CN105912949A - Data permission management method, data permission management system and service management system - Google Patents
Data permission management method, data permission management system and service management system Download PDFInfo
- Publication number
- CN105912949A CN105912949A CN201610225858.7A CN201610225858A CN105912949A CN 105912949 A CN105912949 A CN 105912949A CN 201610225858 A CN201610225858 A CN 201610225858A CN 105912949 A CN105912949 A CN 105912949A
- Authority
- CN
- China
- Prior art keywords
- data
- information
- authority
- management system
- operation system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/211—Schema design and management
Abstract
The invention discloses a data permission management method, a data permission management system and a service management system and relates to the field of computer technologies. The method disclosed by the invention comprises the steps that the data permission management system receives a user's data access request intercepted by the service system; through analysis of the data access request, an object to be accessed by the user is acquired; access permission information of the object to be accessed by the user is searched in permission configuration information; and the access permission information is integrated with the data access request, and then the integrated information and request are returned to the service system, so that the service system can continue processing the data access request with the access permission information. According to the invention, uniform and centralized management of data permissions of each service system can be implemented by the data permission management system; and management and maintenance become convenient.
Description
Technical field
The present invention relates to field of computer technology, particularly to a kind of data permission management method,
Data right management system and business management system.
Background technology
Rights management, refers generally to safety regulation or security strategy, the user arranged according to system
Can access and the resource oneself being authorized to can only be accessed.Rights management is divided into two big classes, merit
Energy level control of authority and data level control of authority, wherein, what data permission solved is that main body can be right
Which data carries out the problem operated, and such as, user can only check my all sequence informations
And other people sequence information can not be checked.
The type of database that different business systems is supported may be different, and the most multiple operation systems are divided
Do not support that Oracle, Mysql, SQL server etc., even some operation systems support non-pass
It is that type data base carries out data storage.The diversity of this data base and personalization cause each industry
Business system is required for oneself process for the control of data permission, manages and safeguards relatively difficult.
Such as, with the data permission management of the operation system that hard coded mode realizes, data permission manages
Logic is coupled with the service logic of the forms such as if/else with native system, each operation system
It is required for being implemented separately the data permission management logic of native system, manages and safeguard relatively difficult.
Summary of the invention
To be solved by this invention one of them technical problem is that: how to realize each operation system
The unified management of data permission, to reduce management and the difficulty safeguarded.
According to an aspect of the present invention, it is provided that a kind of data permission management method, including: number
The data access request of the user that operation system intercepts is received according to Rights Management System;Data permission pipe
Reason system obtains, by resolving data access request, the object that user to be accessed;Data permission management is
Unite and search the access authority information of user's object to be accessed from privileges configuration information;Data permission
Access authority information is merged by management system with data access request, and is back to operation system,
So that operation system continues with the data access request with access authority information.
In one embodiment, data right management system searches user to desire from privileges configuration information
The access authority information of the object accessed includes: data right management system is looked into from privileges configuration information
Look for the authority configured list that the object to be accessed is corresponding, authority configured list include authority distribution object,
Permission type and rights expression;Data right management system is distributed in the authority of authority configured list
Object finds user, if the user operation comprised in data access request and authority configuration row
The permission type coupling that in table, this user is configured, then extract user corresponding from authority configured list
Rights expression.
In one embodiment, data permission management method also includes: data right management system is adopted
The database information of collection operation system;Data right management system is believed according to the data base of operation system
Cease the data base from operation system and capture the metadata information that authority configuration is relevant;Data permission manages
System carries out authority according to the metadata information captured and configures to form privileges configuration information.
In one embodiment, the database information of the operation system that data right management system gathers
String is connected including type of database and data base;Data right management system is according to the number of operation system
The metadata information capturing authority configuration relevant according to the data base of storehouse information from business systems includes: number
Connect according to data base according to Rights Management System and be series-connected to the data base of operation system, and according to
It is relevant and corresponding with type of database that type of database captures authority configuration from the data base of operation system
Metadata information, wherein, metadata information includes accessed object information and attribute information thereof.
In one embodiment, metadata information includes accessed object information and attribute information thereof;
Data right management system carries out authority configuration according to the metadata information captured and includes: data permission
Management system is accessed object configuration authority configured list, and believes according to the attribute of accessed object
Authority distribution object, permission type and rights expression in its authority configured list is joined by breath
Put to form privileges configuration information.
In one embodiment, operation system judges this business system according to the system filter identification arranged
System is the need of carrying out data access filtration, if it is desired, then enter the data access request of user
Row intercepts;Or, after operation system intercepts the data access request of user, according to the object arranged
Filter identification judge object that user to be accessed the need of carrying out data access filtration, the need to
Carry out data access filtration, then send data access request to data right management system.
According to the second aspect of the invention, it is provided that a kind of data permission management method, including:
The database information of data right management system capturing service system;Data right management system according to
The database information of operation system captures, from the data base of operation system, the metadata that authority configuration is relevant
Information;Data right management system carries out authority according to the metadata information captured and configures to form power
Limit configuration information.
In one embodiment, the database information of the operation system that data right management system gathers
String is connected including type of database and data base;Data right management system is according to the number of operation system
The metadata information capturing authority configuration relevant according to the data base of storehouse information from business systems includes: number
Connect according to data base according to Rights Management System and be series-connected to the data base of operation system, and according to
It is relevant and corresponding with type of database that type of database captures authority configuration from the data base of operation system
Metadata information, wherein, metadata information includes accessed object information and attribute information thereof.
In one embodiment, metadata information includes accessed object and attribute information thereof;Data
Rights Management System carries out authority configuration according to the metadata information captured and includes: data permission manages
System is accessed object configuration authority configured list, and according to the attribute information pair of accessed object
Authority distribution object, permission type and rights expression in its authority configured list carry out configuring with
Form privileges configuration information.
According to the third aspect of the present invention, it is provided that a kind of data right management system, including:
Data access filtering module, and/or, data permission configuration module;Data access filtering module includes:
Data access request receives unit, for receiving the data access request of the user that operation system intercepts;
Data access request resolution unit, for by resolving what data access request acquisition user to be accessed
Object;Authority information acquiring unit, right to be accessed for searching user from privileges configuration information
The access authority information of elephant;Authority information processing unit, for visiting access authority information with data
The request of asking merges, and is back to operation system, in order to operation system continues with access
The data access request of authority information;Data permission configuration module includes: operation system administrative unit,
Database information for capturing service system;Metadata placement unit, for according to operation system
Database information capture, from the data base of operation system, the metadata information that authority configuration is relevant;Power
Limit dispensing unit, for carrying out authority configuration to form authority configuration according to the metadata information captured
Information.
In one embodiment, authority information acquiring unit, it is intended to for searching from privileges configuration information
Authority configured list corresponding to object accessed, authority configured list includes authority distribution object, power
Limit type and rights expression;User is found in the authority distribution object of authority configured list,
If the user operation comprised in data access request is configured with this user in authority configured list
Permission type mates, then extract the rights expression that user is corresponding from authority configured list.
In one embodiment, the database information of the operation system that operation system administrative unit gathers
String is connected including type of database and data base;Metadata placement unit, for according to data base even
Meet the data base being series-connected to operation system, and according to type of database from the data of operation system
Storehouse captures the metadata information that authority configuration is relevant and corresponding with type of database, wherein, metadata
Information includes accessed object information and attribute information thereof.
In one embodiment, metadata information includes accessed object information and attribute information thereof;
Authority dispensing unit, for configuring authority configured list for accessed object, and according to accessed right
The attribute information of elephant is to authority distribution object, permission type and the authority list in its authority configured list
Reach formula to carry out configuring to form privileges configuration information.
According to the fourth aspect of the present invention, it is provided that a kind of business management system, including business
Data right management system in any one embodiment in system and the aforementioned third aspect, operation system,
For the data access request of user is intercepted, the data access request of the user of interception is sent out
Deliver to data right management system, and receive that data right management system returns with access rights
The data access request of information continues with.
In one embodiment, operation system, it is additionally operable to judge according to the system filter identification arranged
This operation system is the need of carrying out data access filtration, if it is desired, then visit the data of user
The request of asking intercepts;Or, after intercepting the data access request of user, according to the object arranged
Filter identification judge object that user to be accessed the need of carrying out data access filtration, the need to
Carry out data access filtration, then send data access request to data right management system.
Present invention achieves the data right management system system to the data permission of each operation system
One and centralized management, it is simple to manage and safeguard.On the one hand, by gathering each operation system
Database information, and it is relevant to capture authority configuration according to the data base of the information from business systems gathered
Metadata information, then according to capture information carry out authority configuration, it is achieved that data permission pipe
Reason system is to the unification of the data permission of each operation system and centralized configuration.On the other hand, respectively
The data access request of the user that individual operation system intercepts all is sent to data right management system, by
Each operation system is conducted interviews control by data right management system based on privileges configuration information unification.
Additionally, this centralized management pattern can also the quickly change of response service system organization framework and adjustment,
Realize the flexible management of data permission.
By detailed description to the exemplary embodiment of the present invention referring to the drawings, the present invention
Further feature and advantage will be made apparent from.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will
The accompanying drawing used required in embodiment or description of the prior art is briefly described, it is clear that
Ground, the accompanying drawing in describing below is only some embodiments of the present invention, skill common for this area
From the point of view of art personnel, on the premise of not paying creative work, it is also possible to obtain according to these accompanying drawings
Other accompanying drawing.
Fig. 1 illustrates the structural representation of the business management system of one embodiment of the present of invention.
Fig. 2 illustrates the data permission configuration of the data permission management method of one embodiment of the present of invention
The schematic flow sheet of process.
Fig. 3 illustrates the relevant database of one embodiment of the present of invention and non-relational database
Contrast schematic diagram.
Fig. 4 illustrates the UML class figure that the metadata of one embodiment of the present of invention captures.
Fig. 5 illustrates that the data access of the data permission management method of one embodiment of the present of invention filters
The schematic flow sheet of process.
Fig. 6 illustrates the structural representation of the data right management system of one embodiment of the present of invention.
Fig. 7 illustrates that the data right management system of one embodiment of the present of invention carries out data permission and joins
The workflow schematic diagram put.
Fig. 8 illustrates the structural representation of the data right management system of an alternative embodiment of the invention.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, to the technical scheme in the embodiment of the present invention
It is clearly and completely described, it is clear that described embodiment is only that a part of the present invention is real
Execute example rather than whole embodiments.Description at least one exemplary embodiment is real below
It is merely illustrative on border, never as to the present invention and application thereof or any restriction of use.
Based on the embodiment in the present invention, those of ordinary skill in the art are not before making creative work
Put the every other embodiment obtained, broadly fall into the scope of protection of the invention.
In order to realize the unified management of the data permission of each operation system, this programme is proposed.
Fig. 1 is the structural representation of an embodiment of business management system of the present invention.Tie below
Close Fig. 1 the structure of the business management system of the present invention is described.
As it is shown in figure 1, business management system include data right management system and operation system 1,
Operation system 2 ... and operation system n.Each operation system by its database realizing is originally
Data storage in system.The type of database of each operation system support can be identical, also
Can be different.Each operation system can support one or more type of database.Data
The data permission of each operation system is managed collectively by Rights Management System.Wherein, data
Authority Explore of Unified Management Ideas includes each operation system carries out unified data permission configuration
Process and data access filter process.Describe separately below and each operation system is unified
The process of data permission configuration and the embodiment of data access filter process.
Describe what each operation system was unified by data right management system below in conjunction with Fig. 2
The process of data permission configuration.
Fig. 2 is data permission configuration one embodiment of process of data permission management method of the present invention
Flow chart.As in figure 2 it is shown, the method for this embodiment includes:
Step S202, data right management system needs the management of each operation system to get up, gathers
The database information of each operation system.
Wherein, the database information of the operation system of data right management system collection includes data base
Type and data base connect string, it is also possible to include such as operation system title, operation system coding,
Data storage methods (relevant database, non-relational database) etc., shown in reference table 1.
The example of the database information of each operation system that table 1 gathers for data right management system.Its
In, data right management system is series-connected to corresponding data base, according to number by data base's connection
The metadata information of correspondence is captured and according to class database from the data base of operation system according to storehouse type
Type carries out data permission configuration to operation system.For relationship type and non-relational database, need
Being respectively provided with different connected modes and be connected to data base, such as, relevant database can pass through
JDBC (Java Data Base Connectivity, Java data base connects) mode connects, and
Non-relational database is then required for concrete type of database personalization and writes linker.
Table 1
Step S204, data right management system according to the database information of operation system from business system
The data base of system captures the metadata information that authority configuration is relevant.
In one embodiment, data right management system is series-connected to business according to data base's connection
The data base of system, and capture authority configuration according to type of database from the data base of operation system
Relevant and corresponding with type of database metadata information.
The metadata that different data storage methods is corresponding also differs.As shown in Figure 3, to close
As a example by being type data base and non-relational database MongoDB, relevant database captures number
According to storehouse (Database) information, tables of data (Table) information and row information.Non-relational data
Storehouse MongoDB captures data base (Database) information, set (Collection) information
With document (Document) information.Tables of data (Table) information in relevant database is suitable
Set (Collection) information in MongoDB, the row information phase in relevant database
When document (Document) information in MongoDB.The metadata information captured can return
Select when carrying out authority configuration for rights management personnel back to data permission configuration interface, example
As rights management personnel data permission configuration interface by the formal character data base such as drop-down menu,
The information such as data set, table, row.
The metadata information captured is mainly used in follow-up authority configuration process, therefore, the unit of crawl
Data message mainly includes accessed object information and attribute information thereof.If relevant database,
Data right management system captures, from the data base of operation system, the traffic table information that authority configuration is relevant
And field information;If non-relational database, data right management system is from operation system
Data base capture the relevant aggregate information of authority configuration and key assignments (KEY) information.Wherein, industry
Business table information such as includes table name, and field information such as includes field, if this field and numeral phase
Closing (such as, field is the amount of money, the numeral that the storage of these row is concrete), field information can also include essence
The information such as exactness and decimal digits.In like manner, aggregate information such as includes set name, key assignments information example
As included key assignments, if this key assignments and digital correlation, key assignments information can also include degree of accuracy and little
Numerical digit number etc..
Based on above-mentioned data right management system from the method for business system grabs metadata information, aobvious
So, except accessed object information and attribute information thereof can be captured, it is also possible to according to different need
Seek the metadata information capturing other.The metadata information captured such as can include following a few class,
As a example by relevant database:
Database (data base): such as database-name, type, version etc. can be captured
Schema (data set): in different relevant databases, data set is slightly different (such as,
Oracle:schema, MySQL:catalog, SQL Server:catalog.schema), permissible
Capture the title of such as data set, pattern etc..
Table (tables of data): can capture such as table name, type, major key, external key, constraint,
Trigger, index and authority etc..
Column (arranges): can capture such as title, annotation, whether be null, precision, little
Numerical digit number, default value etc..
The Application Example captured metadata below in conjunction with Fig. 4 is described.Due to difference
The data base of type obtains the mode of metadata and is connected to the mode difference of data base, in order to more
It is extended well, so that the type better adapting to data base updates, strategy pattern to be taked
Realize the crawl of the metadata of disparate databases.As shown in Figure 4, " MysqlDataSource ",
" OracleDataSource " etc. are all to comprise realization acquisition data base to connect the class of string function, can
Corresponding class is selected with the type of database connected as required.In like manner,
" MysqlMetaCrawler ", " OracleMetaCrawler " are to comprise to realize metadata and grab
Taking the class of function, the type of database that can capture metadata type as required selects corresponding class.
The logic realization that metadata captures is as follows: MetaLoader is the main-inlet of whole crawl logic, logical
Cross instantiation concrete data source and MetaLoader is carried out instantiation, such as, MetaLoader ml
=new MetaLoaderImpl (MysqlDataSource), thus obtain the company of Mysql data base
Connect string and carry out data cube computation.Then concrete metadata is created by MetaCrawlerFactory
Capture example, such as MysqlMetaCrawler, concrete, by the MetaCrawler created
Example AbstractMetaCrawler goes to obtain the data table information under this data source or set letter
Breath, and the field information of table or key assignments information, such as, relevant database typically passes through
DatabaseMetaData object goes to obtain these metadata, and non-relational database can be done fixed
System exploitation.Then, the metadata information that MetaCrawler return captures is to MetaLoader, complete
Metadata is become to capture process.
Step S206, data right management system carries out authority according to the metadata information captured and joins
Put to form privileges configuration information.
In one embodiment, data right management system is accessed object configuration authority configuration row
Table, and according to the attribute information of accessed object to the authority distribution object in its authority configured list,
Permission type and rights expression carry out configuring to form privileges configuration information.
Below in conjunction with the explanation data permission configuration process that table 2 is exemplary.As shown in table 2, data
Rights Management System is that needs are carried out according to the data permission configuration order of the transmission of rights management person
Traffic table or the set of authority configuration generate an authority configured list, wrap in authority configured list
Include authority distribution object, permission type and rights expression, can also include as required such as weighing
Limit distribution object type, rights expression description etc., but it is not limited to examples cited.Wherein, authority
Distribution object type such as includes individual, role, packet, position, post or department etc., also
On-demand different types can be divided into according to the granularity of authority distribution and personnel's scope of impact.
Authority distribution object such as includes: according to individual, role, packet, position, post or department
Carry out single distribution object or the assembly type distribution object divided.Table 2 such as divide according to individual
Single distribution object Zhang San, the assembly type distribution object Finance Department divided according to department, including wealth
All employees in business portion.Permission type such as includes inquiring about, revises, increases, deletes, but does not limits
In examples cited.Preferably, rights expression can be according to language corresponding to concrete type of database
The concrete operations statement that method generates, such as, if that relevant database generation is exactly SQL
Conditional statement (form: field+operator+condition value, money > 10000), if
MongoDB generate be exactly MongoDB statement (form: field name+": "+condition value,
As age:33}).As shown in table 2, such as rights expression money > 100000, data rights
Limit management system needs first to obtain field money, then according to authority pipe when generating this expression formula
Configuration condition and the grammatical rules of current database in the data permission configuration order of reason person are raw
Become the rights expression of money > 100000.Authority configured list can also be back to data permission
Configuration interface is so that rights management person confirms configured authority information, and wherein rights expression describes
One is arranged for the ease of rights management person confirms.
Table 2
The method of above-described embodiment is by gathering the database information of each operation system, and foundation is adopted
The data base of the information from business systems of collection captures the metadata information that authority configuration is relevant, then root
Authority configuration is carried out, it is achieved that data right management system is to each business system according to the information captured
The unification of the data permission of system and centralized configuration.It is easy to the management of each operation system and safeguards,
Can also the quickly change of response service system organization framework and adjustment, it is achieved data permission flexible
Management.Additionally, some more complicated data permission configuration management data right management system are also
It is capable of.
One Application Example of data permission configuration process is as follows: rights management person logs in data rights
Limit management system, enters data permission configuration interface and selects to need operation system and the data of configuration
Storehouse, data right management system, according to the database information of each the most acquired operation system, obtains
Storehouse connection of fetching data is series-connected to this data base, and believes the table of all traffic table in this data base
Breath captures, and table name is shown in data permission configuration interface and selects for rights management person, authority
Manager selects a traffic table, and the field information in this traffic table is entered by data right management system
Row captures, and field is shown in data permission configuration interface and selects for rights management person, rights management
Member selects field and inputs configuration condition, and selects authority distribution object and authority by display interface
Type, data right management system generates power according to type of database, field information and configuration condition
Limit expression formula, and associate with authority distribution object and permission type generate a privileges configuration information write
Enter the authority configured list of this traffic table, complete data permission configuration process.Join at this data permission
During putting, rights management person can be selected by data permission configuration interface, it is also possible to straight
Connect input data permission configuration order;Data right management system shows after can capturing metadata
Show and select for rights management person, it is also possible to go again to capture corresponding unit number after rights management person selects
According to, as long as realized multiple operation systems by the method described in step 202 to step 206
Data permission carry out unifying the process of configuration and broadly fall into scope of protection of the present invention.
From above-mentioned Application Example it can be seen that user carries out shirtsleeve operation i.e. by operation interface
Multiple operation systems can be carried out unified data permission configuration work, easily learn, it is easy to grasp.
Data right management system is also based on privileges configuration information to each operation system
The data access request of user carries out data access filtration, describes this situation below in conjunction with Fig. 5.
Wherein, during data access filters, the privileges configuration information of application can use previous embodiment to describe
Collocation method obtain, it would however also be possible to employ other collocation methods obtain.
Fig. 5 is one embodiment of data access filter process of data permission management method of the present invention
Flow chart.As it is shown in figure 5, the method for this embodiment includes:
Step S502, user sends data access request to operation system.
Wherein, operation system to be accessed may support different type of database, therefore data
Access request can be the action statement corresponding with disparate databases, such as, if operation system is propped up
Hold relevant database, then data access request can be SQL statement, if operation system support
Non-relational database such as MongoDB, then data access request can be MongoDB statement.
Step S503, whether operation system judges this operation system according to the system filter identification arranged
Needing to carry out data access filtration, if needing to carry out data access filtration, then performing step S504,
If it is not required, then directly perform the data access request of user.
According to service needed, system filter identification can be optionally set.Filter by arranging system
Mark can reduce between operation system and data right management system mutual, improves system effectiveness.
Judge it is of course also possible to do not arrange filter identification in operation system, then can reduce business
The change of system.
Step S504, operation system intercepts the data access request of user.
In one embodiment, by the data access of user being asked at operation system configuration blocker
Ask and intercept.
The application example of a kind of blocker is as follows: with operation system support type of database for close
As a example by being type data base, major part supports that the operation system of relevant database all uses at present
The frameworks such as Spring MVC, Spring, Mybatis, and use hierarchical design to carry out the structure of system
Set up meter, such as, include Controller (control) layer, Service (service) layer, DAO (Data
Access Object, data access) layer, at DAO layer, blocker can be set to database manipulation
Statement intercepts.All of SQL statement such as to be intercepted by operation system, can be to frame
The blocker Interceptor of frame configures, it is intended that class object to be intercepted, class to be intercepted which
Individual method and method parameter set to be intercepted, such as realize all with blocker in Mybatis
SQL statement carries out the mode intercepted :@Intercepts ({@Signature (type=
StatementHandler.class, method=" prepare ", args=
{Connection.class})})。
Step S505, arranges object filter mark in operation system, and operation system intercepts the number of user
After access request, data access request is resolved, obtain the traffic table to be accessed of user or
Person gather, and check this traffic table or set object filter mark, if this traffic table or
Set needs to carry out data access filtration, then the data access request intercepted is sent extremely by operation system
Data right management system, if this traffic table or set are made without data access and filter,
The most directly perform the data access request of user.
According to service needed, object filter mark can be optionally set.By arranging object filter
Mark, it is possible to reduce mutual between operation system and data right management system, improves system effectiveness.
Judge it is of course also possible to do not arrange this filter identification in operation system, then can reduce industry
The change of business system.
Step S506, the data access request intercepted is sent to data permission to manage and is by operation system
System, accordingly, data right management system receives the data access of the user that operation system intercepts please
Ask.
In one embodiment, operation system calls the interface of data right management system by interception
Data access request sends to data right management system.The interface of data right management system is such as
Can be Web Service interface, but be not limited to examples cited.
According to safety need, the information of transmission can also optionally be signed by operation system,
Data right management system carries out sign test the most accordingly, the legitimacy called with guarantee.According to safety
Needing, the data access request sent can also be optionally encrypted by operation system, data
Rights Management System is then decrypted according to corresponding decryption method, to ensure the reliability of transmission,
Data access request is avoided to be modified in transmitting procedure.
Step S508, data right management system is intended to visit by resolving data access request acquisition user
The object asked.
Wherein, for relevant database, data right management system please by resolving data access
Seek the table name of the traffic table that can know that user to be accessed, to information such as the concrete operations of traffic table;
For non-relational database, data right management system can obtain by resolving data access request
Know the set name that user to be accessed, to information such as the concrete operations gathered.
Step S510, data right management system searches user to be accessed from privileges configuration information
The access authority information of object.
In one embodiment, data right management system to be accessed from privileges configuration information lookup
The authority configured list that object is corresponding, authority configured list includes authority distribution object, permission type
And rights expression;Data right management system is looked in the authority distribution object of authority configured list
Find user, if the user operation comprised in data access request and this use in authority configured list
The permission type coupling that family is configured, then extract the authority list that user is corresponding from authority configured list
Reach formula;If mating unsuccessful, then show the authority of the operation that this user not carried out.
Such as, data right management system is logical can uniquely identify this user by ID etc.
Mark in the authority distribution object of authority configured list, find user.Additionally, divide in authority
Match as middle lookup can be carried out according to the default setting of system less than in the case of this user accordingly
Process.Such as, if user is not in the range of authority distribution object, can be with this use of default setting
The authority at family is unrestricted, then data access request is returned directly to operation system and perform;
Or, it is also possible to this user of default setting does not has authority to this traffic table, the most no longer data is visited
The request of asking is back to operation system and performs.
Step S512, access authority information is carried out by data right management system with data access request
Merge, and be back to operation system.Wherein, the data access request after merging and operation system
Type of database adapts.
Step S514, operation system continues with the data access request with access authority information.
Step S516, the result after operation system will process is returned to user.
In the above-described embodiments, the data access request of the user that each operation system intercepts all sends
To data right management system, by data right management system based on privileges configuration information unification to respectively
Individual operation system conducts interviews control.Achieve data right management system to each operation system
The unification of data permission and centralized management, it is simple to manage and safeguard.Additionally, this centralized management
Pattern can also the quickly change of response service system organization framework and adjustment, it is achieved data permission
Flexible management.
One Application Example of data access filter method is as follows: in user's order table to be inquired about
Order number and the amount of money of correspondence thereof that the amount of money is more than 10000, user sends data to operation system and visits
Being converted to SQL statement (assuming that order table place data base is for relevant database) after asking request is
SELECT ORDER_ID,PRICE from Order where PRICE>100000.Business system
System sends to data right management system, data right management system solution after intercepting this statement
Analysing the traffic table that this statement knows that user to be operated is order table, then search the authority that order table is corresponding
Configured list, mates this ID in the range of authority distribution object, it is thus achieved that corresponding permission type
For inquiry, rights expression is that area=0001 (represents that this user can only check that order region is North China
Order).Data right management system by the action statement of rights expression and user according to data base
Type merges, and obtains SELECT ORDER_ID, PRICE from Order where
PRICE > 100000and area=' 0001 ', and the statement after merging is back to operation system and holds
OK, operation system obtains corresponding business datum and returns to leading portion, then be eventually displayed in face of user
For the amount of money in order table more than 10000 and order number that order region is North China and correspondence thereof
The amount of money.
The present invention also provides for a kind of data right management system, below in conjunction with the Fig. 6 number to the present invention
It is described according to an embodiment of Rights Management System.
Fig. 6 is the structure chart of one embodiment of data right management system of the present invention.As shown in Figure 6,
This system 60 includes: data permission configuration module 600, is used for receiving data permission configuration order pair
In the data base of each operation system, traffic table carries out data permission configuration.Data permission configuration module
600 include:
Operation system administrative unit 602, for the database information of capturing service system.
Wherein, the database information of the operation system that operation system administrative unit 602 gathers includes number
String is connected according to storehouse type and data base.
Metadata placement unit 604, is used for the database information according to operation system from this operation system
Data base capture the metadata information that authority configuration is relevant.
Wherein, metadata placement unit 604, it is series-connected to operation system for connecting according to data base
Data base, and it is relevant to capture authority configuration according to type of database from the data base of operation system
And the metadata information corresponding with type of database, wherein, metadata information includes accessed object
Information and attribute information thereof.Due to relevant database and the metadata information of non-relational database
Difference, therefore, metadata placement unit 604, is relationship type number for the data base in operation system
In the case of storehouse, from the data base of operation system capture the relevant traffic table information of authority configuration and
Its field information;In the case of the data base of operation system is non-relational database, from business
The data base of system captures the relevant aggregate information of authority configuration and key assignments information.Wherein, traffic table
Information such as includes table name, and field information such as includes field, if this field and digital correlation (example
As, field is the amount of money, these row concrete numeral of storage), field information can also include degree of accuracy and
Decimal digits etc..In like manner, aggregate information such as includes that set name, key assignments information such as include key assignments,
If this key assignments and digital correlation, key assignments information can also include degree of accuracy and decimal digits etc..
Authority dispensing unit 606, for according to capture metadata information carry out authority configuration with
Form privileges configuration information.
Wherein, authority dispensing unit 606, for configuring authority configured list for accessed object,
And according to the attribute information of accessed object to the authority distribution object in its authority configured list, power
Limit type and rights expression carry out configuring to form privileges configuration information.Wherein, authority distribution is right
As such as including: divide according to individual, role, packet, position, post or department
Single distribution object or assembly type distribution object;Permission type such as includes inquiring about, revises, increases,
Delete, but be not limited to examples cited.
The embodiment of above-mentioned data right management system is by arranging operation system administrative unit collection
The database information of each operation system, and by metadata placement unit according to the information working gathered
The data base of business system captures the metadata information that authority configuration is relevant, then by authority dispensing unit
Information according to capturing carries out authority configuration, it is achieved that data right management system is to each business system
The unification of the data permission of system and centralized configuration, it is simple to maintenance and management, this data permission manages
System can also the quickly change of response service system organization framework and adjustment, it is achieved data permission
Flexible management.Additionally, some more complicated data permission configuration management data right management system
It also is able to realize.
Below in conjunction with Fig. 7, data right management system 60 is carried out the workflow of data permission configuration
Journey illustrates.
Step S702, authority dispensing unit 606 receives the data permission of rights management person's transmission and joins
Put order.Wherein, data permission configuration order include operation system that rights management person to be configured,
Data base, traffic table (or set), field (or key assignments), authority distribution object, permission type,
The information such as configuration condition.These information can be carried out at data permission configuration interface by rights management person
Selection can also take modes such as being manually entered.
Step S704, authority dispensing unit 606 sends business to operation system administrative unit 602
System database information obtains request, such as includes the letter of the operation system to be configured in this request
Breath.
Step S706, operation system administrative unit 602 returns to authority dispensing unit 606 and is intended to join
The database information that the operation system put is corresponding, such as data base connects string.
Step S708, authority dispensing unit 606 sends metadata to metadata placement unit 604
Capture request, request such as includes the traffic table (or set) that data base connects string, to be configured
Information etc..
Step S710, metadata placement unit 604 is series-connected to business system according to data base's connection
The data base of system, captures the field information key assignments information of set (or) of traffic table, then to
Authority dispensing unit 606 returns the information captured.
Step S712, authority dispensing unit 606 is according to the field information of the traffic table to be configured
(or key assignments information of set), configuration condition and type of database generate rights expression.
Step S714, authority dispensing unit 606 is by rights expression and authority distribution object, power
Limit type corresponding write rights expression list, completes data permission configuration.
Step S716, authority dispensing unit 606 returns authority configuration result to rights management person.
From above-described embodiment it can be seen that user by operation interface carry out shirtsleeve operation can be right
Multiple operation systems carry out unified data permission configuration work, easily learn, it is easy to grasp.
The present invention also provides for another kind of data right management system, is described below in conjunction with Fig. 8.
Fig. 8 is the structure chart of one embodiment of another kind data right management system of the present invention.Such as figure
Shown in 8, this system 80 includes: data access filtering module 800, data access filtering module
800 include:
Data access request receives unit 802, visits for receiving the data of the user that operation system intercepts
Ask request.
Data access request resolution unit 804, for by resolving data access request acquisition user's desire
The object accessed.
Wherein, for relevant database, data access request resolution unit 804 is by resolving number
The table name of traffic table that user to be accessed, the concrete operations to traffic table can be known according to access request
Etc. information;For non-relational database, data access request resolution unit 804 is by resolving number
The set name that user to be accessed can be known, to information such as the concrete operations gathered according to access request.
Authority information acquiring unit 806, right to be accessed for searching user from privileges configuration information
The access authority information of elephant.
Wherein, authority information acquiring unit 806, right for be accessed from privileges configuration information lookup
As corresponding authority configured list, authority configured list include authority distribution object, permission type and
Rights expression;User is found in the authority distribution object of authority configured list, if data
The permission type that the user operation comprised in access request is configured with this user in authority configured list
Coupling, then state and extract the rights expression that user is corresponding in authority configured list.
Authority information processing unit 808, for closing access authority information with data access request
And, and it being back to operation system, in order to operation system continues with the number with access authority information
According to access request.
As shown in Figure 8, according to safety need, data access filtering module 800 can also include:
Authentication unit 810, receives, for receiving unit in data access request, the user that operation system intercepts
Data access request after, before data access request resolution unit resolves, to business
The legitimacy of system is verified, if the verification passes, data access request resolution unit 804 is right
Data access request resolves.By arranging authentication unit to business in data right management system
System is verified, it is ensured that the legitimacy called, and improves the safety of system.
According to safety need, data access filtering module 800 can also include: decryption unit 812,
Please for receiving the data access of the user that unit receives operation system interception in data access request
After asking, before data access request resolution unit resolves, please to the data access received
Asking and be decrypted, if successful decryption, data access request resolution unit 804 please to data access
Ask and resolve.By arranging decryption unit in data right management system, data access request is entered
Row deciphering can ensure that the reliability of transmission, it is to avoid data access request is modified in transmitting procedure.
This system 80 can also include the data permission configuration module in previous embodiment as shown in Figure 8
600。
In the embodiment of above-mentioned data right management system, data access request receives unit reception respectively
The data access request of the user of the interception that individual operation system sends, is resolved by data access request
Data access request is resolved by unit, and it is right that authority information acquiring unit acquisition user to be accessed
The access authority information of elephant, is finally visited access authority information with data by authority information processing unit
The request of asking merges, and is back to operation system, it is achieved that each operation system is carried out by unification
Access and control.Further, this data right management system can also arrange aforesaid data rights
Limit configuration module, it is achieved unification and the centralized configuration to the data permission of each operation system, adds
The strong unified management to each operation system data permission, additionally, data right management system
Can also the quickly change of response service system organization framework and adjustment, it is achieved data permission flexible
Management.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can
To be completed by hardware, it is also possible to instruct relevant hardware by program and complete, described journey
Sequence can be stored in a kind of computer-readable recording medium, and storage medium mentioned above can be
Read only memory, disk or CD etc..
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all at this
Within the spirit of invention and principle, any modification, equivalent substitution and improvement etc. made, all should wrap
Within being contained in protection scope of the present invention.
Claims (15)
1. a data permission management method, it is characterised in that including:
Data right management system receives the data access request of the user that operation system intercepts;
Described data right management system obtains described user desire by resolving described data access request
The object accessed;
Described data right management system is searched described user from privileges configuration information and to be accessed described
The access authority information of object;
Described access authority information is entered by described data right management system with described data access request
Row merges, and is back to described operation system, in order to described operation system continues with access
The data access request of authority information.
Method the most according to claim 1, it is characterised in that wherein, described data permission
Management system searches the described user access rights to the described object to be accessed from privileges configuration information
Information includes:
It is corresponding that described data right management system searches the described object to be accessed from privileges configuration information
Authority configured list, described authority configured list includes authority distribution object, permission type and power
Limit expression formula;
Described data right management system is searched in the authority distribution object of described authority configured list
To described user, if the user operation comprised in described data access request configures with described authority
The permission type coupling that in list, this user is configured, then extract institute from described authority configured list
State the rights expression that user is corresponding.
Method the most according to claim 1, it is characterised in that also include:
The database information of described data right management system capturing service system;
Described data right management system according to the database information of described operation system from described business
The data base of system captures the metadata information that authority configuration is relevant;
Described data right management system carries out authority configuration to be formed according to the metadata information captured
Privileges configuration information.
Method the most according to claim 3, it is characterised in that
Wherein, the database information of the operation system of described data right management system collection includes number
String is connected according to storehouse type and data base;
Described data right management system according to the database information of described operation system from described business
The metadata information that the data base of system captures authority configuration relevant includes:
Described data right management system connects the number being series-connected to operation system according to described data base
According to storehouse, and capture authority configuration according to described type of database from the data base of described operation system
Relevant and corresponding with described type of database metadata information, wherein, described metadata information bag
Include accessed object information and attribute information thereof.
Method the most according to claim 3, it is characterised in that
Wherein, described metadata information includes accessed object information and attribute information thereof;
Described data right management system carries out authority configuration according to the metadata information captured and includes:
Described data right management system is that described accessed object configures authority configured list, and root
According to the attribute information of described accessed object to the authority distribution object in its authority configured list, power
Limit type and rights expression carry out configuring to form privileges configuration information.
Method the most according to claim 1, it is characterised in that
According to the system filter identification arranged, operation system judges that this operation system is the need of counting
According to access filtering, if needing to carry out data access filtration, then the data access request of user is entered
Row intercepts;
Or, after operation system intercepts the data access request of user, according to the object filter arranged
Mark judge object that described user to be accessed the need of carrying out data access filtration, the need to
Carry out data access filtration, then send described data access request to described data right management system.
7. a data permission management method, it is characterised in that including:
The database information of data right management system capturing service system;
Described data right management system according to the database information of described operation system from described business
The data base of system captures the metadata information that authority configuration is relevant;
Described data right management system carries out authority configuration to be formed according to the metadata information captured
Privileges configuration information.
Method the most according to claim 7, it is characterised in that
Wherein, the database information of the operation system of described data right management system collection includes number
String is connected according to storehouse type and data base;
Described data right management system according to the database information of described operation system from described business
The metadata information that the data base of system captures authority configuration relevant includes:
Described data right management system connects the number being series-connected to operation system according to described data base
According to storehouse, and capture authority configuration according to described type of database from the data base of described operation system
Relevant and corresponding with described type of database metadata information, wherein, described metadata information bag
Include accessed object information and attribute information thereof.
Method the most according to claim 7, it is characterised in that
Wherein, described metadata information includes accessed object and attribute information thereof;
Described data right management system carries out authority configuration according to the metadata information captured and includes:
Described data right management system is that described accessed object configures authority configured list, and root
According to the attribute information of described accessed object to the authority distribution object in its authority configured list, power
Limit type and rights expression carry out configuring to form privileges configuration information.
10. a data right management system, it is characterised in that including: data access filters mould
Block, and/or, data permission configuration module;
Described data access filtering module includes:
Data access request receives unit, for receiving the data access of the user that operation system intercepts
Request;
Data access request resolution unit, for described by resolving the acquisition of described data access request
The object that user to be accessed;
Authority information acquiring unit, to be visited described for searching described user from privileges configuration information
The access authority information of the object asked;
Authority information processing unit, for by described access authority information and described data access request
Merge, and be back to described operation system, in order to described operation system continues with visit
Ask the data access request of authority information;
Described data permission configuration module includes:
Operation system administrative unit, for the database information of capturing service system;
Metadata placement unit, is used for the database information according to described operation system from described business
The data base of system captures the metadata information that authority configuration is relevant;
Authority dispensing unit, configures for carrying out authority according to the metadata information captured to form power
Limit configuration information.
11. data right management system according to claim 10, it is characterised in that
Described authority information acquiring unit, for from privileges configuration information search described to be accessed right
As corresponding authority configured list, described authority configured list includes authority distribution object, authority class
Type and rights expression;Described use is found in the authority distribution object of described authority configured list
Family, if should in the user operation comprised in described data access request and described authority configured list
The permission type coupling that user is configured, then extract described user couple from described authority configured list
The rights expression answered.
12. data right management system according to claim 10, it is characterised in that its
In, the database information of the operation system of described operation system administrative unit collection includes class database
Type and data base connect string;
Described metadata placement unit, is series-connected to operation system for connecting according to described data base
Data base, and capture authority according to described type of database from the data base of described operation system
The metadata information that configuration is relevant and corresponding with described type of database, wherein, described metadata is believed
Breath includes accessed object information and attribute information thereof.
13. data right management system according to claim 10, it is characterised in that its
In, described metadata information includes accessed object information and attribute information thereof;
Described authority dispensing unit, for configuring authority configured list for described accessed object, and
Attribute information according to described accessed object to the authority distribution object in its authority configured list,
Permission type and rights expression carry out configuring to form privileges configuration information.
14. 1 kinds of business management systems, it is characterised in that including: operation system and claim
Data right management system described in any one of 10-13;
Described operation system, for the data access request of user is intercepted, the use that will intercept
The data access request at family sends to described data right management system, and receives described data permission
The data access request with access authority information that management system returns continues with.
15. business management systems according to claim 14, it is characterised in that
Described operation system, is additionally operable to the system filter identification according to arranging and judges that this operation system is
No needs carries out data access filtration, if it is desired, then block the data access request of user
Cut;Or, after intercepting the data access request of user, the object filter mark according to arranging judges
The object that described user to be accessed is the need of carrying out data access filtration, if needing to carry out data
Access filtering, then send described data access request to described data right management system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610225858.7A CN105912949B (en) | 2016-04-13 | 2016-04-13 | Data permission management method, data right management system and business management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610225858.7A CN105912949B (en) | 2016-04-13 | 2016-04-13 | Data permission management method, data right management system and business management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105912949A true CN105912949A (en) | 2016-08-31 |
| CN105912949B CN105912949B (en) | 2019-11-05 |
Family
ID=56746694
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610225858.7A Active CN105912949B (en) | 2016-04-13 | 2016-04-13 | Data permission management method, data right management system and business management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105912949B (en) |
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778341A (en) * | 2016-12-02 | 2017-05-31 | 华北计算技术研究所(中国电子科技集团公司第十五研究所) | data right management system and method |
| CN106778310A (en) * | 2016-12-26 | 2017-05-31 | 北京恒华伟业科技股份有限公司 | A kind of data managing method and system |
| CN107025411A (en) * | 2017-03-22 | 2017-08-08 | 红有软件股份有限公司 | A kind of system and method for fine-grained data permission dynamic control |
| CN107133505A (en) * | 2017-03-30 | 2017-09-05 | 武汉斗鱼网络科技有限公司 | A kind of right management method, method for authenticating and system |
| CN107358122A (en) * | 2017-07-24 | 2017-11-17 | 郑州云海信息技术有限公司 | The access management method and system of a kind of data storage |
| CN107563206A (en) * | 2017-07-18 | 2018-01-09 | 北京奥鹏远程教育中心有限公司 | Unified rights method of servicing and system |
| CN107679414A (en) * | 2017-09-25 | 2018-02-09 | 用友网络科技股份有限公司 | Data permission management method, device, computer equipment and readable storage medium storing program for executing |
| CN107895123A (en) * | 2017-11-13 | 2018-04-10 | 医渡云(北京)技术有限公司 | Data access authority control method and device, method for managing user right |
| CN107908973A (en) * | 2017-11-22 | 2018-04-13 | 中国南方电网有限责任公司超高压输电公司 | A kind of dynamic data authority control method based on AOP technologies |
| CN107943523A (en) * | 2017-11-15 | 2018-04-20 | 中国银行股份有限公司 | The user right decision method and device of a kind of e-bank |
| CN108173839A (en) * | 2017-12-26 | 2018-06-15 | 北京奇虎科技有限公司 | Right management method and system |
| CN108268798A (en) * | 2017-06-30 | 2018-07-10 | 勤智数码科技股份有限公司 | A kind of data item authority distributing method and system |
| CN108737371A (en) * | 2018-04-08 | 2018-11-02 | 努比亚技术有限公司 | Hive data access control methods, server and computer storage media |
| CN109241358A (en) * | 2018-08-14 | 2019-01-18 | 中国平安财产保险股份有限公司 | Metadata management method, device, computer equipment and storage medium |
| CN109298854A (en) * | 2018-09-13 | 2019-02-01 | 南京国电南自轨道交通工程有限公司 | A kind of implementation method of monitoring system remote control authorization function |
| CN109815731A (en) * | 2018-12-29 | 2019-05-28 | 深圳云天励飞技术有限公司 | Permission processing method and relevant device |
| CN110188089A (en) * | 2019-05-31 | 2019-08-30 | 杭州安恒信息技术股份有限公司 | A kind of database O&M management-control method and device |
| CN110188250A (en) * | 2019-06-03 | 2019-08-30 | 政采云有限公司 | A kind of generation method and device of query statement |
| WO2019206211A1 (en) * | 2018-04-25 | 2019-10-31 | 新华三大数据技术有限公司 | Permission management method and device |
| CN110727930A (en) * | 2019-10-12 | 2020-01-24 | 北京推想科技有限公司 | Authority control method and device |
| CN110889142A (en) * | 2019-12-20 | 2020-03-17 | 中国银行股份有限公司 | Data authority management method, device, system and equipment |
| CN110968568A (en) * | 2019-12-04 | 2020-04-07 | 常熟理工学院 | Database management system |
| CN110968602A (en) * | 2019-11-29 | 2020-04-07 | 曙光信息产业股份有限公司 | Data query method and device and storage medium |
| CN111079188A (en) * | 2019-12-27 | 2020-04-28 | 苏州海管家物流科技有限公司 | mybatis field encryption and decryption device and encryption and decryption system |
| CN111125642A (en) * | 2018-10-31 | 2020-05-08 | 北京数聚鑫云信息技术有限公司 | Method and device for managing API, storage medium and computer equipment |
| CN111177246A (en) * | 2019-12-27 | 2020-05-19 | 腾讯云计算(北京)有限责任公司 | Service data processing method and device |
| CN111339507A (en) * | 2020-02-24 | 2020-06-26 | 杭州数梦工场科技有限公司 | Method, system, equipment and readable storage medium for processing access request |
| CN111385264A (en) * | 2018-12-29 | 2020-07-07 | 卓望数码技术(深圳)有限公司 | Communication service data access system and method |
| WO2020248375A1 (en) * | 2019-06-14 | 2020-12-17 | 平安科技(深圳)有限公司 | Method and system for synchronizing data between databases, computer device and storage medium |
| CN112241418A (en) * | 2019-07-17 | 2021-01-19 | 中兴通讯股份有限公司 | Distributed database preprocessing method, agent layer, system and storage medium |
| CN112347124A (en) * | 2020-11-12 | 2021-02-09 | 浙江百应科技有限公司 | Metadata management platform and metadata management method |
| CN112632625A (en) * | 2020-12-31 | 2021-04-09 | 深圳昂楷科技有限公司 | Database security gateway system, data processing method and electronic equipment |
| CN113114635A (en) * | 2021-03-25 | 2021-07-13 | 北京金山云网络技术有限公司 | Authority management method and system |
| CN113190870A (en) * | 2021-05-27 | 2021-07-30 | 新华三技术有限公司 | Redis database access authority control method and device |
| CN113285933A (en) * | 2021-05-13 | 2021-08-20 | 京东数字科技控股股份有限公司 | User access control method and device, electronic equipment and storage medium |
| CN114692208A (en) * | 2022-05-31 | 2022-07-01 | 中建电子商务有限责任公司 | Processing method of data query service authority |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103049684A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Data authority control method and data authority control system based on RBAC (role-based access control) model extension |
| CN103078859A (en) * | 2012-12-31 | 2013-05-01 | 普天新能源有限责任公司 | Service system authority management method, equipment and system |
| CN104156640A (en) * | 2014-08-01 | 2014-11-19 | 浪潮软件股份有限公司 | Data access right control method |
| CN105262780A (en) * | 2015-11-27 | 2016-01-20 | 国网信息通信产业集团有限公司 | Authority control method and system |
-
2016
- 2016-04-13 CN CN201610225858.7A patent/CN105912949B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103049684A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Data authority control method and data authority control system based on RBAC (role-based access control) model extension |
| CN103078859A (en) * | 2012-12-31 | 2013-05-01 | 普天新能源有限责任公司 | Service system authority management method, equipment and system |
| CN104156640A (en) * | 2014-08-01 | 2014-11-19 | 浪潮软件股份有限公司 | Data access right control method |
| CN105262780A (en) * | 2015-11-27 | 2016-01-20 | 国网信息通信产业集团有限公司 | Authority control method and system |
Cited By (46)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778341A (en) * | 2016-12-02 | 2017-05-31 | 华北计算技术研究所(中国电子科技集团公司第十五研究所) | data right management system and method |
| CN106778310A (en) * | 2016-12-26 | 2017-05-31 | 北京恒华伟业科技股份有限公司 | A kind of data managing method and system |
| CN107025411B (en) * | 2017-03-22 | 2019-11-26 | 红有软件股份有限公司 | A kind of system and method for fine-grained data permission dynamic control |
| CN107025411A (en) * | 2017-03-22 | 2017-08-08 | 红有软件股份有限公司 | A kind of system and method for fine-grained data permission dynamic control |
| CN107133505A (en) * | 2017-03-30 | 2017-09-05 | 武汉斗鱼网络科技有限公司 | A kind of right management method, method for authenticating and system |
| CN107133505B (en) * | 2017-03-30 | 2020-07-31 | 武汉斗鱼网络科技有限公司 | Authority management method, authentication method and system |
| CN108268798B (en) * | 2017-06-30 | 2023-09-05 | 勤智数码科技股份有限公司 | Data item authority allocation method and system |
| CN108268798A (en) * | 2017-06-30 | 2018-07-10 | 勤智数码科技股份有限公司 | A kind of data item authority distributing method and system |
| CN107563206A (en) * | 2017-07-18 | 2018-01-09 | 北京奥鹏远程教育中心有限公司 | Unified rights method of servicing and system |
| CN107358122A (en) * | 2017-07-24 | 2017-11-17 | 郑州云海信息技术有限公司 | The access management method and system of a kind of data storage |
| CN107679414A (en) * | 2017-09-25 | 2018-02-09 | 用友网络科技股份有限公司 | Data permission management method, device, computer equipment and readable storage medium storing program for executing |
| CN107895123A (en) * | 2017-11-13 | 2018-04-10 | 医渡云(北京)技术有限公司 | Data access authority control method and device, method for managing user right |
| CN107943523B (en) * | 2017-11-15 | 2021-03-16 | 中国银行股份有限公司 | User permission judgment method and device for electronic bank |
| CN107943523A (en) * | 2017-11-15 | 2018-04-20 | 中国银行股份有限公司 | The user right decision method and device of a kind of e-bank |
| CN107908973A (en) * | 2017-11-22 | 2018-04-13 | 中国南方电网有限责任公司超高压输电公司 | A kind of dynamic data authority control method based on AOP technologies |
| CN108173839A (en) * | 2017-12-26 | 2018-06-15 | 北京奇虎科技有限公司 | Right management method and system |
| CN108737371A (en) * | 2018-04-08 | 2018-11-02 | 努比亚技术有限公司 | Hive data access control methods, server and computer storage media |
| WO2019206211A1 (en) * | 2018-04-25 | 2019-10-31 | 新华三大数据技术有限公司 | Permission management method and device |
| CN109241358A (en) * | 2018-08-14 | 2019-01-18 | 中国平安财产保险股份有限公司 | Metadata management method, device, computer equipment and storage medium |
| CN109298854A (en) * | 2018-09-13 | 2019-02-01 | 南京国电南自轨道交通工程有限公司 | A kind of implementation method of monitoring system remote control authorization function |
| CN109298854B (en) * | 2018-09-13 | 2021-05-18 | 南京国电南自轨道交通工程有限公司 | Method for realizing remote control authorization function of monitoring system |
| CN111125642B (en) * | 2018-10-31 | 2022-06-03 | 北京数聚鑫云信息技术有限公司 | Method and device for managing API, storage medium and computer equipment |
| CN111125642A (en) * | 2018-10-31 | 2020-05-08 | 北京数聚鑫云信息技术有限公司 | Method and device for managing API, storage medium and computer equipment |
| CN111385264A (en) * | 2018-12-29 | 2020-07-07 | 卓望数码技术(深圳)有限公司 | Communication service data access system and method |
| CN109815731A (en) * | 2018-12-29 | 2019-05-28 | 深圳云天励飞技术有限公司 | Permission processing method and relevant device |
| CN110188089A (en) * | 2019-05-31 | 2019-08-30 | 杭州安恒信息技术股份有限公司 | A kind of database O&M management-control method and device |
| CN110188250A (en) * | 2019-06-03 | 2019-08-30 | 政采云有限公司 | A kind of generation method and device of query statement |
| WO2020248375A1 (en) * | 2019-06-14 | 2020-12-17 | 平安科技(深圳)有限公司 | Method and system for synchronizing data between databases, computer device and storage medium |
| CN112241418A (en) * | 2019-07-17 | 2021-01-19 | 中兴通讯股份有限公司 | Distributed database preprocessing method, agent layer, system and storage medium |
| CN110727930B (en) * | 2019-10-12 | 2022-07-19 | 推想医疗科技股份有限公司 | Authority control method and device |
| CN110727930A (en) * | 2019-10-12 | 2020-01-24 | 北京推想科技有限公司 | Authority control method and device |
| CN110968602A (en) * | 2019-11-29 | 2020-04-07 | 曙光信息产业股份有限公司 | Data query method and device and storage medium |
| CN110968568A (en) * | 2019-12-04 | 2020-04-07 | 常熟理工学院 | Database management system |
| CN110968568B (en) * | 2019-12-04 | 2023-08-18 | 常熟理工学院 | Database management system |
| CN110889142A (en) * | 2019-12-20 | 2020-03-17 | 中国银行股份有限公司 | Data authority management method, device, system and equipment |
| CN111079188B (en) * | 2019-12-27 | 2022-04-15 | 苏州海管家物流科技有限公司 | mybatis field encryption and decryption device and encryption and decryption system |
| CN111177246A (en) * | 2019-12-27 | 2020-05-19 | 腾讯云计算(北京)有限责任公司 | Service data processing method and device |
| CN111079188A (en) * | 2019-12-27 | 2020-04-28 | 苏州海管家物流科技有限公司 | mybatis field encryption and decryption device and encryption and decryption system |
| CN111339507A (en) * | 2020-02-24 | 2020-06-26 | 杭州数梦工场科技有限公司 | Method, system, equipment and readable storage medium for processing access request |
| CN112347124A (en) * | 2020-11-12 | 2021-02-09 | 浙江百应科技有限公司 | Metadata management platform and metadata management method |
| CN112632625A (en) * | 2020-12-31 | 2021-04-09 | 深圳昂楷科技有限公司 | Database security gateway system, data processing method and electronic equipment |
| CN113114635A (en) * | 2021-03-25 | 2021-07-13 | 北京金山云网络技术有限公司 | Authority management method and system |
| CN113285933A (en) * | 2021-05-13 | 2021-08-20 | 京东数字科技控股股份有限公司 | User access control method and device, electronic equipment and storage medium |
| CN113190870A (en) * | 2021-05-27 | 2021-07-30 | 新华三技术有限公司 | Redis database access authority control method and device |
| CN114692208A (en) * | 2022-05-31 | 2022-07-01 | 中建电子商务有限责任公司 | Processing method of data query service authority |
| CN114692208B (en) * | 2022-05-31 | 2022-09-27 | 中建电子商务有限责任公司 | Processing method of data query service authority |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105912949B (en) | 2019-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105912949A (en) | Data permission management method, data permission management system and service management system | |
| US11494549B2 (en) | Mobile reports | |
| US10193953B2 (en) | Self describing configuration | |
| CN108475288B (en) | System, method and equipment for unified access control of combined database | |
| US7730092B2 (en) | System and method for managing user profiles | |
| US10496837B2 (en) | Support sharing the same table for protected and non-protected data columns | |
| CN112765245A (en) | Electronic government affair big data processing platform | |
| CN111177252B (en) | Service data processing method and device | |
| US10592684B2 (en) | Automatic operation detection on protected field | |
| CN105917627A (en) | Cloud service custom execution environment | |
| US20170116343A1 (en) | Federated search | |
| CN109918378B (en) | Remote sensing data storage method and storage system based on block chain | |
| EP3365832B1 (en) | Self describing configuration with support for sharing data tables | |
| CN105993011A (en) | Pattern matching across multiple input data streams | |
| CN103823830A (en) | Method and system for destruction of sensitive information | |
| EP3716126B1 (en) | Automatic operation detection on protected field with support for federated search | |
| CN110298189A (en) | Data base authority management method and equipment | |
| CN113127848A (en) | Storage method of permission system data and related equipment | |
| CN111402400A (en) | Pipeline engineering display method, device, equipment and storage medium | |
| Toth et al. | SOEMPI: a secure open enterprise master patient index software toolkit for private record linkage | |
| CN103020542A (en) | Technology for storing secret information for global data center | |
| WO2018053568A1 (en) | Systems and methods for accessing a database management system | |
| CN111079131A (en) | Method and system for authorization and control of authority of cross-company service | |
| US11580250B2 (en) | Efficient traversal of hierarchical datasets | |
| Do et al. | BML: A Data Mapping Language for Blockchain Platforms |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |