CN105608149A - Relational database-based data space access method - Google Patents
Relational database-based data space access method Download PDFInfo
- Publication number
- CN105608149A CN105608149A CN201510956592.9A CN201510956592A CN105608149A CN 105608149 A CN105608149 A CN 105608149A CN 201510956592 A CN201510956592 A CN 201510956592A CN 105608149 A CN105608149 A CN 105608149A
- Authority
- CN
- China
- Prior art keywords
- access
- attribute
- nodeid
- node
- data space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The invention discloses a relational database-based data space access method. According to the method, data updating and authorization judgement are synthesized into an access request; and through executing the access request, the data updating and the authorization judgement are completed at once, so that the data access efficiency is improved.
Description
Technical field
The present invention relates to the access control field of data space. More particularly, the present invention relates to one based on relational databaseThe access method of data space.
Background technology
Data space (datespace) is a kind of novel Db Management Model, and main thought is to drop into extremely low front current costBy integrating with certain tissue or individual all relevant information, to the management of these information realizations pay-as-you-go.Compare with integrated system with traditional relational database system, data space is more suitable for managing that real world distributes, isomery andThe data of dynamic change. In recent years, along with going deep into of data space application and research, the secure access of data space becomes heatPoint problem.
The access control of data space has special requirement: 1) data space need to be described the data source of various granularities, because of the visitAsk that control must be fine-grained, can effectively access different levels, varigrained data. 2) data spaceBe dynamic and progressive process to the description of data source, visitor's authority is also along with the factor such as data attribute, environmental condition is movingThe variation of state. Therefore, data space must be supported dynamic access. The research of the current access control for data spaceFew, Main has: 1) data spatial model iDM is expanded, add the assembly for describing authority information,Thereby support the secure access of user to iDM. This way is for specific model iDM, instead of towards general model,Thereby be unfavorable for applying. 2) access control system of the data space of structure based on relational database, utilizes and closes coefficientRealize the access control of data space according to the access technique in storehouse. Deficiency is: there is no the visit that dynamically updates in supported data spaceAsk control. The present invention further improves on this basis, thereby realizes the data space access control that support dynamically updates.
Summary of the invention
An object of the present invention is to solve at least the problems referred to above, and provide at least below by the advantage of explanation.
A further object of the invention is to provide a kind of access method of the data space based on relational database, when user's logarithmWhile renewal according to the data in space, i.e., when user's executing data insertion, data modification and data deletion action, system canInstant according to user's access control right, stop or allow user's behavior, and then protection significant data is not modified.
In order to realize according to these objects of the present invention and other advantage, provide a kind of data space based on relational databaseAccess method, inclusion relation table in described relational database, the method will be converted to corresponding pass the access of data spaceThe access of system's table, the access rule of data space is described by the access rule of relation table, comprises the following steps:
Step 1, the request of access of input to data space, described request of access refers to be carried out and writes the data in data spaceThe request of operation;
Step 2, according to the content of this request of access, retrieve all relation table access rules relevant with this write operation, relationThe operating right that table access rule description has data accessed in relation table, each relation table access rule is with tableShow the mark of positive or negative mandate;
Step 3, rewrite request of access according to the above-mentioned relation table access rule that retrieves, make to authorize and judge and merge to accessIn request, first calculate to adopting to ship with the access rule of sure mandate mark the sure authorization resources of extracting, secondly toNegate to authorize the access rule of mark to adopt the negative authorization resources of union conjunction, then by authorization resources certainly obtained aboveCarry out difference operation with negative authorization resources, the result of difference operation is added in the request of access in step 1, after obtaining rewriteeingRequest of access;
Step 4, carry out request of access output access result after described rewriting.
Preferably, data space uses graph model G:=(N, E) to carry out data and the contact thereof in data of description space, wherein, and GFor data space, N is set of node { N1,...,Nk, node NiBy attribute-value, (attribute-value) formed, be designated asRepresentation node NiThe attribute series having,Represent value corresponding to this attribute series,Work as NiWhen=Φ, claim NiFor empty node, E is the set on limit, and limit is designated as (Ni,Nj, L), wherein Ni,Nj∈ N, i ≠ j, L representsThe label on limit, and L can be null value.
Preferably, by mapping function C and write operation collection, the dynamic data of data space is mapped to relational database, passes throughSupport the mapping function M of write operation the access rule of data space to be mapped to the access rule of relation table, thereby by dataThe access in space is converted to the access to corresponding relation table; Wherein, in data space, data are designated as DG, data in relation tableBe designated as DR, data space is designated as C (D to the mapping function C of relation tableG)=DR。
Preferably, the write operation that data space occurs comprises Create, Delete and Update operation, wherein, uses Create(nodeID, attribute, value) describes interpolation node and attribute-it is right to be worth; Describe with Create (nodeID, label, nodeID)Add internodal limit; Describe and delete whole node with Delete (nodeID), its attribute-value is to also deleted; Use Delete(nodeID, attribute, value) describe in deletion of node attribute-it is right to be worth; Describe with Delete (nodeID, label, nodeID)Limit between deletion of node; The right content of attribute in new node more-be worth is described with Update (nodeID, attribute, value);Describe the content of upgrading internodal limit with Update (nodeID, label, nodeID), said n odeID is the ID of node,Attribute is attribute, and label is the label on limit.
Preferably, the mapping ruler of described mapping function C comprises:
1) limit of G is mapped to relation table Edge (source, label, target), and wherein, source and target are respectively limitDraw node and introduce node, the label that label is limit;
2) attribute-value of the node of G is to being mapped to relation table Attribute (nodeID, value), and wherein, nodeID is jointThe ID of point, the property value that field value is node;
3) there is the situation of Create operation in data space: when Create (nodeID, attribute, value), use insertStatement is by added node and attribute thereof-be worth right content to be inserted into corresponding Attribute table, if this attribute does not haveAttribute table, first newly-built Attribute table inserts again; When Create (nodeID, label, nodeID), use insertAdded internodal limit is inserted into Edge table by statement;
4) there is the situation of Delete operation in data space: when Delete (nodeID), use delete statement to deleteAll the elements of this node during Attribute table and Edge show, if this node has that attribute-it is right to be worth, are used delete languageIn sentence deletion Attribute table, these attributes-it is right to be worth; If this node has limit to be connected with other node, use delete languageThese limits in Edge table deleted in sentence, when Delete (nodeID, attribute, value), uses delete statement to deleteIn Attribute table this node attribute-it is right to be worth, when Delete (nodeID, label, nodeID), use delete statementDelete this limit in Edge table;
5) there is the situation of update operation in data space: when Update (nodeID, attribute, value), use updateStatement upgrades the right content of the attribute of this node in Attribute table-be worth; When Update (nodeID, label, nodeID),Use update statement to upgrade the content on this limit in Edge table.
Preferably, the access rule R of described relation tableR={subjectR,objectR,actionR,signRBe described, itsIn, RRFor the access rule of relation table, subjectRRepresent the user that relation table is conducted interviews; ObjectRExpression relationThe access control object of table, i.e. accessed resource, is used " selectFfromTwhereP " to describe objectR, whereinT represents the set of the table (table) that authority relates to; F representative is subject to the set of the field (fields) of Permission Constraints, and F is included in TSet of fields in, be designated as:P is the predicate relevant to T.fields, represents restrictive condition; ActionRTableShow the create that user carries out resource, delete or update operation; SignRComprise mark "+" and "-", wherein, "+" tableShow sure mandate, "-" represents to negate to authorize.
Preferably, the access rule R of described data spaceG={subjectR,M(objectG),actionR,signRRetouchState, use M:objectG→objectRObject is describedGTo objectRMapping function, be designated as: M (objectG)=objectR=SelectFfromTwhereP, wherein objectGRepresent accessed resource in G, objectR∈DR,objectG∈DG, P=Pattribute∧Pedge∧Pjoin,PattributeIn wordDuan Jun is from Table A ttribute, PedgeIn field all from table Edge, connect predicate PjoinFor a word from multiple tablesSection couples together.
Preferably, the request of access A described in step 1G:=(uG,oG,aG) description uGTo oGExecutable operations aGAccess pleaseAsk, wherein uGRepresent user, oGRepresent accessed resource, aGRepresent operation corresponding create, delete and updateStatement, access resources oGThe approximate object of describing modeR,uG∈subjectR,oG∈objectG,aG∈actionR。
The present invention at least comprises following beneficial effect:
1) support fine granularity, the data space access control dynamically updating
The node in supported data of the present invention space, the fine-grained mandate on limit, upgrade the data of data space userTime, can, immediately according to user's access control right, stop or allow user's behavior.
2) access efficiency is higher
The present invention merges to user by request of access rewrite method by the access control rule of data space and upgrades in operation,Judge a synthetic request of access by Data Update and mandate, carry out this request of access and just equal once to have completed Data UpdateJudge with authorizing, and then improve the efficiency of data access.
Other advantage of the present invention, target and feature embody the explanation of part by below, and part also will be by the present inventionResearch and practice and understood by those skilled in the art.
Brief description of the drawings
Fig. 1 is the architectural framework figure of the inventive method access control system of being applied to the data space based on relational database;
Fig. 2 is the flow chart of data space access control method of the present invention;
Fig. 3 is the data space schematic diagram of describing scholar's information in embodiment 1;
Fig. 4 is that the data space of describing scholar's information in embodiment 1 is insinuated relation table Edge (limit table) and Attribute(attribute list)
Detailed description of the invention
Below in conjunction with embodiment, the present invention is described in further detail, to make those skilled in the art with reference to description wordCan implement according to this.
The invention provides a kind of access method of the data space based on relational database, inclusion relation in described relational databaseTable, the method will be converted to the access to corresponding relation table to the access of data space, and the access rule of data space is by closingThe access rule of system's table is described, and comprises the following steps:
Step 1, the request of access of input to data space, described request of access refers to be carried out and writes the data in data spaceThe request of operation;
Step 2, according to the content of this request of access, retrieve all relation table access rules relevant with this write operation, relationThe operating right that table access rule description has data accessed in relation table, each relation table access rule is with tableShow the mark of positive or negative mandate;
Step 3, rewrite request of access according to the above-mentioned relation table access rule that retrieves, make to authorize and judge and merge to accessIn request, first calculate to adopting to ship with the access rule of sure mandate mark the sure authorization resources of extracting, secondly toNegate to authorize the access rule of mark to adopt the negative authorization resources of union conjunction, then by authorization resources certainly obtained aboveCarry out difference operation with negative authorization resources, the result of difference operation is added in the request of access in step 1, after obtaining rewriteeingRequest of access;
Step 4, carry out request of access output access result after described rewriting.
Data space uses graph model G:=(N, E) to carry out data and the contact thereof in data of description space, and wherein, G is data skyBetween, N is set of node { N1,...,Nk, node NiBy attribute-value, (attribute-value) formed, be designated asRepresentation node NiThe attribute series having,Represent value corresponding to this attribute series,Work as NiWhen=Φ, claim NiFor empty node, E is the set on limit, and limit is designated as (Ni,Nj, L), wherein Ni,Nj∈ N, i ≠ j, L representsThe label on limit, and L can be null value.
By mapping function C and write operation collection, the dynamic data of data space is mapped to relational database, writes behaviour by supportThe mapping function M doing is mapped to the access rule of data space the access rule of relation table, thereby by the visit of data spaceAsk the access being converted to corresponding relation table; Wherein, in data space, data are designated as DG, in relation table, data are designated as DR,Data space is designated as C (D to the mapping function C of relation tableG)=DR。
The write operation that data space occurs comprises Create, Delete and Update operation, wherein, uses Create(nodeID, attribute, value) describes interpolation node and attribute-it is right to be worth; Describe with Create (nodeID, label, nodeID)Add internodal limit; Describe and delete whole node with Delete (nodeID), its attribute-value is to also deleted; Use Delete(nodeID, attribute, value) describe in deletion of node attribute-it is right to be worth; Describe with Delete (nodeID, label, nodeID)Limit between deletion of node; The right content of attribute in new node more-be worth is described with Update (nodeID, attribute, value);Describe the content of upgrading internodal limit with Update (nodeID, label, nodeID), said n odeID is the ID of node,Attribute is attribute, and label is the label on limit.
The mapping ruler of described mapping function C comprises:
1) limit of G is mapped to relation table Edge (source, label, target), and wherein, source and target are respectively limitDraw node and introduce node, the label that label is limit;
2) attribute-value of the node of G is to being mapped to relation table Attribute (nodeID, value), and wherein, nodeID is jointThe ID of point, the property value that field value is node;
3) there is the situation of Create operation in data space: when Create (nodeID, attribute, value), use insertStatement is by added node and attribute thereof-be worth right content to be inserted into corresponding Attribute table, if this attribute does not haveAttribute table, first newly-built Attribute table inserts again; When Create (nodeID, label, nodeID), use insertAdded internodal limit is inserted into Edge table by statement;
4) there is the situation of Delete operation in data space: when Delete (nodeID), use delete statement to deleteAll the elements of this node during Attribute table and Edge show, if this node has that attribute-it is right to be worth, are used delete languageIn sentence deletion Attribute table, these attributes-it is right to be worth; If this node has limit to be connected with other node, use delete languageThese limits in Edge table deleted in sentence, when Delete (nodeID, attribute, value), uses delete statement to deleteIn Attribute table this node attribute-it is right to be worth, when Delete (nodeID, label, nodeID), use delete statementDelete this limit in Edge table;
5) there is the situation of update operation in data space: when Update (nodeID, attribute, value), use updateStatement upgrades the right content of the attribute of this node in Attribute table-be worth; When Update (nodeID, label, nodeID),Use update statement to upgrade the content on this limit in Edge table.
The access rule R of described relation tableR={subjectR,objectR,actionR,signRBe described, wherein, RRFor the access rule of relation table, subjectRRepresent the user that relation table is conducted interviews; ObjectRRepresent the access of relation tableControl object, i.e. accessed resource, is used " selectFfromTwhereP " to describe objectR, wherein T representationThe set of the table (table) that limit relates to; F representative is subject to the set of the field (fields) of Permission Constraints, and F is included in the field of TIn set, be designated as:P is the predicate relevant to T.fields, represents restrictive condition; ActionRRepresent to useThe create that carry out resource at family, delete or update operation; SignRComprise mark "+" and "-", wherein, "+" represents to agreeFixed mandate, "-" represents to negate to authorize.
The access rule R of described data spaceG={subjectR,M(objectG),actionR,signRBe described, useM:objectG→objectRObject is describedGTo objectRMapping function, be designated as: M (objectG)=objectR=SelectFfromTwhereP, wherein objectGRepresent accessed resource in G, objectR∈DR,objectG∈DG, P=Pattribute∧Pedge∧Pjoin,PattributeIn wordDuan Jun is from Table A ttribute, PedgeIn field all from table Edge, connect predicate PjoinFor a word from multiple tablesSection couples together.
Request of access A described in step 1G:=(uG,oG,aG) description uGTo oGExecutable operations aGRequest of access, whereinuGRepresent user, oGRepresent accessed resource, aGRepresent operation corresponding create, delete and update statement,Access resources oGThe approximate object of describing modeR,uG∈subjectR,oG∈objectG,aG∈actionR。
The present invention is applied in the data space access control system based on relational database, this architectural framework as shown in Figure 1:
1) by mapping function C and renewal operation set, the dynamic data of data space is mapped to relational database;
2) the mapping function M that upgrades operation by support is mapped to the access rule of data space the access rule of relation table, thus the fine granularity access control of data space is converted to the access control to corresponding relation table;
3), in the time that user proposes request of access, request of access rewrites algorithm and first retrieves the visit relevant with this user's write operationAsk control law, then according to these rule overwriting request of access, make it comprise associated rights information, carry out the visit after rewriteeingAsk request, the relation table of mapping is carried out to fine-grained access.
As shown in Figure 2, the invention provides a kind of data space access control method of dynamically updating supported, be applied to based on passBe in the access control system of data space of database, comprise the following steps:
Step 1, user input the request of access to data space to system;
The request of access of data space refers to: user/role carries out the request of write operation to the data in data space. Especially, in the data space access control system based on relational database, the create of the corresponding SQL of write operation, delete andUpdate statement, wherein insert is update, and update upgrades operation, and delete is deletion action.
Step 2, according to the content of this request of access, the relevant relational database of system retrieval and this user's write operation is visitedAsk control law;
The kind of the user who relates to according to this request of access, accessed data and write operation, one by one retrieval and this user write behaviourRelevant access control rule { the R of data space that work matesG1,…,RGn}。
The relevant access rule that step 3, basis retrieve rewrites request of access, makes Data Update and authorizes judgement to merge toIn request of access;
First calculated data space correlation access control rule { R, successivelyG1,…,RGnIn
M(objectGi)=objectRi=selectFifromTiwherePiIf, signGiFor "+"Calculate by shipping of SQL the sure authorization resources of extracting; If signGiFor "-"?Negate authorization resources by the union conjunction of SQL. Then calculate by the difference operation of SQLFinally by SRAdd data space request of access A toGSQL describe where condition in, obtain rewrite after access pleaseAsk AG'.
Request of access A after step 4, execution rewriteG' and output access result;
The result of request of access refers to sure Authorization execution result and the negative Authorization execution knot of accessing operation in access resourcesReally.
In order further to understand the present invention, specifically describe application of the present invention below in conjunction with embodiment
Embodiment 1
As shown in Figure 3 and Figure 4, the mapped function C of data space of description scholar information is mapped to relation table Edge (limitTable) and Attribute (attribute list), wherein attribute list has comprised the table such as Aemail, Aname.
Suppose that user user1 wants to upgrade email information in data space, the request of access of user1 is: AG=(user1,M(objectG)=select*fromAemail, Update). The access control rule in tentation data space is:
{user1,M(objectG)=select*fromAemailwhereuser1id=nodeID,Create(nodeID,email,value),+};
{user1,M(objectG)=select*fromAemailwhereuser1id=nodeID,Delete(nodeID,email,value),+};
{user1,M(objectG)=select*fromAemailwhereuser1id=nodeID,Update(nodeID,email,value),+};
{user1,M(objectG)=select*fromAemailwherevaluelike‘gxtc.edu.cn’,Update(nodeID,email,value),-};
{user1,M(objectG)=select*fromAemail,Update(nodeID,email,value),+};
{user1,M(objectG)=select*fromAname,Update(nodeID,name,value),-};
{user2,M(objectG)=select*fromAemailwhereuser1id=nodeID,Update(nodeID,email,value),+}。
, according to the content of this request of access, system retrieval update that arrive and user user1 operates, access resources AemailShowing relevant data space access control rule has:
{user1,M(objectG)=select*fromAemailwhereuser1id=nodeID,Update(nodeID,email,value),+};
{user1,M(objectG)=select*fromAemail,Update(nodeID,email,value),+};
{user1,M(objectG)=select*fromAemailwherevaluelike‘gxtc.edu.cn’,Update(nodeID,email,value),-};
Analyze these relevant data space access control rule known, system constraint user user1 does not revise others' EmailThe authority of information, can only revise oneself, and does not comprise the Email information of suffix gxtc.edu.cn. HereGxtc.edu.cn refers to the mailbox of Guangxi Teachers College.
Calculate successively the M (object in relevant data space access control ruleG), if signGiFor "+" passes throughThe sure authorization resources of extracting is calculated in shipping of SQL, calculatesObtain
From example 1, the present invention merges to user by request of access rewrite method by the access control rule of data spaceUpgrade in operation, judge a synthetic request of access by Data Update and mandate, can be immediately according to user's access controlAuthority, stops or allows user's access behavior.
Industrial applicibility of the present invention
1) support fine granularity, the data space access control dynamically updating
The node in supported data of the present invention space, the fine-grained mandate on limit, upgrade the data of data space userTime, can, immediately according to user's access control right, stop or allow user's behavior.
2) access efficiency is higher
The present invention merges to user by request of access rewrite method by the access control rule of data space and upgrades in operation,Judge a synthetic request of access by Data Update and mandate, carry out this request of access and just equal once to have completed Data UpdateJudge with authorizing, and then improve the efficiency of data access.
Although embodiment of the present invention are open as above, it is not restricted to listed fortune in description and embodimentWith, it can be applied to various applicable the field of the invention completely, for those skilled in the art, and can be easilyRealize other amendment, therefore do not deviating under the universal that claim and equivalency range limit, the present invention does not limitIn specific details with illustrate here and the embodiment describing.
Claims (8)
1. an access method for the data space based on relational database, inclusion relation table in described relational database, shouldMethod will be converted to the access to corresponding relation table to the access of data space, and the access rule of data space is by relation tableAccess rule is described, and it is characterized in that, comprises the following steps:
Step 1, the request of access of input to data space, described request of access refers to be carried out and writes the data in data spaceThe request of operation;
Step 2, according to the content of this request of access, retrieve all relation table access rules relevant with this write operation, relationThe operating right that table access rule description has data accessed in relation table, each relation table access rule is with tableShow the mark of positive or negative mandate;
Step 3, rewrite request of access according to the above-mentioned relation table access rule that retrieves, make to authorize and judge and merge to accessIn request, first calculate to adopting to ship with the access rule of sure mandate mark the sure authorization resources of extracting, secondly toNegate to authorize the access rule of mark to adopt the negative authorization resources of union conjunction, then by authorization resources certainly obtained aboveCarry out difference operation with negative authorization resources, the result of difference operation is added in the request of access in step 1, after obtaining rewriteeingRequest of access;
Step 4, carry out request of access output access result after described rewriting.
2. the access method of the data space based on relational database as claimed in claim 1, is characterized in that, dataSpace is used graph model G:=(N, E) to carry out data and the contact thereof in data of description space, and wherein, G is data space, and N isSet of node { N1,...,Nk, node NiBy attribute-value, (attribute-value) formed, be designated as Representation node NiThe attribute series having,Represent value corresponding to this attribute series, work as NiWhen=Φ, claim NiForEmpty node, E is the set on limit, limit is designated as (Ni,Nj, L), wherein Ni,Nj∈ N, i ≠ j, L represents the label on limit, and L can beNull value.
3. the access method of the data space based on relational database as claimed in claim 2, is characterized in that, passes throughThe dynamic data of data space is mapped to relational database by mapping function C and write operation collection, by supporting the mapping of write operationFunction M is mapped to the access rule of data space the access rule of relation table, thereby the access of data space is converted toTo the access of corresponding relation table; Wherein, in data space, data are designated as DG, in relation table, data are designated as DR, data skyBetween be designated as C (D to the mapping function C of relation tableG)=DR。
4. the access method of the data space based on relational database as claimed in claim 3, is characterized in that, dataThe write operation that space occurs comprises Create, Delete and Update operation, wherein, and with Create (nodeID, attribute, value)Node is added in description and attribute-it is right to be worth; Describe and add internodal limit with Create (nodeID, label, nodeID); WithDelete (nodeID) describes and deletes whole node, and its attribute-value is to also deleted; With Delete (nodeID, attribute, value)Describe in deletion of node attribute-it is right to be worth; With the limit between Delete (nodeID, label, nodeID) description deletion of node; WithUpdate (nodeID, attribute, value) describes the right content of attribute in new node more-be worth; With Update (nodeID, label,NodeID) describe the content of upgrading internodal limit, said n odeID is the ID of node, and attribute is attribute, labelBe the label on limit.
5. the access method of the data space based on relational database as claimed in claim 4, is characterized in that, described inThe mapping ruler of mapping function C comprises:
1) limit of G is mapped to relation table Edge (source, label, target), and wherein, source and target are respectively limitDraw node and introduce node, the label that label is limit;
2) attribute-value of the node of G is to being mapped to relation table Attribute (nodeID, value), and wherein, nodeID is jointThe ID of point, the property value that field value is node;
3) there is the situation of Create operation in data space: when Create (nodeID, attribute, value), use insertStatement is by added node and attribute thereof-be worth right content to be inserted into corresponding Attribute table, if this attribute does not haveAttribute table, first newly-built Attribute table inserts again; When Create (nodeID, label, nodeID), use insertAdded internodal limit is inserted into Edge table by statement;
4) there is the situation of Delete operation in data space: when Delete (nodeID), use delete statement to deleteAll the elements of this node during Attribute table and Edge show, if this node has that attribute-it is right to be worth, are used delete languageIn sentence deletion Attribute table, these attributes-it is right to be worth; If this node has limit to be connected with other node, use delete languageThese limits in Edge table deleted in sentence, when Delete (nodeID, attribute, value), uses delete statement to deleteIn Attribute table this node attribute-it is right to be worth, when Delete (nodeID, label, nodeID), use delete statementDelete this limit in Edge table;
5) there is the situation of update operation in data space: when Update (nodeID, attribute, value), use updateStatement upgrades the right content of the attribute of this node in Attribute table-be worth; When Update (nodeID, label, nodeID),Use update statement to upgrade the content on this limit in Edge table.
6. the access method of the data space based on relational database as claimed in claim 5, is characterized in that, described inThe access rule R of relation tableR={subjectR,objectR,actionR,signRBe described, wherein, RRFor relation tableAccess rule, subjectRRepresent the user that relation table is conducted interviews; ObjectRRepresent the access control object of relation table,Be accessed resource, use " selectFfromTwhereP " to describe objectR, wherein T represents the table that authority relates to(table) set; F representative is subject to the set of the field (fields) of Permission Constraints, and F is included in the set of fields of T, noteFor:P is the predicate relevant to T.fields, represents restrictive condition; ActionRRepresent that user enters resourceThe create of row, delete or update operation; SignRComprise mark "+" and "-", wherein, "+" represents certainly to authorize, "-"Represent to negate to authorize.
7. the access method of the data space based on relational database as claimed in claim 6, is characterized in that, described inThe access rule R of data spaceG={subjectR,M(objectG),actionR,signRBe described, useM:objectG→objectRObject is describedGTo objectRMapping function, be designated as: M (objectG)=objectR=SelectFfromTwhereP, wherein objectGRepresent accessed resource in G, objectR∈DR,objectG∈DG,PattributeIn wordDuan Jun is from Table A ttribute, PedgeIn field all from table Edge, connect predicate PjoinFor a word from multiple tablesSection couples together.
8. the access method of the data space based on relational database as claimed in claim 7, is characterized in that, stepRequest of access A described in oneG:=(uG,oG,aG) description uGTo oGExecutable operations aGRequest of access, wherein uGRepresentUser, oGRepresent accessed resource, aGRepresent operation corresponding create, delete and update statement, access moneySource oGThe approximate object of describing modeR,uG∈subjectR,oG∈objectG,aG∈actionR。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510956592.9A CN105608149A (en) | 2015-12-19 | 2015-12-19 | Relational database-based data space access method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510956592.9A CN105608149A (en) | 2015-12-19 | 2015-12-19 | Relational database-based data space access method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105608149A true CN105608149A (en) | 2016-05-25 |
Family
ID=55988089
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510956592.9A Pending CN105608149A (en) | 2015-12-19 | 2015-12-19 | Relational database-based data space access method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105608149A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106202386A (en) * | 2016-07-08 | 2016-12-07 | 唐博 | The method automatically analyzing database table relation |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1293306A (en) * | 1999-10-19 | 2001-05-02 | 张德生 | Manually pneumatic electric generator |
US6490585B1 (en) * | 1999-11-12 | 2002-12-03 | Unisys Corp | Cellular multiprocessor data warehouse |
US7533128B1 (en) * | 2005-10-18 | 2009-05-12 | Real-Time Innovations, Inc. | Data distribution service and database management systems bridge |
CN102902750A (en) * | 2012-09-20 | 2013-01-30 | 浪潮齐鲁软件产业有限公司 | Universal data extraction and conversion method |
CN103390039A (en) * | 2013-07-17 | 2013-11-13 | 北京建筑工程学院 | Urban disaster thematic map real-time generating method based on network information |
-
2015
- 2015-12-19 CN CN201510956592.9A patent/CN105608149A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1293306A (en) * | 1999-10-19 | 2001-05-02 | 张德生 | Manually pneumatic electric generator |
US6490585B1 (en) * | 1999-11-12 | 2002-12-03 | Unisys Corp | Cellular multiprocessor data warehouse |
US7533128B1 (en) * | 2005-10-18 | 2009-05-12 | Real-Time Innovations, Inc. | Data distribution service and database management systems bridge |
CN102902750A (en) * | 2012-09-20 | 2013-01-30 | 浪潮齐鲁软件产业有限公司 | Universal data extraction and conversion method |
CN103390039A (en) * | 2013-07-17 | 2013-11-13 | 北京建筑工程学院 | Urban disaster thematic map real-time generating method based on network information |
Non-Patent Citations (1)
Title |
---|
潘颖 等: ""基于关系数据库的极松散结构数据模型的访问控制研究"", 《电子学报》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106202386A (en) * | 2016-07-08 | 2016-12-07 | 唐博 | The method automatically analyzing database table relation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7419244B2 (en) | Learning ETL rules by example | |
US8631387B2 (en) | System and method for the structuring and interpretation of organic computer programs | |
US7526501B2 (en) | State transition logic for a persistent object graph | |
US10778688B2 (en) | Descendent case role alias | |
US7702679B2 (en) | Method for creating and tracking external system data via a mind map | |
US20180150531A1 (en) | Enhanced mechanisms for managing multidimensional data | |
US8874619B2 (en) | Method and apparatus for defining common entity relationships | |
CN103368765B (en) | A kind of privileges of management system adding method and device | |
US10417263B2 (en) | Method and apparatus for implementing a set of integrated data systems | |
US20180150442A1 (en) | Controlling Access to Documents by Parties | |
Krneta et al. | A direct approach to physical Data Vault design | |
CN105608149A (en) | Relational database-based data space access method | |
Hwang et al. | A selection method of database system in Bigdata environment: a case study from smart education service in Korea | |
US20230229853A1 (en) | Systems and methods for translation comments flowback | |
Akoka et al. | A four V’s design approach of NoSQL graph databases | |
Brandon | Recursive database structures | |
US9858641B2 (en) | Representing a system using viewpoints | |
US10803014B2 (en) | Dynamic data relationships in a graph database | |
Malakar et al. | Correlation measure of hesitant fuzzy linguistic term soft set and its application in decision making | |
Pilev et al. | Effective Time Temporal Database Model | |
Braunschweig et al. | A flexible graph-based data model supporting incremental schema design and evolution | |
USRE48312E1 (en) | Method and apparatus for defining common entity relationships | |
Foster et al. | Integrity rules and normalization | |
Rubis et al. | The business data object versioning and change history patterns | |
Motta et al. | From strategic to conceptual information modelling: a method and a case study |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160525 |
|
RJ01 | Rejection of invention patent application after publication |