CN104766023A - User management method based on ORACLE database - Google Patents
User management method based on ORACLE database Download PDFInfo
- Publication number
- CN104766023A CN104766023A CN201510052388.4A CN201510052388A CN104766023A CN 104766023 A CN104766023 A CN 104766023A CN 201510052388 A CN201510052388 A CN 201510052388A CN 104766023 A CN104766023 A CN 104766023A
- Authority
- CN
- China
- Prior art keywords
- user
- user management
- management method
- method based
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a user management method based on an ORACLE database, wherein operation permissions of user classification are managed by a user management tool, execution users are assigned by the user management tool, i.e., assigning roles to identities of users, and giving different operation permissions. Additionally, assigning the roles at least comprises assigning the permissions and creating the users. During this period, if a warning occurs, an early warning mechanism is triggered, and an operation log is recorded; if a high-risk operation exists, the user is locked directly. Therefore, the operation types and permissions of different levels of users can be strictly controlled on the basis of the user management. A certain isolation segment can be divided in the database for operations steps by step, accordingly cutting down the influence caused by illegal operations, thereby protecting the integrity and the stability of the production data from the scope of entrance. Meanwhile, for user operations of certain rules, certain early warning mechanisms can be triggered to inform the related person to track and analyze, or even directly lock the high-risk operation user, thereby increasing the safety greatly.
Description
Technical field
The present invention relates to a kind of user management method, particularly relate to a kind of user management method based on ORACLE database.
Background technology
The data of modern enterprise are towards Large Copacity future development; wherein database at the business data of enterprise, business algorithm, to analyze the proportion occupied in deciphering increasing; under the warning constantly breaking into the malignant event such as user data unofficial biography, Enterprise business secret leakage, assault destruction, the management of database and protection become and are even more important.
Meanwhile, internet traditional database user, is often divided into System Management User and program direct calling party two class.The entrance authority that database connects towards program all adopts formula Full-open of mourning in silence, and when program is subject to malicious sabotage, the direct change carrying out database that can be unreserved, produces significant damage to enterprise database.
Summary of the invention
Object of the present invention is exactly to solve the above-mentioned problems in the prior art, provides a kind of user management method based on ORACLE database.
Object of the present invention is achieved through the following technical solutions: by user management tool management users classification and operating right, distributed by user management instrument and perform user, namely role assignments is carried out to the identity of user, give different operating rights, described role assignments at least comprises and distributes authority, creates user, comprises user operation parsing, user management in described operating right.
Described management process is, step one, the application program in connection data storehouse generates the SQL statement of corresponding database by ORM Object Relation Mapping, and database connection pool corresponding to application program obtains user corresponding to database and connect, and SQL is carried out in this connection execution and calls.Step 2, database receives the SQL performed, the synonym title corresponding according to active user's range-based searching, if synonym title does not exist, then the alarm of throw exception " object does not exist ", if synonym exists, then enters step 3.Step 3, data are carried out parsing SQL according to the destination object of synonym acquisition agency and are operated, if not effective operating right, the then alarm of throw exception prompting " invalid operation ", if effective operating right, then enter step 4.Step 4, make an explanation in database to the user at destination object place execution.
In said process, if there is alarm, then trigger early warning mechanism, record Operation Log, if there is high-risk operation, then directly locks user.
The above-mentioned user management method based on ORACLE database, wherein: the described high-risk behavior being operating as destruction database structure and data, is all considered as high-risk operation.
Further, the above-mentioned user management method based on ORACLE database, wherein: described Operation Log content comprises, one or more in the statement of operation, time, account, machine name, access IP.
Further, the above-mentioned user management method based on ORACLE database, wherein: described user management instrument is oracle self-defined package implementation Process bag.
Further, the above-mentioned user management method based on ORACLE database, wherein: described right of distribution is limited to default access, both according to service needed, the Permission Levels of self-defined correspondence, or, carry out the distribution of specifying access object according to user.
Further, the above-mentioned user management method based on ORACLE database, wherein: described establishment user comprises, and sets up the object permission of user, distributing user permission, distributing user.Described establishment user is, calls tool bag, inputs user name, password and authority numbering.Described authority numbering comprises keeper, operator, read-only user.Described keeper, has DDL authority, can create, revise, delete list structure, process bag, and can carry out additions and deletions to data and change and look into.Described operator, has DML authority, can question blank structure, and carries out additions and deletions for data and change and look into operation.Described read-only user, only can question blank structure and data.The object permission of described distributing user is, all objects of certain user are all licensed to another user, or, independent authorization is carried out to some objects of user.
Further, the above-mentioned user management method based on ORACLE database, wherein: described mandate at least comprises increase, delete, revise, search in one or more, each mandate is all create a synonym of bearing the same name to user to carry out proxy access.
Further, the above-mentioned user management method based on ORACLE database, wherein: described user operation resolving is, 1. step, is verified by user and identifies corresponding role, give different role-securities.2. step, by the synonym under corresponding role-security, finds corresponding agent object.3., the operating right of check object, if verification is passed through, then finally performs step, if verification is not passed through, then carries out abnormal prompt.
Again further, the above-mentioned user management method based on ORACLE database, wherein: described user management is, accessing operation for user carries out log recording, and it is reserved to retain expansion, definable user management strategy, when finding the high-risk operation of certain user's occurrence law, pressure can be carried out for this user and regain mandate or locking, and notice relevant supervisor.
The advantage of technical solution of the present invention is mainly reflected in: can from user management; the action type of strict control different brackets user and authority; database can be segmented in certain isolation section and carry out separate operations; cut off the impact that illegal operation causes, protect the complete and stable of production data from entrance scope.Meanwhile, the predefine of procedure operation mode can also have been carried out from the angle implementing to control, and a virtual subregion carries out the data isolation of corresponding operating, only have authorized data to be submitted to formal environments under authorized operation.Moreover, for the user operation of certain rule, certain early warning mechanism can be triggered, notify that corresponding personnel carry out follow-up and analyze, even directly lock high-risk operation user, greatly improve security.Thus, space has been expanded in the technical progress for this area, and implementation result is good.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of the user management method based on ORACLE database.
Embodiment
Based on the user management method of ORACLE database, its special feature is: by user management tool management users classification and operating right.Meanwhile, execution user is distributed by user management instrument.That is, role assignments is carried out to the identity of user, gives different operating rights.Further, in order to realize effective safety management, the role assignments adopted at least comprises and distributes authority, creates user, and comprises user operation parsing, user management in operating right.Moreover consider the versatility of enforcement, user management instrument is oracle self-defined package implementation Process bag.
Specifically, the management process of employing is as follows:
Step one, the application program in connection data storehouse generates the SQL statement of corresponding database by ORM Object Relation Mapping, and database connection pool corresponding to application program obtains user corresponding to database and connect, and SQL is carried out in this connection execution and calls.
Step 2, database receives the SQL performed, the synonym title corresponding according to active user's range-based searching, if synonym title does not exist, then the alarm of throw exception " object does not exist ", if synonym exists, then enters step 3.
Step 3, the destination object (such as list structure) that data obtain agency according to synonym resolves SQL operation, if not effective operating right, the then alarm of throw exception prompting " invalid operation ", if effective operating right, then enters step 4.
Step 4, make an explanation in database to the user at destination object place execution.It is that oracle self mechanism determines that the explanation adopted performs.Specifically, the explanation that the present invention adopts performs and is, searches corresponding database table structure, according to condition filter table data, and then return data.The process of concrete refinement can also inquire about official's technical manual of oracle issue.Be convenient to technician and adjust custom strategies at any time.
In said process, if there is alarm, then trigger early warning mechanism, record Operation Log, if there is high-risk operation, then directly locks user.In the process that reality is implemented, the reason adopting early warning mechanism to illustrate is, for the data modification operation of specifying, if not program standard operation, can realize carrying out pre-alert notification.Such as, member's login password etc. is revised.If there is direct Modify password, and do not provide current password, be then considered as unsafe operation, can record be carried out.
With regard to the present invention one preferably embodiment, the high-risk behavior being operating as destruction database structure and data, is all considered as high-risk operation.Can show as in actual treatment, the operation of the types such as Update Table storehouse user cipher, Update Table lab setting.Further, according to the setting of authority, high-risk operation cannot perform substantially, but needs to retain daily record, and generates pre-alert notification to keeper, sends message, such as, send note by corresponding program.
Further, in order to realize effective operation note, be convenient to safeguard, Operation Log content comprises in the future, one or more in the statement of operation, time, account, machine name, access IP.Certainly, consider the facility of enforcement, program or client are submitted to inside the information of coming and are automatically comprised the information such as statement, time, account.Consider the needs of safety management, adopt right of distribution to be limited to default access, both according to service needed, the Permission Levels of self-defined correspondence, or, carry out the distribution of specifying access object according to user.
Again further, create user and comprise, set up the object permission of user, distributing user permission, distributing user.Specifically, creating user is, calls tool bag, inputs the authority numbering of user name, password and above-mentioned distribution.In order to carry out effective right assignment, the authority numbering of employing comprises, A: keeper, O: operator, G: read-only user.
Specifically, keeper, has DDL(data structure definition) authority, can create, revise, delete list structure, process bag, and additions and deletions can be carried out to data and change and look into.Operator, has DML(data manipulation management) authority, can question blank structure, and additions and deletions are carried out for data change and look into operation.Read-only user, only can question blank structure and data.Further, in order to realize stable rights management, the object permission of distributing user is, all objects of certain user are all licensed to another user.Can also be that independent authorization is carried out to some objects of user.
In conjunction with actual implementation process, authorize at least comprise increase, delete, revise, search in one or more.Further, each mandate is all create a synonym of bearing the same name to user to carry out proxy access.The agency that the present invention adopts, our daily TV remote controller used similar, just can operate televisor by remote controller and carry out the function such as zapping, tuning amount, provides an effective centre controlling unit.
For the ease of identifying the operation of user, the user operation resolving adopted is: first, is verified and identifies corresponding role, give different role-securities by user.Afterwards, by the synonym under corresponding role-security, find corresponding agent object.Finally, the operating right of check object, if verification is passed through, then finally performs, if verification is not passed through, then carries out abnormal prompt.
Further, consider and database can be coordinated to realize effective data tracking to carry out user management, user management involved in the present invention is, the accessing operation for user carries out log recording, and it is reserved to retain (user management) expansion.Further, user management strategy can be defined, when finding the high-risk operation of certain user's occurrence law, pressure can be carried out for this user and regaining mandate or locking, and notice relevant supervisor.
In conjunction with implement software of the present invention, letter can answer and be expressed as following process:
The first step, performs user management kit.
Second step, pre-set user classification and authority.
3rd step, creates sorted users, calls pkg_admin. p_create_user (authority is numbered for user name, password).
4th step, authorized user object, calls pkg_admin. p_grant_user_object (source user, targeted customer), by all for source user Object Authorization to targeted customer.Or call pkg_admin. p_grant_user_object (source user, targeted customer, source object), the appointed object of source user is licensed to targeted customer.
5th step, has implemented, and switches the new user created, checking result of use.
Can be found out by above-mentioned character express; after adopting the present invention; can from user management; the action type of strict control different brackets user and authority; database can be segmented in certain isolation section and carry out separate operations; cut off the impact that illegal operation causes, protect the complete and stable of production data from entrance scope.Meanwhile, the predefine of procedure operation mode can also have been carried out from the angle implementing to control, and a virtual subregion carries out the data isolation of corresponding operating, only have authorized data to be submitted to formal environments under authorized operation.Moreover, for the user operation of certain rule, certain early warning mechanism can be triggered, notify that corresponding personnel carry out follow-up and analyze, even directly lock high-risk operation user, greatly improve security.
Claims (9)
1., based on the user management method of ORACLE database, it is characterized in that:
By user management tool management users classification and operating right, distributed by user management instrument and perform user, namely role assignments is carried out to the identity of user, give different operating rights, described role assignments at least comprises and distributes authority, creates user, comprises user operation parsing, user management in described operating right;
Described management process is,
Step one, the application program in connection data storehouse generates the SQL statement of corresponding database by ORM Object Relation Mapping, and database connection pool corresponding to application program obtains user corresponding to database and connect, and SQL is carried out in this connection execution and calls;
Step 2, database receives the SQL performed, the synonym title corresponding according to active user's range-based searching, if synonym title does not exist, then the alarm of throw exception " object does not exist ", if synonym exists, then enters step 3;
Step 3, data are carried out parsing SQL according to the destination object of synonym acquisition agency and are operated, if not effective operating right, the then alarm of throw exception prompting " invalid operation ", if effective operating right, then enter step 4;
Step 4, make an explanation in database to the user at destination object place execution;
In said process, if there is alarm, then trigger early warning mechanism, record Operation Log, if there is high-risk operation, then directly locks user.
2. the user management method based on ORACLE database according to claim 1, is characterized in that: the described high-risk behavior being operating as destruction database structure and data, is all considered as high-risk operation.
3. the user management method based on ORACLE database according to claim 1, is characterized in that: described Operation Log content comprises, one or more in the statement of operation, time, account, machine name, access IP.
4. the user management method based on ORACLE database according to claim 1, is characterized in that: described user management instrument is oracle self-defined package implementation Process bag.
5. the user management method based on ORACLE database according to claim 1, it is characterized in that: described right of distribution is limited to default access, both according to service needed, the Permission Levels of self-defined correspondence, or, carry out the distribution of specifying access object according to user.
6. the user management method based on ORACLE database according to claim 1, is characterized in that: described establishment user comprises, and sets up the object permission of user, distributing user permission, distributing user,
Described establishment user is, calls tool bag, inputs user name, password and authority numbering,
Described authority numbering comprises keeper, operator, read-only user,
Described keeper, has DDL authority, can create, revise, delete list structure, process bag, and can carry out additions and deletions to data and change and look into,
Described operator, has DML authority, can question blank structure, and carries out additions and deletions for data and change and look into operation,
Described read-only user, only can question blank structure and data,
The object permission of described distributing user is, all objects of certain user are all licensed to another user, or, independent authorization is carried out to some objects of user.
7. the user management method based on ORACLE database according to claim 1, it is characterized in that: described mandate at least comprises increase, delete, revise, search in one or more, each mandate is all create a synonym of bearing the same name to user to carry out proxy access.
8. the user management method based on ORACLE database according to claim 1, is characterized in that: described user operation resolving is,
1. step, is verified by user and identifies corresponding role, give different role-securities,
2. step, by the synonym under corresponding role-security, finds corresponding agent object,
3., the operating right of check object, if verification is passed through, then finally performs step, if verification is not passed through, then carries out abnormal prompt.
9. the user management method based on ORACLE database according to claim 1, it is characterized in that: described user management is, accessing operation for user carries out log recording, and it is reserved to retain expansion, definable user management strategy, when finding the high-risk operation of certain user's occurrence law, pressure can be carried out for this user and regaining mandate or locking, and notice relevant supervisor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510052388.4A CN104766023B (en) | 2015-02-02 | 2015-02-02 | User management method based on ORACLE databases |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510052388.4A CN104766023B (en) | 2015-02-02 | 2015-02-02 | User management method based on ORACLE databases |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104766023A true CN104766023A (en) | 2015-07-08 |
| CN104766023B CN104766023B (en) | 2017-09-19 |
Family
ID=53647842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510052388.4A Expired - Fee Related CN104766023B (en) | 2015-02-02 | 2015-02-02 | User management method based on ORACLE databases |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104766023B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105844142A (en) * | 2016-03-16 | 2016-08-10 | 上海新炬网络信息技术有限公司 | Safe centralized management and control method of database account |
| CN107229644A (en) * | 2016-03-25 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Searching method and device |
| CN107273758A (en) * | 2017-05-03 | 2017-10-20 | 上海上讯信息技术股份有限公司 | A kind of data bank access method and equipment |
| CN107944840A (en) * | 2017-12-25 | 2018-04-20 | 新疆机汇网络科技有限公司 | Data processing method and device for service management |
| CN109409042A (en) * | 2018-08-23 | 2019-03-01 | 顺丰科技有限公司 | A kind of user right distribution abnormality detection system, method, equipment and storage medium |
| CN109766686A (en) * | 2018-04-25 | 2019-05-17 | 新华三大数据技术有限公司 | Rights management |
| CN110188089A (en) * | 2019-05-31 | 2019-08-30 | 杭州安恒信息技术股份有限公司 | A kind of database O&M management-control method and device |
| CN110929278A (en) * | 2019-11-21 | 2020-03-27 | 浪潮云信息技术有限公司 | Ansible-based cloud database authority management system and method |
| CN111400681A (en) * | 2020-04-07 | 2020-07-10 | 杭州指令集智能科技有限公司 | Data permission processing method, device and equipment |
| CN111460500A (en) * | 2020-03-31 | 2020-07-28 | 贵州电网有限责任公司 | Authority management method of network resources |
| CN115206320A (en) * | 2022-07-15 | 2022-10-18 | 湖南创星科技股份有限公司 | Graph database operation method and system based on voice recognition |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN101515931A (en) * | 2009-03-24 | 2009-08-26 | 北京理工大学 | Method for enhancing the database security based on agent way |
| CN102508898A (en) * | 2011-11-04 | 2012-06-20 | 浪潮(北京)电子信息产业有限公司 | Data access method and database system based on cloud computing |
| US20120185500A1 (en) * | 2011-01-13 | 2012-07-19 | International Business Machines Corporation | Data storage and management system |
-
2015
- 2015-02-02 CN CN201510052388.4A patent/CN104766023B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN101515931A (en) * | 2009-03-24 | 2009-08-26 | 北京理工大学 | Method for enhancing the database security based on agent way |
| US20120185500A1 (en) * | 2011-01-13 | 2012-07-19 | International Business Machines Corporation | Data storage and management system |
| CN102508898A (en) * | 2011-11-04 | 2012-06-20 | 浪潮(北京)电子信息产业有限公司 | Data access method and database system based on cloud computing |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105844142B (en) * | 2016-03-16 | 2019-04-05 | 上海新炬网络技术有限公司 | Management-control method in a kind of database account number safe collection |
| CN105844142A (en) * | 2016-03-16 | 2016-08-10 | 上海新炬网络信息技术有限公司 | Safe centralized management and control method of database account |
| CN107229644A (en) * | 2016-03-25 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Searching method and device |
| CN107273758A (en) * | 2017-05-03 | 2017-10-20 | 上海上讯信息技术股份有限公司 | A kind of data bank access method and equipment |
| CN107944840A (en) * | 2017-12-25 | 2018-04-20 | 新疆机汇网络科技有限公司 | Data processing method and device for service management |
| CN109766686A (en) * | 2018-04-25 | 2019-05-17 | 新华三大数据技术有限公司 | Rights management |
| CN109409042A (en) * | 2018-08-23 | 2019-03-01 | 顺丰科技有限公司 | A kind of user right distribution abnormality detection system, method, equipment and storage medium |
| CN109409042B (en) * | 2018-08-23 | 2021-04-20 | 顺丰科技有限公司 | User authority distribution abnormity detection system, method, equipment and storage medium |
| CN110188089A (en) * | 2019-05-31 | 2019-08-30 | 杭州安恒信息技术股份有限公司 | A kind of database O&M management-control method and device |
| CN110929278A (en) * | 2019-11-21 | 2020-03-27 | 浪潮云信息技术有限公司 | Ansible-based cloud database authority management system and method |
| CN111460500A (en) * | 2020-03-31 | 2020-07-28 | 贵州电网有限责任公司 | Authority management method of network resources |
| CN111460500B (en) * | 2020-03-31 | 2023-12-01 | 贵州电网有限责任公司 | Authority management method of network resource |
| CN111400681A (en) * | 2020-04-07 | 2020-07-10 | 杭州指令集智能科技有限公司 | Data permission processing method, device and equipment |
| CN111400681B (en) * | 2020-04-07 | 2023-09-12 | 杭州指令集智能科技有限公司 | Data authority processing method, device and equipment |
| CN115206320A (en) * | 2022-07-15 | 2022-10-18 | 湖南创星科技股份有限公司 | Graph database operation method and system based on voice recognition |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104766023B (en) | 2017-09-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104766023A (en) | User management method based on ORACLE database | |
| CN109995796B (en) | Industrial control system terminal safety protection method | |
| CN109976239B (en) | Industrial control system terminal safety protection system | |
| CN104166812B (en) | Database safety access control method based on independent authorization | |
| CN103490895B (en) | A kind of industrial control identity authentication applying the close algorithm of state and device | |
| US9635029B2 (en) | Role-based access control permissions | |
| CN103441926B (en) | Security gateway system of numerically-controllmachine machine tool network | |
| CN110968825A (en) | WEB page fine-grained authority control method | |
| US20070299881A1 (en) | System and method for protecting selected fields in database files | |
| CN103246849A (en) | Safe running method based on ROST under Windows | |
| CN102722667A (en) | Database security protection system and method based on virtual databases and virtual patches | |
| CN114157457A (en) | Authority application and monitoring method for network data information security | |
| Marali et al. | Cyber security threats in industrial control systems and protection | |
| CN107147665B (en) | Application method of the beam-based alignment model in industrial 4.0 systems | |
| CN117370953A (en) | ERP system access control method and platform | |
| CN116707980A (en) | Immune security defense method based on zero trust | |
| CN105447408A (en) | Data protection method and apparatus | |
| Braband | What's Security Level got to do with Safety Integrity Level? | |
| KR101025029B1 (en) | Implementation method for integration database security system using electronic authentication | |
| CN101860436A (en) | Technology for accurately controlling system user data authority | |
| CN104732160A (en) | Control method for preventing database information from being leaked internally | |
| CN115484108A (en) | Distributed internet database anti-intrusion security system | |
| US11822646B2 (en) | Generating an automated security analysis for an installation | |
| CN105262770A (en) | Method for managing account password | |
| Kadebu et al. | A security requirements perspective towards a secured nosql database environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170919 Termination date: 20210202 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |