CN105912949B - Data permission management method, data right management system and business management system - Google Patents
Data permission management method, data right management system and business management system Download PDFInfo
- Publication number
- CN105912949B CN105912949B CN201610225858.7A CN201610225858A CN105912949B CN 105912949 B CN105912949 B CN 105912949B CN 201610225858 A CN201610225858 A CN 201610225858A CN 105912949 B CN105912949 B CN 105912949B
- Authority
- CN
- China
- Prior art keywords
- data
- information
- database
- operation system
- management system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/211—Schema design and management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of data permission management method, data right management system and business management systems, are related to field of computer technology.The method comprise the steps that data right management system receives the data access request for the user that operation system intercepts;User's object to be accessed is obtained by parsing data access request;User is searched to the access authority information for the object to be accessed from privileges configuration information;Access authority information and data access request are merged, and are back to operation system, so that operation system continues with the data access request with access authority information.The present invention realizes unification and centralized management of the data right management system to the data permission of each operation system, convenient for managing and maintaining.
Description
Technical field
The present invention relates to field of computer technology, in particular to a kind of data permission management method, data permission management system
System and business management system.
Background technique
Rights management, refers generally to the safety regulation or security strategy being arranged according to system, and user is accessible and only
Oneself authorized resource can be accessed.Rights management is divided into two major classes, the control of functional level permission and the control of data level permission,
In, what data permission solved is the problem of which data is main body can operate, for example, user can only check that mine is all
Order information and the order information that cannot check other people.
The type of database that different business systems are supported may be different, for example, multiple operation systems support respectively Oracle,
Mysql, SQL server etc. or even some operation systems support non-relational database to carry out data storage.This database
Otherness and it is personalized cause each operation system to require oneself processing for the control of data permission, manage and maintain ratio
It is more difficult.For example, the data permission management for the operation system realized in a manner of hard coded, data permission manages logic with if/
The service logic of the forms such as else and this system is coupled, and each operation system requires the data that this system is implemented separately
Rights management logic manages and maintains relatively difficult.
Summary of the invention
One of technical problem to be solved by this invention is: how to realize the system of the data permission of each operation system
One management, to reduce the difficulty managed and maintained.
According to an aspect of the present invention, a kind of data permission management method provided, comprising: data right management system
Receive the data access request for the user that operation system intercepts;Data right management system is obtained by parsing data access request
User's object to be accessed;Data right management system searches user to the access right for the object to be accessed from privileges configuration information
Limit information;Data right management system merges access authority information and data access request, and is back to operation system,
So that operation system continues with the data access request with access authority information.
In one embodiment, data right management system searches user to the object to be accessed from privileges configuration information
Access authority information, which includes: data right management system, searches the corresponding authority configuration of the object to be accessed from privileges configuration information
List, authority configuration list include authority distribution object, permission type and rights expression;Data right management system is in permission
User is found in the authority distribution object of configured list, if the user's operation and authority configuration that include in data access request
The permission type matching that the user is configured in list, then extract the corresponding rights expression of user from authority configuration list.
In one embodiment, data permission management method further include: data right management system capturing service system
Database information;Data right management system grabs permission from the database of operation system according to the database information of operation system
Configure relevant metadata information;Data right management system carries out authority configuration according to the metadata information of crawl to form power
Limit configuration information.
In one embodiment, the database information of the operation system of data right management system acquisition includes class database
Type connects string with database;Data right management system is grabbed according to the database information of operation system from the database of operation system
It takes the relevant metadata information of authority configuration to include: data right management system and operation system is series-connected to according to database connection
Database, and it is related from the database of operation system crawl authority configuration according to type of database and with type of database pair
The metadata information answered, wherein metadata information includes accessed object information and its attribute information.
In one embodiment, metadata information includes accessed object information and its attribute information;Data permission management
It is that accessed object configures permission that system, which includes: data right management system according to the metadata information of crawl progress authority configuration,
Configured list, and according to the attribute information of accessed object to authority distribution object, the permission type in its authority configuration list
It is configured with rights expression to form privileges configuration information.
In one embodiment, operation system according to the system filter identification of setting judge this operation system whether need into
Row data access filtering, if it is desired, then the data access request of user is intercepted;Alternatively, operation system intercepts user
Data access request after, according to the object filter of setting mark judge whether the object that user to be accessed needs to carry out data visit
It asks filtering, if necessary to carry out data access filtering, then sends data access request to data right management system.
According to the second aspect of the invention, a kind of data permission management method provided, comprising: data permission management system
The database information for capturing service system of uniting;Data right management system is according to the database information of operation system from operation system
The relevant metadata information of database crawl authority configuration;Data right management system is carried out according to the metadata information of crawl
Authority configuration is to form privileges configuration information.
In one embodiment, the database information of the operation system of data right management system acquisition includes class database
Type connects string with database;Data right management system is grabbed according to the database information of operation system from the database of operation system
It takes the relevant metadata information of authority configuration to include: data right management system and operation system is series-connected to according to database connection
Database, and it is related from the database of operation system crawl authority configuration according to type of database and with type of database pair
The metadata information answered, wherein metadata information includes accessed object information and its attribute information.
In one embodiment, metadata information includes accessed object and its attribute information;Data right management system
It is that accessed object configures authority configuration that according to the metadata information of crawl, to carry out authority configuration, which include: data right management system,
List, and according to the attribute information of accessed object to authority distribution object, permission type and the power in its authority configuration list
Limit expression formula is configured to form privileges configuration information.
According to the third aspect of the present invention, a kind of data right management system provided, comprising: data access filter module
Block, and/or, data permission configuration module;Data access filtering module includes: data access request receiving unit, for receiving
The data access request for the user that operation system intercepts;Data access request resolution unit, for being asked by parsing data access
It asks and obtains user's object to be accessed;Authority information acquiring unit, for searching user to being accessed from privileges configuration information
The access authority information of object;Authority information processing unit, for access authority information and data access request to be merged,
And it is back to operation system, so that operation system continues with the data access request with access authority information;Data permission
Configuration module includes: operation system administrative unit, the database information for capturing service system;Metadata picking unit is used
According to the database information of operation system from the relevant metadata information of the database of operation system crawl authority configuration;Permission
Configuration unit, for carrying out authority configuration according to the metadata information of crawl to form privileges configuration information.
In one embodiment, authority information acquiring unit, for searching the object pair to be accessed from privileges configuration information
The authority configuration list answered, authority configuration list include authority distribution object, permission type and rights expression;In authority configuration
User is found in the authority distribution object of list, if the user's operation for including in data access request and authority configuration list
In the configured permission type matching of the user, then the corresponding rights expression of user is extracted from authority configuration list.
In one embodiment, the database information of the operation system of operation system administrative unit acquisition includes class database
Type connects string with database;Metadata picking unit, for being series-connected to the database of operation system according to database connection, and
And authority configuration correlation and metadata corresponding with type of database are grabbed from the database of operation system according to type of database
Information, wherein metadata information includes accessed object information and its attribute information.
In one embodiment, metadata information includes accessed object information and its attribute information;Authority configuration unit,
For configuring authority configuration list for accessed object, and according to the attribute information of accessed object in its authority configuration list
Authority distribution object, permission type and rights expression configured to form privileges configuration information.
According to the fourth aspect of the present invention, a kind of business management system provided, comprising: operation system and aforementioned
Data right management system in any of three aspects embodiment, operation system are carried out for the data access request to user
It intercepts, the data access request of the user of interception is sent to data right management system, and receive data right management system
The data access request with access authority information returned continues with.
In one embodiment, operation system is also used to judge that this operation system is according to the system filter identification of setting
It is no to need to carry out data access filtering, if it is desired, then the data access request of user is intercepted;Alternatively, intercepting user
Data access request after, according to the object filter of setting mark judge whether the object that user to be accessed needs to carry out data visit
It asks filtering, if necessary to carry out data access filtering, then sends data access request to data right management system.
The present invention realizes unification and centralized management of the data right management system to the data permission of each operation system,
Convenient for managing and maintaining.On the one hand, by acquiring the database information of each operation system, and according to the information of acquisition from business
The relevant metadata information of database crawl authority configuration of system, then carries out authority configuration according to the information of crawl, realizes
Unification and centralized configuration of the data right management system to the data permission of each operation system.On the other hand, each business
The data access request for the user that system intercepts is sent to data right management system, is based on power by data right management system
Limit configuration information unifies the control that accesses to each operation system.In addition, the centralized management mode can also quick response industry
The variation and adjustment of business system organization framework, realize the flexible management of data permission.
By referring to the drawings to the detailed description of exemplary embodiment of the present invention, other feature of the invention and its
Advantage will become apparent.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 shows the structural schematic diagram of the business management system of one embodiment of the present of invention.
Fig. 2 shows the processes of the data permission configuration process of the data permission management method of one embodiment of the present of invention to show
It is intended to.
Fig. 3 shows the relevant database of one embodiment of the present of invention and the contrast schematic diagram of non-relational database.
Fig. 4 shows the Unified Modeling Language class figure of the metadata crawl of one embodiment of the present of invention.
The process that Fig. 5 shows the data access filter process of the data permission management method of one embodiment of the present of invention is shown
It is intended to.
Fig. 6 shows the structural schematic diagram of the data right management system of one embodiment of the present of invention.
The data right management system that Fig. 7 shows one embodiment of the present of invention carries out the workflow of data permission configuration
Schematic diagram.
Fig. 8 shows the structural schematic diagram of the data right management system of another embodiment of the invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Below
Description only actually at least one exemplary embodiment be it is illustrative, never as to the present invention and its application or make
Any restrictions.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
In order to realize each operation system data permission unified management, propose this programme.
Fig. 1 is the structural schematic diagram of one embodiment of business management system of the present invention.Below with reference to Fig. 1 to of the invention
The structure of business management system is described.
As shown in Figure 1, business management system include data right management system and operation system 1, operation system 2 ... and
Operation system n.Each operation system passes through the data storage in its database realizing this system.The number that each operation system is supported
It can be identical, be also possible to different according to library type.Each operation system can support one or more type of database.
Data right management system is managed collectively the data permission of each operation system.Wherein, data permission unified management side
Method includes that the process and data access filter process of unified data permission configuration are carried out to each operation system.Separately below
The embodiment of the process that uniform data authority configuration is carried out to each operation system and data access filter process is described.
Data right management system is described below with reference to Fig. 2, and unified data permission configuration is carried out to each operation system
Process.
Fig. 2 is the flow chart of data permission configuration process one embodiment of data permission management method of the present invention.Such as Fig. 2
Shown, the method for the embodiment includes:
Step S202, data right management system needs get up each operation system management, acquire each operation system
Database information.
Wherein, the database information of the operation system of data right management system acquisition includes type of database and database
Connection string can also include such as operation system title, operation system coding, data storage method (relevant database, non-pass
It is type database) etc., shown in reference table 1.Table 1 is the database letter of each operation system of data right management system acquisition
The example of breath.Wherein, data right management system is series-connected to corresponding database by database connection, according to class database
Type grabs corresponding metadata information from the database of operation system and carries out data to operation system according to type of database
Authority configuration.For relationship type and non-relational database, needs to be respectively set different connection types and be connected to database, example
Such as, relevant database can be connected by JDBC (connection of Java Data Base Connectivity, Java database) mode
It connects, and non-relational database then needs to write linker for specific type of database personalization.
Table 1
Step S204, data right management system are grabbed according to the database information of operation system from the database of operation system
Take the relevant metadata information of authority configuration.
In one embodiment, data right management system is series-connected to the data of operation system according to database connection
Library, and authority configuration correlation and member corresponding with type of database are grabbed from the database of operation system according to type of database
Data information.
The corresponding metadata of different data storage methods is not also identical.As shown in Figure 3, with relevant database and non-
For relevant database MongoDB, database (Database) information, tables of data (Table) are grabbed in relevant database
Information and row information.Database (Database) information, set (Collection) are grabbed in non-relational database MongoDB
Information and document (Document) information.Tables of data (Table) information in relevant database is equivalent to the collection in MongoDB
(Collection) information is closed, the row information in relevant database is equivalent to document (Document) information in MongoDB.
The metadata information of crawl can return to data permission configuration interface and carry out the progress of authority configuration when for rights management personnel
Selection, for example, rights management personnel data permission configuration interface by the formal characters database such as drop-down menu, data set,
The information such as table, column.
The metadata information of crawl is mainly used for subsequent authority configuration process, and therefore, the metadata information of crawl is main
Including accessed object information and its attribute information.If it is relevant database, data right management system is from operation system
The database relevant traffic table information of crawl authority configuration and its field information;If it is non-relational database, data power
Management system is limited from the relevant aggregate information of the database of operation system crawl authority configuration and key assignments (KEY) information.Wherein, industry
Table information of being engaged in is for example including table name, and field information is for example including field, if the field and digital correlation are (for example, field is gold
Volume, the specific number of column storage), field information can also include the information such as accuracy and decimal digits.Similarly, aggregate information
For example including set name, key value information is for example including key assignments, if the key assignments and digital correlation, key value information can also include essence
Exactness and decimal digits etc..
Based on above-mentioned data right management system from the method for business system grabs metadata information, it is clear that in addition to can be with
Accessed object information and its attribute information are grabbed, other metadata informations can also be grabbed according to different needs.Crawl
Metadata information for example may include following a few classes, by taking relevant database as an example:
Database (database): it can grab such as database-name, type, version
Schema (data set): in different relevant databases data set it is slightly different (for example, Oracle:schema,
MySQL:catalog, SQL Server:catalog.schema), it can grab such as the title of data set, mode.
Table (tables of data): such as table name, type, major key, external key, constraint, trigger, index and permission can be grabbed
Deng.
Column (column): it can grab such as title, annotation, whether be null, precision, decimal digits, default value.
The Application Example that metadata grabs is described below with reference to Fig. 4.Due to different types of database
Obtain the mode of metadata and be connected to database mode it is different, in order to preferably be extended to better adapt to count
It is updated according to the type in library, strategy pattern can be taken to realize the crawl of the metadata of disparate databases.As shown in Figure 4,
" MysqlDataSource ", " OracleDataSource " etc. are the classes that database connection string function is obtained comprising realizing, can
Corresponding class is selected with the type of database connected as needed.Similarly, " MysqlMetaCrawler ",
" OracleMetaCrawler " is all the class comprising realizing metadata crawl function, can according to need crawl metadata type
Type of database select corresponding class.It is entire crawl logic that the logic of metadata crawl, which is accomplished by MetaLoader,
Main-inlet instantiates MetaLoader by instantiating specific data source, for example, MetaLoader ml=new
MetaLoaderImpl (MysqlDataSource), to obtain the connection string of Mysql database and carry out data connection.So
Specific metadata is created by MetaCrawlerFactory afterwards and grabs example, such as MysqlMetaCrawler, specifically, logical
The MetaCrawler example AbstractMetaCrawler for crossing creation removes to obtain data table information or collection under the data source
The field information or key value information for closing information and table, for example, relevant database generally passes through DatabaseMetaData
Object goes to obtain these metadata, and non-relational database can do customized development.Then, MetaCrawler returns to crawl
Metadata information to MetaLoader, complete metadata and grab process.
Step S206, data right management system carry out authority configuration according to the metadata information of crawl and are matched with forming permission
Confidence breath.
In one embodiment, data right management system is accessed object configuration authority configuration list, and according to quilt
The attribute information of access object matches authority distribution object, permission type and the rights expression in its authority configuration list
It sets to form privileges configuration information.
Illustratively illustrate data permission configuration process below with reference to table 2.As shown in table 2, data right management system root
Data permission configuration order according to the transmission of rights management person is that the traffic table for needing to carry out authority configuration or set generate one
A authority configuration list, includes authority distribution object, permission type and rights expression in authority configuration list, as needed also
It may include but being not limited to examples cited such as authority distribution object type, rights expression description.Wherein, authority distribution
Object type for example including individual, role, grouping, position, post or department etc., can also according to the granularity of authority distribution and
Personnel's range of influence, is divided into different types on demand.Authority distribution object for example, according to individual, role, grouping,
The single distribution object or assembly type distribution object that position, post or department are divided.Such as it is divided in table 2 according to individual
Single distribution object Zhang San, according to department divide assembly type distribution object Finance Department, all employees including Finance Department.Power
Type is limited for example including inquiry, modification, increase, deletion, but is not limited to examples cited.Preferably, rights expression can basis
The specifically concrete operations sentence that the corresponding grammer of type of database generates, for example, being generated just if it is relevant database
It is SQL conditional statement (format: field+operator+condition value, money > 10000), is exactly if it is what MongoDB was generated
MongoDB sentence (format: field name+": "+condition value, such as { age:33 }).As shown in table 2, such as rights expression
Money > 100000, data right management system needs to obtain field money first when generating the expression formula, then according to permission
The syntax rule of configuration condition and current database in the data permission configuration order of administrator generates money > 100000
Rights expression.It is configured so that rights management person confirms that authority configuration list can also be back to data permission configuration interface
Authority information, wherein rights expression describe one be for the ease of rights management person confirmation and be arranged.
Table 2
The method of above-described embodiment is obtained employment by acquiring the database information of each operation system according to the information of acquisition
The relevant metadata information of database crawl authority configuration of business system, then carries out authority configuration according to the information of crawl, real
Unification and centralized configuration of the data right management system to the data permission of each operation system are showed.Convenient for each business system
System manages and maintains, additionally it is possible to which the flexible pipe of data permission is realized in the variation and adjustment of quick response operation system organizational structure
Reason.In addition, some more complicated data permission configuration management data right management systems also can be realized.
One Application Example of data permission configuration process is as follows: rights management person logs in data right management system,
The operation system and database needed to configure into the selection of data permission configuration interface, data right management system is according to
The database information of each operation system of acquisition obtains database connection and is series-connected to the database, and in the database
The table information of all traffic tables grabbed, table name is shown in data permission configuration interface and is selected for rights management person, power
It limits administrator and selects a traffic table, data right management system grabs the field information in the traffic table, by field
It is shown in data permission configuration interface to select for rights management person, rights management person selects field and inputs configuration condition, and leads to
Display interface selection permission distribution object and permission type are crossed, data right management system is according to type of database, field information
Rights expression is generated with configuration condition, and is associated with one privileges configuration information of generation with authority distribution object and permission type and writes
Enter the authority configuration list of the traffic table, completes data permission configuration process.In the data permission configuration process, rights management
Member can be selected by data permission configuration interface, can also directly input data permission configuration order;Data permission pipe
Reason system is shown after can grabbing metadata for rights management person's selection, can also go to grab again after rights management person selects
Corresponding metadata is taken, as long as realizing the data to multiple operation systems by method described in step 202 to step 206
The process that permission carries out unified configuration belongs to scope of protection of the present invention.
Can be seen that user from above-mentioned Application Example can be to multiple business by operation interface progress shirtsleeve operation
System carries out unified data permission configuration work, is easy study, is easy to grasp.
Data right management system is also based on privileges configuration information to the data access of the user of each operation system
Request carries out data access filtering, describes the situation below with reference to Fig. 5.Wherein, the authority configuration applied in data access filtering
Information can be obtained using the configuration method of previous embodiment description, can also be obtained using other configurations method.
Fig. 5 is the flow chart of data access filter process one embodiment of data permission management method of the present invention.Such as Fig. 5
Shown, the method for the embodiment includes:
Step S502, user send data access request to operation system.
Wherein, the operation system to be accessed may support different type of database, therefore data access request can be with
It is action statement corresponding with disparate databases, for example, if operation system supports relevant database, data access request
It can be SQL statement, if operation system supports non-relational database such as MongoDB, data access request can be
MongoDB sentence.
Step S503, operation system judge whether this operation system needs to carry out data according to the system filter identification of setting
Access filtering thens follow the steps S504 if necessary to carry out data access filtering, if it is not required, then directly executing user's
Data access request.
According to business, system filter identification is set with needing the property of can choose.It can be reduced by the way that system filter identification is arranged
It is interacted between operation system and data right management system, improves system effectiveness.It is of course also possible to not be arranged in operation system
Filter mark is judged, then can reduce the change to operation system.
Step S504, operation system intercept the data access request of user.
In one embodiment, the data access request of user is intercepted by configuring blocker in operation system.
A kind of application example of blocker is as follows: being that relevant database is with the type of database that operation system is supported
Example, most of operation system for supporting relevant database all uses the frames such as Spring MVC, Spring, Mybatis at present,
And using hierarchical design carry out system frame design, for example including Controller (control) layer, Service (service) layer,
DAO (Data Access Object, data access) layer can carry out data base manipulation statement in DAO layers of setting blocker
It intercepts.Operation system will for example intercept all SQL statements, can blocker Interceptor to frame carry out
Configuration, the specified class object to be intercepted, the method parameter set that intercept which method of class and to be intercepted, such as Mybatis
It is middle to realize the mode intercepted to all SQL statements :@Intercepts ({@Signature (type=with blocker
StatementHandler.class, method=" prepare ", args={ Connection.class }) }).
Step S505 is identified in operation system setting object filter, after operation system intercepts the data access request of user,
Data access request is parsed, user's traffic table to be accessed is obtained and perhaps set and checks the traffic table or set
Object filter mark, if the traffic table or set need to carry out data access filtering, operation system is by the number of interception
It is sent to data right management system according to access request, if the traffic table or set do not need to carry out data access filtering,
Then directly execute the data access request of user.
Object filter mark is set with needing the property of can choose according to business.It is identified, can be subtracted by setting object filter
It is interacted between few operation system and data right management system, improves system effectiveness.It is of course also possible to not be arranged in operation system
The filter identification is judged, then can reduce the change to operation system.
The data access request of interception is sent to data right management system by step S506, operation system, correspondingly, number
The data access request for the user that operation system intercepts is received according to Rights Management System.
In one embodiment, operation system calls the interface of data right management system by the data access request of interception
It is sent to data right management system.The interface of data right management system for example can be Web Service interface, but unlimited
In examples cited.
According to security needs, sign to the information of transmission to being also an option that property of operation system, data permission management
System then carries out sign test accordingly, to guarantee the legitimacy called.According to security needs, operation system also the property of can choose pair
The data access request of transmission is encrypted, and data right management system is then decrypted according to corresponding decryption method, to protect
The reliability for demonstrate,proving transmission, avoids data access request from being modified in transmission process.
Step S508, data right management system obtain user's object to be accessed by parsing data access request.
Wherein, for relevant database, data right management system can know use by parsing data access request
The table name of the family traffic table to be accessed, to information such as the concrete operations of traffic table;For non-relational database, data permission pipe
Reason system can know user's set name to be accessed by parsing data access request, to information such as the concrete operations of set.
Step S510, data right management system search user to the access right for the object to be accessed from privileges configuration information
Limit information.
In one embodiment, data right management system searches the corresponding power of the object to be accessed from privileges configuration information
Configured list is limited, authority configuration list includes authority distribution object, permission type and rights expression;Data right management system
User is found in the authority distribution object of authority configuration list, if the user's operation and power that include in data access request
The configured permission type matching of the user in configured list is limited, then extracts the corresponding authority list of user from authority configuration list
Up to formula;If matching is unsuccessful, show the permission for the operation that the user not carried out.
It can be with the mark of the unique identification user in permission by User ID etc. for example, data right management system is logical
User is found in the authority distribution object of configured list.In addition, the case where searching in authority distribution object less than the user
It can be performed corresponding processing according to the default setting of system down.For example, if user not in the range of authority distribution object,
Can be unrestricted with the permission of the default setting user, then data access request is returned directly into operation system and executed;
Alternatively, the user can not also there is no permission to the traffic table with default setting, therefore data access request is no longer back to business
System executes.
Step S512, data right management system merge access authority information and data access request, and return
To operation system.Wherein, the type of database of the data access request after merging and operation system is adapted.
Step S514, operation system continue with the data access request with access authority information.
Step S516, by treated, result is returned to user to operation system.
In the above-described embodiments, the data access request for the user that each operation system intercepts is sent to data permission pipe
Reason system is based on privileges configuration information by data right management system and unifies the control that accesses to each operation system.It realizes
Unification and centralized management of the data right management system to the data permission of each operation system, convenient for managing and maintaining.This
Outside, the centralized management mode can also quick response operation system organizational structure variation and adjustment, realize the spirit of data permission
Management living.
One Application Example of data access filter method is as follows: the amount of money in user's order table to be inquired is greater than
10000 order number and its corresponding amount of money, it is (false that user is converted to SQL statement after issuing data access request to operation system
If database where order table is relevant database) it is SELECT ORDER_ID, PRICE from Order where
PRICE>100000.Operation system is sent to data right management system, data permission management system after intercepting to the sentence
It is order table that system, which parses the traffic table that the sentence knows that user to be operated, then searches the corresponding authority configuration list of order table, In
The User ID is matched in authority distribution object range, obtains corresponding permission type as inquiry, rights expression area=
0001 (indicating that the user can only check that order region is the order in North China).Data right management system is by rights expression and uses
The action statement at family is merged according to type of database, obtains SELECT ORDER_ID, PRICE from Order where
PRICE > 100000and area=' 0001 ', and the sentence after merging is back to operation system and is executed, operation system obtains
Corresponding business datum returns to leading portion, then being eventually displayed in face of user is that the amount of money is greater than 10000 and orders in order table
Single region is the order number and its corresponding amount of money in North China.
The present invention also provides a kind of data right management systems, below with reference to Fig. 6 to data permission management system of the invention
One embodiment of system is described.
Fig. 6 is the structure chart of data right management system one embodiment of the present invention.As shown in fig. 6, the system 60 includes:
Data permission configuration module 600, for receiving data authority configuration order to traffic table in the database of each operation system into
Row data authority configuration.Data permission configuration module 600 includes:
Operation system administrative unit 602, the database information for capturing service system.
Wherein, the database information for the operation system that operation system administrative unit 602 acquires includes type of database sum number
It connects and goes here and there according to library.
Metadata picking unit 604, for being grabbed according to the database information of operation system from the database of the operation system
Take the relevant metadata information of authority configuration.
Wherein, metadata picking unit 604, for being series-connected to the database of operation system according to database connection, and
And authority configuration correlation and metadata corresponding with type of database are grabbed from the database of operation system according to type of database
Information, wherein metadata information includes accessed object information and its attribute information.Due to relevant database and non-relational
The metadata information of database is different, and therefore, metadata picking unit 604 is relationship type for the database in operation system
In the case where database, from the relevant traffic table information of the database of operation system crawl authority configuration and its field information;In
It is relevant from the database of operation system crawl authority configuration in the case that the database of operation system is non-relational database
Aggregate information and key value information.Wherein, traffic table information is for example including table name, and field information is for example including field, if the word
Section and digital correlation (for example, field is the amount of money, the specific number of column storage), field information can also include accuracy and small
Numerical digit number etc..Similarly, aggregate information is for example including set name, and key value information is for example including key assignments, if the key assignments and digital phase
It closes, key value information can also include accuracy and decimal digits etc..
Authority configuration unit 606, for carrying out authority configuration according to the metadata information of crawl to form authority configuration letter
Breath.
Wherein, authority configuration unit 606, for configuring authority configuration list for accessed object, and according to accessed pair
The attribute information of elephant configures with shape authority distribution object, permission type and the rights expression in its authority configuration list
At privileges configuration information.Wherein, authority distribution object for example, according to individual, role, grouping, position, post or department
The single distribution object or assembly type distribution object divided;Permission type for example including inquiry, modification, increase, deletion, but
It is not limited to examples cited.
The embodiment of above-mentioned data right management system acquires each operation system by setting operation system administrative unit
Database information, and by metadata picking unit according to acquisition information from business systems database grab authority configuration phase
Then the metadata information of pass carries out authority configuration according to the information of crawl by authority configuration unit, realizes data permission pipe
Unification and centralized configuration of the reason system to the data permission of each operation system, convenient for safeguarding and management, the data permission management
System can also quick response operation system organizational structure variation and adjustment, realize the flexible management of data permission.In addition, one
A little more complicated data permission configuration management data right management systems also can be realized.
It is illustrated below with reference to the workflow that Fig. 7 carries out data permission configuration to data right management system 60.
Step S702, authority configuration unit 606 receive the data permission configuration order that rights management person sends.Wherein, number
According to include in authority configuration order rights management person to be configured operation system, database, traffic table (or set), field (or
Key assignments), authority distribution object, permission type, the information such as configuration condition.These information can be by rights management person in data permission
Configuration interface is selected to take the modes such as be manually entered.
Step S704, authority configuration unit 606 send operation system database information to operation system administrative unit 602 and obtain
Request is taken, the information for example including the operation system to be configured in the request.
Step S706, operation system administrative unit 602 return to the operation system to be configured to authority configuration unit 606 and correspond to
Database information, such as database connection string.
Step S708, authority configuration unit 606 sends metadata crawl to metadata picking unit 604 and requests, in request
For example including database connection string, traffic table (or set) information to be configured etc..
Step S710, metadata picking unit 604 are series-connected to the database of operation system, crawl according to database connection
The field information (or key value information of set) of traffic table, then returns to the information of crawl to authority configuration unit 606.
Step S712, authority configuration unit 606 according to the field information of the traffic table to be configured, (or believe by the key assignments of set
Breath), configuration condition and type of database generate rights expression.
Step S714, authority configuration unit 606 is by the corresponding write-in of rights expression and authority distribution object, permission type
Data permission configuration is completed in rights expression list.
Step S716, authority configuration unit 606 return to permission configuration result to rights management person.
From above-described embodiment as can be seen that user can be to multiple operation systems by operation interface progress shirtsleeve operation
Unified data permission configuration work is carried out, study is easy, is easy to grasp.
The present invention also provides another data right management systems, are described below with reference to Fig. 8.
Fig. 8 is the structure chart of another data right management system one embodiment of the present invention.As shown in figure 8, the system
80 include: data access filtering module 800, and data access filtering module 800 includes:
Data access request receiving unit 802, the data access request of the user for receiving operation system interception.
Data access request resolution unit 804, for obtaining user's object to be accessed by parsing data access request.
Wherein, for relevant database, data access request resolution unit 804 can be with by parsing data access request
The table name for knowing the traffic table that user to be accessed, to information such as the concrete operations of traffic table;For non-relational database, data
Access request resolution unit 804 can know user's set name to be accessed by parsing data access request, to the tool of set
The information such as gymnastics work.
Authority information acquiring unit 806, for searching user to the access right for the object to be accessed from privileges configuration information
Limit information.
Wherein, authority information acquiring unit 806, for searching the corresponding permission of the object to be accessed from privileges configuration information
Configured list, authority configuration list include authority distribution object, permission type and rights expression;In the power of authority configuration list
User is found in limit distribution object, if the user in the user's operation for including in data access request and authority configuration list
Configured permission type matching, then state and extract the corresponding rights expression of user in authority configuration list.
Authority information processing unit 808 for merging access authority information and data access request, and is back to
Operation system, so that operation system continues with the data access request with access authority information.
As shown in figure 8, data access filtering module 800 can also include: authentication unit 810 according to security needs, it is used for
After the data access request that data access request receiving unit receives the user of operation system interception, asked in data access
Before asking resolution unit to be parsed, the legitimacy of operation system is verified, if the verification passes, data access request solution
Analysis unit 804 parses data access request.By the way that authentication unit is arranged to operation system in data right management system
It is verified, it is ensured that the legitimacy of calling improves the safety of system.
According to security needs, data access filtering module 800 can also include: decryption unit 812, in data access
After request reception unit receives the data access request of the user of operation system interception, in data access request resolution unit
Before being parsed, received data access request is decrypted, if successful decryption, data access request resolution unit
804 pairs of data access requests parse.By data right management system be arranged decryption unit to data access request into
Row decryption can guarantee the reliability of transmission, and data access request is avoided to be modified in transmission process.
The system 80 as shown in Figure 8 can also include the data permission configuration module 600 in previous embodiment.
Data access request receiving unit receives each operation system hair in the embodiment of above-mentioned data right management system
The data access request of the user for the interception sent parses data access request by data access request resolution unit,
Authority information acquiring unit obtains the access authority information of user's object to be accessed, and will finally be visited by authority information processing unit
Ask that authority information is merged with data access request, and be back to operation system, realize it is unified to each operation system into
Row access control.Further, data permission configuration module above-mentioned can also be set in the data right management system, realized
Unification and centralized configuration to the data permission of each operation system strengthen the unified pipe to each operation system data permission
Reason, in addition, data right management system can also quick response operation system organizational structure variation and adjustment, realize data power
The flexible management of limit.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (13)
1. a kind of data permission management method characterized by comprising
Data right management system receives the data access request for the user that operation system intercepts;Wherein, operation system is multiple;
The data right management system obtains the user object to be accessed by parsing the data access request;
The data right management system searches the user to the access right of the object to be accessed from privileges configuration information
Limit information includes:
The data right management system searches the corresponding authority configuration list of the object to be accessed from privileges configuration information,
The authority configuration list includes authority distribution object, permission type and rights expression;The data right management system exists
The user is found in the authority distribution object of the authority configuration list, if the use for including in the data access request
Family operates the permission type configured with the user in the authority configuration list and matches, then mentions from the authority configuration list
Take the corresponding rights expression of the user;
The data right management system merges the access authority information and the data access request, and is back to
The operation system, so that the operation system continues with the data access request with access authority information;Wherein, merge
The type of database of data access request and operation system afterwards is adapted, and type of database includes: relevant database and non-
Relevant database.
2. the method according to claim 1, wherein further include:
The database information of the data right management system capturing service system;
The data right management system is grabbed according to the database information of the operation system from the database of the operation system
Take the relevant metadata information of authority configuration;
The data right management system carries out authority configuration according to the metadata information of crawl to form privileges configuration information.
3. according to the method described in claim 2, it is characterized in that,
Wherein, the database information of the operation system of the data right management system acquisition includes type of database and database
Connection string;
The data right management system is grabbed according to the database information of the operation system from the database of the operation system
The relevant metadata information of authority configuration is taken to include:
The data right management system is series-connected to the database of operation system according to database connection, and according to institute
Type of database is stated from the database of operation system crawl authority configuration correlation and member corresponding with the type of database
Data information, wherein the metadata information includes accessed object information and its attribute information.
4. according to the method described in claim 2, it is characterized in that,
Wherein, the metadata information includes accessed object information and its attribute information;
The data right management system carries out authority configuration according to the metadata information of crawl
The data right management system is the accessed object configuration authority configuration list, and according to the accessed object
Attribute information to authority distribution object, permission type and the rights expression in its authority configuration list configured with formed
Privileges configuration information.
5. the method according to claim 1, wherein
Operation system judges whether this operation system needs to carry out data access filtering according to the system filter identification of setting, if
It needs to carry out data access filtering, then the data access request of user is intercepted;
Alternatively, judging the user according to the object filter of setting mark after the data access request of operation system interception user
Whether the object to be accessed needs to carry out data access filtering, if necessary to carry out data access filtering, then weighs to the data
It limits management system and sends the data access request.
6. a kind of data permission management method characterized by comprising
The database information of data right management system capturing service system;Wherein, operation system is multiple, database information packet
Include: type of database connects string with database, and type of database includes: relevant database and non-relational database;
The data right management system is grabbed according to the database information of the operation system from the database of the operation system
The relevant metadata information of authority configuration is taken to include:
The data right management system is series-connected to the database of operation system according to database connection, and according to institute
Type of database is stated from the database of operation system crawl authority configuration correlation and member corresponding with the type of database
Data information, wherein the metadata information includes accessed object information and its attribute information;Wherein, the number of operation system
It is different according to the different corresponding metadata informations of storage mode;
The data right management system carries out authority configuration according to the metadata information of crawl to form privileges configuration information.
7. according to the method described in claim 6, it is characterized in that,
The data right management system carries out authority configuration according to the metadata information of crawl
The data right management system is the accessed object configuration authority configuration list, and according to the accessed object
Attribute information to authority distribution object, permission type and the rights expression in its authority configuration list configured with formed
Privileges configuration information.
8. a kind of data right management system characterized by comprising data access filtering module, and/or, data permission is matched
Set module;
The data access filtering module includes:
Data access request receiving unit, the data access request of the user for receiving operation system interception;Wherein, business system
System is multiple;
Data access request resolution unit, for obtaining the user pair to be accessed by parsing the data access request
As;
Authority information acquiring unit, for searching the user to the access right of the object to be accessed from privileges configuration information
Limit information includes: that the data right management system is searched the corresponding permission of the object to be accessed from privileges configuration information and matched
List is set, the authority configuration list includes authority distribution object, permission type and rights expression;The data permission management
System finds the user in the authority distribution object of the authority configuration list, if wrapped in the data access request
The user's operation contained the permission type configured with the user in the authority configuration list matches, then arranges from the authority configuration
The corresponding rights expression of the user is extracted in table;
Authority information processing unit for merging the access authority information and the data access request, and returns
To the operation system, so that the operation system continues with the data access request with access authority information;Wherein, it closes
The type of database of data access request and operation system after and is adapted, type of database include: relevant database and
Non-relational database
The data permission configuration module includes:
Operation system administrative unit, the database information for capturing service system;Wherein, database information includes: database
Type connects string with database;
Metadata picking unit, for being grabbed according to the database information of the operation system from the database of the operation system
The relevant metadata information of authority configuration includes: the database that operation system is series-connected to according to database connection, and
It is related from the database of operation system crawl authority configuration according to the type of database and with the type of database pair
The metadata information answered, wherein the metadata information includes accessed object information and its attribute information;Wherein, business system
The different corresponding metadata informations of the data storage method of system are different;
Authority configuration unit, for carrying out authority configuration according to the metadata information of crawl to form privileges configuration information.
9. data right management system according to claim 8, which is characterized in that wherein, the metadata information includes
Accessed object information and its attribute information;
The authority configuration unit, for configuring authority configuration list for the accessed object, and according to described accessed pair
The attribute information of elephant configures with shape authority distribution object, permission type and the rights expression in its authority configuration list
At privileges configuration information.
10. a kind of business management system characterized by comprising operation system and the described in any item numbers of claim 8-9
According to Rights Management System;
The operation system is intercepted for the data access request to user, by the data access request of the user of interception
Be sent to the data right management system, and receive that the data right management system returns with access authority information
Data access request continues with.
11. business management system according to claim 10, which is characterized in that
The operation system is also used to judge whether this operation system needs to carry out data visit according to the system filter identification of setting
Ask filtering, if it is desired, then intercept to the data access request of user;Alternatively, after the data access request of interception user,
Judge whether the object that the user to be accessed needs to carry out data access filtering according to the object filter of setting mark, if needed
Data access filtering is carried out, then sends the data access request to the data right management system.
12. a kind of data right management system, comprising:
Memory;And
It is coupled to the processor of the memory, the processor is configured to based on the finger being stored in the memory devices
It enables, executes such as the described in any item data permission management methods of claim 1-7.
13. a kind of computer readable storage medium, is stored thereon with computer program, wherein when the program is executed by processor
The step of realizing any one of claim 1-7 the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610225858.7A CN105912949B (en) | 2016-04-13 | 2016-04-13 | Data permission management method, data right management system and business management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610225858.7A CN105912949B (en) | 2016-04-13 | 2016-04-13 | Data permission management method, data right management system and business management system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105912949A CN105912949A (en) | 2016-08-31 |
CN105912949B true CN105912949B (en) | 2019-11-05 |
Family
ID=56746694
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610225858.7A Active CN105912949B (en) | 2016-04-13 | 2016-04-13 | Data permission management method, data right management system and business management system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105912949B (en) |
Families Citing this family (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106778341A (en) * | 2016-12-02 | 2017-05-31 | 华北计算技术研究所(中国电子科技集团公司第十五研究所) | data right management system and method |
CN106778310A (en) * | 2016-12-26 | 2017-05-31 | 北京恒华伟业科技股份有限公司 | A kind of data managing method and system |
CN107025411B (en) * | 2017-03-22 | 2019-11-26 | 红有软件股份有限公司 | A kind of system and method for fine-grained data permission dynamic control |
CN107133505B (en) * | 2017-03-30 | 2020-07-31 | 武汉斗鱼网络科技有限公司 | Authority management method, authentication method and system |
CN108268798B (en) * | 2017-06-30 | 2023-09-05 | 勤智数码科技股份有限公司 | Data item authority allocation method and system |
CN107563206A (en) * | 2017-07-18 | 2018-01-09 | 北京奥鹏远程教育中心有限公司 | Unified rights method of servicing and system |
CN107358122A (en) * | 2017-07-24 | 2017-11-17 | 郑州云海信息技术有限公司 | The access management method and system of a kind of data storage |
CN107679414A (en) * | 2017-09-25 | 2018-02-09 | 用友网络科技股份有限公司 | Data permission management method, device, computer equipment and readable storage medium storing program for executing |
CN107895123A (en) * | 2017-11-13 | 2018-04-10 | 医渡云(北京)技术有限公司 | Data access authority control method and device, method for managing user right |
CN107943523B (en) * | 2017-11-15 | 2021-03-16 | 中国银行股份有限公司 | User permission judgment method and device for electronic bank |
CN107908973A (en) * | 2017-11-22 | 2018-04-13 | 中国南方电网有限责任公司超高压输电公司 | A kind of dynamic data authority control method based on AOP technologies |
CN108173839B (en) * | 2017-12-26 | 2021-07-09 | 北京奇虎科技有限公司 | Authority management method and system |
CN108737371A (en) * | 2018-04-08 | 2018-11-02 | 努比亚技术有限公司 | Hive data access control methods, server and computer storage media |
CN109766686A (en) * | 2018-04-25 | 2019-05-17 | 新华三大数据技术有限公司 | Rights management |
CN109241358A (en) * | 2018-08-14 | 2019-01-18 | 中国平安财产保险股份有限公司 | Metadata management method, device, computer equipment and storage medium |
CN109298854B (en) * | 2018-09-13 | 2021-05-18 | 南京国电南自轨道交通工程有限公司 | Method for realizing remote control authorization function of monitoring system |
CN111125642B (en) * | 2018-10-31 | 2022-06-03 | 北京数聚鑫云信息技术有限公司 | Method and device for managing API, storage medium and computer equipment |
CN109815731A (en) * | 2018-12-29 | 2019-05-28 | 深圳云天励飞技术有限公司 | Permission processing method and relevant device |
CN111385264A (en) * | 2018-12-29 | 2020-07-07 | 卓望数码技术(深圳)有限公司 | Communication service data access system and method |
CN110188089B (en) * | 2019-05-31 | 2021-07-27 | 杭州安恒信息技术股份有限公司 | Database operation and maintenance management and control method and device |
CN110188250A (en) * | 2019-06-03 | 2019-08-30 | 政采云有限公司 | A kind of generation method and device of query statement |
CN110347747A (en) * | 2019-06-14 | 2019-10-18 | 平安科技(深圳)有限公司 | Database data synchronic method, system, computer equipment and storage medium |
CN112241418B (en) * | 2019-07-17 | 2023-04-18 | 金篆信科有限责任公司 | Distributed database preprocessing method, agent layer, system and storage medium |
CN110727930B (en) * | 2019-10-12 | 2022-07-19 | 推想医疗科技股份有限公司 | Authority control method and device |
CN110968602A (en) * | 2019-11-29 | 2020-04-07 | 曙光信息产业股份有限公司 | Data query method and device and storage medium |
CN110968568B (en) * | 2019-12-04 | 2023-08-18 | 常熟理工学院 | Database management system |
CN110889142B (en) * | 2019-12-20 | 2022-08-26 | 中国银行股份有限公司 | Data authority management method, device, system and equipment |
CN111177246B (en) * | 2019-12-27 | 2023-03-14 | 腾讯云计算(北京)有限责任公司 | Service data processing method and device |
CN111079188B (en) * | 2019-12-27 | 2022-04-15 | 苏州海管家物流科技有限公司 | mybatis field encryption and decryption device and encryption and decryption system |
CN111339507A (en) * | 2020-02-24 | 2020-06-26 | 杭州数梦工场科技有限公司 | Method, system, equipment and readable storage medium for processing access request |
CN112347124A (en) * | 2020-11-12 | 2021-02-09 | 浙江百应科技有限公司 | Metadata management platform and metadata management method |
CN112632625A (en) * | 2020-12-31 | 2021-04-09 | 深圳昂楷科技有限公司 | Database security gateway system, data processing method and electronic equipment |
CN113114635A (en) * | 2021-03-25 | 2021-07-13 | 北京金山云网络技术有限公司 | Authority management method and system |
CN113285933A (en) * | 2021-05-13 | 2021-08-20 | 京东数字科技控股股份有限公司 | User access control method and device, electronic equipment and storage medium |
CN113190870A (en) * | 2021-05-27 | 2021-07-30 | 新华三技术有限公司 | Redis database access authority control method and device |
CN114021108A (en) * | 2021-10-13 | 2022-02-08 | 百安居信息技术(上海)有限公司 | Cross-application data authority management, configuration and control method and device |
CN114692208B (en) * | 2022-05-31 | 2022-09-27 | 中建电子商务有限责任公司 | Processing method of data query service authority |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103049684A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Data authority control method and data authority control system based on RBAC (role-based access control) model extension |
CN103078859A (en) * | 2012-12-31 | 2013-05-01 | 普天新能源有限责任公司 | Service system authority management method, equipment and system |
CN104156640A (en) * | 2014-08-01 | 2014-11-19 | 浪潮软件股份有限公司 | Data access right control method |
CN105262780A (en) * | 2015-11-27 | 2016-01-20 | 国网信息通信产业集团有限公司 | Authority control method and system |
-
2016
- 2016-04-13 CN CN201610225858.7A patent/CN105912949B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103049684A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Data authority control method and data authority control system based on RBAC (role-based access control) model extension |
CN103078859A (en) * | 2012-12-31 | 2013-05-01 | 普天新能源有限责任公司 | Service system authority management method, equipment and system |
CN104156640A (en) * | 2014-08-01 | 2014-11-19 | 浪潮软件股份有限公司 | Data access right control method |
CN105262780A (en) * | 2015-11-27 | 2016-01-20 | 国网信息通信产业集团有限公司 | Authority control method and system |
Also Published As
Publication number | Publication date |
---|---|
CN105912949A (en) | 2016-08-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105912949B (en) | Data permission management method, data right management system and business management system | |
Biswas et al. | Interoperability and synchronization management of blockchain-based decentralized e-health systems | |
US10193953B2 (en) | Self describing configuration | |
US20240289479A1 (en) | System supporting operations on securely commingling self-governing data sets from a plurality of publishers | |
EP3356964B1 (en) | Policy enforcement system | |
US10972506B2 (en) | Policy enforcement for compute nodes | |
US10586061B2 (en) | Federated search | |
CA3025404C (en) | Defining application programming interfaces (apis) using object schemas | |
US10592684B2 (en) | Automatic operation detection on protected field | |
US10496837B2 (en) | Support sharing the same table for protected and non-protected data columns | |
EP3365832B1 (en) | Self describing configuration with support for sharing data tables | |
US10180984B2 (en) | Pivot facets for text mining and search | |
CN110023923A (en) | It generates data and converts workflow | |
CN109918378B (en) | Remote sensing data storage method and storage system based on block chain | |
CN106547766A (en) | A kind of data access method and device | |
CN105993011A (en) | Pattern matching across multiple input data streams | |
JP7165715B2 (en) | Automatic motion detection on protected fields with support for federated search | |
US20230018975A1 (en) | Monolith database to distributed database transformation | |
KR20170118116A (en) | Query the data source on the network | |
US11580250B2 (en) | Efficient traversal of hierarchical datasets | |
EP3188072B1 (en) | Systems and methods for automatic and customizable data minimization of electronic data stores | |
CN108829879A (en) | A kind of charging pile data monitoring method | |
CN113918149A (en) | Interface development method and device, computer equipment and storage medium | |
CN114003634A (en) | Big data analysis and retrieval system and method based on ES technology | |
Li et al. | Fedsa: A data federation platform for law enforcement management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |