CN104866776A - Control method and device for data access permission - Google Patents
Control method and device for data access permission Download PDFInfo
- Publication number
- CN104866776A CN104866776A CN201410060839.4A CN201410060839A CN104866776A CN 104866776 A CN104866776 A CN 104866776A CN 201410060839 A CN201410060839 A CN 201410060839A CN 104866776 A CN104866776 A CN 104866776A
- Authority
- CN
- China
- Prior art keywords
- access
- data
- model
- rights
- access rights
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a control method for data access permission. The method comprises: an access token endowing step of endowing data in a database with access tokens; an access interface establishing step of establishing access interfaces according to the access tokens, wherein the access interfaces correspond to the access tokens, and data having corresponding access tokens can be accessed through one access interface; an access permission modeling step of creating models of access permission, wherein each model of access permission corresponds to one combination of access interfaces, and corresponding data in the database can be accessed through the combinations of access interfaces; an access permission model presenting step of presenting the created models of access permission; an access permission setting receiving step of receiving setting of access permission, wherein the setting of access permission is based on the presented models of access permission; and an access permission determining step of forming the models of access permission to form an access permission, wherein the access permission is specified by the setting of access permission.
Description
Technical field
The present invention relates to control of authority technology, particularly relate to a kind of control technology of data access authority.
Background technology
At present, in the rights management field of data level, never unified technology.Comparatively common rights management mode is hard coded, namely rights management is coupled with the form of the statements such as if/else and service code, in application and development, the WHERE condition relating to data permission control is added to the SQL statement of accessing database data and realize.The drawback of this way is fairly obvious:
The first, because rights management is coupling in other service codes with code form, therefore require will which data of labor to need to add control of authority at the initial stage of development of service code, while exploitation service code, namely incorporate authorization code.In practical operation, the difficulty done like this is very large, often accurately cannot determine the access rights of data at the initial stage of development of service code.
The second, later maintenance difficulty.Because rights management code incorporates in service code, once need to adjust data permission, just need to remodify whole service code, clear up one by one and revise SQL statement, this is the work of very expend energy on, and has very large possibility to there will be leak and mistake.
So just need one to be easy to realize, and be easy to the rights management techniques of the data level of later maintenance.
Summary of the invention
According to one embodiment of the invention, propose a kind of control method of data access authority, comprise following step:
Give the step of access flag, give access flag to the data in database;
Set up the step of access interface, set up access interface according to access flag, access interface is corresponding with access flag, can be accessed the data with corresponding access flag by an access interface;
The modeling procedure of access rights, creates the model of access rights, the combination of the corresponding access interface of model of each access rights, by the data that the combination of access interface can be corresponding in accessing database;
The step of the model of demonstrating access authority, represents the model of created access rights;
Receive the step that access rights are arranged, receive the setting for access rights, the setting for access rights is the model based on represented access rights;
Determine the step of access rights, the model of combined access authority forms access rights, and access rights are by arranging appointment for access rights.
In one embodiment, the combination of access interface comprises one or more access interface, can be accessed the data with one or more corresponding access flag by the combination of this access interface.
In one embodiment, the model of created access rights is represented in the step of the model of demonstrating access authority with the form of view.
In one embodiment, the step of the model of demonstrating access authority comprises access flag corresponding to the model of demonstrating access authority.
In one embodiment, receive in the step of access rights setting for the selection that the setting of access rights is to view.
According to one embodiment of the invention, propose a kind of control device of data access authority, comprising:
Give the device of access flag, access flag is also given to the data in database in connection data storehouse;
Set up the device of access interface, connect the device and database of giving access flag, the device setting up access interface sets up access interface according to access flag, and access interface is corresponding with access flag, can be accessed the data with corresponding access flag by an access interface;
The model building device of access rights, creates the model of access rights, the combination of the corresponding access interface of model of each access rights, by the data that the combination of access interface can be corresponding in accessing database;
Interactive device, the model building device of connected reference authority, the device of the model of interactive device demonstrating access authority represents the model of created access rights, and receives the setting for access rights, and the setting for access rights is the model based on represented access rights;
Determine the device of access rights, the model building device of connected reference authority and interactive device, determine that the model of the device combined access authority of access rights forms access rights, access rights are by arranging appointment for access rights.
In one embodiment, the combination of access interface comprises one or more access interface, can be accessed the data with one or more corresponding access flag by the combination of this access interface.
In one embodiment, interactive device represents the model of created access rights with the form of view.
In one embodiment, the access flag that the model of interactive device also demonstrating access authority is corresponding.
In one embodiment, interactive device receives the selection of view as the setting for access rights.
The control of authority of data level is peeled off by the control method of data access authority of the present invention and control device from service code, by the mode of middleware, the control of authority of data level can be implemented independent of database and service code, reduce the maintenance cost realizing cost and later stage.
Accompanying drawing explanation
Below in conjunction with accompanying drawing, specific description is in detail done further to the specific embodiment of the present invention.
Fig. 1 discloses the process flow diagram of the control method of data access authority of the present invention.
Fig. 2 discloses the structural representation of the control device of data access authority of the present invention.
Embodiment
Can find by studying various data permission control technology, all controls of authority all rely on data set, by the rule of data access being added to control data set realized to data access.If the control for data set can be realized, so just can directly to realize the control of authority of data access and without the need to changing service code.But in a lot of Open Framework, all there is no the concept of data set or represent at present, saying it is be difficult to get which data set and data item under exploitation or running status accurately.
The essence of data set is exactly the result set that SQL statement returns in fact, adds data access control to add data filtering condition to SQL statement exactly to data set.Although do not have data set to use in Open Framework, can by data access be controlled to be applied directly on database table or view to reach similar object.The control method of data access authority of the present invention and control device are exactly propose based on the program.
First with reference to shown in figure 1, present invention is disclosed a kind of control method of data access authority, comprise following step:
The step of 11. imparting access flag, gives access flag to the data in database.Described access flag can be arranged as required, and the access rights arranged according to conditional statement during such as tradition realizes, can be endowed data by the mode of access flag in the present invention.
12. steps setting up access interface, set up access interface according to access flag, access interface is corresponding with access flag, can be accessed the data with corresponding access flag by an access interface.In the present invention, the data with specific access flag can only be visited by specific access interface, achieve the control of authority for data access, simultaneously, access interface and access flag are all independent of data itself, and the cost adjusting and safeguard is reduced all significantly.
The modeling procedure of 13. access rights, creates the model of access rights, the combination of the corresponding access interface of model of each access rights, by the data that the combination of access interface can be corresponding in accessing database.In one embodiment, the combination of access interface comprises one or more access interface, can be accessed the data with one or more corresponding access flag by the combination of this access interface.Each Access Model can comprise one or more access interface, and that is each Access Model can have the combination of the data of specific access flag in accessing database.The effect of Access Model be in order to make the generation of access rights and management more convenient, can the combination of the data of access be needed to create the model of access rights conventional some, be convenient to directly transfer use.
The step of the model of 14. demonstrating access authorities, represents the model of created access rights.In one embodiment, the model of created access rights is represented in the step of the model of demonstrating access authority with the form of view.In one embodiment, the step of the model of demonstrating access authority comprises access flag corresponding to the model of demonstrating access authority.By representing the model of created access rights with the form of view and represent access flag corresponding to this model simultaneously, make user can understand authority corresponding to each data intuitively, thus set access rights as required easily.In one embodiment, the model of access rights creates based on Dorado.
The step that 15. reception access rights are arranged, receive the setting for access rights, the setting for access rights is the model based on represented access rights.In one embodiment, receive in the step of access rights setting for the selection that the setting of access rights is to view.User selects in the model of the access rights represented with view, determines desired access rights as required.
16. steps determining access rights, the model of combined access authority forms access rights, and access rights are by arranging appointment for access rights.The model of the access rights chosen by user is combined the final access rights of formation.These access rights can access data corresponding to the model of each wherein comprised access rights.After determining access rights, these access rights can be awarded specific user according to demand, realize the control for access privilege.
Shown in figure 2, present invention further teaches a kind of control device of data access authority, comprising: give the device 21 of access flag, the device 22 setting up access interface, the model building device 23 of access rights, interactive device 24 and determine the device 25 of access rights.
Give the device 21 connection data storehouse 20 of access flag and give access flag to the data in database.Access flag can be arranged as required, and the access rights arranged according to conditional statement during such as tradition realizes, can be endowed data by the mode of access flag in the present invention.
The device 22 setting up access interface connects the device 21 and database 20 of giving access flag.The device 22 setting up access interface sets up access interface according to access flag, and access interface is corresponding with access flag, can be accessed the data with corresponding access flag by an access interface.In the present invention, the data with specific access flag can only be visited by specific access interface, achieve the control of authority for data access, simultaneously, access interface and access flag are all independent of data itself, and the cost adjusting and safeguard is reduced all significantly.
The model building device 23 of access rights creates the model of access rights, the combination of the corresponding access interface of the model of each access rights, by the data that the combination of access interface can be corresponding in accessing database.In fig. 2, the model building device 23 of access rights is illustrated as being connected with the device 22 setting up access interface.At some in other realization, both also can not connect, as long as the model building device of access rights 23 can access the interface created by the device 22 setting up access interface smoothly.In one embodiment, the combination of access interface comprises one or more access interface, can be accessed the data with one or more corresponding access flag by the combination of this access interface.Each Access Model can comprise one or more access interface, and that is each Access Model can have the combination of the data of specific access flag in accessing database.The effect of Access Model be in order to make the generation of access rights and management more convenient, can the combination of the data of access be needed to create the model of access rights conventional some, be convenient to directly transfer use.
The model building device 23 of interactive device 24 connected reference authority.The device of the model of interactive device 24 demonstrating access authority represents the model of created access rights, and receives the setting for access rights, and the setting for access rights is the model based on represented access rights.In one embodiment, interactive device 24 represents the model of created access rights with the form of view and represents access flag corresponding to this model simultaneously, make user can understand authority corresponding to each data intuitively, thus set access rights as required easily.In one embodiment, the model of access rights creates based on Dorado.
Determine model building device 23 and the interactive device 24 of the device 25 connected reference authority of access rights.Determine that the model of the device 25 combined access authority of access rights forms access rights, access rights are by arranging appointment for access rights.In one embodiment, receive in the step of access rights setting for the selection that the setting of access rights is to view.User selects in the model of the access rights represented with view, determines desired access rights as required.
The control device of this data access authority forms the middleware between database and user, this middleware can be configured and revise to adapt to the demand of different access rights neatly, and do not need to modify to service code self or database self, thus substantially reduce workload.The control device of data access authority mainly realizes based on Dorado technology.
The control of authority of data level is peeled off by the control method of data access authority of the present invention and control device from service code, by the mode of middleware, the control of authority of data level can be implemented independent of database and service code, reduce the maintenance cost realizing cost and later stage.
Claims (10)
1. a control method for data access authority, is characterized in that, comprising:
Give the step of access flag, give access flag to the data in database;
Set up the step of access interface, set up access interface according to described access flag, access interface is corresponding with access flag, can be accessed the data with corresponding access flag by an access interface;
The modeling procedure of access rights, creates the model of access rights, the combination of the corresponding access interface of model of each access rights, by the data that the combination of described access interface can be corresponding in accessing database;
The step of the model of demonstrating access authority, represents the model of created access rights;
Receive the step that access rights are arranged, receive the setting for access rights, the described setting for access rights is the model based on represented access rights;
Determine the step of access rights, the model of combined access authority forms access rights, and described access rights are by arranging appointment for access rights.
2. the control method of data access authority as claimed in claim 1, it is characterized in that, the combination of described access interface comprises one or more access interface, can be accessed the data with one or more corresponding access flag by the combination of this access interface.
3. the control method of data access authority as claimed in claim 1, is characterized in that, represent the model of created access rights in the step of the model of described demonstrating access authority with the form of view.
4. the control method of data access authority as claimed in claim 3, is characterized in that, the step of the model of described demonstrating access authority comprises access flag corresponding to the model of demonstrating access authority.
5. the control method of data access authority as claimed in claim 3, is characterized in that, for the selection that the setting of access rights is to described view in the step that described reception access rights are arranged.
6. a control device for data access authority, is characterized in that, comprising:
Give the device of access flag, access flag is also given to the data in database in connection data storehouse;
Set up the device of access interface, connect device and the database of described imparting access flag, the device setting up access interface sets up access interface according to access flag, and access interface is corresponding with access flag, can be accessed the data with corresponding access flag by an access interface;
The model building device of access rights, creates the model of access rights, the combination of the corresponding access interface of model of each access rights, by the data that the combination of described access interface can be corresponding in accessing database;
Interactive device, connect the model building device of described access rights, the device of the model of interactive device demonstrating access authority represents the model of created access rights, and receives the setting for access rights, and the described setting for access rights is the model based on represented access rights;
Determine the device of access rights, connect model building device and the interactive device of described access rights, determine that the model of the device combined access authority of access rights forms access rights, described access rights are by arranging appointment for access rights.
7. the control device of data access authority as claimed in claim 6, it is characterized in that, the combination of described access interface comprises one or more access interface, can be accessed the data with one or more corresponding access flag by the combination of this access interface.
8. the control device of data access authority as claimed in claim 6, it is characterized in that, described interactive device represents the model of created access rights with the form of view.
9. the control device of data access authority as claimed in claim 8, is characterized in that, the access flag that the model of described interactive device also demonstrating access authority is corresponding.
10. the control device of data access authority as claimed in claim 8, is characterized in that, described interactive device receives the selection of described view as the setting for access rights.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410060839.4A CN104866776A (en) | 2014-02-24 | 2014-02-24 | Control method and device for data access permission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410060839.4A CN104866776A (en) | 2014-02-24 | 2014-02-24 | Control method and device for data access permission |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104866776A true CN104866776A (en) | 2015-08-26 |
Family
ID=53912598
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410060839.4A Pending CN104866776A (en) | 2014-02-24 | 2014-02-24 | Control method and device for data access permission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104866776A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107292188A (en) * | 2016-04-12 | 2017-10-24 | 北京明略软件系统有限公司 | A kind of method and apparatus for controlling access privilege |
-
2014
- 2014-02-24 CN CN201410060839.4A patent/CN104866776A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107292188A (en) * | 2016-04-12 | 2017-10-24 | 北京明略软件系统有限公司 | A kind of method and apparatus for controlling access privilege |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103616876B (en) | The establishment method of a kind of intelligence household centralized control equipment and intelligence home scene pattern | |
| CN108604186B (en) | Method and apparatus for creating and managing a controller-based remote solution | |
| CN104571026B (en) | Whole process metallurgy manufacturing execution system construction platform and construction method | |
| CN105159122A (en) | Smart home control system and control method | |
| CN103677835B (en) | Software integration method and system | |
| WO2011143949A1 (en) | Method for implementing service process and work flow engine | |
| CN103019726A (en) | Management method and device of software system service rules | |
| WO2008030519A3 (en) | Enterprise performance management software system having variable-based modeling | |
| CN103164206A (en) | Software customization system based on software as a service (SAAS) | |
| CN106095376A (en) | A kind of implementation method of quick configuration monitoring picture | |
| CN105432093B (en) | The system and method for general controls for electronic equipment | |
| CN104965672A (en) | Method for automatically, rapidly and conveniently configuring RAID | |
| CN105224299A (en) | A kind of universal modeling method based on system meta-model tectonic system model | |
| CN105429718A (en) | Multiple concurrent wireless frequency spectrum monitoring method | |
| CN109985386A (en) | A kind of method and apparatus generating map | |
| EP2829995A3 (en) | System and method for motor control center configuration | |
| CN104866776A (en) | Control method and device for data access permission | |
| CN104007723A (en) | Simple multimedia classroom control system based on intelligent campus environment | |
| CN103294461A (en) | Method and system for realizing microlog background interface | |
| CN104111841B (en) | A kind of implementation method of micro-kernel web Development Framework | |
| CN109360259A (en) | A kind of cloud rendering method of the synergetic office work of buildings model | |
| CN104461599A (en) | Integration method of multiple desktop starters | |
| CN109752962A (en) | A kind of Control System of Intelligent | |
| CN103699565A (en) | Establishment method of distributed database | |
| CN103616866A (en) | Integration control method of digital household equipment on basis of embedded middleware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150826 |
|
| WD01 | Invention patent application deemed withdrawn after publication |