CN111444543A - Data authority management method and system - Google Patents

Data authority management method and system Download PDF

Info

Publication number
CN111444543A
CN111444543A CN202010253893.6A CN202010253893A CN111444543A CN 111444543 A CN111444543 A CN 111444543A CN 202010253893 A CN202010253893 A CN 202010253893A CN 111444543 A CN111444543 A CN 111444543A
Authority
CN
China
Prior art keywords
configuration information
statement
redis cache
value
role
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010253893.6A
Other languages
Chinese (zh)
Other versions
CN111444543B (en
Inventor
易文锋
翟羽佳
蔡子琪
马鸿超
杨赛
昌宇顺
梁培
罗珍明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Comtop Information Technology Co Ltd
Original Assignee
Shenzhen Comtop Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Comtop Information Technology Co Ltd filed Critical Shenzhen Comtop Information Technology Co Ltd
Priority to CN202010253893.6A priority Critical patent/CN111444543B/en
Publication of CN111444543A publication Critical patent/CN111444543A/en
Application granted granted Critical
Publication of CN111444543B publication Critical patent/CN111444543B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computational Linguistics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides a method and a system for managing data authority, which comprises the steps of setting an association relation between an ID (identity) of an SQ L statement and first configuration information, an association relation between an ID of an SQ L statement and second configuration information and an association relation between a user account ID and a role ID based on operation on a visual operation interface, updating all the association relations into a Redis cache, acquiring target first configuration information corresponding to the ID of the SQ L statement to be executed from the Redis cache when the SQ L statement to be executed is intercepted, acquiring a target role ID corresponding to the currently logged-in user account ID from the Redis cache, acquiring the ID of the SQ L statement to be executed and target second configuration information corresponding to the target role ID from the Redis cache, and finally adding the target first configuration information and the target second configuration information into an SQ L statement to be executed to obtain a new SQ L.

Description

Data authority management method and system
Technical Field
The present invention relates to the field of data management technologies, and in particular, to a method and a system for managing data permissions.
Background
At present, authority management is carried out on a piece of service data, a large number of complex service codes are required, and a SQ L script is compiled by taking a list name in a service form as a basis for controlling the authority of the service data, namely different SQ L scripts are compiled for user accounts with different data viewing authorities.
Once a new user account needs to be added, a new SQ L script needs to be written and the service system needs to be restarted by patch sending, or the data viewing right of a certain user account needs to be modified, and a new SQ L script needs to be written and the service system needs to be restarted by patch sending.
This way of configuring data viewing permissions for user accounts by writing SQ L scripts requires a technician to implement and takes a lot of time and effort.
Disclosure of Invention
The present invention mainly aims to provide a method and a system for managing data permissions, which aim to solve the technical problems in the prior art.
In order to achieve the above object, an embodiment of the present invention provides a method for managing data permissions, where the method for managing data permissions includes:
updating an ID of an SQ L statement and first configuration information to a Redis cache in a form of key-value based on a first operation on a visual operation interface, wherein the first configuration information comprises a first filtering field and a first filtering condition, a key value is the ID of the SQ L statement, and a value is the first configuration information;
updating the ID, the role ID and second configuration information of the SQ L statement to a Redis cache in a form of key-value based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID of the SQ L statement and the role ID, and the value is the second configuration information;
updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
when an execution command is received, intercepting a to-be-executed SQ L statement corresponding to the execution command;
taking the ID of the SQ L statement to be executed as a key value, and acquiring corresponding target first configuration information from the Redis cache;
taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache;
taking the ID of the SQ L statement to be executed and the target role ID as key values, and acquiring corresponding target second configuration information from the Redis cache;
adding the target first configuration information and the target second configuration information to the to-be-executed SQ L statement to obtain a new SQ L statement;
the new SQ L statement is executed.
Optionally, after the updating the ID and the first configuration information of the SQ L statement in the form of key-value to the Redis cache or the updating the ID, the role ID and the second configuration information of the SQ L statement in the form of key-value to the Redis cache, the method further includes:
when a modification instruction is received, modifying the first or second configuration information to obtain new first or second configuration information;
and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
In addition, to achieve the above object, an embodiment of the present invention further provides a system for managing data permissions, where the system for managing data permissions includes:
the system comprises a setting module, a Redis cache module, a second configuration information updating module, a third operation account and a third configuration information updating module, wherein the setting module is used for updating an ID and a first configuration information of an SQ L statement to the Redis cache in a key-value mode based on a first operation on a visual operation interface, the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQ L statement, and the value is the first configuration information;
the intercepting module is used for intercepting the to-be-executed SQ L statement corresponding to the execution command when the execution command is received;
the acquisition module is used for acquiring corresponding target first configuration information from the Redis cache by taking the ID of the to-be-executed SQ L statement as a key value, acquiring a corresponding target role ID from the Redis cache by taking the ID of a currently logged user account as the key value, and acquiring corresponding target second configuration information from the Redis cache by taking the ID of the to-be-executed SQ L statement and the target role ID as the key value;
the generating module is used for adding the target first configuration information and the target second configuration information to the to-be-executed SQ L statement to obtain a new SQ L statement;
and the execution module is used for executing the new SQ L statement.
Optionally, the system for managing data rights further includes:
the modification module is used for modifying the first or second configuration information when a modification instruction is received to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
According to the method and the device, when data viewing authority is set for a user account, a corresponding SQ L script does not need to be written, the user only needs to operate on a visual operation interface, the association relation between the ID of an SQ L statement and first configuration information is set, the association relation between the ID of an SQ L statement and the association relation between the role ID and second configuration information is set, the association relation between the user account ID and the role ID is set, all the association relations are updated to a Redis cache, when the SQ L statement to be executed is intercepted, the corresponding target first configuration information is obtained from the Redis cache according to the ID of an SQ L statement to be executed, the corresponding target role ID is obtained from the Redis cache according to the currently logged user account ID, then the corresponding target second configuration information is obtained from the Redis cache according to the ID of an SQ L statement to be executed and the target role ID, finally the target first configuration information and the target second configuration information are added to the SQ L statement to be executed, a new SQ L statement to be executed, the corresponding alias data management table can be obtained, and the corresponding alias data management requirement of the corresponding alias data can be simply checked before the user account ID and the alias management table can be simply managed, and the alias data management table can be implemented.
Drawings
FIG. 1 is a flowchart illustrating a method for managing data permissions according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a scenario of setting an ID of an SQ L statement and a table alias corresponding to the ID in an embodiment;
FIG. 3 is a diagram illustrating a scenario in which first configuration information is set according to an embodiment;
FIG. 4 is a diagram illustrating information that may be queried by an SQ L statement without additional configuration information, according to an embodiment;
FIG. 5 is a diagram of information that may be queried by the SQ L statement with configuration information added in one embodiment;
FIG. 6 is a functional block diagram of a system for managing data permissions according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for managing data permissions according to an embodiment of the present invention. In one embodiment, as shown in fig. 1, a method for managing data rights includes:
step S10, updating the ID of the SQ L statement and first configuration information to a Redis cache in a key-value mode based on a first operation on a visual operation interface, wherein the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQ L statement, and the value is the first configuration information;
in the embodiment, a visual operation interface is provided, and a user sets an ID of an SQ L statement and a table alias corresponding to the ID through operations such as clicking, inputting and the like, wherein the ID is an abbreviation of the corresponding SQ L statement, and the table alias is an abbreviation of a corresponding data table.
For example, ID1, ID2, and ID3 are set, where ID1 corresponds to SQ L statement 1, ID2 corresponds to SQ L statement 2, and ID3 corresponds to SQ L statement 3.
Referring to fig. 2, fig. 2 is a schematic view of a scene in which an ID of an SQ L sentence and a table alias corresponding to the ID are set in an embodiment, a user clicks a [ new addition ] button on a service object management menu interface (visual operation interface 1), a service object editing window (visual operation interface 2) shown in fig. 2 is popped up, the user operates on the service object editing window, fills in information and stores the information to define a service object, then clicks a [ add ] button or a [ batch add ] button on an SQ L editing window (visual operation interface 3) in the service object editing window, and edits a declaration L, wherein an ID corresponds to an input box, namely, an ID of an SQ L sentence input by the user, and an table alias input by the user corresponds to a [ default filter body ].
And then, the user continues to operate on the visual operation interface, and first configuration information is set, wherein the first configuration information comprises the first filtering field and the second filtering condition. For example, the first configuration information is set as age < 20, where "age" is the first filtering field and "< 20" is the first filtering condition. The user can set the first configuration information required by the user according to actual needs, and the specific content of the first configuration information is not limited herein.
Referring to fig. 3, fig. 3 is a schematic view of a scenario of setting the first configuration information in an embodiment. As shown in fig. 3, the user configures a filtering rule in the rule editing window (the visual operation interface 4), where configuring the filtering rule is to configure a first filtering field and a first filtering condition, where [ ORG _ CODE ] shown in fig. 3 is the first filtering field, a filtering symbol is [ > ], a filtering range [ 1122 ] is a specific condition value, and the filtering symbol and the filtering range constitute a first filtering condition, i.e., "> 1122". After the information is edited, the first filtering field and the first filtering condition are set by clicking and storing, and the first configuration information is set.
After the ID of the SQ L statement and the first configuration information are set, the ID of the SQ L statement and the first configuration information are updated to the Redis cache in the form of a key-value, where the key value is the ID of the SQ L statement and the value is the first configuration information, as shown in table 1, table 1 is an indication table that the key value is the ID of the SQ L statement and the value is the first configuration information.
key value
ID1 of SQ L statement First configuration information 1
ID2 of SQ L statement First configuration information 2
ID3 of SQ L statement First configuration information 3
TABLE 1
Step S20, updating the ID, the role ID and second configuration information of the SQ L statement to a Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID and the role ID of the SQ L statement, and the value is the second configuration information;
in this embodiment, similar to the embodiment of step S10 above, the user performs an operation on the visual operation interface, and sets the ID, the role ID, and the second configuration information of the SQ L statement, where the second configuration information includes a second filtering field and a second filtering condition, where the second filtering field and the second filtering condition are set according to actual needs, and are not limited herein.
After the ID, role ID and second configuration information of SQ L statement are set, the ID, role ID and second configuration information of SQ L statement are updated to Redis cache in the form of key-value, where the key value is ID and role ID of SQ L statement and the value is second configuration information, as shown in table 2, table 2 is an indication table that the key value is ID plus role ID of SQ L statement and the value is second configuration information.
key value
ID1+ role ID1 of SQ L statement Second configuration information 1
ID1+ role ID2 of SQ L statement Second configuration information 2
ID2+ role ID1 of SQ L statement Second configuration information 3
ID2+ role ID2 of SQ L statement Second configuration information 4
ID3+ role ID1 of SQ L statement Second configuration information 5
ID3+ role ID2 of SQ L statement Second configuration information 6
TABLE 2
Step S30, updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein the key value is the user account ID, and the value is the role ID;
in this embodiment, a user continues to operate on a visual operation interface, a user account ID determined by a mouse click operation or a keyboard input mode based on the user and a role ID corresponding to the user account ID are acquired, and then the user account ID and the role ID are updated to a Redis cache in a key-value form, where the key value is the user account ID and the value is the role ID. As shown in table 3, table 3 is an indication table in which the key value is the user account ID and the value is the role ID.
key value
User account ID1 Role ID1
User account ID2 Role ID2
User account ID3 Role ID3
TABLE 3
Step S40, when receiving an execution command, intercepting a to-be-executed SQ L statement corresponding to the execution command;
in this embodiment, when an execution command is received, an interceptor intercepts a to-be-executed SQ L statement corresponding to the execution command.
Step S50, taking the ID of the SQ L statement to be executed as a key value, and acquiring corresponding target first configuration information from the Redis cache;
in this embodiment, as shown in table 1, when the ID of the SQ L statement to be executed is ID1 of the SQ L statement, the corresponding target first configuration information is obtained from the Redis cache as first configuration information 1, when the ID of the SQ L statement to be executed is ID2 of the SQ L statement, the corresponding target first configuration information is obtained from the Redis cache as first configuration information 2, and when the ID of the SQ L statement to be executed is ID3 of the SQ L statement, the corresponding target first configuration information is obtained from the Redis cache as first configuration information 3.
Step S60, taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache;
in this embodiment, as shown in table 3, when the user account ID is the user account ID1, the target role ID obtained from the Redis cache is the role ID 1; when the user account ID is the user account ID2, acquiring a corresponding target role ID from the Redis cache, namely the role ID 2; when the user account ID is the user account ID3, the corresponding target role ID obtained from the Redis cache is the role ID 3.
Step S70, taking the ID of the SQ L statement to be executed and the target role ID as key values, and acquiring corresponding target second configuration information from the Redis cache;
in an embodiment, as shown in table 2, if the ID of the SQ L statement to be executed is ID3 of SQ L statement and the target role ID is role ID2, the corresponding target second configuration information is obtained from the Redis cache as second configuration information 6, and if the ID of the SQ L statement to be executed is ID2 of SQ L statement and the target role ID is role ID2, the corresponding target second configuration information is obtained from the Redis cache as second configuration information 4.
Step S80, adding the target first configuration information and the target second configuration information to the to-be-executed SQ L statement to obtain a new SQ L statement;
step S90, execute the new SQ L statement.
In one embodiment, if the target first configuration information is the first configuration information 3 and the target second configuration information is the second configuration information 6, the first configuration information 3 and the second configuration information 6 are added to the execute SQ L statement to obtain a new SQ L statement, and then the new SQ L statement is executed.
Referring to fig. 4, fig. 4 is a schematic diagram illustrating information that can be queried by an SQ L statement without adding configuration information in one embodiment, as shown in fig. 4, the SQ L statement queries users in all organizations, the department to which the currently registered user account belongs is a personnel department (coded 1122), and the user to which the currently registered user account belongs can query users in all departments by directly executing the SQ L statement without adding configuration information.
Referring to fig. 5, fig. 5 is a diagram illustrating information that can be queried by an SQ L statement including configuration information in an embodiment, where the SQ L statement is a query of a user in all organizations, and the configuration information includes target first configuration information and target second configuration information, where a first filter field of the target first configuration information is a department, a first filter condition is none, a second filter field of the target second configuration information is a department, and a second filter condition is greater than 1122 (personnel department), the SQ L statement including the configuration information is a query of a user in the personnel department and its lower departments, and if the SQ L statement including the configuration information is executed, the user belonging to the currently registered user account can query only the user in the personnel department and its lower departments as shown in fig. 5.
According to the embodiment, when data viewing authority is set for a user account, a corresponding SQ L script does not need to be written, the user only needs to operate on a visual operation interface, association relation between the ID of an SQ L statement and first configuration information is set, association relation between the ID of an SQ L statement and role ID and second configuration information is set, association relation between the user account ID and the role ID is set, all association relation is updated to a Redis cache, when an SQ L statement to be executed is intercepted, corresponding target first configuration information is obtained from the Redis cache according to the ID of the SQ L statement to be executed, a corresponding target role ID is obtained from the Redis cache according to the currently logged user account ID, corresponding target second configuration information is obtained from the Redis cache according to the ID of the SQ L statement to be executed and the target role ID authority, finally, the target first configuration information and the target second configuration information are added to the SQ L statement to be executed, a new SQ L can be obtained, and the corresponding alias data management table of the corresponding first configuration information and the alias data can be simply checked before the managing data of the corresponding alias data of the SQ L statement to be executed, and the alias data can be simply checked.
Further, in an embodiment, after the updating the ID of the SQ L statement and the first configuration information to the Redis cache in the form of key-value or the updating the ID of the SQ L statement, the role ID and the second configuration information to the Redis cache in the form of key-value, the method further includes:
when a modification instruction is received, modifying the first or second configuration information to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
In this embodiment, the first configuration information or the second configuration information may be modified based on an actual situation to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information, thereby realizing the modification of the data viewing permission corresponding to the user ID.
The invention further provides a management system of data permissions, and referring to fig. 6, fig. 6 is a functional module schematic diagram of an embodiment of the management system of data permissions. In one embodiment, a system for managing data rights includes:
the system comprises a setting module 10, a Redis cache module, a display module and a display module, wherein the setting module 10 is used for updating an ID and first configuration information of an SQ L statement to the Redis cache in a key-value mode based on a first operation on a visual operation interface, the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQ L statement, and the value is the first configuration information;
the intercepting module 20 is configured to intercept a to-be-executed SQ L statement corresponding to an execution command when the execution command is received;
the acquisition module 30 is used for acquiring corresponding target first configuration information from the Redis cache by taking the ID of the to-be-executed SQ L statement as a key value, acquiring a corresponding target role ID from the Redis cache by taking the ID of a currently logged user account as the key value, and acquiring corresponding target second configuration information from the Redis cache by taking the ID of the to-be-executed SQ L statement and the target role ID as the key value;
a generating module 40, configured to add the target first configuration information and the target second configuration information to the to-be-executed SQ L statement, so as to obtain a new SQ L statement;
and the execution module 50 is used for executing the new SQ L statement.
Further, in an embodiment, the system for managing data rights further includes:
the modification module is used for modifying the first or second configuration information when a modification instruction is received to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
The specific embodiment of the data right management system of the present invention is basically the same as the embodiments of the data right management method, and is not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for causing a terminal device to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (4)

1. A method for managing data authority is characterized in that the method for managing the data authority comprises the following steps:
updating an ID of an SQ L statement and first configuration information to a Redis cache in a form of key-value based on a first operation on a visual operation interface, wherein the first configuration information comprises a first filtering field and a first filtering condition, a key value is the ID of the SQ L statement, and a value is the first configuration information;
updating the ID, the role ID and second configuration information of the SQ L statement to a Redis cache in a form of key-value based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID of the SQ L statement and the role ID, and the value is the second configuration information;
updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
when an execution command is received, intercepting a to-be-executed SQ L statement corresponding to the execution command;
taking the ID of the SQ L statement to be executed as a key value, and acquiring corresponding target first configuration information from the Redis cache;
taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache;
taking the ID of the SQ L statement to be executed and the target role ID as key values, and acquiring corresponding target second configuration information from the Redis cache;
adding the target first configuration information and the target second configuration information to the to-be-executed SQ L statement to obtain a new SQ L statement;
the new SQ L statement is executed.
2. The method for managing data right according to claim 1, wherein after the updating of the ID of SQ L sentence and the first configuration information in the form of key-value to Redis cache or the updating of the ID of SQ L sentence, the role ID and the second configuration information in the form of key-value to Redis cache, further comprising:
when a modification instruction is received, modifying the first or second configuration information to obtain new first or second configuration information;
and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
3. A system for managing data rights, the system comprising:
the system comprises a setting module, a Redis cache module, a second configuration information updating module, a third operation account and a third configuration information updating module, wherein the setting module is used for updating an ID and a first configuration information of an SQ L statement to the Redis cache in a key-value mode based on a first operation on a visual operation interface, the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQ L statement, and the value is the first configuration information;
the intercepting module is used for intercepting the to-be-executed SQ L statement corresponding to the execution command when the execution command is received;
the acquisition module is used for acquiring corresponding target first configuration information from the Redis cache by taking the ID of the to-be-executed SQ L statement as a key value, acquiring a corresponding target role ID from the Redis cache by taking the ID of a currently logged user account as the key value, and acquiring corresponding target second configuration information from the Redis cache by taking the ID of the to-be-executed SQ L statement and the target role ID as the key value;
the generating module is used for adding the target first configuration information and the target second configuration information to the to-be-executed SQ L statement to obtain a new SQ L statement;
and the execution module is used for executing the new SQ L statement.
4. The system for managing data rights of claim 3, further comprising:
the modification module is used for modifying the first or second configuration information when a modification instruction is received to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
CN202010253893.6A 2020-04-02 2020-04-02 Data authority management method and system Active CN111444543B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010253893.6A CN111444543B (en) 2020-04-02 2020-04-02 Data authority management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010253893.6A CN111444543B (en) 2020-04-02 2020-04-02 Data authority management method and system

Publications (2)

Publication Number Publication Date
CN111444543A true CN111444543A (en) 2020-07-24
CN111444543B CN111444543B (en) 2023-02-28

Family

ID=71649620

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010253893.6A Active CN111444543B (en) 2020-04-02 2020-04-02 Data authority management method and system

Country Status (1)

Country Link
CN (1) CN111444543B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112307068A (en) * 2020-11-10 2021-02-02 天元大数据信用管理有限公司 Dynamic SQL query method
CN113157781A (en) * 2021-01-28 2021-07-23 绿瘦健康产业集团有限公司 Data visualization method and device, terminal equipment and storage medium
CN117688615A (en) * 2024-02-02 2024-03-12 北京原点数安科技有限公司 Cloud asset management method and device, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102789457A (en) * 2011-05-17 2012-11-21 航天信息股份有限公司 Method for dynamically customizing filter conditions
CN104077284A (en) * 2013-03-26 2014-10-01 中国移动通信集团湖北有限公司 Data security access method and data security access system
CN105653982A (en) * 2015-12-31 2016-06-08 中国建设银行股份有限公司 Method and system used for data permission control
CN106469282A (en) * 2015-08-21 2017-03-01 阿里巴巴集团控股有限公司 data access authority control method and device
CN108509807A (en) * 2018-04-13 2018-09-07 南京新贝金服科技有限公司 A kind of the table data authority control system and method for based role
CN109597814A (en) * 2018-12-06 2019-04-09 广州万惠信息技术咨询服务有限公司 A kind of online quick delivery system of back-stage management information system
CN109815284A (en) * 2019-01-04 2019-05-28 平安科技(深圳)有限公司 A kind of method and apparatus of data processing
CN110298192A (en) * 2019-06-05 2019-10-01 中国长江三峡集团有限公司 A kind of classification rights manager component of the management information system of adapted to multi-type tissue

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102789457A (en) * 2011-05-17 2012-11-21 航天信息股份有限公司 Method for dynamically customizing filter conditions
CN104077284A (en) * 2013-03-26 2014-10-01 中国移动通信集团湖北有限公司 Data security access method and data security access system
CN106469282A (en) * 2015-08-21 2017-03-01 阿里巴巴集团控股有限公司 data access authority control method and device
CN105653982A (en) * 2015-12-31 2016-06-08 中国建设银行股份有限公司 Method and system used for data permission control
CN108509807A (en) * 2018-04-13 2018-09-07 南京新贝金服科技有限公司 A kind of the table data authority control system and method for based role
CN109597814A (en) * 2018-12-06 2019-04-09 广州万惠信息技术咨询服务有限公司 A kind of online quick delivery system of back-stage management information system
CN109815284A (en) * 2019-01-04 2019-05-28 平安科技(深圳)有限公司 A kind of method and apparatus of data processing
CN110298192A (en) * 2019-06-05 2019-10-01 中国长江三峡集团有限公司 A kind of classification rights manager component of the management information system of adapted to multi-type tissue

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112307068A (en) * 2020-11-10 2021-02-02 天元大数据信用管理有限公司 Dynamic SQL query method
CN113157781A (en) * 2021-01-28 2021-07-23 绿瘦健康产业集团有限公司 Data visualization method and device, terminal equipment and storage medium
CN117688615A (en) * 2024-02-02 2024-03-12 北京原点数安科技有限公司 Cloud asset management method and device, electronic equipment and storage medium
CN117688615B (en) * 2024-02-02 2024-05-07 北京原点数安科技有限公司 Cloud asset management method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN111444543B (en) 2023-02-28

Similar Documents

Publication Publication Date Title
CN111444543B (en) Data authority management method and system
US7613726B1 (en) Framework for defining and implementing behaviors across and within content object types
US7913161B2 (en) Computer-implemented methods and systems for electronic document inheritance
US10289286B2 (en) Thing modeler for internet of things
EP2521066A1 (en) Fine-grained relational database access-control policy enforcement using reverse queries
US10133875B2 (en) Digital rights management system implementing version control
DE202011110377U1 (en) System of hierarchical metadata management and application
CN107832105B (en) Application program starting method, starting device and computer readable storage medium
US10089371B2 (en) Extensible extract, transform and load (ETL) framework
CN109669693A (en) A kind of method and system generating forms pages based on dynamic page
CN108228846B (en) Resource file management method and device
CN105843638A (en) Upgrading and reconstruction method for Spring old version framework
CN111464487A (en) Access control method, device and system
EP2718841A2 (en) Code generation and implementation method, system, and storage medium for delivering bidirectional data aggregation and updates
US7523506B1 (en) Approach for managing functionalities within a system
CN113255000A (en) Data access control method and device, electronic equipment and readable storage medium
CN111881475B (en) Method for selecting role authority based on authority association
US8244778B1 (en) Customization of types using default aspects
CN114254371A (en) Data permission processing method and device and server
US20060143177A1 (en) Comprehensive framework to integrate business logic into a repository
CN113220762A (en) Method, device, processor and storage medium for realizing general record processing of key service field change in big data application
CN112988798A (en) Log processing method, device, equipment and medium
KR101570980B1 (en) Method for management common code of multi-tenane environment, server performing the same and storage media storing the same
CN113127906A (en) Unified authority management platform, method and storage medium based on C/S architecture
US8516438B2 (en) Method and apparatus for user-defined managed objects

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: China Southern Power Grid Digital Platform Technology (Guangdong) Co.,Ltd.

Address before: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province

Applicant before: China Southern Power Grid Shenzhen Digital Power Grid Research Institute Co.,Ltd.

Address after: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: China Southern Power Grid Shenzhen Digital Power Grid Research Institute Co.,Ltd.

Address before: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province

Applicant before: SHENZHEN COMTOP INFORMATION TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant