Disclosure of Invention
The present invention mainly aims to provide a method and a system for managing data permissions, which aim to solve the technical problems in the prior art.
In order to achieve the above object, an embodiment of the present invention provides a method for managing data permissions, where the method for managing data permissions includes:
updating an ID of an SQ L statement and first configuration information to a Redis cache in a form of key-value based on a first operation on a visual operation interface, wherein the first configuration information comprises a first filtering field and a first filtering condition, a key value is the ID of the SQ L statement, and a value is the first configuration information;
updating the ID, the role ID and second configuration information of the SQ L statement to a Redis cache in a form of key-value based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID of the SQ L statement and the role ID, and the value is the second configuration information;
updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
when an execution command is received, intercepting a to-be-executed SQ L statement corresponding to the execution command;
taking the ID of the SQ L statement to be executed as a key value, and acquiring corresponding target first configuration information from the Redis cache;
taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache;
taking the ID of the SQ L statement to be executed and the target role ID as key values, and acquiring corresponding target second configuration information from the Redis cache;
adding the target first configuration information and the target second configuration information to the to-be-executed SQ L statement to obtain a new SQ L statement;
the new SQ L statement is executed.
Optionally, after the updating the ID and the first configuration information of the SQ L statement in the form of key-value to the Redis cache or the updating the ID, the role ID and the second configuration information of the SQ L statement in the form of key-value to the Redis cache, the method further includes:
when a modification instruction is received, modifying the first or second configuration information to obtain new first or second configuration information;
and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
In addition, to achieve the above object, an embodiment of the present invention further provides a system for managing data permissions, where the system for managing data permissions includes:
the system comprises a setting module, a Redis cache module, a second configuration information updating module, a third operation account and a third configuration information updating module, wherein the setting module is used for updating an ID and a first configuration information of an SQ L statement to the Redis cache in a key-value mode based on a first operation on a visual operation interface, the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQ L statement, and the value is the first configuration information;
the intercepting module is used for intercepting the to-be-executed SQ L statement corresponding to the execution command when the execution command is received;
the acquisition module is used for acquiring corresponding target first configuration information from the Redis cache by taking the ID of the to-be-executed SQ L statement as a key value, acquiring a corresponding target role ID from the Redis cache by taking the ID of a currently logged user account as the key value, and acquiring corresponding target second configuration information from the Redis cache by taking the ID of the to-be-executed SQ L statement and the target role ID as the key value;
the generating module is used for adding the target first configuration information and the target second configuration information to the to-be-executed SQ L statement to obtain a new SQ L statement;
and the execution module is used for executing the new SQ L statement.
Optionally, the system for managing data rights further includes:
the modification module is used for modifying the first or second configuration information when a modification instruction is received to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
According to the method and the device, when data viewing authority is set for a user account, a corresponding SQ L script does not need to be written, the user only needs to operate on a visual operation interface, the association relation between the ID of an SQ L statement and first configuration information is set, the association relation between the ID of an SQ L statement and the association relation between the role ID and second configuration information is set, the association relation between the user account ID and the role ID is set, all the association relations are updated to a Redis cache, when the SQ L statement to be executed is intercepted, the corresponding target first configuration information is obtained from the Redis cache according to the ID of an SQ L statement to be executed, the corresponding target role ID is obtained from the Redis cache according to the currently logged user account ID, then the corresponding target second configuration information is obtained from the Redis cache according to the ID of an SQ L statement to be executed and the target role ID, finally the target first configuration information and the target second configuration information are added to the SQ L statement to be executed, a new SQ L statement to be executed, the corresponding alias data management table can be obtained, and the corresponding alias data management requirement of the corresponding alias data can be simply checked before the user account ID and the alias management table can be simply managed, and the alias data management table can be implemented.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for managing data permissions according to an embodiment of the present invention. In one embodiment, as shown in fig. 1, a method for managing data rights includes:
step S10, updating the ID of the SQ L statement and first configuration information to a Redis cache in a key-value mode based on a first operation on a visual operation interface, wherein the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQ L statement, and the value is the first configuration information;
in the embodiment, a visual operation interface is provided, and a user sets an ID of an SQ L statement and a table alias corresponding to the ID through operations such as clicking, inputting and the like, wherein the ID is an abbreviation of the corresponding SQ L statement, and the table alias is an abbreviation of a corresponding data table.
For example, ID1, ID2, and ID3 are set, where ID1 corresponds to SQ L statement 1, ID2 corresponds to SQ L statement 2, and ID3 corresponds to SQ L statement 3.
Referring to fig. 2, fig. 2 is a schematic view of a scene in which an ID of an SQ L sentence and a table alias corresponding to the ID are set in an embodiment, a user clicks a [ new addition ] button on a service object management menu interface (visual operation interface 1), a service object editing window (visual operation interface 2) shown in fig. 2 is popped up, the user operates on the service object editing window, fills in information and stores the information to define a service object, then clicks a [ add ] button or a [ batch add ] button on an SQ L editing window (visual operation interface 3) in the service object editing window, and edits a declaration L, wherein an ID corresponds to an input box, namely, an ID of an SQ L sentence input by the user, and an table alias input by the user corresponds to a [ default filter body ].
And then, the user continues to operate on the visual operation interface, and first configuration information is set, wherein the first configuration information comprises the first filtering field and the second filtering condition. For example, the first configuration information is set as age < 20, where "age" is the first filtering field and "< 20" is the first filtering condition. The user can set the first configuration information required by the user according to actual needs, and the specific content of the first configuration information is not limited herein.
Referring to fig. 3, fig. 3 is a schematic view of a scenario of setting the first configuration information in an embodiment. As shown in fig. 3, the user configures a filtering rule in the rule editing window (the visual operation interface 4), where configuring the filtering rule is to configure a first filtering field and a first filtering condition, where [ ORG _ CODE ] shown in fig. 3 is the first filtering field, a filtering symbol is [ > ], a filtering range [ 1122 ] is a specific condition value, and the filtering symbol and the filtering range constitute a first filtering condition, i.e., "> 1122". After the information is edited, the first filtering field and the first filtering condition are set by clicking and storing, and the first configuration information is set.
After the ID of the SQ L statement and the first configuration information are set, the ID of the SQ L statement and the first configuration information are updated to the Redis cache in the form of a key-value, where the key value is the ID of the SQ L statement and the value is the first configuration information, as shown in table 1, table 1 is an indication table that the key value is the ID of the SQ L statement and the value is the first configuration information.
key
|
value
|
ID1 of SQ L statement
|
First configuration information 1
|
ID2 of SQ L statement
|
First configuration information 2
|
ID3 of SQ L statement
|
First configuration information 3 |
TABLE 1
Step S20, updating the ID, the role ID and second configuration information of the SQ L statement to a Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID and the role ID of the SQ L statement, and the value is the second configuration information;
in this embodiment, similar to the embodiment of step S10 above, the user performs an operation on the visual operation interface, and sets the ID, the role ID, and the second configuration information of the SQ L statement, where the second configuration information includes a second filtering field and a second filtering condition, where the second filtering field and the second filtering condition are set according to actual needs, and are not limited herein.
After the ID, role ID and second configuration information of SQ L statement are set, the ID, role ID and second configuration information of SQ L statement are updated to Redis cache in the form of key-value, where the key value is ID and role ID of SQ L statement and the value is second configuration information, as shown in table 2, table 2 is an indication table that the key value is ID plus role ID of SQ L statement and the value is second configuration information.
key
|
value
|
ID1+ role ID1 of SQ L statement
|
Second configuration information 1
|
ID1+ role ID2 of SQ L statement
|
Second configuration information 2
|
ID2+ role ID1 of SQ L statement
|
Second configuration information 3
|
ID2+ role ID2 of SQ L statement
|
Second configuration information 4
|
ID3+ role ID1 of SQ L statement
|
Second configuration information 5
|
ID3+ role ID2 of SQ L statement
|
Second configuration information 6 |
TABLE 2
Step S30, updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein the key value is the user account ID, and the value is the role ID;
in this embodiment, a user continues to operate on a visual operation interface, a user account ID determined by a mouse click operation or a keyboard input mode based on the user and a role ID corresponding to the user account ID are acquired, and then the user account ID and the role ID are updated to a Redis cache in a key-value form, where the key value is the user account ID and the value is the role ID. As shown in table 3, table 3 is an indication table in which the key value is the user account ID and the value is the role ID.
key
|
value
|
User account ID1
|
Role ID1
|
User account ID2
|
Role ID2
|
User account ID3
|
Role ID3 |
TABLE 3
Step S40, when receiving an execution command, intercepting a to-be-executed SQ L statement corresponding to the execution command;
in this embodiment, when an execution command is received, an interceptor intercepts a to-be-executed SQ L statement corresponding to the execution command.
Step S50, taking the ID of the SQ L statement to be executed as a key value, and acquiring corresponding target first configuration information from the Redis cache;
in this embodiment, as shown in table 1, when the ID of the SQ L statement to be executed is ID1 of the SQ L statement, the corresponding target first configuration information is obtained from the Redis cache as first configuration information 1, when the ID of the SQ L statement to be executed is ID2 of the SQ L statement, the corresponding target first configuration information is obtained from the Redis cache as first configuration information 2, and when the ID of the SQ L statement to be executed is ID3 of the SQ L statement, the corresponding target first configuration information is obtained from the Redis cache as first configuration information 3.
Step S60, taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache;
in this embodiment, as shown in table 3, when the user account ID is the user account ID1, the target role ID obtained from the Redis cache is the role ID 1; when the user account ID is the user account ID2, acquiring a corresponding target role ID from the Redis cache, namely the role ID 2; when the user account ID is the user account ID3, the corresponding target role ID obtained from the Redis cache is the role ID 3.
Step S70, taking the ID of the SQ L statement to be executed and the target role ID as key values, and acquiring corresponding target second configuration information from the Redis cache;
in an embodiment, as shown in table 2, if the ID of the SQ L statement to be executed is ID3 of SQ L statement and the target role ID is role ID2, the corresponding target second configuration information is obtained from the Redis cache as second configuration information 6, and if the ID of the SQ L statement to be executed is ID2 of SQ L statement and the target role ID is role ID2, the corresponding target second configuration information is obtained from the Redis cache as second configuration information 4.
Step S80, adding the target first configuration information and the target second configuration information to the to-be-executed SQ L statement to obtain a new SQ L statement;
step S90, execute the new SQ L statement.
In one embodiment, if the target first configuration information is the first configuration information 3 and the target second configuration information is the second configuration information 6, the first configuration information 3 and the second configuration information 6 are added to the execute SQ L statement to obtain a new SQ L statement, and then the new SQ L statement is executed.
Referring to fig. 4, fig. 4 is a schematic diagram illustrating information that can be queried by an SQ L statement without adding configuration information in one embodiment, as shown in fig. 4, the SQ L statement queries users in all organizations, the department to which the currently registered user account belongs is a personnel department (coded 1122), and the user to which the currently registered user account belongs can query users in all departments by directly executing the SQ L statement without adding configuration information.
Referring to fig. 5, fig. 5 is a diagram illustrating information that can be queried by an SQ L statement including configuration information in an embodiment, where the SQ L statement is a query of a user in all organizations, and the configuration information includes target first configuration information and target second configuration information, where a first filter field of the target first configuration information is a department, a first filter condition is none, a second filter field of the target second configuration information is a department, and a second filter condition is greater than 1122 (personnel department), the SQ L statement including the configuration information is a query of a user in the personnel department and its lower departments, and if the SQ L statement including the configuration information is executed, the user belonging to the currently registered user account can query only the user in the personnel department and its lower departments as shown in fig. 5.
According to the embodiment, when data viewing authority is set for a user account, a corresponding SQ L script does not need to be written, the user only needs to operate on a visual operation interface, association relation between the ID of an SQ L statement and first configuration information is set, association relation between the ID of an SQ L statement and role ID and second configuration information is set, association relation between the user account ID and the role ID is set, all association relation is updated to a Redis cache, when an SQ L statement to be executed is intercepted, corresponding target first configuration information is obtained from the Redis cache according to the ID of the SQ L statement to be executed, a corresponding target role ID is obtained from the Redis cache according to the currently logged user account ID, corresponding target second configuration information is obtained from the Redis cache according to the ID of the SQ L statement to be executed and the target role ID authority, finally, the target first configuration information and the target second configuration information are added to the SQ L statement to be executed, a new SQ L can be obtained, and the corresponding alias data management table of the corresponding first configuration information and the alias data can be simply checked before the managing data of the corresponding alias data of the SQ L statement to be executed, and the alias data can be simply checked.
Further, in an embodiment, after the updating the ID of the SQ L statement and the first configuration information to the Redis cache in the form of key-value or the updating the ID of the SQ L statement, the role ID and the second configuration information to the Redis cache in the form of key-value, the method further includes:
when a modification instruction is received, modifying the first or second configuration information to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
In this embodiment, the first configuration information or the second configuration information may be modified based on an actual situation to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information, thereby realizing the modification of the data viewing permission corresponding to the user ID.
The invention further provides a management system of data permissions, and referring to fig. 6, fig. 6 is a functional module schematic diagram of an embodiment of the management system of data permissions. In one embodiment, a system for managing data rights includes:
the system comprises a setting module 10, a Redis cache module, a display module and a display module, wherein the setting module 10 is used for updating an ID and first configuration information of an SQ L statement to the Redis cache in a key-value mode based on a first operation on a visual operation interface, the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQ L statement, and the value is the first configuration information;
the intercepting module 20 is configured to intercept a to-be-executed SQ L statement corresponding to an execution command when the execution command is received;
the acquisition module 30 is used for acquiring corresponding target first configuration information from the Redis cache by taking the ID of the to-be-executed SQ L statement as a key value, acquiring a corresponding target role ID from the Redis cache by taking the ID of a currently logged user account as the key value, and acquiring corresponding target second configuration information from the Redis cache by taking the ID of the to-be-executed SQ L statement and the target role ID as the key value;
a generating module 40, configured to add the target first configuration information and the target second configuration information to the to-be-executed SQ L statement, so as to obtain a new SQ L statement;
and the execution module 50 is used for executing the new SQ L statement.
Further, in an embodiment, the system for managing data rights further includes:
the modification module is used for modifying the first or second configuration information when a modification instruction is received to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
The specific embodiment of the data right management system of the present invention is basically the same as the embodiments of the data right management method, and is not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for causing a terminal device to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.