CN102831123B - Method and system for querying authority control of data - Google Patents
Method and system for querying authority control of data Download PDFInfo
- Publication number
- CN102831123B CN102831123B CN201110162064.8A CN201110162064A CN102831123B CN 102831123 B CN102831123 B CN 102831123B CN 201110162064 A CN201110162064 A CN 201110162064A CN 102831123 B CN102831123 B CN 102831123B
- Authority
- CN
- China
- Prior art keywords
- entity
- authority
- control
- identity information
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a method and a system for querying authority control of data, wherein the method comprises the steps as follows: step 1: partitioning data in a database to obtain more than one authority control point and setting an attribute for each entity included in each authority control point; step 2: building a rule tree corresponding to each attribute of each entity; step 3: specifying query criteria corresponding to each entity in each authority control point, wherein the query criteria are operation results of the rule trees corresponding to more than one attribute of the entity through logical operations; step 4: receiving a query request, wherein the query request comprises a name of the entity to be queried and the authority control point to be queried; and step 5: determining the entity to be queried according to the name of the entity to be queried, thereby determining the query criteria corresponding to the entity in the authority control point to be queried; and searching the data suitable for the query criteria in the database and outputting the data. According to the method and the system for querying authority control of data, the expansion is easy, and the maintenance cost is very low.
Description
Technical field
The present invention relates to control of authority field, particularly relate to a kind of authority control method for data query and system.
Background technology
In today of infotech widespread use, Database Systems are widely applied, and staff obtains the information of work each side by the data in Query Database, and then the carrying out of the promotion that takes various measures to.
The data class that database is preserved is numerous, wherein are no lack of such as financial data, sequence information, statistics etc. to enterprise, the very important data of government, thus need for the data in database arrange certain access rights, ensure to enable the user of Internet access one data by data base querying to these data, and make the user having no right to access these data can not by data base querying to these data.This just relates to the problem of control of authority.
In prior art, the method of the data stored in database being carried out to control of authority has two kinds, one takes hard-wired mode, be stored in hardware by control of authority software, control of authority is carried out by hardware working procedure, make control of authority software copy out simultaneously, thus ensure the security of this authority control method; Second method is for utilizing various Open Framework to carry out self-developing or asking third party to develop authority control software design.
The shortcoming of prior art first method is that expansion difficulty is large, this is because the control of authority software stored in hardware cannot be modified, if need amendment, control of authority software will be regrouped, again stored in hardware, this will waste time and cost undoubtedly.The shortcoming of prior art second method is that the difficulty of exploitation and later maintenance is large, this is because Open Framework self not control of authority function, thus developer is needed first to understand Open Framework, then the development& testing of control of authority software is carried out, in addition, when needing to be serviced in use procedure, also want re-reading corresponding program, again write code and test, this also can waste long time, and cost is also very high.
Summary of the invention
Technical matters to be solved by this invention is to provide a kind of authority control method for data query and system, and be easy to expansion, maintenance cost is also very low.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of authority control method for data query, and described data are stored in database; The method comprises:
Step 1: for the data in described database, divides and obtains more than one control of authority point, and set each entity attributes included by each control of authority point;
Step 2: set up the rule tree of answering with each Attribute Relative of each entity;
Step 3: specify rule searching corresponding with each entity in each control of authority point, the operation result of the rule tree corresponding to more than one attribute after logical operation that described rule searching is this entity;
Step 4: receive inquiry request, described inquiry request comprises title and the control of authority to be checked point of entity to be checked;
Step 5: according to the title of described entity to be checked, determine entity to be checked, and then determine the rule searching in described control of authority to be checked point corresponding to this entity; Search meets the data of this rule searching in the database, and exports.
The invention has the beneficial effects as follows: in the present invention, due to can according to service needed, more than one control of authority point is gone out for the Data Placement in database, each control of authority point can comprise more than one entity, also set each entity attributes in each control of authority point, and then establish the rule tree of answering with each Attribute Relative of each entity, so just can carry out logical operation to the rule tree corresponding to these entity attributes thus determine the rule searching corresponding with each entity.The present invention is after the rule searching storing all entities in each control of authority point, the inquiry object of user is determined according to control of authority to be checked in the inquiry request received point, and then according to the title of entity to be checked in inquiry request, determine entity to be checked, thus determine the rule searching in control of authority to be checked point corresponding to this entity, then, just corresponding data can be searched according to this rule searching from database.Utilize authority control method provided by the invention, user only need provide inquiry request automatically can produce Query Result, thus use easily, when needs are expanded to revise this authority control method to this authority control system, only need reset each entity attributes in control of authority point, each control of authority point, re-establish the rule tree of each entity, and reassign rule searching corresponding to each entity, thus authority control method provided by the invention is easy to expansion, and maintenance cost is also very low.
On the basis of technique scheme, the present invention can also do following improvement:
Further, after described step 3, before described step 4, also comprise step 30: receive subscriber identity information, judge whether this subscriber identity information is legal identity information, if so, then performs described step 4, otherwise, do not allow to inquire about described data.
Further, judge in described step 30 this subscriber identity information whether for legal identity information method for: travel through the legal identity information stored, judge that whether described subscriber identity information is identical with in stored all legal identity information, if, then this subscriber identity information is legal identity information, otherwise this subscriber identity information is illegal identity information.
Further, described subscriber identity information comprises: user account and user cipher.
Further, the logical operation described in described step 3 is logic and operation.
In addition, present invention also offers a kind of authority control system for data query, this system comprises: memory module, configuration module, rule searching designated module, terminal module; Wherein,
Described memory module is used for, and stores described data, stores rule searching corresponding with each entity in each control of authority point;
Described configuration module is used for, and for the data in described memory module, divides and obtains more than one control of authority point, and set each entity attributes included by each control of authority point; Set up the rule tree of answering with each Attribute Relative of each entity; Rule tree corresponding to each attribute of each entity attributes included by each control of authority point and each entity is sent to described rule searching designated module;
Described rule searching designated module is used for, specify rule searching corresponding with each entity in each control of authority point, the operation result of the rule tree corresponding to more than one attribute after logical operation making described rule searching be this entity, and the rule searching in each control of authority point corresponding to each entity is sent to described memory module;
Described terminal module is used for, and receive inquiry request, described inquiry request comprises title and the control of authority to be checked point of entity to be checked; According to the title of described entity to be checked, determine entity to be checked, and then obtain the rule searching described control of authority to be checked point corresponding to this entity from described memory module; Meet the data of this rule searching from described memory module search, and export.
Further, described terminal module also for, receive subscriber identity information, judge whether this subscriber identity information is legal identity information, if so, then receives described inquiry request, otherwise, do not receive described inquiry request.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of the authority control method for data query provided by the invention;
Fig. 2 is the schematic diagram of the embodiment utilizing the rule tree given query rule set up;
Fig. 3 is the structural drawing of the authority control system for data query provided by the invention.
Embodiment
Be described principle of the present invention and feature below in conjunction with accompanying drawing, example, only for explaining the present invention, is not intended to limit scope of the present invention.
Fig. 1 is the process flow diagram of the authority control method for data query provided by the invention.The data that the method will be inquired about are stored in database.As shown in Figure 1, the method comprises:
Step 101: for the data in database, divides and obtains more than one control of authority point, and set each entity attributes included by each control of authority point.
The present invention to divide the control of authority point that obtains corresponding with inquiry object, inquiry object is different, then used control of authority point is different, and like this, the final Query Result obtained also should be different.Such as, the user of data query is salesman, in the sales region that if its inquiry object to be responsible for by acquisition oneself oneself the sequence information of product be responsible for, then control of authority point is just order inquiries, if but its inquiry object is the contact method obtaining sales manager, then control of authority point is just for contact method queried.These data are unified to be stored in a database, if salesman to inquire about oneself in the sales region of being responsible for oneself the sequence information of product be responsible for, but the information of the contact method of sequence information and all sales managers comprising all salesmen is searched, then not only to waste this salesman a large amount of time to go to pick out useful information, but also will the core secret of the said firm be threatened, thus the present invention is when determining the access rights of data, first just needs to mark off different control of authority points according to inquiry object.
Each control of authority point can comprise more than one entity.Such as, for salesman, entity can be order, also can be the contact method of sales manager.And same entity can be included in different rights reference mark, such as, this entity of order in order inquiries, also can be able to be included in annual financial data query.Same entity can be contained in different control of authority points, if an entity has multiple attribute, then need to be set in the attribute that in each control of authority point, this entity comprises, such as, order entity has multiple attributes such as sales region attribute, amount of money attribute, product type attribute, salesman's attribute, purchaser's attribute, the type being respectively used to illustrate the product sales area involved by this order, total charge, involved product, the salesman being responsible for implementing this order and be responsible for the information such as purchaser of enforcement product purchasing of this order.An order entity both can be used for salesman to carry out sales situation inquiry, namely the control of authority point at this order entity place is sales situation inquiry, whether correctly transported product type can also be checked for logistics personnel, namely the control of authority point at this order entity place is that inquiry is checked in logistics, like this, in sales situation search access right reference mark, this order entity just should comprise sales region attribute, amount of money attribute, product type attribute, salesman's attribute, the all properties that purchaser's attribute etc. are relevant with sale, and check in search access right reference mark in logistics, this order entity just can only comprise sales region attribute, relevant attribute is checked in product type attribute etc. and logistics, and mask other irrelevant attributes, thus while the convenient inquiry of eliminate redundancy information, the company secret of preventing leaks.
By setting each entity attributes in each control of authority point, the rule searching of answering with each Attribute Relative of each entity just can be set up.
Step 102: set up the rule tree of answering with each Attribute Relative of each entity.
In the present invention, rule tree refers to a kind of corresponding relation.For an entity, its each attribute can be corresponding from different values, and such as, the salesman's attribute in an order entity can be Zhang San, also can be Li Si; Product type attribute in order entity can be product A, also can be product B, can also be products C, or wherein two or three combination.Here, after setting each entity attributes that each control of authority point comprises, just can in each control of authority point range, set up the corresponding relation between above-mentioned each entity attributes and its value, this corresponding relation can regard the form of tree visually as, and for setting up rule searching in step 103, thus the present invention is referred to as rule tree.
Step 103: specify rule searching corresponding with each entity in each control of authority point, the operation result of the rule tree corresponding to more than one attribute after logical operation that this rule searching is this entity.
This step is on the basis of the rule tree corresponding to each attribute of the entity of step 102 foundation, determine rule searching corresponding to entity in each control of authority point further, thus utilize this rule searching to search for and obtain the Query Result corresponding to control of authority point.
If under certain control of authority point, an entity only has an attribute, then, under this control of authority point, the rule searching of this entity is the rule tree corresponding to this attribute, and without the need to any logical operation.If under certain control of authority point, an entity has multiple attribute, then under this control of authority point, the rule searching of this entity is the result after rule tree that its all properties is corresponding carries out logical operation.
Here logical operation has a variety of, can be such as logic and operation, logical OR computing, logical not operation, logical and inverse, logical OR inverse, logic XOR, logic with or computing etc.The present invention can using the optimum embodiment of logic and operation as the logical operation described in this step.Such as, order has salesman's attribute as an entity, purchaser's attribute and total charge attribute, like this, can specify under sales situation inquires about this control of authority point, the rule searching that this order is corresponding is: (salesman attribute=Zhang San) & (purchaser attribute=purchaser 1) & (total charge < 3500 yuan), wherein, " & " is logic and operation symbol, this rule searching represents: this order entity is responsible for implementing by the salesman being called Zhang San, its related products are purchased by purchaser 1, and, the total charge of product involved by this order is lower than 3500 yuan, therefore, when Zhang San inquire about purchaser 1 and be responsible for buying and the sales situation of total charge lower than 3500 yuan time, just can find this order.
This step, after setting up rule searching corresponding to each entity, just can be stored Long-Time Service.Like this, when this entity inquired about by needs, only need the rule searching of its correspondence of Automatically invoked to carry out inquiry and Query Result can be exported to user, which increase search efficiency, be very easy to the inquiry work of user.
Step 104: receive inquiry request, inquiry request comprises title and the control of authority to be checked point of entity to be checked.
This step is on the basis of the built vertical basis inquiry framework of step 101-103, and receive user's instruction thus carry out the step of inquiring about further in step 105, this user instruction shows as the form of inquiry request.
Control of authority point to be checked described in this step, refer to and can show that user inquires about the information of object, namely according to this control of authority to be checked point, the inquiry object of user can be determined, and then on the basis determining the entity corresponding to entity title to be checked, determine the rule searching that this entity is corresponding under this control of authority to be checked point.
The reception of inquiry request can, for receiving mouse for the upper form identifying the click of the icon, word etc. of entity to be checked of user interface (UI, User Interface), also can be the form of the text event detection receiving user.As long as the reception form of inquiry request can determine title and the control of authority to be checked point of entity to be checked, and and then determine to inquire about object, according to title determination entity, namely within protection scope of the present invention according to control of authority to be checked point.
Except title and the control of authority to be checked point of entity to be checked, inquiry request can also comprise other guide, the time that sends of such as inquiry request, the name of product involved by order, the time period etc. at order place that will inquire about.
Step 105: according to the title of entity to be checked, determines entity to be checked, and then determines the rule searching in this control of authority to be checked point corresponding to this entity; Search meets the data of this rule searching in a database, and exports.
This step is that the inquiry request received according to step 104 is carried out inquiring about and exports the step of Query Result.
According to the inquiry request that step 104 receives, the title of entity to be checked can be determined, and then determine entity to be checked.Because step 103 has specified the rule searching that in each control of authority point, each entity is corresponding, thus this step is after determining entity to be checked, directly can be invoked at the rule searching that this entity under control of authority point to be checked is corresponding, search meets the data of this rule searching in a database, and then export to user, here the way of output can, for being presented on display, can, for being stored in certain storage medium, can also be also the modes such as printing.
Fig. 2 is the schematic diagram of the embodiment utilizing the rule tree given query rule set up.As shown in Figure 2, the sales region of the said firm comprises North China, northeast and region, three, south China, institute's product sold comprises A, B, C and D tetra-kinds, for the said firm provides the purchaser of buying four kinds of services of goods to be respectively purchaser 1, purchaser 2, purchaser 3 and purchaser 4, the salesman being responsible for the order implementing the said firm respectively label is 1,2,3 and 4.The said firm is engaged in marketing activity salesman in North China is 1 and 2, and area is only by salesman 3 charge of sales northeastward, in South China then by the common charge of sales work of salesman 3 and 4.Purchaser 1 individual responsibility the said firm is in the procurement work of North China's product sold, purchaser 2 and purchaser 3 are responsible for the procurement work of regional product sold northeastward jointly, and purchaser 3 and purchaser 4 are responsible for the procurement work at South China's product sold jointly.And the product of salesman 1 charge of sales has A and B two type, and salesman 2 is responsible for the sale of B and C two kinds of products, and salesman 3 is responsible for the sale of C and D two kinds of products, and salesman 4 is sell goods D only.
Rule tree in this embodiment refers to following several corresponding relation: the corresponding relation between purchaser's attribute and purchaser 1, purchaser 2, purchaser 3, purchaser 4; Corresponding relation between area attribute and North China, northeast, South China; Corresponding relation between salesman's attribute and 1,2,3,4; Corresponding relation between product type attribute and product A, product B, products C, product D.
Control of authority involved in the present invention requires: salesman can only inquire the order of the product that the purchaser that oneself is responsible for region purchases, and the type of this product be also necessary for this salesman the type be responsible for, other order can not be inquired by it without exception.Like this, when salesman 1 to inquire about oneself be responsible for order situation time, namely when control of authority point is order inquiries, can according to above-mentioned rule tree, rule searching corresponding to this order entity of specifying in step 103 is as follows: (area attribute=North China) & (purchaser attribute=purchaser 1) & (salesman attribute=1) & (product type attribute=A and B), utilize this rule searching, the information that salesman 1 can inquire is just the sequence information (relate to whole sequence information of product A and relate to the part sequence information of product B) in Fig. 2 included by elliptic curve inside.
It is worthy of note; if an order comprises North China's buying from the product A of purchaser 1 and the information of B; the sale of product A is wherein responsible for by salesman 1; and product B carrys out charge of sales by salesman 2; then salesman 1 is when carrying out data query according to above-mentioned rule searching, can only find the information about product A in this order, and can not find the information about product B in this order; namely salesman 1 is the full detail that can not obtain this order, and this is conducive to the secret of protection company.
As can be seen here, in the present invention, due to can according to service needed, more than one control of authority point is gone out for the Data Placement in database, each control of authority point can comprise more than one entity, also set each entity attributes in each control of authority point, and then establish the rule tree of answering with each Attribute Relative of each entity, so just can carry out logical operation to the rule tree corresponding to these entity attributes thus determine the rule searching corresponding with each entity.The present invention is after the rule searching storing all entities in each control of authority point, the inquiry object of user is determined according to control of authority to be checked in the inquiry request received point, and then according to the title of entity to be checked in inquiry request, determine entity to be checked, thus determine the rule searching in control of authority to be checked point corresponding to this entity, then, just corresponding data can be searched according to this rule searching from database.Utilize authority control method provided by the invention, user only need provide inquiry request automatically can produce Query Result, thus use easily, when needs are expanded to revise this authority control method to this authority control system, only need reset each entity attributes in control of authority point, each control of authority point, re-establish the rule tree of each entity, and reassign rule searching corresponding to each entity, thus authority control method provided by the invention is easy to expansion, and maintenance cost is also very low.
The present invention marks off different control of authority points, and different rights reference mark corresponds to different inquiry objects, and this is conducive to ensureing that Query Result height meets inquiry object, provides redundant information as little as possible.And the present invention sets the rule tree corresponding to each entity in each control of authority point, can ensure that the user inquiring about this entity can not search unwarranted data, this is conducive to the security of guarantee information.
After step 103, before step 104, can also step 1040 be comprised: receive subscriber identity information, judge whether this subscriber identity information is legal identity information, if so, then perform step 104, otherwise, do not allow data query.
The step of step 1040 whether are authentication of users be validated user, in order to company's secret is not revealed, must ensure to only have validated user could inquire about data in this database, disabled user does not allow to carry out data query, and thus step 1040 being provided with judges the determining step whether subscriber identity information is legal.
Step 1040 is after have received subscriber identity information, judge this subscriber identity information whether for the method for legal identity information can be for: travel through all legal identity information stored, judge that whether the subscriber identity information received is identical with in stored all legal identity information, if, then determine that this subscriber identity information is legal identity information, perform step 104, otherwise, determine that this subscriber identity information is illegal identity information, do not allow its data query.
Above-mentioned received subscriber identity information and the legal identity information stored can comprise: user account and user cipher.That is: all legal identity information stored is corresponding user account and the form of user cipher, the subscriber identity information that step 1040 receives also is the user account of correspondence and the form of user cipher, if one group of user account corresponding in the subscriber identity information received and user cipher and user account corresponding in stored all legal identity information and in user cipher are group identical, then this subscriber identity information is legal identity information, this user is validated user, step 104 can be performed, it is allowed to provide inquiry request, otherwise, this subscriber identity information is illegal identity information, this user is disabled user, do not allow to perform step 104, also just the inquiry request of this user is not received.
Fig. 3 is the structural drawing of the authority control system for data query provided by the invention.As shown in Figure 2, this system comprises: memory module 301, configuration module 302, rule searching designated module 303, terminal module 304; Wherein,
Memory module 301 for, store data, store rule searching corresponding with each entity in each control of authority point;
Configuration module 302 for, for the data in memory module 301, divide and obtain more than one control of authority point, and set each entity attributes included by each control of authority point; Set up the rule tree of answering with each Attribute Relative of each entity; Rule tree corresponding to each attribute of each entity attributes included by each control of authority point and each entity is sent to rule searching designated module 303;
Rule searching designated module 303 for, specify rule searching corresponding with each entity in each control of authority point, the operation result of the rule tree corresponding to more than one attribute after logical operation making this rule searching be this entity, and the rule searching in each control of authority point corresponding to each entity is sent to memory module 301;
Terminal module 304 for, receive inquiry request, inquiry request comprises title and the control of authority to be checked point of entity to be checked; According to the title of entity to be checked, determine entity to be checked, and then obtain the rule searching the control of authority point to be checked provided in inquiry request corresponding to this entity from memory module 301; Meet the data of this rule searching from memory module 301 search, and export.
In the present invention, memory module the form of database can store data.In addition, the function of the rule searching that memory module also has storing queries rule designated module to set up, like this, multiple terminal module, when providing inquiry service to different user, only need call rule searching from same memory module.
Configuration module can according to different inquiry objects, for the data stored in memory module, divide and obtain more than one control of authority point, each control of authority point with one to inquire about object corresponding, comprise more than one entity simultaneously.Further, because difference inquiry object can relate to same entity, thus same entity can for different controls of authority point is common and be independent of each other.In addition, configuration module can also set each entity attributes in each control of authority point, and set up the rule tree of answering with each Attribute Relative of each entity, the two is sent to rule searching designated module, it can be made to specify rule searching corresponding with each entity in each control of authority point according to rule tree.
In the present invention, each entity only can have an attribute, also can have multiple attribute.
In the present invention, rule searching designated module is the module of rule searching corresponding with each entity under specifying each control of authority point, here rule searching is relevant with control of authority point, namely relevant to inquiry object, and the rule searching under different inquiry object naturally should be different.Meanwhile, rule searching is also corresponding with entity, and its rule tree corresponding to more than one attribute being this entity carries out the result of logical operation, and logical operation is here preferably logic and operation.
Rule searching specified by rule searching designated module will be saved in memory module, like this, terminal module is when providing inquiry service to user, the rule searching that entity in memory module with to be checked is corresponding can be called, and then apply this rule searching and retrieve in a storage module, thus obtain Query Result and export.
Terminal module is the module providing inquiry service to user, and the quantity of terminal module can be multiple.It receives the inquiry request that user provides, therefrom obtain title and the control of authority to be checked point of entity to be checked, and then determine entity to be checked according to the title of entity to be checked, like this, just rule searching corresponding with this entity to be checked under control of authority to be checked point can be obtained from memory module.As can be seen here, the present invention is the mode by presetting the rule searching corresponding with entity, according to the entity that user will inquire about, and Automatically invoked rule searching, and then inquire corresponding data output, which strongly simplifies querying flow, improve search efficiency.
In addition, in order to the safety of data, terminal module 304 also for, receive subscriber identity information, judge whether this subscriber identity information is legal identity information, if so, then receives inquiry request, otherwise, do not receive inquiry request.
As can be seen here, the present invention has the following advantages:
(1) in the present invention, due to can according to service needed, more than one control of authority point is gone out for the Data Placement in database, each control of authority point can comprise more than one entity, also set each entity attributes in each control of authority point, and then establish the rule tree of answering with each Attribute Relative of each entity, so just can carry out logical operation to the rule tree corresponding to these entity attributes thus determine the rule searching corresponding with each entity.The present invention is after the rule searching storing all entities in each control of authority point, the inquiry object of user is determined according to control of authority to be checked in the inquiry request received point, and then according to the title of entity to be checked in inquiry request, determine entity to be checked, thus determine the rule searching in control of authority to be checked point corresponding to this entity, then, just corresponding data can be searched according to this rule searching from database.Utilize authority control method provided by the invention, user only need provide inquiry request automatically can produce Query Result, thus use easily, when needs are expanded to revise this authority control method to this authority control system, only need reset each entity attributes in control of authority point, each control of authority point, re-establish the rule tree of each entity, and reassign rule searching corresponding to each entity, thus authority control method provided by the invention is easy to expansion, and maintenance cost is also very low.
(2) the present invention marks off different control of authority points, and different rights reference mark corresponds to different inquiry objects, and this is conducive to ensureing that Query Result height meets inquiry object, provides redundant information as little as possible.And the rule searching corresponding to each entity that invention specifies in each control of authority point, can ensure that the user inquiring about this entity can not search unwarranted information, this is conducive to the security of guarantee information.
(3) the present invention is the mode by presetting the rule searching corresponding with entity, according to the entity that user will inquire about, Automatically invoked rule searching, and then inquire corresponding data export, which strongly simplifies querying flow, improve search efficiency.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (7)
1., for an authority control method for data query, described data are stored in database; It is characterized in that, the method comprises:
Step 1: for the data in described database, divides and obtains more than one control of authority point, and set each entity attributes included by each control of authority point;
Step 2: set up the rule tree of answering with each Attribute Relative of each entity;
Step 3: specify rule searching corresponding with each entity in each control of authority point, the operation result of the rule tree corresponding to more than one attribute after logical operation that described rule searching is this entity;
Step 4: receive inquiry request, described inquiry request comprises title and the control of authority to be checked point of entity to be checked;
Step 5: according to the title of described entity to be checked, determine entity to be checked, and then determine the rule searching in described control of authority to be checked point corresponding to this entity; Search meets the data of this rule searching in the database, and exports.
2. method according to claim 1, it is characterized in that, after described step 3, before described step 4, also comprise step 30: receive subscriber identity information, judge whether this subscriber identity information is legal identity information, if, then perform described step 4, otherwise, do not allow to inquire about described data.
3. method according to claim 2, it is characterized in that, judge in described step 30 this subscriber identity information whether for legal identity information method for: travel through the legal identity information stored, judge that whether described subscriber identity information is identical with in stored all legal identity information, if, then this subscriber identity information is legal identity information, otherwise this subscriber identity information is illegal identity information.
4. according to the method in claim 2 or 3, it is characterized in that, described subscriber identity information comprises: user account and user cipher.
5. method according to claim 1, is characterized in that, the logical operation described in described step 3 is logic and operation.
6. for an authority control system for data query, it is characterized in that, this system comprises: memory module, configuration module, rule searching designated module, terminal module; Wherein,
Described memory module is used for, and stores described data, stores rule searching corresponding with each entity in each control of authority point;
Described configuration module is used for, and for the data in described memory module, divides and obtains more than one control of authority point, and set each entity attributes included by each control of authority point; Set up the rule tree of answering with each Attribute Relative of each entity; Rule tree corresponding to each attribute of each entity attributes included by each control of authority point and each entity is sent to described rule searching designated module;
Described rule searching designated module is used for, specify rule searching corresponding with each entity in each control of authority point, the operation result of the rule tree corresponding to more than one attribute after logical operation making described rule searching be this entity, and the rule searching in each control of authority point corresponding to each entity is sent to described memory module;
Described terminal module is used for, and receive inquiry request, described inquiry request comprises title and the control of authority to be checked point of entity to be checked; According to the title of described entity to be checked, determine entity to be checked, and then obtain the rule searching described control of authority to be checked point corresponding to this entity from described memory module; Meet the data of this rule searching from described memory module search, and export.
7. system according to claim 6, is characterized in that, described terminal module also for, receive subscriber identity information, judge whether this subscriber identity information is legal identity information, if, then receive described inquiry request, otherwise, do not receive described inquiry request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110162064.8A CN102831123B (en) | 2011-06-16 | 2011-06-16 | Method and system for querying authority control of data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110162064.8A CN102831123B (en) | 2011-06-16 | 2011-06-16 | Method and system for querying authority control of data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102831123A CN102831123A (en) | 2012-12-19 |
| CN102831123B true CN102831123B (en) | 2015-04-08 |
Family
ID=47334266
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110162064.8A Active CN102831123B (en) | 2011-06-16 | 2011-06-16 | Method and system for querying authority control of data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102831123B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104077694B (en) * | 2013-03-27 | 2018-04-06 | 阿里巴巴集团控股有限公司 | User's right information processing method and system |
| CN104240005A (en) * | 2013-06-21 | 2014-12-24 | 刘伟 | Application information management system, device and method |
| CN107133522A (en) * | 2016-02-29 | 2017-09-05 | 阿里巴巴集团控股有限公司 | A kind of authority determines method and device |
| CN109684793A (en) * | 2018-12-29 | 2019-04-26 | 北京神舟航天软件技术有限公司 | A method of data permission management is carried out based on permission domain structure tree |
| CN112102592A (en) * | 2020-09-14 | 2020-12-18 | 江苏华世远电力技术有限公司 | Modularization cable trench system with outer broken perception function |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN101004683A (en) * | 2007-01-31 | 2007-07-25 | 华为技术有限公司 | Method and device for accessing database |
| CN101493872A (en) * | 2009-02-09 | 2009-07-29 | 汪金保 | Fine grain authority management method based on classification method |
| CN101976316A (en) * | 2010-10-27 | 2011-02-16 | 杭州新中大软件股份有限公司 | Information access authority control method |
-
2011
- 2011-06-16 CN CN201110162064.8A patent/CN102831123B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN101004683A (en) * | 2007-01-31 | 2007-07-25 | 华为技术有限公司 | Method and device for accessing database |
| CN101493872A (en) * | 2009-02-09 | 2009-07-29 | 汪金保 | Fine grain authority management method based on classification method |
| CN101976316A (en) * | 2010-10-27 | 2011-02-16 | 杭州新中大软件股份有限公司 | Information access authority control method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102831123A (en) | 2012-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102270225B (en) | Data change daily record method for supervising and data change daily record supervising device | |
| CN102831123B (en) | Method and system for querying authority control of data | |
| US7337176B1 (en) | Data loading tool for loading a database | |
| US20040083426A1 (en) | System and method for generating pre-populated forms | |
| US20100191718A1 (en) | Complex relational database extraction system and method with perspective based dynamic data modeling | |
| US20070220004A1 (en) | Security view-based, external enforcement of business application security rules | |
| TW201600985A (en) | Data query method and apparatus | |
| CN107220266B (en) | Method and device for creating service database, storing service data and determining service data | |
| CN105095970A (en) | Execution method and system of third-party application | |
| CN107146090A (en) | Falsifying recognition methods and device | |
| CN108388604A (en) | User right data administrator, method and computer readable storage medium | |
| CN104408171A (en) | Receipt sub-table row-correlated query device and method | |
| AU2017224831A1 (en) | A data source system agnostic fact category partitioned information repository and methods for the insertion and retrieval of data using the information repository | |
| CN110046287A (en) | A kind of the data query method, apparatus and storage medium unrelated with type of database | |
| CN109871393A (en) | A kind of access method based on label system | |
| CN103019556A (en) | Quick help information display system and quick help information display method | |
| CN114547204A (en) | Data synchronization method and device, computer equipment and storage medium | |
| CN104463665A (en) | Method for conducting storage analyzing on general invoice data | |
| CN114897536A (en) | Commodity anti-counterfeiting tracing method based on RFID (radio frequency identification) label and block chain | |
| US20140317156A1 (en) | Data management for data aggregation | |
| CN109947797A (en) | A kind of data detecting device and method | |
| CN116739336A (en) | Power grid disaster early warning method and system based on multi-source heterogeneous data fusion model | |
| US20100287570A1 (en) | Using abstraction layers to facilitate communication between systems | |
| CN115080537A (en) | Multi-tenant data partitioning method, program product and electronic device | |
| Wang et al. | Research on productization and development trend of data desensitization technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |