE1, are separated by with ", ";
" return to the return shape that * * * " represent, when unauthorized user accesses protected data, to specify according to requirement of shelter
Formula returned data, " * * * " are replaced by protection data for return here.Requirement of shelter can be diversified, such as returns to null, partial data
Put * etc.;
“keya,keya" it is to need to carry out the row data key words of full line protection for table TABLE1, it is separated by with ", ";
“attr3:keyc,attr4:keyd" it is to need to carry out the configuration data of field data protection for table TABLE1.Its
In, att3 represents the Column Properties name in table TABLE1, keyaExpression needs the row data key words of protected field data,
attr3:keyaBoth, which combine, can determine that the protected field data of needs.Similarly, attr4:keybIt can determine that another is needed
Field data to be protected.Different field data are equally separated by with ", ".
Situation for being likely to occur rule conflict.As the configured row attr1 to table TABLE1 only has SELECT power
Limit, and the row key to table TABLE1 is configured simultaneouslyaOnly there is DELETE authorities, now field data attr1:keyaBoth only had
, there is contradiction in SELECT authorities and only DELETE authorities.Can be solved by setting rule prioritization, as provided for row
Protection is protected prior to row.
Step 2:Role is created, access control based roles rule is completed and authorizes.
For the convenience of subsequent authorization, different roles can be created, and by terminal user and role, role and database
Access control rule is associated, and completes the association mandate of user-role-access control rule.As shown in Figure 3.
Wherein, RUser1, RUser2, RUser3, RUser4 represent real terminal user;user1、user2、user3
And user4 represents the terminal user of configuration, the user profile corresponds with real information of terminal user;role1、
Role2 represents different roles respectively, is mainly used in delineation of power;Rule1, rule2, rule3 represent different data respectively
Storehouse access control rule, wherein rule3 are the row control rule shown in table 1.
Access control based roles rule licensing process be exactly by access control rule rule1, rule2 of configuration and
Rule3 licenses to the role role1 and role2 of establishment, then role is given to user user1, user2, user3 of configuration
And user4.
Step 3:Data interception storehouse access request, obtain terminal user ID information.
When application system responds end users operation and initiates database access request, intercept what application system was sent
SQL access requests, and obtain the terminal user ID information.Terminal can be obtained by restoration and reuse system login page etc.
User corresponds to user's RUser4 information of application system etc..
Step 4:Terminal user ID information will be obtained to be loaded into the SQL access request statements of interception;
The terminal user's RUser4 information intercepted and captured in step 3 is added in Client-initiated SQL access request statements,
Can subsequently to carry out authentication and access control rule loading according to the terminal user.Terminal user's RUser4 information adds
Adding can be injected into SQL access request statements using annotation form, such as select/*RUser4*/attr1from TABLE1.
Step 5:SQL access request statements are parsed, realize the extraction to terminal user's RUser4 information and SQL access requests
Sentence parses, subsequently to enter line discipline loading based on terminal user;
SQL access request statements are parsed, complete the extraction to terminal user's RUser4 information and SQL access request statements
Morphology, grammer, semantic analysis.SQL access request statements select/*RUser4*/attr1 from TABLE1 are such as directed to, are solved
After the completion of analysis, terminal user RUser4 and Column Properties field attr1 are obtained.
Step 6:Legal identity certification is carried out to the terminal user extracted, determined whether according to authentication result
Continue to access.If authentication is by the access request of letting pass, continuing executing with step 7, otherwise preventing to continue to access, return
Return result.Unauthorized users to access database can be effectively prevented by carrying out checking to database access requestor identity.
By comparing analysis with the terminal validated user configured in step 1, it can verify that the terminal extracted from step 5 is used
Whether family is legal.If terminal user RUser4 identity is not by preventing then Client-initiated SQL access request statements from continuing to hold
Row operates in next step, operation of otherwise letting pass.
Step 7:Role is carried out according to terminal user ID information using the access control rule Authorization result that step 2 is completed
Inquire about, and the access control rule of the role is distributed to based on the character search inquired;
For user user4, corresponding role is role2, and role role2 is awarded in access control rule rule3.Cause
This, the configurating terminal user user4 corresponding with real terminal user RUser4 Access and control strategy of database rule is
rule3。
Step 8:Changed according to the SQL statement that the access control rule that step 7 inquires successfully is parsed to step 5
Write, loading access control rule generates new SQL access request statements;
Understood according to step 7, rule allocated terminal user RUser4 is rule3.Therefore SQL access request statements can
It is rewritten as:select substr(TABLE1.attr1,1,TABLE.attr1-4)||’****’TABLE1.attr1 from
TABLE1.If attr1 is the phone number of 11 bit digitals, such as one of data are 13345678901, then returning result number
According to for 1334567****.
Step 9:The new SQL access request statements are performed, return to implementing result.
The SQL access request statements of loading of databases access control rule are sent to database, perform SQL access requests
Sentence, and result is returned, you can complete the database ranks level fine-granularity access control process of terminal user.
As can be seen that the present invention, based on terminal user and access privilege control rule, realizing, database ranks level is thin
While granularity control of authority ability, different terminals user can be directed to different database data access rights are set.The party
Method can effectively strengthen the protective capacities of database data on the basis of existing database protection mechanism, and have popularity valency
Value, for maintenance information system, particularly protect core database data significant.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, some improvement and deformation can also be made, these are improved and deformation
Also it should be regarded as protection scope of the present invention.
Claims (7)
1. a kind of database fine-grained access control method based on terminal user, it is characterised in that comprise the following steps:
Step 1:Legal terminal user is configured, creates Access and control strategy of database rule
Access and control strategy of database rule is used for the control of authority for realizing ranks DBMS, is included according to the difference of data protection mode
Row control rule, row control rule and field data control rule, include four parts again per rule-like, i.e., table name, operating right,
Protect data and requirement of shelter;
Step 2:Role is created, the Access and control strategy of database rule for completing based role authorizes
Different roles is created, and terminal user and role, role is associated with Access and control strategy of database rule, complete to be based on
The Access and control strategy of database rule of role authorizes;
Step 3:Data interception storehouse access request, obtain terminal user ID information
When application system responds end users operation and initiates database access request, the database that application system is sent is intercepted
Access request, and obtain the terminal user ID information;
Step 4:The terminal user ID information of acquisition is loaded into the database access request sentence of interception;
Step 5:Database access request sentence is parsed, realizes the extraction to terminal user ID information and database access request
Sentence is parsed, and Access and control strategy of database rule loading is carried out to be subsequently based on terminal user;
Step 6:Legal identity certification is carried out to the terminal user ID information extracted, determined whether according to identity authentication result
Allow to continue to access, if authentication by, the database access request of letting pass, continue executing with step 7, otherwise prevent after
It is continuous to access, returning result;
Step 7:Role is carried out using the access control rule Authorization result that step 2 is completed according to terminal user ID information to look into
Ask, and the Access and control strategy of database rule of the role is distributed to based on the character search inquired;
Step 8:The database access that the Access and control strategy of database rule inquired according to step 7 is successfully parsed to step 5
Request sentence is rewritten, and loading of databases access control rule generates new database access request sentence;
Step 9:The new database access request sentence is performed, returns to implementing result.
2. the method as described in claim 1, it is characterised in that the Access and control strategy of database rule includes the content of table 1:
Table 1
Wherein, " TABLE1 " represents data to be protected table;
" SELECT " represents only have inquiry operation authority to protected data;
" attr1, attr2 " are to need to carry out the Column Properties name of permutation protection for table TABLE1, are separated by with ", ";
" return to the return shape that * * * " represent, when unauthorized terminal user accesses protected data, to specify according to requirement of shelter
Formula returned data, " * * * " are replaced by protection data for return here;
“keya,keya" it is to need to carry out the row data key words of full line protection for table TABLE1, it is separated by with ", ";
“attr3:keyc,attr4:keyd" it is to need to carry out the configuration data of field data protection for table TABLE1, wherein,
Att3 represents the Column Properties name in table TABLE1, keyaExpression needs the row data key words of protected field data, attr3:
keyaBoth, which combine, can determine that the protected field data of needs, attr4:keybIt can determine that another needs is protected
Field data, different field data are equally separated by with ", ";
Situation for being likely to occur rule conflict, i.e., the configured row attr1 to table TABLE1 only have SELECT authorities, again
Row key of the configuration to table TABLE1 simultaneouslyaOnly there is DELETE authorities, now field data attr1:keyaBoth only has SELECT
, there is contradiction, are now solved by setting rule prioritization in authority and only DELETE authorities, i.e. protection of the regulation for row
Protected prior to row.
3. the method as described in claim 1, it is characterised in that in step 3, obtained eventually by restoration and reuse system login page
End subscriber corresponds to the real information of terminal user of application system.
4. the method as described in claim 1, it is characterised in that in step 4, terminal user ID information is noted using annotation form
Enter into database access request sentence.
5. the method as described in claim 1, it is characterised in that in step 5, the database access request sentence parsing includes
Morphology, syntax and semantics analysis.
6. the method as described in claim 1, it is characterised in that in step 6, by being used with the legal terminal configured in step 1
Family parsing compares analysis, verifies whether the terminal user ID information extracted from step 5 is legal.
7. the method as any one of claim 1 to 6, it is characterised in that in step 9, database access will be loaded with
The new database access request sentence of control rule is sent to database, performs new database access request sentence, and will
Implementing result returns.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710585913.8A CN107403106B (en) | 2017-07-18 | 2017-07-18 | Database fine-grained access control method based on terminal user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710585913.8A CN107403106B (en) | 2017-07-18 | 2017-07-18 | Database fine-grained access control method based on terminal user |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107403106A true CN107403106A (en) | 2017-11-28 |
| CN107403106B CN107403106B (en) | 2020-06-02 |
Family
ID=60400869
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710585913.8A Active CN107403106B (en) | 2017-07-18 | 2017-07-18 | Database fine-grained access control method based on terminal user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107403106B (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108629201A (en) * | 2018-04-24 | 2018-10-09 | 山东华软金盾软件股份有限公司 | A method of database illegal operation is blocked |
| CN108874863A (en) * | 2018-04-19 | 2018-11-23 | 华为技术有限公司 | A kind of control method and database access device of data access |
| CN109144978A (en) * | 2018-08-15 | 2019-01-04 | 新华三大数据技术有限公司 | Right management method and device |
| CN109409113A (en) * | 2018-10-25 | 2019-03-01 | 国家电网有限公司 | A kind of electric network data safety protecting method and distributed power grid data safety guard system |
| CN109472159A (en) * | 2018-11-15 | 2019-03-15 | 泰康保险集团股份有限公司 | Access control method, device, medium and electronic equipment |
| CN109766686A (en) * | 2018-04-25 | 2019-05-17 | 新华三大数据技术有限公司 | Rights management |
| CN110096892A (en) * | 2019-04-29 | 2019-08-06 | 武汉中锐源信息技术开发有限公司 | Database Properties access control method and system |
| CN110175464A (en) * | 2019-06-05 | 2019-08-27 | 中国民用航空总局第二研究所 | Data access control method, device, storage medium and electronic equipment |
| CN110232068A (en) * | 2019-06-14 | 2019-09-13 | 中国工商银行股份有限公司 | Data sharing method and device |
| CN110569667A (en) * | 2019-09-10 | 2019-12-13 | 北京字节跳动网络技术有限公司 | Access control method and device, computer equipment and storage medium |
| CN110598445A (en) * | 2019-09-12 | 2019-12-20 | 金蝶蝶金云计算有限公司 | Database access control method, system and related equipment |
| CN111159729A (en) * | 2019-12-13 | 2020-05-15 | 中移(杭州)信息技术有限公司 | Authority control method, device and storage medium |
| CN111209592A (en) * | 2020-01-02 | 2020-05-29 | 广东金赋科技股份有限公司 | Method and system for controlling data authority based on spliced SQL (structured query language) statement |
| CN111611555A (en) * | 2020-05-19 | 2020-09-01 | 北京金山云网络技术有限公司 | Physical layer authorization and access method and device |
| CN111767572A (en) * | 2020-06-28 | 2020-10-13 | 北京天融信网络安全技术有限公司 | Method and device for safely accessing database |
| CN111931234A (en) * | 2020-08-13 | 2020-11-13 | 中国民航信息网络股份有限公司 | Data access control method and system |
| CN112100415A (en) * | 2020-09-14 | 2020-12-18 | 哈尔滨工业大学(威海) | Implementation method of high-reliability large-scale graph database system of heterogeneous platform |
| CN113452683A (en) * | 2021-06-15 | 2021-09-28 | 郑州云智信安安全技术有限公司 | Method and system for controlling row-column-level authority of database |
| CN114840521A (en) * | 2022-04-22 | 2022-08-02 | 北京友友天宇系统技术有限公司 | Database authority management and data protection method, device, equipment and storage medium |
| CN114880702A (en) * | 2022-04-25 | 2022-08-09 | 北京科杰科技有限公司 | Request processing method and device based on rank-level authority, electronic equipment and medium |
| CN114969811A (en) * | 2022-05-16 | 2022-08-30 | 贵州领航视讯信息技术有限公司 | Data authority control method based on data segmentation |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11868500B2 (en) | 2021-03-24 | 2024-01-09 | International Business Machines Corporation | Fine-grained access control of column-major relational database management systems |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
| US7913300B1 (en) * | 2005-04-08 | 2011-03-22 | Netapp, Inc. | Centralized role-based access control for storage servers |
| US20120131646A1 (en) * | 2010-11-22 | 2012-05-24 | International Business Machines Corporation | Role-based access control limited by application and hostname |
| CN104484617A (en) * | 2014-12-05 | 2015-04-01 | 中国航空工业集团公司第六三一研究所 | Database access control method on basis of multi-strategy integration |
-
2017
- 2017-07-18 CN CN201710585913.8A patent/CN107403106B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7913300B1 (en) * | 2005-04-08 | 2011-03-22 | Netapp, Inc. | Centralized role-based access control for storage servers |
| CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
| US20120131646A1 (en) * | 2010-11-22 | 2012-05-24 | International Business Machines Corporation | Role-based access control limited by application and hostname |
| CN104484617A (en) * | 2014-12-05 | 2015-04-01 | 中国航空工业集团公司第六三一研究所 | Database access control method on basis of multi-strategy integration |
Non-Patent Citations (2)
| Title |
|---|
| 冯志亮 谭景信: ""分级的行列级权限系统的设计和实现"", 《计算机工程与设计》 * |
| 孙先友: ""一种基于角色的数据库访问控制系统设计"", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》 * |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108874863A (en) * | 2018-04-19 | 2018-11-23 | 华为技术有限公司 | A kind of control method and database access device of data access |
| CN108874863B (en) * | 2018-04-19 | 2022-03-25 | 华为技术有限公司 | Data access control method and database access device |
| US11947700B2 (en) | 2018-04-19 | 2024-04-02 | Huawei Technologies Co., Ltd. | Data access control method and database access apparatus |
| CN108629201A (en) * | 2018-04-24 | 2018-10-09 | 山东华软金盾软件股份有限公司 | A method of database illegal operation is blocked |
| WO2019206211A1 (en) * | 2018-04-25 | 2019-10-31 | 新华三大数据技术有限公司 | Permission management method and device |
| CN109766686A (en) * | 2018-04-25 | 2019-05-17 | 新华三大数据技术有限公司 | Rights management |
| CN109144978A (en) * | 2018-08-15 | 2019-01-04 | 新华三大数据技术有限公司 | Right management method and device |
| CN109144978B (en) * | 2018-08-15 | 2020-12-01 | 新华三大数据技术有限公司 | Authority management method and device |
| CN109409113A (en) * | 2018-10-25 | 2019-03-01 | 国家电网有限公司 | A kind of electric network data safety protecting method and distributed power grid data safety guard system |
| CN109409113B (en) * | 2018-10-25 | 2020-10-02 | 国家电网有限公司 | Power grid data safety protection method and distributed power grid data safety protection system |
| CN109472159A (en) * | 2018-11-15 | 2019-03-15 | 泰康保险集团股份有限公司 | Access control method, device, medium and electronic equipment |
| CN110096892A (en) * | 2019-04-29 | 2019-08-06 | 武汉中锐源信息技术开发有限公司 | Database Properties access control method and system |
| CN110175464A (en) * | 2019-06-05 | 2019-08-27 | 中国民用航空总局第二研究所 | Data access control method, device, storage medium and electronic equipment |
| CN110232068A (en) * | 2019-06-14 | 2019-09-13 | 中国工商银行股份有限公司 | Data sharing method and device |
| CN110569667B (en) * | 2019-09-10 | 2022-03-15 | 北京字节跳动网络技术有限公司 | Access control method and device, computer equipment and storage medium |
| CN110569667A (en) * | 2019-09-10 | 2019-12-13 | 北京字节跳动网络技术有限公司 | Access control method and device, computer equipment and storage medium |
| CN110598445B (en) * | 2019-09-12 | 2022-05-20 | 金蝶蝶金云计算有限公司 | Database access control method, system and related equipment |
| CN110598445A (en) * | 2019-09-12 | 2019-12-20 | 金蝶蝶金云计算有限公司 | Database access control method, system and related equipment |
| CN111159729A (en) * | 2019-12-13 | 2020-05-15 | 中移(杭州)信息技术有限公司 | Authority control method, device and storage medium |
| CN111209592A (en) * | 2020-01-02 | 2020-05-29 | 广东金赋科技股份有限公司 | Method and system for controlling data authority based on spliced SQL (structured query language) statement |
| CN111611555A (en) * | 2020-05-19 | 2020-09-01 | 北京金山云网络技术有限公司 | Physical layer authorization and access method and device |
| CN111767572A (en) * | 2020-06-28 | 2020-10-13 | 北京天融信网络安全技术有限公司 | Method and device for safely accessing database |
| CN111931234A (en) * | 2020-08-13 | 2020-11-13 | 中国民航信息网络股份有限公司 | Data access control method and system |
| CN112100415A (en) * | 2020-09-14 | 2020-12-18 | 哈尔滨工业大学(威海) | Implementation method of high-reliability large-scale graph database system of heterogeneous platform |
| CN112100415B (en) * | 2020-09-14 | 2023-03-17 | 哈尔滨工业大学(威海) | Implementation method of high-reliability large graph database system of heterogeneous platform |
| CN113452683A (en) * | 2021-06-15 | 2021-09-28 | 郑州云智信安安全技术有限公司 | Method and system for controlling row-column-level authority of database |
| CN114840521A (en) * | 2022-04-22 | 2022-08-02 | 北京友友天宇系统技术有限公司 | Database authority management and data protection method, device, equipment and storage medium |
| CN114840521B (en) * | 2022-04-22 | 2023-03-21 | 北京友友天宇系统技术有限公司 | Database authority management and data protection method, device, equipment and storage medium |
| CN114880702A (en) * | 2022-04-25 | 2022-08-09 | 北京科杰科技有限公司 | Request processing method and device based on rank-level authority, electronic equipment and medium |
| CN114969811A (en) * | 2022-05-16 | 2022-08-30 | 贵州领航视讯信息技术有限公司 | Data authority control method based on data segmentation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107403106B (en) | 2020-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107403106A (en) | Database fine-grained access control method based on terminal user | |
| US20230064206A1 (en) | Query analysis using a protective layer at the data source | |
| US9848001B2 (en) | Secure access to mobile applications | |
| CN104766023B (en) | User management method based on ORACLE databases | |
| CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
| CN106326699A (en) | Method for reinforcing server based on file access control and progress access control | |
| Yunus et al. | Review of SQL injection: problems and prevention | |
| KR20070114725A (en) | A multi-layer system for privacy enforcement and monitoring of suspicious data access behavior | |
| Singh et al. | SQL injection: Types, methodology, attack queries and prevention | |
| US11783016B2 (en) | Computing system and method for verification of access permissions | |
| CN104615947B (en) | A kind of believable data base integrity guard method and system | |
| Hou et al. | MongoDB NoSQL injection analysis and detection | |
| CN107465650A (en) | A kind of access control method and device | |
| CN107180173A (en) | unlocking method and device | |
| CN107871084A (en) | The Access and control strategy of database method of identity-based and rule | |
| CN113468576B (en) | Role-based data security access method and device | |
| CN107147665B (en) | Application method of the beam-based alignment model in industrial 4.0 systems | |
| US20080271114A1 (en) | System for providing and utilizing a network trusted context | |
| Hasan et al. | Evaluation of SQL injection prevention methods | |
| CN109245880B (en) | Hadoop component safety reinforcement method | |
| Kothari et al. | Various database attacks, approaches and countermeasures to database security | |
| Nanda et al. | Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes-Oxley & the Gramm-Leach-Bliley Act GLB | |
| Chen et al. | Research on SQL injection and defense technology | |
| US20180322305A1 (en) | System and method for data theft prevention | |
| US20210157899A1 (en) | Method and System for User Induced Password Scrambling |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |