CN108388604B - User authority data management apparatus, method and computer readable storage medium - Google Patents

User authority data management apparatus, method and computer readable storage medium Download PDF

Info

Publication number
CN108388604B
CN108388604B CN201810114648.XA CN201810114648A CN108388604B CN 108388604 B CN108388604 B CN 108388604B CN 201810114648 A CN201810114648 A CN 201810114648A CN 108388604 B CN108388604 B CN 108388604B
Authority
CN
China
Prior art keywords
directory
authority data
user
service unit
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810114648.XA
Other languages
Chinese (zh)
Other versions
CN108388604A (en
Inventor
廖维
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810114648.XA priority Critical patent/CN108388604B/en
Priority to PCT/CN2018/089131 priority patent/WO2019153592A1/en
Publication of CN108388604A publication Critical patent/CN108388604A/en
Application granted granted Critical
Publication of CN108388604B publication Critical patent/CN108388604B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/144Query formulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/11File system administration, e.g. details of archiving or snapshots
    • G06F16/122File system administration, e.g. details of archiving or snapshots using management policies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • G06F16/137Hash-based
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Human Resources & Organizations (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Game Theory and Decision Science (AREA)
  • Educational Administration (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Mathematical Physics (AREA)
  • Library & Information Science (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a user authority data management device, which comprises a memory and a processor, wherein an authority management program which can run on the processor is stored in the memory, and the program realizes the following steps when being executed by the processor: when receiving an authority data acquisition request, acquiring user information and determining a service unit corresponding to the user information; calculating a first storage path of the authority data according to a preset Hash algorithm and user information; inquiring a directory configuration file in the management service assembly, and judging whether a current main directory of the service unit is in an abnormal state; if so, reading the authority data closest to the current time point from a first storage path of the standby directory; and if not, reading the authority data from the first storage path of the main directory. The invention also provides a user authority data management method and a computer readable storage medium. The invention improves the inquiry efficiency of the authority data and further improves the response speed of the authority data acquisition request.

Description

User authority data management device, method and computer readable storage medium
Technical Field
The present invention relates to the field of data management technologies, and in particular, to a user right data management apparatus, a user right data management method, and a computer-readable storage medium.
Background
As the scale of the financial industry gradually increases, the field of work of some banks, financial institutions and the like is continuously expanding, which requires that the accuracy of the authority management of employees is improved. Usually, each bank or financial institution has a set of authority management system to manage and maintain the authority of the employee. When the employee performs a transaction, the authority management platform needs to inquire whether the employee has the authority to execute the related business operation.
Currently, the rights management system stores user rights related information of individual employees in a DB2 database. When a user logs in, the WAS server inquires the user authority related information from the DB2 database, and the inquired user authority related information is used for carrying out authority calculation to obtain the user authority information and provide the user authority information for the user. However, this technique has the disadvantages of high requirements on the performance of the DB2 database, low efficiency of searching data from a huge database, and incapability of quick retrieval, especially when the number of users is large, resulting in slow response speed to the permission data acquisition request.
Disclosure of Invention
The invention provides a user authority data management device, a user authority data management method and a computer readable storage medium, and mainly aims to improve the inquiry efficiency of authority data so as to improve the response speed of an authority data acquisition request.
In order to achieve the above object, the present invention provides a user right data management device, which includes a memory and a processor, wherein the memory stores a right management program operable on the processor, and the right management program implements the following steps when executed by the processor:
when receiving an authority data acquisition request sent by a user terminal, acquiring user information from the authority data acquisition request, and determining a service unit corresponding to the user information, wherein the service unit comprises one or more service systems;
calculating a first storage path of authority data corresponding to the user information according to a preset hash algorithm and the user information, wherein the storage path is determined according to the preset hash algorithm and the user information when the authority data of each user is stored in the user authority data management device;
inquiring a directory configuration file in a management service assembly, and judging whether a current main directory of the service unit is in an abnormal state or not according to the directory configuration file;
If so, reading the authority data closest to the current time point from the first storage path of the standby directory of the service unit, and sending the read authority data to the user terminal;
if not, reading the authority data from the first storage path of the main directory of the service unit, and sending the read authority data to the user terminal, wherein the main directory and the standby directory are respectively located on different physical storage devices.
Optionally, the rights management program is further executable by the processor to implement the steps of:
when a user authority data change notice issued by a management system is received, determining authority data change information and corresponding user information according to the change notice;
calculating a second storage path of the user information according to the preset hash algorithm;
and synchronously updating the authority data in the second storage path of the main directory and the second storage path of the standby directory according to the authority data change information.
Optionally, the right management program may be further executed by the processor, so that after the step of reading the right data from the active directory of the service unit according to the calculated first storage path, the following steps are further implemented:
If the data reading error occurs, counting the times of the data reading error of the service unit in a preset time interval until the current time point;
when the counted times are less than the preset times, sending prompt information of data acquisition failure to the user terminal;
and when the counted times are greater than or equal to the preset times, marking the main directory of the service unit in the configuration file as an abnormal state.
Optionally, the right management program may be further executable by the processor to, after the step of marking the active directory of the service unit in the configuration file as an abnormal state, further implement the following steps:
sending an authority data rollback request corresponding to the service unit to a management server, and receiving authority data corresponding to the service unit returned by the management server based on the authority data rollback request;
and updating the authority data corresponding to the service unit in the main directory according to the received authority data.
Optionally, the step of calculating a first storage path of the permission data corresponding to the user information according to a preset hash algorithm and the user information includes:
Calculating hash values of the catalogs of each level according to the user information and the hierarchy constants of the catalogs of each level respectively;
obtaining a remainder by performing complementation operation on the hash values of the directories of each level obtained by calculation;
and combining the remainders obtained by the calculation of the directories of each level to generate a first storage path of the authority data corresponding to the user information.
In addition, in order to achieve the above object, the present invention further provides a user right data management method, including:
when receiving an authority data acquisition request sent by a user terminal, acquiring user information from the authority data acquisition request, and determining a service unit corresponding to the user information, wherein the service unit comprises one or more service systems;
calculating a first storage path of authority data corresponding to the user information according to a preset hash algorithm and the user information, wherein the storage path is determined according to the preset hash algorithm and the user information when the authority data of each user is stored in the user authority data management device;
inquiring a directory configuration file in a management service assembly, and judging whether a current main directory of the service unit is in an abnormal state or not according to the directory configuration file;
If so, reading the authority data closest to the current time point from the first storage path of the standby directory of the service unit, and sending the read authority data to the user terminal;
if not, reading the authority data from the first storage path of the main directory of the service unit, and sending the read authority data to the user terminal, wherein the main directory and the standby directory are respectively located on different physical storage devices.
Optionally, the method further comprises the steps of:
when a user authority data change notice issued by a management system is received, determining authority data change information and corresponding user information according to the change notice;
calculating a second storage path of the user information according to the preset hash algorithm;
and synchronously updating the authority data in the second storage path of the main directory and the second storage path of the standby directory according to the authority data change information.
Optionally, after the step of reading the permission data from the primary directory of the service unit according to the calculated first storage path, the method further includes the steps of:
If the data reading error occurs, counting the times of the data reading error of the service unit in a preset time interval until the current time point;
when the counted times are less than the preset times, sending prompt information of data acquisition failure to the user terminal;
and when the counted times are greater than or equal to the preset times, marking the main directory of the service unit in the configuration file as an abnormal state.
Optionally, after the step of marking the active directory of the service unit in the configuration file as an abnormal state, the method further includes the steps of:
sending an authority data rollback request corresponding to the service unit to a management server, and receiving authority data corresponding to the service unit returned by the management server based on the authority data rollback request;
and updating the authority data corresponding to the service unit in the main directory according to the received authority data.
In addition, to achieve the above object, the present invention also provides a computer readable storage medium having a rights management program stored thereon, the rights management program being executable by one or more processors to implement the steps of the user rights data management method as described above.
When receiving an authority data acquisition request sent by a user terminal, acquiring user hip-hop from the request, determining a service unit corresponding to user information, calculating a first storage path of the authority data corresponding to the user information according to a preset hash algorithm and the user information, inquiring a directory configuration file in a management service assembly, judging whether a current primary directory of the service unit is in an abnormal state according to the directory configuration file, if so, reading the authority data closest to the current time point from a first storage path of a standby directory of the service unit and sending the authority data to the user terminal, and if not, acquiring the authority data from the first storage path of the primary directory and sending the authority data to the user terminal, the storage path is calculated according to the user information without retrieving from a large number of files, and the authority data is directly acquired under the path, so that the inquiry efficiency of the authority data is improved, the authority data is quickly positioned, and the response speed of the authority data acquisition request is improved.
Drawings
FIG. 1 is a diagram of a user right data management device according to a preferred embodiment of the present invention;
FIG. 2 is a block diagram of a program module of a privilege management program in an embodiment of a user privilege data management apparatus according to the present invention;
FIG. 3 is a flowchart illustrating a method for managing user rights data according to a preferred embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a user authority data management device. Referring to FIG. 1, a user right data management device according to a preferred embodiment of the present invention is shown.
In this embodiment, the user authority data management device may be a PC (Personal Computer), or may be a terminal device such as a smartphone, a tablet Computer, or a mobile Computer.
The user right data management device comprises at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
The memory 11 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 11 may in some embodiments be an internal storage unit of the user rights data management device, for example a hard disk of the user rights data management device. The memory 11 may also be an external storage device of the user right data management apparatus in other embodiments, such as a plug-in hard disk provided on the user right data management apparatus, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 11 may also include both an internal storage unit of the user authority data management apparatus and an external storage device. The memory 11 may be used not only to store application software installed in the user authority data management apparatus and various types of data, such as codes of authority management programs, etc., but also to temporarily store data that has been output or is to be output.
Processor 12, which in some embodiments may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip, is configured to execute program codes stored in memory 11 or process data, such as executing a rights management program.
The communication bus 13 is used to realize connection communication between these components.
The network interface 14 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), typically used to establish a communication link between the apparatus and other electronic devices.
Fig. 1 only shows the user rights data management device with components 11-14 and a rights management program, but it should be understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead.
Optionally, the device may further comprise a user interface, which may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and an optional user interface which may also comprise a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the user right data management device and for displaying a visualized user interface.
In the embodiment of the apparatus shown in fig. 1, a rights management program is stored in the memory 11; the processor 12, when executing the rights management program stored in the memory 11, implements the following steps:
when receiving an authority data acquisition request sent by a user terminal, acquiring user information from the authority data acquisition request, and determining a service unit corresponding to the user information, wherein the service unit comprises one or more service systems.
The user authority data management device provided in this embodiment is used for managing and controlling the acquisition of authority data by a user, and the user authority data under multiple service systems is stored in the device, wherein multiple service systems can be combined into one service unit as required, for example, a health insurance service system, a production insurance service system, and a car insurance service system form an insurance service unit, and the three service systems are provided under the unit and store the user authority data of the three service systems correspondingly.
The device of this embodiment is provided with a main directory for providing online query and a backup directory for online rollback, where the main directory and the backup directory are stored in different physical storage devices, and when user right data of any one service system is changed, user right data stored in the main directory and the backup directory correspondingly is updated. When the main directory is normal, the user returns the authority data in the main directory to the user when inquiring the authority data, and when the main directory is abnormal, the authority data can be obtained from the standby directory and returned to the user.
And calculating a first storage path of the authority data corresponding to the user information according to a preset hash algorithm and the user information.
It should be noted that the authority data stored in the device may be manually input by an administrator, or may be issued by the management system. In this embodiment, the storage path of the authority data of each user is fixed, and the storage path is calculated by using a preset hash algorithm and user information, and after the authority data of a certain user is stored in the device, even if the authority data is changed in the subsequent use process, the storage path is still unchanged.
Specifically, an algorithm for calculating a storage path of the authority data corresponding to the user information according to the preset hash algorithm and the user information is as follows:
calculating hash values of the catalogs of each level according to the user information and the hierarchy constants of the catalogs of each level respectively; obtaining a remainder by performing complementation operation on the hash values of the directories of each level obtained by calculation; and combining the remainders obtained by the calculation of the directories of each level to generate a storage path of the authority data corresponding to the user information.
Taking the primary directory as an example, the directory depth is set to be N levels, and the number of folders in each level of directory is 100, so that 100 folders exist under the fourth level of directory of the primary directory NThe number of N folders can be set according to the number of users, and the larger the number of users is, the larger the value of N is. In addition, a directory constant is set for each level of directory, in this embodiment, the hierarchical level of the directory at each level may be set as its directory constant, for example, the directory constant of the first level of directory is 01; the user information is information capable of uniquely identifying the user, and in this implementation, the user information may be a user ID of the user in a service system of the user.
Combining the user ID and the directory constant of the second-level directory into a character string, calculating the hash value uid.hash01 of the character string according to a preset hash algorithm, combining the user ID and the directory constant of the second-level directory into a character string, calculating the hash value uid.hash02 of the character string according to the preset hash algorithm, and so on, combining the user ID and the directory constant of the Nth-level directory into a character string, and calculating the hash value uid.hashN of the character string according to the preset hash algorithm.
The device also needs to set a constant Z in advance according to the number of bits of the hash operation result and the number of folders of each level of directory, and the requirement of the constant Z meets the following conditions: after the hash value of the user information and a certain level of directory is calculated, the hash value is subjected to remainder operation according to a constant Z, and the result is less than or equal to the maximum value of the number of folders of the level of directory. For example, the hash value uid. hashn obtained by calculation is six bits, the number of folders in each level of directory is 100, and the numbers are 00 to 99, respectively, the constant Z may be set to 10000, and the remainder obtained by dividing any one six-bit number by Z is a 2-bit number. The number of bits of the hash value is determined by a preset hash algorithm, and a user can set the hash algorithm according to needs to determine the number of bits of the calculated hash value. If the number of folders in each level of directory is set to 1000, and the number is from 000 to 999, the constant can be set to 1000.
And performing complementation operation on each hash value obtained by calculation based on the constant Z to obtain uid. hash01-a01 and uid. hash02-a02 … … uid. hashN-aN, and generating a storage path of the authority data of the user in the storage directory according to the complementation operation result of the hash values corresponding to each level of directory as follows:
uid.hash01-a01/uid.hash02-a02/……/uid.hashN-aN。
the storage directory comprises a main directory and a standby directory, and the directory structures of the main directory and the standby directory are completely the same except that the storage areas are different. If the authority data needs to be searched in the main directory or the standby directory, the main directory path of the main directory or the standby directory is added in front of the path.
It can be understood that, when the authority data of the user is newly added to the device, the storage path can be calculated according to the above manner, and folders for the newly added authority data are respectively established under the main directory and the standby directory according to the calculated path for storage. When the user inquires the authority data, the storage path is calculated according to the same algorithm, and the authority data is directly obtained from the folder corresponding to the path.
And inquiring a directory configuration file in the management service assembly, and judging whether the current main directory of the service unit is in an abnormal state according to the directory configuration file.
And if so, reading the authority data closest to the current time point from the first storage path of the standby directory of the service unit, and sending the read authority data to the user terminal.
If not, reading the authority data from the first storage path of the main directory of the service unit, and sending the read authority data to the user terminal, wherein the main directory and the standby directory are respectively located on different physical storage devices.
After the storage path of the requested authority data is obtained through calculation, a directory configuration file in a management service assembly is inquired, when the fact that a main directory of a service unit is abnormal is detected, the state of the main directory of the service unit in the directory configuration file is marked to be an abnormal state, if the fact that whether the current main directory of the service unit is in the abnormal state or not is judged according to the directory configuration file, the authority data closest to the current time point are read from the first storage path of a standby directory of the service unit and sent to a user terminal; otherwise, the read authority data is obtained from the same path under the main directory and is sent to the user terminal.
Or, in other embodiments, the directory configuration file defines a query directory corresponding to each service unit, when the active directory is in a normal state, the query directory of the service unit is the active directory, and when detecting that the active directory of the service unit is abnormal, the query directory is modified into a standby directory. Therefore, whether the main directory is in an abnormal state or not can be judged according to the query directory corresponding to the service unit in the queried directory configuration file.
Optionally, as an embodiment, after the step of reading the permission data from the main directory of the service unit according to the calculated first storage path, if a data reading error occurs, counting the number of times of the data reading error occurring in the service unit within a preset time interval up to the current time point; when the counted times are less than the preset times, sending prompt information of data acquisition failure to the user terminal; and when the counted times are greater than or equal to the preset times, marking the main directory of the service unit in the configuration file as an abnormal state. In this embodiment, when a data reading error occurs multiple times within a preset time interval in the same service unit, it is determined that the active directory is abnormal.
Further, in an embodiment, when the device of the present invention receives a user permission data change notification issued by a management system, permission data change information and corresponding user information are determined according to the change notification; calculating a second storage path of the user information according to the preset hash algorithm; and synchronously updating the authority data in the second storage path of the main directory and the second storage path of the standby directory according to the authority data change information.
Furthermore, after the main directory of the service unit in the configuration file is marked as an abnormal state, the device of the invention sends an authority data rollback request corresponding to the service unit to a management server, and receives the authority data corresponding to the service unit returned by the management server based on the authority data rollback request; and updating the authority data corresponding to the service unit in the main directory according to the received authority data. When the main directory is abnormal, the standby directory is used for responding to the authority data acquisition request sent by the user terminal, meanwhile, the abnormal data in the main directory is timely rolled back, so that the data is timely restored to the state after the management system sends the data last time, the authority data rolling back request corresponding to the service unit is sent to the management server, and the management system sends the authority data of all users corresponding to the service updated last time before the time point of receiving the rolling back request to the device for updating.
The user permission data management device provided in this embodiment, when receiving a permission data acquisition request sent by a user terminal, acquires user hip-hop from the request, determines a service unit corresponding to user information, calculates a first storage path of permission data corresponding to the user information according to a preset hash algorithm and the user information, queries a directory configuration file in a management service component, determines whether a current primary directory of the service unit is in an abnormal state according to the directory configuration file, if yes, reads permission data closest to a current time point from the first storage path of a standby directory of the service unit and sends the permission data to the user terminal, and if not, acquires the permission data from the first storage path of the primary directory and sends the permission data to the user terminal. And a storage path is calculated according to the user information, and the authority data is directly acquired under the path, so that the inquiry efficiency of the authority data is improved, the authority data is quickly positioned, and the response speed of the authority data acquisition request is improved.
Alternatively, in other embodiments, the rights management program may be divided into one or more modules, and one or more modules are stored in the memory 11 and executed by one or more processors (in this embodiment, the processor 12) to implement the present invention.
For example, referring to fig. 2, a schematic diagram of program modules of a rights management program in an embodiment of the user rights data management device of the present invention is shown, in this embodiment, the rights management program may be divided into an information obtaining module 10, a path calculating module 20, a state judging module 30 and a data searching module 40, and exemplarily:
the information acquisition module 10 is configured to: when receiving an authority data acquisition request sent by a user terminal, acquiring user information from the authority data acquisition request, and determining a service unit corresponding to the user information, wherein the service unit comprises one or more service systems;
the path computation module 20 is configured to: calculating a first storage path of authority data corresponding to the user information according to a preset hash algorithm and the user information, wherein the storage path is determined according to the preset hash algorithm and the user information when the authority data of each user is stored in the user authority data management device;
the state determination module 30 is configured to: inquiring a directory configuration file in a management service assembly, and judging whether a current main directory of the service unit is in an abnormal state or not according to the directory configuration file;
The data lookup module 40 is configured to: if so, reading the authority data closest to the current time point from the first storage path of the standby directory of the service unit, and sending the read authority data to the user terminal;
and if not, reading the authority data from the first storage path of the main directory of the service unit, and sending the read authority data to the user terminal, wherein the main directory and the standby directory are respectively located on different physical storage devices.
The functions or operation steps implemented by the program modules such as the information obtaining module 10, the path calculating module 20, the state determining module 30, and the data searching module 40 when executed are substantially the same as those of the above embodiments, and are not described herein again.
In addition, the invention also provides a user authority data management method. Referring to FIG. 3, a flow chart of a user right data management method according to a preferred embodiment of the invention is shown. The method may be performed by an apparatus, which may be implemented by software and/or hardware.
In this embodiment, the user right data management method includes:
step S10, when receiving an authority data obtaining request sent by a user terminal, obtaining user information from the authority data obtaining request, and determining a service unit corresponding to the user information, where the service unit includes one or more service systems.
The user right data management method provided in this embodiment is described below with a user right data management apparatus as an execution subject, where the apparatus is configured to manage and control acquisition of user right data by a user, and the apparatus stores user right data under multiple service systems, where multiple service systems may be combined into one service unit as needed, for example, a health insurance service system, a production insurance service system, and a car insurance service system form an insurance service unit, and the three service systems are below the insurance service unit and store user right data of the three service systems correspondingly.
The user authority data management device is provided with a main directory and a standby directory, wherein the main directory and the standby directory are used for providing online inquiry, the main directory and the standby directory are respectively stored on different physical storage devices, and when user authority data of any service system are changed, the user authority data correspondingly stored under the main directory and the standby directory are updated at the same time. When the main directory is normal and the user inquires the authority data, the authority data in the main directory is returned to the user, and when the main directory is abnormal, the authority data can be obtained from the standby directory and returned to the user.
Step S20, calculating a first storage path of the authority data corresponding to the user information according to a preset hash algorithm and the user information.
It should be noted that the authority data stored in the device may be manually input by an administrator, or may be issued by the management system. In this embodiment, the storage path of the authority data of each user is fixed, and the storage path is calculated by using a preset hash algorithm and user information, and after the authority data of a certain user is stored in the device, even if the authority data is changed in the subsequent use process, the storage path is still unchanged.
Specifically, an algorithm for calculating a storage path of the authority data corresponding to the user information according to the preset hash algorithm and the user information is as follows:
calculating hash values of the catalogs of each level according to the user information and the hierarchy constants of the catalogs of each level respectively; obtaining a remainder by performing complementation operation on the hash values of the directories of each level obtained by calculation; and combining the remainders obtained by the calculation of the directories of each level to generate a storage path of the authority data corresponding to the user information.
Taking the primary directory as an example, the directory depth is set to be N levels, and the number of folders in each level of directory is 100, so that 100 folders exist under the fourth level of directory of the primary directory NThe number of N of each folder may be set according to the number of users, and the larger the number of users is, the larger the value of N is, and preferably, in an embodiment, the value of N is 3. In addition, a directory constant is set for each level of directory, in this embodiment, the hierarchical level of the directory at each level may be set as its directory constant, for example, the directory constant of the first level of directory is 01; the user information is information capable of uniquely identifying the user, and in this implementation, the user information may be a user ID of the user in a service system of the user.
Combining the user ID and the directory constant of the second-level directory into a character string, calculating the hash value uid.hash01 of the character string according to a preset hash algorithm, combining the user ID and the directory constant of the second-level directory into a character string, calculating the hash value uid.hash02 of the character string according to the preset hash algorithm, and so on, combining the user ID and the directory constant of the Nth-level directory into a character string, and calculating the hash value uid.hashN of the character string according to the preset hash algorithm.
The user authority data management device also needs to set a constant Z in advance according to the number of bits of the hash operation result and the number of folders of each level of directory, and the requirement of the constant Z meets the following conditions: after the hash value of the user information and a certain level of directory is calculated, the hash value is subjected to remainder operation according to a constant Z, and the result is less than or equal to the maximum value of the number of folders of the level of directory. For example, the hash value uid. hashn obtained by calculation is six bits, the number of folders in each level of directory is 100, and the numbers are 00 to 99, respectively, the constant Z may be set to 10000, and the remainder obtained by dividing any one six-bit number by Z is a 2-bit number. The number of bits of the hash value is determined by a preset hash algorithm, and a user can set the hash algorithm according to needs to determine the number of bits of the hash value. If the number of folders in each level of directory is set to 1000, and the number is from 000 to 999, the constant can be set to 1000.
And performing complementation operation on each hash value obtained by calculation based on the constant Z to obtain uid. hash01-a01 and uid. hash02-a02 … … uid. hashN-aN, and generating a storage path of the authority data of the user in the storage directory according to the complementation operation result of the hash values corresponding to each level of directory as follows:
uid.hash01-a01/uid.hash02-a02/……/uid.hashN-aN。
the storage directory comprises a main directory and a standby directory, and the directory structures of the main directory and the standby directory are completely the same except that the storage areas are different. If the authority data needs to be searched in the main directory or the standby directory, the main directory path of the main directory or the standby directory is added in front of the path.
It can be understood that, when the authority data of the user is newly added to the user authority data management device, the storage path may be calculated in the above manner, and folders for the newly added authority data are respectively established under the main directory and the standby directory according to the calculated path for storage. When the user inquires the authority data, the storage path is calculated according to the same algorithm, and the authority data is directly obtained from the folder corresponding to the path.
Step S30, querying a directory configuration file in the management service component, and determining whether the current active directory of the service unit is in an abnormal state according to the directory configuration file.
And step S40, if yes, reading the authority data nearest to the current time point from the first storage path of the standby directory of the service unit, and sending the read authority data to the user terminal.
Step S50, if not, reading the permission data from the first storage path of the active directory of the service unit, and sending the read permission data to the user terminal, where the active directory and the standby directory are located on different physical storage devices, respectively.
After the storage path of the requested authority data is obtained through calculation, a directory configuration file in a management service assembly is inquired, when the fact that a main directory of a service unit is abnormal is detected, the state of the main directory of the service unit in the directory configuration file is marked to be an abnormal state, if the fact that whether the current main directory of the service unit is in the abnormal state or not is judged according to the directory configuration file, the authority data closest to the current time point are read from the first storage path of a standby directory of the service unit and sent to a user terminal; otherwise, the read authority data is obtained from the same path under the main directory and sent to the user terminal.
Or, in other embodiments, the directory configuration file defines the query directory corresponding to each service unit, when the active directory is in a normal state, the query directory of the service unit is the active directory, and when detecting that the active directory of the service unit is abnormal, the query directory is modified into a standby directory. Therefore, whether the main directory is in an abnormal state or not can be judged according to the query directory corresponding to the service unit in the queried directory configuration file.
Optionally, as an embodiment, after the step of reading the permission data from the main directory of the service unit according to the calculated first storage path, if a data reading error occurs, counting the number of times of the data reading error occurring in the service unit within a preset time interval up to the current time point; when the counted times are less than the preset times, sending prompt information of data acquisition failure to the user terminal; and when the counted times are greater than or equal to the preset times, marking the main directory of the service unit in the configuration file as an abnormal state. In this embodiment, when a data reading error occurs multiple times within a preset time interval in the same service unit, it is determined that the active directory is abnormal.
Further, in one embodiment, when the user authority data management device receives a user authority data change notification issued by the management system, the user authority data change information and the corresponding user information are determined according to the change notification; calculating a second storage path of the user information according to the preset hash algorithm; and synchronously updating the authority data in the second storage path of the main directory and the second storage path of the standby directory according to the authority data change information.
Furthermore, after the main directory of the service unit in the configuration file is marked as an abnormal state, the user permission data management device sends a permission data rollback request corresponding to the service unit to the management server, and receives permission data corresponding to the service unit returned by the management server based on the permission data rollback request; and updating the authority data corresponding to the service unit in the main directory according to the received authority data. When the main directory is abnormal, the standby directory is used for responding to the authority data acquisition request sent by the user terminal, meanwhile, the abnormal data in the main directory is timely rolled back, so that the data is timely restored to the state after the management system sends the data last time, the authority data rolling back request corresponding to the service unit is sent to the management server, and the management system sends the authority data of all users corresponding to the service updated last time before the time point of receiving the rolling back request to the device for updating.
The user permission data management method provided in this embodiment, when receiving a permission data acquisition request sent by a user terminal, acquires user hip-hop from the request, determines a service unit corresponding to user information, calculates a first storage path of permission data corresponding to the user information according to a preset hash algorithm and the user information, queries a directory configuration file in a management service component, determines whether a current primary directory of the service unit is in an abnormal state according to the directory configuration file, if yes, reads permission data closest to a current time point from the first storage path of a standby directory of the service unit and sends the permission data to the user terminal, and if not, acquires permission data from the first storage path of the primary directory and sends the permission data to the user terminal. The storage path is calculated according to the user information, and the authority data are directly acquired under the path, so that the inquiry efficiency of the authority data is improved, the authority data are quickly positioned, and the response speed of the authority data acquisition request is improved.
Furthermore, an embodiment of the present invention further provides a computer-readable storage medium, where a rights management program is stored on the computer-readable storage medium, where the rights management program is executable by one or more processors to implement the following operations:
When receiving an authority data acquisition request sent by a user terminal, acquiring user information from the authority data acquisition request, and determining a service unit corresponding to the user information, wherein the service unit comprises one or more service systems;
calculating a first storage path of authority data corresponding to the user information according to a preset hash algorithm and the user information, wherein the storage path is determined according to the preset hash algorithm and the user information when the authority data of each user is stored in the user authority data management device;
inquiring a directory configuration file in a management service assembly, and judging whether a current main directory of the service unit is in an abnormal state or not according to the directory configuration file;
if so, reading the authority data closest to the current time point from the first storage path of the standby directory of the service unit, and sending the read authority data to the user terminal;
if not, reading the authority data from the first storage path of the main directory of the service unit, and sending the read authority data to the user terminal, wherein the main directory and the standby directory are respectively located on different physical storage devices.
The specific implementation of the computer-readable storage medium of the present invention is substantially the same as the embodiments of the user right data management apparatus and method, and will not be described herein again.
It should be noted that the above-mentioned numbers of the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and all equivalent structures or equivalent processes performed by the present invention or directly or indirectly applied to other related technical fields are also included in the scope of the present invention.

Claims (9)

1. A user rights data management device, the device comprising a memory and a processor, the memory having stored thereon a rights management program executable on the processor, the rights management program when executed by the processor implementing the steps of:
when receiving an authority data acquisition request sent by a user terminal, acquiring user information from the authority data acquisition request, and determining a service unit corresponding to the user information, wherein the service unit comprises one or more service systems;
calculating a first storage path of authority data corresponding to the user information according to a preset hash algorithm and the user information;
the step of calculating a first storage path of the authority data corresponding to the user information according to a preset hash algorithm and the user information comprises the following steps:
Calculating hash values of the catalogs of each level according to the user information and the hierarchy constants of the catalogs of each level respectively;
obtaining a remainder by performing complementation operation on the hash values of the directories of each level obtained by calculation;
the operation of obtaining the remainder by performing the remainder operation on the hash values of the obtained hierarchical directories through calculation specifically comprises the following steps:
setting a constant Z in advance according to the number of bits of the Hash operation result and the number of folders of each level of directory; the constant Z is set to satisfy the following conditions: after the hash value of user information and a certain level of directory is calculated, the hash value is subjected to remainder operation according to a constant Z, and the operation result is less than or equal to the maximum value of the number of folders of the level of directory;
combining the remainders obtained by calculating the catalogs of each level to generate a first storage path of authority data corresponding to the user information;
when the authority data of each user is stored in the user authority data management device, determining a storage path according to a preset hash algorithm and user information;
inquiring a directory configuration file in a management service assembly, and judging whether a current main directory of the service unit is in an abnormal state or not according to the directory configuration file;
if so, reading the authority data closest to the current time point from the first storage path of the standby directory of the service unit, and sending the read authority data to the user terminal;
If not, reading the authority data from the first storage path of the main directory of the service unit, and sending the read authority data to the user terminal, wherein the main directory and the standby directory are respectively located on different physical storage devices.
2. The user rights data management apparatus of claim 1, wherein the rights management program is further executable by the processor to perform the steps of:
when a user permission data change notice issued by a management system is received, permission data change information and corresponding user information are determined according to the change notice;
calculating a second storage path of the user information according to the preset Hash algorithm;
and synchronously updating the authority data in the second storage path of the main directory and the second storage path of the standby directory according to the authority data change information.
3. The user right data management device according to claim 1, wherein the right management program is further executable by the processor to, after the step of reading the right data from the primary directory of the service unit according to the calculated first storage path, further implement the steps of:
If the data reading error occurs, counting the times of the data reading error of the service unit in a preset time interval until the current time point;
when the counted times are less than the preset times, sending prompt information of data acquisition failure to the user terminal;
and when the counted times are greater than or equal to the preset times, marking the main directory of the service unit in the configuration file as an abnormal state.
4. The user rights data management arrangement of claim 3, wherein the rights management program is further executable by the processor to, after the step of marking the active directory of the business unit in the configuration file as an abnormal state, further perform the steps of:
sending an authority data rollback request corresponding to the service unit to a management server, and receiving authority data corresponding to the service unit returned by the management server based on the authority data rollback request;
and updating the authority data corresponding to the service unit in the main directory according to the received authority data.
5. A method for managing user rights data, the method comprising:
When receiving an authority data acquisition request sent by a user terminal, acquiring user information from the authority data acquisition request, and determining a service unit corresponding to the user information, wherein the service unit comprises one or more service systems;
calculating a first storage path of authority data corresponding to the user information according to a preset hash algorithm and the user information;
the step of calculating a first storage path of the authority data corresponding to the user information according to a preset hash algorithm and the user information comprises the following steps:
calculating hash values of the catalogs of each level according to the user information and the hierarchy constants of the catalogs of each level respectively;
obtaining a remainder by performing complementation operation on the hash values of the directories of each level obtained by calculation;
the operation of obtaining the remainder by performing the remainder operation on the hash values of the obtained hierarchical directories through calculation specifically comprises the following steps:
setting a constant Z in advance according to the number of bits of the Hash operation result and the number of folders of each level of directory; the constant Z is set to satisfy the following conditions: after the hash value of user information and a certain level of directory is calculated, the hash value is subjected to remainder operation according to a constant Z, and the operation result is less than or equal to the maximum value of the number of folders of the level of directory;
Combining the remainders obtained by calculating the catalogs of each level to generate a first storage path of authority data corresponding to the user information;
when the authority data of each user is stored in the user authority data management device, determining a storage path according to a preset hash algorithm and user information;
inquiring a directory configuration file in a management service assembly, and judging whether a current main directory of the service unit is in an abnormal state or not according to the directory configuration file;
if so, reading the authority data closest to the current time point from the first storage path of the standby directory of the service unit, and sending the read authority data to the user terminal;
if not, reading the authority data from the first storage path of the main directory of the service unit, and sending the read authority data to the user terminal, wherein the main directory and the standby directory are respectively located on different physical storage devices.
6. The user right data management method according to claim 5, wherein the method further comprises the steps of:
when a user authority data change notice issued by a management system is received, determining authority data change information and corresponding user information according to the change notice;
Calculating a second storage path of the user information according to the preset hash algorithm;
and synchronously updating the authority data in the second storage path of the main directory and the second storage path of the standby directory according to the authority data change information.
7. The method for managing user right data according to claim 5, wherein after the step of reading the right data from the primary directory of the service unit according to the calculated first storage path, the method further comprises the steps of:
if the data reading error occurs, counting the times of the data reading error of the service unit in a preset time interval until the current time point;
when the counted times are less than the preset times, sending prompt information of data acquisition failure to the user terminal;
and when the counted times are greater than or equal to the preset times, marking the main directory of the service unit in the configuration file as an abnormal state.
8. The method for managing user right data according to claim 7, wherein after the step of marking the active directory of the service unit in the configuration file as an abnormal state, the method further comprises the steps of:
Sending an authority data rollback request corresponding to the service unit to a management server, and receiving authority data corresponding to the service unit returned by the management server based on the authority data rollback request;
and updating the authority data corresponding to the service unit in the main directory according to the received authority data.
9. A computer-readable storage medium having stored thereon a rights management program executable by one or more processors to perform the steps of a method for user rights data management according to any one of claims 5 to 8.
CN201810114648.XA 2018-02-06 2018-02-06 User authority data management apparatus, method and computer readable storage medium Active CN108388604B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810114648.XA CN108388604B (en) 2018-02-06 2018-02-06 User authority data management apparatus, method and computer readable storage medium
PCT/CN2018/089131 WO2019153592A1 (en) 2018-02-06 2018-05-31 User authority data management device and method, and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810114648.XA CN108388604B (en) 2018-02-06 2018-02-06 User authority data management apparatus, method and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN108388604A CN108388604A (en) 2018-08-10
CN108388604B true CN108388604B (en) 2022-06-10

Family

ID=63075153

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810114648.XA Active CN108388604B (en) 2018-02-06 2018-02-06 User authority data management apparatus, method and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN108388604B (en)
WO (1) WO2019153592A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110232292A (en) * 2019-05-06 2019-09-13 平安科技(深圳)有限公司 Data access authority authentication method, server and storage medium
CN112836187B (en) * 2019-11-25 2024-02-02 杭州海康威视系统技术有限公司 Authority management method and device and electronic equipment
CN111240708B (en) * 2019-12-24 2023-04-28 北京威努特技术有限公司 Industrial control system host, industrial control system and industrial control system host software upgrading method
CN111221727B (en) * 2019-12-30 2024-03-08 瑞庭网络技术(上海)有限公司 Test method, test device, electronic equipment and computer readable medium
CN113254805A (en) * 2020-02-12 2021-08-13 维沃移动通信有限公司 Method and network equipment for inquiring group position
CN114077619A (en) * 2020-08-20 2022-02-22 北京字节跳动网络技术有限公司 Data query method and device, electronic equipment and storage medium
CN112487086B (en) * 2020-11-17 2024-04-16 中国人寿保险股份有限公司 Data synchronization method and device, electronic equipment and storage medium
CN113407528A (en) * 2020-11-20 2021-09-17 广东美云智数科技有限公司 Authority data synchronization method, management device and storage medium
CN112507354A (en) * 2020-12-04 2021-03-16 北京神州泰岳软件股份有限公司 Graph database-based authority management method and system
CN112988278B (en) * 2021-04-12 2022-09-06 上海米哈游天命科技有限公司 Meta file modification method and device of resource file, electronic equipment and storage medium
CN114978673B (en) * 2022-05-19 2023-07-04 中国联合网络通信集团有限公司 User authority authentication method and device, electronic equipment and storage medium
CN115277680B (en) * 2022-07-29 2024-04-19 山石网科通信技术股份有限公司 File synchronization method for improving synchronization security

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719141A (en) * 2009-12-24 2010-06-02 成都市华为赛门铁克科技有限公司 File processing method and system based on directory object
CN102024044A (en) * 2010-12-08 2011-04-20 华为技术有限公司 Distributed file system
CN107342992A (en) * 2017-06-27 2017-11-10 努比亚技术有限公司 A kind of System right management method, apparatus and computer-readable recording medium
CN107508892A (en) * 2017-08-29 2017-12-22 努比亚技术有限公司 A kind of page access method, server and computer-readable recording medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6532476B1 (en) * 1999-11-13 2003-03-11 Precision Solutions, Inc. Software based methodology for the storage and retrieval of diverse information
CN101398869B (en) * 2008-10-07 2010-04-14 深圳市蓝韵实业有限公司 Mass data storage means
CN102394894B (en) * 2011-11-28 2014-01-15 武汉大学 Network virtual disk file safety management method based on cloud computing
CN103150394B (en) * 2013-03-25 2014-07-23 中国人民解放军国防科学技术大学 Distributed file system metadata management method facing to high-performance calculation
CN106227620B (en) * 2016-07-20 2019-03-29 中国航空工业集团公司航空动力控制系统研究所 Recoverable Flash data storage method
CN106990915B (en) * 2017-02-27 2020-01-14 北京航空航天大学 Storage resource management method based on storage medium type and weighted quota
CN106980473B (en) * 2017-03-30 2020-02-18 四川长虹电器股份有限公司 Method for improving read-write reliability and speed of EEPROM

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719141A (en) * 2009-12-24 2010-06-02 成都市华为赛门铁克科技有限公司 File processing method and system based on directory object
CN102024044A (en) * 2010-12-08 2011-04-20 华为技术有限公司 Distributed file system
CN107342992A (en) * 2017-06-27 2017-11-10 努比亚技术有限公司 A kind of System right management method, apparatus and computer-readable recording medium
CN107508892A (en) * 2017-08-29 2017-12-22 努比亚技术有限公司 A kind of page access method, server and computer-readable recording medium

Also Published As

Publication number Publication date
CN108388604A (en) 2018-08-10
WO2019153592A1 (en) 2019-08-15

Similar Documents

Publication Publication Date Title
CN108388604B (en) User authority data management apparatus, method and computer readable storage medium
CN111400308B (en) Processing method of cache data, electronic device and readable storage medium
US20140280293A1 (en) Method and apparatus for retrieving cached database search results
CN108647357B (en) Data query method and device
EP3188051B1 (en) Systems and methods for search template generation
CN114116613A (en) Metadata query method, equipment and storage medium based on distributed file system
US11853259B2 (en) Indexing documents in a nested hierarchy of directories
CN112988770B (en) Method, device, electronic equipment and storage medium for updating serial number
US9734178B2 (en) Searching entity-key associations using in-memory objects
US10133757B2 (en) Method for managing data using in-memory database and apparatus thereof
CN112214505A (en) Data synchronization method and device, computer readable storage medium and electronic equipment
US10394781B2 (en) Synchronization of offline data
CN108763524B (en) Electronic device, chatting data processing method, and computer-readable storage medium
CN107451202B (en) Data access method and equipment
US9953042B1 (en) Managing a deduplicated data index
CN110008243B (en) Data table processing method and device
US11126520B2 (en) Skew detector for data storage system
CN113761565A (en) Data desensitization method and apparatus
US10824803B2 (en) System and method for logical identification of differences between spreadsheets
CN110543627B (en) Report configuration information storage method and system
CN113849524A (en) Data processing method and device
CN113342822A (en) Data query method and device based on multi-type database, electronic equipment and medium
US20160259810A1 (en) Global file index
CN113515504B (en) Data management method, device, electronic equipment and storage medium
CN110727672A (en) Data mapping relation query method and device, electronic equipment and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant