CN105912949B - Data permission management method, data right management system and business management system - Google Patents

Data permission management method, data right management system and business management system Download PDF

Info

Publication number
CN105912949B
CN105912949B CN201610225858.7A CN201610225858A CN105912949B CN 105912949 B CN105912949 B CN 105912949B CN 201610225858 A CN201610225858 A CN 201610225858A CN 105912949 B CN105912949 B CN 105912949B
Authority
CN
China
Prior art keywords
data
information
database
operation system
management system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610225858.7A
Other languages
Chinese (zh)
Other versions
CN105912949A (en
Inventor
周华旗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201610225858.7A priority Critical patent/CN105912949B/en
Publication of CN105912949A publication Critical patent/CN105912949A/en
Application granted granted Critical
Publication of CN105912949B publication Critical patent/CN105912949B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/211Schema design and management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a kind of data permission management method, data right management system and business management systems, are related to field of computer technology.The method comprise the steps that data right management system receives the data access request for the user that operation system intercepts;User's object to be accessed is obtained by parsing data access request;User is searched to the access authority information for the object to be accessed from privileges configuration information;Access authority information and data access request are merged, and are back to operation system, so that operation system continues with the data access request with access authority information.The present invention realizes unification and centralized management of the data right management system to the data permission of each operation system, convenient for managing and maintaining.

Description

Data permission management method, data right management system and business management system
Technical field
The present invention relates to field of computer technology, in particular to a kind of data permission management method, data permission management system System and business management system.
Background technique
Rights management, refers generally to the safety regulation or security strategy being arranged according to system, and user is accessible and only Oneself authorized resource can be accessed.Rights management is divided into two major classes, the control of functional level permission and the control of data level permission, In, what data permission solved is the problem of which data is main body can operate, for example, user can only check that mine is all Order information and the order information that cannot check other people.
The type of database that different business systems are supported may be different, for example, multiple operation systems support respectively Oracle, Mysql, SQL server etc. or even some operation systems support non-relational database to carry out data storage.This database Otherness and it is personalized cause each operation system to require oneself processing for the control of data permission, manage and maintain ratio It is more difficult.For example, the data permission management for the operation system realized in a manner of hard coded, data permission manages logic with if/ The service logic of the forms such as else and this system is coupled, and each operation system requires the data that this system is implemented separately Rights management logic manages and maintains relatively difficult.
Summary of the invention
One of technical problem to be solved by this invention is: how to realize the system of the data permission of each operation system One management, to reduce the difficulty managed and maintained.
According to an aspect of the present invention, a kind of data permission management method provided, comprising: data right management system Receive the data access request for the user that operation system intercepts;Data right management system is obtained by parsing data access request User's object to be accessed;Data right management system searches user to the access right for the object to be accessed from privileges configuration information Limit information;Data right management system merges access authority information and data access request, and is back to operation system, So that operation system continues with the data access request with access authority information.
In one embodiment, data right management system searches user to the object to be accessed from privileges configuration information Access authority information, which includes: data right management system, searches the corresponding authority configuration of the object to be accessed from privileges configuration information List, authority configuration list include authority distribution object, permission type and rights expression;Data right management system is in permission User is found in the authority distribution object of configured list, if the user's operation and authority configuration that include in data access request The permission type matching that the user is configured in list, then extract the corresponding rights expression of user from authority configuration list.
In one embodiment, data permission management method further include: data right management system capturing service system Database information;Data right management system grabs permission from the database of operation system according to the database information of operation system Configure relevant metadata information;Data right management system carries out authority configuration according to the metadata information of crawl to form power Limit configuration information.
In one embodiment, the database information of the operation system of data right management system acquisition includes class database Type connects string with database;Data right management system is grabbed according to the database information of operation system from the database of operation system It takes the relevant metadata information of authority configuration to include: data right management system and operation system is series-connected to according to database connection Database, and it is related from the database of operation system crawl authority configuration according to type of database and with type of database pair The metadata information answered, wherein metadata information includes accessed object information and its attribute information.
In one embodiment, metadata information includes accessed object information and its attribute information;Data permission management It is that accessed object configures permission that system, which includes: data right management system according to the metadata information of crawl progress authority configuration, Configured list, and according to the attribute information of accessed object to authority distribution object, the permission type in its authority configuration list It is configured with rights expression to form privileges configuration information.
In one embodiment, operation system according to the system filter identification of setting judge this operation system whether need into Row data access filtering, if it is desired, then the data access request of user is intercepted;Alternatively, operation system intercepts user Data access request after, according to the object filter of setting mark judge whether the object that user to be accessed needs to carry out data visit It asks filtering, if necessary to carry out data access filtering, then sends data access request to data right management system.
According to the second aspect of the invention, a kind of data permission management method provided, comprising: data permission management system The database information for capturing service system of uniting;Data right management system is according to the database information of operation system from operation system The relevant metadata information of database crawl authority configuration;Data right management system is carried out according to the metadata information of crawl Authority configuration is to form privileges configuration information.
In one embodiment, the database information of the operation system of data right management system acquisition includes class database Type connects string with database;Data right management system is grabbed according to the database information of operation system from the database of operation system It takes the relevant metadata information of authority configuration to include: data right management system and operation system is series-connected to according to database connection Database, and it is related from the database of operation system crawl authority configuration according to type of database and with type of database pair The metadata information answered, wherein metadata information includes accessed object information and its attribute information.
In one embodiment, metadata information includes accessed object and its attribute information;Data right management system It is that accessed object configures authority configuration that according to the metadata information of crawl, to carry out authority configuration, which include: data right management system, List, and according to the attribute information of accessed object to authority distribution object, permission type and the power in its authority configuration list Limit expression formula is configured to form privileges configuration information.
According to the third aspect of the present invention, a kind of data right management system provided, comprising: data access filter module Block, and/or, data permission configuration module;Data access filtering module includes: data access request receiving unit, for receiving The data access request for the user that operation system intercepts;Data access request resolution unit, for being asked by parsing data access It asks and obtains user's object to be accessed;Authority information acquiring unit, for searching user to being accessed from privileges configuration information The access authority information of object;Authority information processing unit, for access authority information and data access request to be merged, And it is back to operation system, so that operation system continues with the data access request with access authority information;Data permission Configuration module includes: operation system administrative unit, the database information for capturing service system;Metadata picking unit is used According to the database information of operation system from the relevant metadata information of the database of operation system crawl authority configuration;Permission Configuration unit, for carrying out authority configuration according to the metadata information of crawl to form privileges configuration information.
In one embodiment, authority information acquiring unit, for searching the object pair to be accessed from privileges configuration information The authority configuration list answered, authority configuration list include authority distribution object, permission type and rights expression;In authority configuration User is found in the authority distribution object of list, if the user's operation for including in data access request and authority configuration list In the configured permission type matching of the user, then the corresponding rights expression of user is extracted from authority configuration list.
In one embodiment, the database information of the operation system of operation system administrative unit acquisition includes class database Type connects string with database;Metadata picking unit, for being series-connected to the database of operation system according to database connection, and And authority configuration correlation and metadata corresponding with type of database are grabbed from the database of operation system according to type of database Information, wherein metadata information includes accessed object information and its attribute information.
In one embodiment, metadata information includes accessed object information and its attribute information;Authority configuration unit, For configuring authority configuration list for accessed object, and according to the attribute information of accessed object in its authority configuration list Authority distribution object, permission type and rights expression configured to form privileges configuration information.
According to the fourth aspect of the present invention, a kind of business management system provided, comprising: operation system and aforementioned Data right management system in any of three aspects embodiment, operation system are carried out for the data access request to user It intercepts, the data access request of the user of interception is sent to data right management system, and receive data right management system The data access request with access authority information returned continues with.
In one embodiment, operation system is also used to judge that this operation system is according to the system filter identification of setting It is no to need to carry out data access filtering, if it is desired, then the data access request of user is intercepted;Alternatively, intercepting user Data access request after, according to the object filter of setting mark judge whether the object that user to be accessed needs to carry out data visit It asks filtering, if necessary to carry out data access filtering, then sends data access request to data right management system.
The present invention realizes unification and centralized management of the data right management system to the data permission of each operation system, Convenient for managing and maintaining.On the one hand, by acquiring the database information of each operation system, and according to the information of acquisition from business The relevant metadata information of database crawl authority configuration of system, then carries out authority configuration according to the information of crawl, realizes Unification and centralized configuration of the data right management system to the data permission of each operation system.On the other hand, each business The data access request for the user that system intercepts is sent to data right management system, is based on power by data right management system Limit configuration information unifies the control that accesses to each operation system.In addition, the centralized management mode can also quick response industry The variation and adjustment of business system organization framework, realize the flexible management of data permission.
By referring to the drawings to the detailed description of exemplary embodiment of the present invention, other feature of the invention and its Advantage will become apparent.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 shows the structural schematic diagram of the business management system of one embodiment of the present of invention.
Fig. 2 shows the processes of the data permission configuration process of the data permission management method of one embodiment of the present of invention to show It is intended to.
Fig. 3 shows the relevant database of one embodiment of the present of invention and the contrast schematic diagram of non-relational database.
Fig. 4 shows the Unified Modeling Language class figure of the metadata crawl of one embodiment of the present of invention.
The process that Fig. 5 shows the data access filter process of the data permission management method of one embodiment of the present of invention is shown It is intended to.
Fig. 6 shows the structural schematic diagram of the data right management system of one embodiment of the present of invention.
The data right management system that Fig. 7 shows one embodiment of the present of invention carries out the workflow of data permission configuration Schematic diagram.
Fig. 8 shows the structural schematic diagram of the data right management system of another embodiment of the invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Below Description only actually at least one exemplary embodiment be it is illustrative, never as to the present invention and its application or make Any restrictions.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
In order to realize each operation system data permission unified management, propose this programme.
Fig. 1 is the structural schematic diagram of one embodiment of business management system of the present invention.Below with reference to Fig. 1 to of the invention The structure of business management system is described.
As shown in Figure 1, business management system include data right management system and operation system 1, operation system 2 ... and Operation system n.Each operation system passes through the data storage in its database realizing this system.The number that each operation system is supported It can be identical, be also possible to different according to library type.Each operation system can support one or more type of database. Data right management system is managed collectively the data permission of each operation system.Wherein, data permission unified management side Method includes that the process and data access filter process of unified data permission configuration are carried out to each operation system.Separately below The embodiment of the process that uniform data authority configuration is carried out to each operation system and data access filter process is described.
Data right management system is described below with reference to Fig. 2, and unified data permission configuration is carried out to each operation system Process.
Fig. 2 is the flow chart of data permission configuration process one embodiment of data permission management method of the present invention.Such as Fig. 2 Shown, the method for the embodiment includes:
Step S202, data right management system needs get up each operation system management, acquire each operation system Database information.
Wherein, the database information of the operation system of data right management system acquisition includes type of database and database Connection string can also include such as operation system title, operation system coding, data storage method (relevant database, non-pass It is type database) etc., shown in reference table 1.Table 1 is the database letter of each operation system of data right management system acquisition The example of breath.Wherein, data right management system is series-connected to corresponding database by database connection, according to class database Type grabs corresponding metadata information from the database of operation system and carries out data to operation system according to type of database Authority configuration.For relationship type and non-relational database, needs to be respectively set different connection types and be connected to database, example Such as, relevant database can be connected by JDBC (connection of Java Data Base Connectivity, Java database) mode It connects, and non-relational database then needs to write linker for specific type of database personalization.
Table 1
Step S204, data right management system are grabbed according to the database information of operation system from the database of operation system Take the relevant metadata information of authority configuration.
In one embodiment, data right management system is series-connected to the data of operation system according to database connection Library, and authority configuration correlation and member corresponding with type of database are grabbed from the database of operation system according to type of database Data information.
The corresponding metadata of different data storage methods is not also identical.As shown in Figure 3, with relevant database and non- For relevant database MongoDB, database (Database) information, tables of data (Table) are grabbed in relevant database Information and row information.Database (Database) information, set (Collection) are grabbed in non-relational database MongoDB Information and document (Document) information.Tables of data (Table) information in relevant database is equivalent to the collection in MongoDB (Collection) information is closed, the row information in relevant database is equivalent to document (Document) information in MongoDB. The metadata information of crawl can return to data permission configuration interface and carry out the progress of authority configuration when for rights management personnel Selection, for example, rights management personnel data permission configuration interface by the formal characters database such as drop-down menu, data set, The information such as table, column.
The metadata information of crawl is mainly used for subsequent authority configuration process, and therefore, the metadata information of crawl is main Including accessed object information and its attribute information.If it is relevant database, data right management system is from operation system The database relevant traffic table information of crawl authority configuration and its field information;If it is non-relational database, data power Management system is limited from the relevant aggregate information of the database of operation system crawl authority configuration and key assignments (KEY) information.Wherein, industry Table information of being engaged in is for example including table name, and field information is for example including field, if the field and digital correlation are (for example, field is gold Volume, the specific number of column storage), field information can also include the information such as accuracy and decimal digits.Similarly, aggregate information For example including set name, key value information is for example including key assignments, if the key assignments and digital correlation, key value information can also include essence Exactness and decimal digits etc..
Based on above-mentioned data right management system from the method for business system grabs metadata information, it is clear that in addition to can be with Accessed object information and its attribute information are grabbed, other metadata informations can also be grabbed according to different needs.Crawl Metadata information for example may include following a few classes, by taking relevant database as an example:
Database (database): it can grab such as database-name, type, version
Schema (data set): in different relevant databases data set it is slightly different (for example, Oracle:schema, MySQL:catalog, SQL Server:catalog.schema), it can grab such as the title of data set, mode.
Table (tables of data): such as table name, type, major key, external key, constraint, trigger, index and permission can be grabbed Deng.
Column (column): it can grab such as title, annotation, whether be null, precision, decimal digits, default value.
The Application Example that metadata grabs is described below with reference to Fig. 4.Due to different types of database Obtain the mode of metadata and be connected to database mode it is different, in order to preferably be extended to better adapt to count It is updated according to the type in library, strategy pattern can be taken to realize the crawl of the metadata of disparate databases.As shown in Figure 4, " MysqlDataSource ", " OracleDataSource " etc. are the classes that database connection string function is obtained comprising realizing, can Corresponding class is selected with the type of database connected as needed.Similarly, " MysqlMetaCrawler ", " OracleMetaCrawler " is all the class comprising realizing metadata crawl function, can according to need crawl metadata type Type of database select corresponding class.It is entire crawl logic that the logic of metadata crawl, which is accomplished by MetaLoader, Main-inlet instantiates MetaLoader by instantiating specific data source, for example, MetaLoader ml=new MetaLoaderImpl (MysqlDataSource), to obtain the connection string of Mysql database and carry out data connection.So Specific metadata is created by MetaCrawlerFactory afterwards and grabs example, such as MysqlMetaCrawler, specifically, logical The MetaCrawler example AbstractMetaCrawler for crossing creation removes to obtain data table information or collection under the data source The field information or key value information for closing information and table, for example, relevant database generally passes through DatabaseMetaData Object goes to obtain these metadata, and non-relational database can do customized development.Then, MetaCrawler returns to crawl Metadata information to MetaLoader, complete metadata and grab process.
Step S206, data right management system carry out authority configuration according to the metadata information of crawl and are matched with forming permission Confidence breath.
In one embodiment, data right management system is accessed object configuration authority configuration list, and according to quilt The attribute information of access object matches authority distribution object, permission type and the rights expression in its authority configuration list It sets to form privileges configuration information.
Illustratively illustrate data permission configuration process below with reference to table 2.As shown in table 2, data right management system root Data permission configuration order according to the transmission of rights management person is that the traffic table for needing to carry out authority configuration or set generate one A authority configuration list, includes authority distribution object, permission type and rights expression in authority configuration list, as needed also It may include but being not limited to examples cited such as authority distribution object type, rights expression description.Wherein, authority distribution Object type for example including individual, role, grouping, position, post or department etc., can also according to the granularity of authority distribution and Personnel's range of influence, is divided into different types on demand.Authority distribution object for example, according to individual, role, grouping, The single distribution object or assembly type distribution object that position, post or department are divided.Such as it is divided in table 2 according to individual Single distribution object Zhang San, according to department divide assembly type distribution object Finance Department, all employees including Finance Department.Power Type is limited for example including inquiry, modification, increase, deletion, but is not limited to examples cited.Preferably, rights expression can basis The specifically concrete operations sentence that the corresponding grammer of type of database generates, for example, being generated just if it is relevant database It is SQL conditional statement (format: field+operator+condition value, money > 10000), is exactly if it is what MongoDB was generated MongoDB sentence (format: field name+": "+condition value, such as { age:33 }).As shown in table 2, such as rights expression Money > 100000, data right management system needs to obtain field money first when generating the expression formula, then according to permission The syntax rule of configuration condition and current database in the data permission configuration order of administrator generates money > 100000 Rights expression.It is configured so that rights management person confirms that authority configuration list can also be back to data permission configuration interface Authority information, wherein rights expression describe one be for the ease of rights management person confirmation and be arranged.
Table 2
The method of above-described embodiment is obtained employment by acquiring the database information of each operation system according to the information of acquisition The relevant metadata information of database crawl authority configuration of business system, then carries out authority configuration according to the information of crawl, real Unification and centralized configuration of the data right management system to the data permission of each operation system are showed.Convenient for each business system System manages and maintains, additionally it is possible to which the flexible pipe of data permission is realized in the variation and adjustment of quick response operation system organizational structure Reason.In addition, some more complicated data permission configuration management data right management systems also can be realized.
One Application Example of data permission configuration process is as follows: rights management person logs in data right management system, The operation system and database needed to configure into the selection of data permission configuration interface, data right management system is according to The database information of each operation system of acquisition obtains database connection and is series-connected to the database, and in the database The table information of all traffic tables grabbed, table name is shown in data permission configuration interface and is selected for rights management person, power It limits administrator and selects a traffic table, data right management system grabs the field information in the traffic table, by field It is shown in data permission configuration interface to select for rights management person, rights management person selects field and inputs configuration condition, and leads to Display interface selection permission distribution object and permission type are crossed, data right management system is according to type of database, field information Rights expression is generated with configuration condition, and is associated with one privileges configuration information of generation with authority distribution object and permission type and writes Enter the authority configuration list of the traffic table, completes data permission configuration process.In the data permission configuration process, rights management Member can be selected by data permission configuration interface, can also directly input data permission configuration order;Data permission pipe Reason system is shown after can grabbing metadata for rights management person's selection, can also go to grab again after rights management person selects Corresponding metadata is taken, as long as realizing the data to multiple operation systems by method described in step 202 to step 206 The process that permission carries out unified configuration belongs to scope of protection of the present invention.
Can be seen that user from above-mentioned Application Example can be to multiple business by operation interface progress shirtsleeve operation System carries out unified data permission configuration work, is easy study, is easy to grasp.
Data right management system is also based on privileges configuration information to the data access of the user of each operation system Request carries out data access filtering, describes the situation below with reference to Fig. 5.Wherein, the authority configuration applied in data access filtering Information can be obtained using the configuration method of previous embodiment description, can also be obtained using other configurations method.
Fig. 5 is the flow chart of data access filter process one embodiment of data permission management method of the present invention.Such as Fig. 5 Shown, the method for the embodiment includes:
Step S502, user send data access request to operation system.
Wherein, the operation system to be accessed may support different type of database, therefore data access request can be with It is action statement corresponding with disparate databases, for example, if operation system supports relevant database, data access request It can be SQL statement, if operation system supports non-relational database such as MongoDB, data access request can be MongoDB sentence.
Step S503, operation system judge whether this operation system needs to carry out data according to the system filter identification of setting Access filtering thens follow the steps S504 if necessary to carry out data access filtering, if it is not required, then directly executing user's Data access request.
According to business, system filter identification is set with needing the property of can choose.It can be reduced by the way that system filter identification is arranged It is interacted between operation system and data right management system, improves system effectiveness.It is of course also possible to not be arranged in operation system Filter mark is judged, then can reduce the change to operation system.
Step S504, operation system intercept the data access request of user.
In one embodiment, the data access request of user is intercepted by configuring blocker in operation system.
A kind of application example of blocker is as follows: being that relevant database is with the type of database that operation system is supported Example, most of operation system for supporting relevant database all uses the frames such as Spring MVC, Spring, Mybatis at present, And using hierarchical design carry out system frame design, for example including Controller (control) layer, Service (service) layer, DAO (Data Access Object, data access) layer can carry out data base manipulation statement in DAO layers of setting blocker It intercepts.Operation system will for example intercept all SQL statements, can blocker Interceptor to frame carry out Configuration, the specified class object to be intercepted, the method parameter set that intercept which method of class and to be intercepted, such as Mybatis It is middle to realize the mode intercepted to all SQL statements :@Intercepts ({@Signature (type=with blocker StatementHandler.class, method=" prepare ", args={ Connection.class }) }).
Step S505 is identified in operation system setting object filter, after operation system intercepts the data access request of user, Data access request is parsed, user's traffic table to be accessed is obtained and perhaps set and checks the traffic table or set Object filter mark, if the traffic table or set need to carry out data access filtering, operation system is by the number of interception It is sent to data right management system according to access request, if the traffic table or set do not need to carry out data access filtering, Then directly execute the data access request of user.
Object filter mark is set with needing the property of can choose according to business.It is identified, can be subtracted by setting object filter It is interacted between few operation system and data right management system, improves system effectiveness.It is of course also possible to not be arranged in operation system The filter identification is judged, then can reduce the change to operation system.
The data access request of interception is sent to data right management system by step S506, operation system, correspondingly, number The data access request for the user that operation system intercepts is received according to Rights Management System.
In one embodiment, operation system calls the interface of data right management system by the data access request of interception It is sent to data right management system.The interface of data right management system for example can be Web Service interface, but unlimited In examples cited.
According to security needs, sign to the information of transmission to being also an option that property of operation system, data permission management System then carries out sign test accordingly, to guarantee the legitimacy called.According to security needs, operation system also the property of can choose pair The data access request of transmission is encrypted, and data right management system is then decrypted according to corresponding decryption method, to protect The reliability for demonstrate,proving transmission, avoids data access request from being modified in transmission process.
Step S508, data right management system obtain user's object to be accessed by parsing data access request.
Wherein, for relevant database, data right management system can know use by parsing data access request The table name of the family traffic table to be accessed, to information such as the concrete operations of traffic table;For non-relational database, data permission pipe Reason system can know user's set name to be accessed by parsing data access request, to information such as the concrete operations of set.
Step S510, data right management system search user to the access right for the object to be accessed from privileges configuration information Limit information.
In one embodiment, data right management system searches the corresponding power of the object to be accessed from privileges configuration information Configured list is limited, authority configuration list includes authority distribution object, permission type and rights expression;Data right management system User is found in the authority distribution object of authority configuration list, if the user's operation and power that include in data access request The configured permission type matching of the user in configured list is limited, then extracts the corresponding authority list of user from authority configuration list Up to formula;If matching is unsuccessful, show the permission for the operation that the user not carried out.
It can be with the mark of the unique identification user in permission by User ID etc. for example, data right management system is logical User is found in the authority distribution object of configured list.In addition, the case where searching in authority distribution object less than the user It can be performed corresponding processing according to the default setting of system down.For example, if user not in the range of authority distribution object, Can be unrestricted with the permission of the default setting user, then data access request is returned directly into operation system and executed; Alternatively, the user can not also there is no permission to the traffic table with default setting, therefore data access request is no longer back to business System executes.
Step S512, data right management system merge access authority information and data access request, and return To operation system.Wherein, the type of database of the data access request after merging and operation system is adapted.
Step S514, operation system continue with the data access request with access authority information.
Step S516, by treated, result is returned to user to operation system.
In the above-described embodiments, the data access request for the user that each operation system intercepts is sent to data permission pipe Reason system is based on privileges configuration information by data right management system and unifies the control that accesses to each operation system.It realizes Unification and centralized management of the data right management system to the data permission of each operation system, convenient for managing and maintaining.This Outside, the centralized management mode can also quick response operation system organizational structure variation and adjustment, realize the spirit of data permission Management living.
One Application Example of data access filter method is as follows: the amount of money in user's order table to be inquired is greater than 10000 order number and its corresponding amount of money, it is (false that user is converted to SQL statement after issuing data access request to operation system If database where order table is relevant database) it is SELECT ORDER_ID, PRICE from Order where PRICE>100000.Operation system is sent to data right management system, data permission management system after intercepting to the sentence It is order table that system, which parses the traffic table that the sentence knows that user to be operated, then searches the corresponding authority configuration list of order table, In The User ID is matched in authority distribution object range, obtains corresponding permission type as inquiry, rights expression area= 0001 (indicating that the user can only check that order region is the order in North China).Data right management system is by rights expression and uses The action statement at family is merged according to type of database, obtains SELECT ORDER_ID, PRICE from Order where PRICE > 100000and area=' 0001 ', and the sentence after merging is back to operation system and is executed, operation system obtains Corresponding business datum returns to leading portion, then being eventually displayed in face of user is that the amount of money is greater than 10000 and orders in order table Single region is the order number and its corresponding amount of money in North China.
The present invention also provides a kind of data right management systems, below with reference to Fig. 6 to data permission management system of the invention One embodiment of system is described.
Fig. 6 is the structure chart of data right management system one embodiment of the present invention.As shown in fig. 6, the system 60 includes: Data permission configuration module 600, for receiving data authority configuration order to traffic table in the database of each operation system into Row data authority configuration.Data permission configuration module 600 includes:
Operation system administrative unit 602, the database information for capturing service system.
Wherein, the database information for the operation system that operation system administrative unit 602 acquires includes type of database sum number It connects and goes here and there according to library.
Metadata picking unit 604, for being grabbed according to the database information of operation system from the database of the operation system Take the relevant metadata information of authority configuration.
Wherein, metadata picking unit 604, for being series-connected to the database of operation system according to database connection, and And authority configuration correlation and metadata corresponding with type of database are grabbed from the database of operation system according to type of database Information, wherein metadata information includes accessed object information and its attribute information.Due to relevant database and non-relational The metadata information of database is different, and therefore, metadata picking unit 604 is relationship type for the database in operation system In the case where database, from the relevant traffic table information of the database of operation system crawl authority configuration and its field information;In It is relevant from the database of operation system crawl authority configuration in the case that the database of operation system is non-relational database Aggregate information and key value information.Wherein, traffic table information is for example including table name, and field information is for example including field, if the word Section and digital correlation (for example, field is the amount of money, the specific number of column storage), field information can also include accuracy and small Numerical digit number etc..Similarly, aggregate information is for example including set name, and key value information is for example including key assignments, if the key assignments and digital phase It closes, key value information can also include accuracy and decimal digits etc..
Authority configuration unit 606, for carrying out authority configuration according to the metadata information of crawl to form authority configuration letter Breath.
Wherein, authority configuration unit 606, for configuring authority configuration list for accessed object, and according to accessed pair The attribute information of elephant configures with shape authority distribution object, permission type and the rights expression in its authority configuration list At privileges configuration information.Wherein, authority distribution object for example, according to individual, role, grouping, position, post or department The single distribution object or assembly type distribution object divided;Permission type for example including inquiry, modification, increase, deletion, but It is not limited to examples cited.
The embodiment of above-mentioned data right management system acquires each operation system by setting operation system administrative unit Database information, and by metadata picking unit according to acquisition information from business systems database grab authority configuration phase Then the metadata information of pass carries out authority configuration according to the information of crawl by authority configuration unit, realizes data permission pipe Unification and centralized configuration of the reason system to the data permission of each operation system, convenient for safeguarding and management, the data permission management System can also quick response operation system organizational structure variation and adjustment, realize the flexible management of data permission.In addition, one A little more complicated data permission configuration management data right management systems also can be realized.
It is illustrated below with reference to the workflow that Fig. 7 carries out data permission configuration to data right management system 60.
Step S702, authority configuration unit 606 receive the data permission configuration order that rights management person sends.Wherein, number According to include in authority configuration order rights management person to be configured operation system, database, traffic table (or set), field (or Key assignments), authority distribution object, permission type, the information such as configuration condition.These information can be by rights management person in data permission Configuration interface is selected to take the modes such as be manually entered.
Step S704, authority configuration unit 606 send operation system database information to operation system administrative unit 602 and obtain Request is taken, the information for example including the operation system to be configured in the request.
Step S706, operation system administrative unit 602 return to the operation system to be configured to authority configuration unit 606 and correspond to Database information, such as database connection string.
Step S708, authority configuration unit 606 sends metadata crawl to metadata picking unit 604 and requests, in request For example including database connection string, traffic table (or set) information to be configured etc..
Step S710, metadata picking unit 604 are series-connected to the database of operation system, crawl according to database connection The field information (or key value information of set) of traffic table, then returns to the information of crawl to authority configuration unit 606.
Step S712, authority configuration unit 606 according to the field information of the traffic table to be configured, (or believe by the key assignments of set Breath), configuration condition and type of database generate rights expression.
Step S714, authority configuration unit 606 is by the corresponding write-in of rights expression and authority distribution object, permission type Data permission configuration is completed in rights expression list.
Step S716, authority configuration unit 606 return to permission configuration result to rights management person.
From above-described embodiment as can be seen that user can be to multiple operation systems by operation interface progress shirtsleeve operation Unified data permission configuration work is carried out, study is easy, is easy to grasp.
The present invention also provides another data right management systems, are described below with reference to Fig. 8.
Fig. 8 is the structure chart of another data right management system one embodiment of the present invention.As shown in figure 8, the system 80 include: data access filtering module 800, and data access filtering module 800 includes:
Data access request receiving unit 802, the data access request of the user for receiving operation system interception.
Data access request resolution unit 804, for obtaining user's object to be accessed by parsing data access request.
Wherein, for relevant database, data access request resolution unit 804 can be with by parsing data access request The table name for knowing the traffic table that user to be accessed, to information such as the concrete operations of traffic table;For non-relational database, data Access request resolution unit 804 can know user's set name to be accessed by parsing data access request, to the tool of set The information such as gymnastics work.
Authority information acquiring unit 806, for searching user to the access right for the object to be accessed from privileges configuration information Limit information.
Wherein, authority information acquiring unit 806, for searching the corresponding permission of the object to be accessed from privileges configuration information Configured list, authority configuration list include authority distribution object, permission type and rights expression;In the power of authority configuration list User is found in limit distribution object, if the user in the user's operation for including in data access request and authority configuration list Configured permission type matching, then state and extract the corresponding rights expression of user in authority configuration list.
Authority information processing unit 808 for merging access authority information and data access request, and is back to Operation system, so that operation system continues with the data access request with access authority information.
As shown in figure 8, data access filtering module 800 can also include: authentication unit 810 according to security needs, it is used for After the data access request that data access request receiving unit receives the user of operation system interception, asked in data access Before asking resolution unit to be parsed, the legitimacy of operation system is verified, if the verification passes, data access request solution Analysis unit 804 parses data access request.By the way that authentication unit is arranged to operation system in data right management system It is verified, it is ensured that the legitimacy of calling improves the safety of system.
According to security needs, data access filtering module 800 can also include: decryption unit 812, in data access After request reception unit receives the data access request of the user of operation system interception, in data access request resolution unit Before being parsed, received data access request is decrypted, if successful decryption, data access request resolution unit 804 pairs of data access requests parse.By data right management system be arranged decryption unit to data access request into Row decryption can guarantee the reliability of transmission, and data access request is avoided to be modified in transmission process.
The system 80 as shown in Figure 8 can also include the data permission configuration module 600 in previous embodiment.
Data access request receiving unit receives each operation system hair in the embodiment of above-mentioned data right management system The data access request of the user for the interception sent parses data access request by data access request resolution unit, Authority information acquiring unit obtains the access authority information of user's object to be accessed, and will finally be visited by authority information processing unit Ask that authority information is merged with data access request, and be back to operation system, realize it is unified to each operation system into Row access control.Further, data permission configuration module above-mentioned can also be set in the data right management system, realized Unification and centralized configuration to the data permission of each operation system strengthen the unified pipe to each operation system data permission Reason, in addition, data right management system can also quick response operation system organizational structure variation and adjustment, realize data power The flexible management of limit.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (13)

1. a kind of data permission management method characterized by comprising
Data right management system receives the data access request for the user that operation system intercepts;Wherein, operation system is multiple;
The data right management system obtains the user object to be accessed by parsing the data access request;
The data right management system searches the user to the access right of the object to be accessed from privileges configuration information Limit information includes:
The data right management system searches the corresponding authority configuration list of the object to be accessed from privileges configuration information, The authority configuration list includes authority distribution object, permission type and rights expression;The data right management system exists The user is found in the authority distribution object of the authority configuration list, if the use for including in the data access request Family operates the permission type configured with the user in the authority configuration list and matches, then mentions from the authority configuration list Take the corresponding rights expression of the user;
The data right management system merges the access authority information and the data access request, and is back to The operation system, so that the operation system continues with the data access request with access authority information;Wherein, merge The type of database of data access request and operation system afterwards is adapted, and type of database includes: relevant database and non- Relevant database.
2. the method according to claim 1, wherein further include:
The database information of the data right management system capturing service system;
The data right management system is grabbed according to the database information of the operation system from the database of the operation system Take the relevant metadata information of authority configuration;
The data right management system carries out authority configuration according to the metadata information of crawl to form privileges configuration information.
3. according to the method described in claim 2, it is characterized in that,
Wherein, the database information of the operation system of the data right management system acquisition includes type of database and database Connection string;
The data right management system is grabbed according to the database information of the operation system from the database of the operation system The relevant metadata information of authority configuration is taken to include:
The data right management system is series-connected to the database of operation system according to database connection, and according to institute Type of database is stated from the database of operation system crawl authority configuration correlation and member corresponding with the type of database Data information, wherein the metadata information includes accessed object information and its attribute information.
4. according to the method described in claim 2, it is characterized in that,
Wherein, the metadata information includes accessed object information and its attribute information;
The data right management system carries out authority configuration according to the metadata information of crawl
The data right management system is the accessed object configuration authority configuration list, and according to the accessed object Attribute information to authority distribution object, permission type and the rights expression in its authority configuration list configured with formed Privileges configuration information.
5. the method according to claim 1, wherein
Operation system judges whether this operation system needs to carry out data access filtering according to the system filter identification of setting, if It needs to carry out data access filtering, then the data access request of user is intercepted;
Alternatively, judging the user according to the object filter of setting mark after the data access request of operation system interception user Whether the object to be accessed needs to carry out data access filtering, if necessary to carry out data access filtering, then weighs to the data It limits management system and sends the data access request.
6. a kind of data permission management method characterized by comprising
The database information of data right management system capturing service system;Wherein, operation system is multiple, database information packet Include: type of database connects string with database, and type of database includes: relevant database and non-relational database;
The data right management system is grabbed according to the database information of the operation system from the database of the operation system The relevant metadata information of authority configuration is taken to include:
The data right management system is series-connected to the database of operation system according to database connection, and according to institute Type of database is stated from the database of operation system crawl authority configuration correlation and member corresponding with the type of database Data information, wherein the metadata information includes accessed object information and its attribute information;Wherein, the number of operation system It is different according to the different corresponding metadata informations of storage mode;
The data right management system carries out authority configuration according to the metadata information of crawl to form privileges configuration information.
7. according to the method described in claim 6, it is characterized in that,
The data right management system carries out authority configuration according to the metadata information of crawl
The data right management system is the accessed object configuration authority configuration list, and according to the accessed object Attribute information to authority distribution object, permission type and the rights expression in its authority configuration list configured with formed Privileges configuration information.
8. a kind of data right management system characterized by comprising data access filtering module, and/or, data permission is matched Set module;
The data access filtering module includes:
Data access request receiving unit, the data access request of the user for receiving operation system interception;Wherein, business system System is multiple;
Data access request resolution unit, for obtaining the user pair to be accessed by parsing the data access request As;
Authority information acquiring unit, for searching the user to the access right of the object to be accessed from privileges configuration information Limit information includes: that the data right management system is searched the corresponding permission of the object to be accessed from privileges configuration information and matched List is set, the authority configuration list includes authority distribution object, permission type and rights expression;The data permission management System finds the user in the authority distribution object of the authority configuration list, if wrapped in the data access request The user's operation contained the permission type configured with the user in the authority configuration list matches, then arranges from the authority configuration The corresponding rights expression of the user is extracted in table;
Authority information processing unit for merging the access authority information and the data access request, and returns To the operation system, so that the operation system continues with the data access request with access authority information;Wherein, it closes The type of database of data access request and operation system after and is adapted, type of database include: relevant database and Non-relational database
The data permission configuration module includes:
Operation system administrative unit, the database information for capturing service system;Wherein, database information includes: database Type connects string with database;
Metadata picking unit, for being grabbed according to the database information of the operation system from the database of the operation system The relevant metadata information of authority configuration includes: the database that operation system is series-connected to according to database connection, and It is related from the database of operation system crawl authority configuration according to the type of database and with the type of database pair The metadata information answered, wherein the metadata information includes accessed object information and its attribute information;Wherein, business system The different corresponding metadata informations of the data storage method of system are different;
Authority configuration unit, for carrying out authority configuration according to the metadata information of crawl to form privileges configuration information.
9. data right management system according to claim 8, which is characterized in that wherein, the metadata information includes Accessed object information and its attribute information;
The authority configuration unit, for configuring authority configuration list for the accessed object, and according to described accessed pair The attribute information of elephant configures with shape authority distribution object, permission type and the rights expression in its authority configuration list At privileges configuration information.
10. a kind of business management system characterized by comprising operation system and the described in any item numbers of claim 8-9 According to Rights Management System;
The operation system is intercepted for the data access request to user, by the data access request of the user of interception Be sent to the data right management system, and receive that the data right management system returns with access authority information Data access request continues with.
11. business management system according to claim 10, which is characterized in that
The operation system is also used to judge whether this operation system needs to carry out data visit according to the system filter identification of setting Ask filtering, if it is desired, then intercept to the data access request of user;Alternatively, after the data access request of interception user, Judge whether the object that the user to be accessed needs to carry out data access filtering according to the object filter of setting mark, if needed Data access filtering is carried out, then sends the data access request to the data right management system.
12. a kind of data right management system, comprising:
Memory;And
It is coupled to the processor of the memory, the processor is configured to based on the finger being stored in the memory devices It enables, executes such as the described in any item data permission management methods of claim 1-7.
13. a kind of computer readable storage medium, is stored thereon with computer program, wherein when the program is executed by processor The step of realizing any one of claim 1-7 the method.
CN201610225858.7A 2016-04-13 2016-04-13 Data permission management method, data right management system and business management system Active CN105912949B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610225858.7A CN105912949B (en) 2016-04-13 2016-04-13 Data permission management method, data right management system and business management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610225858.7A CN105912949B (en) 2016-04-13 2016-04-13 Data permission management method, data right management system and business management system

Publications (2)

Publication Number Publication Date
CN105912949A CN105912949A (en) 2016-08-31
CN105912949B true CN105912949B (en) 2019-11-05

Family

ID=56746694

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610225858.7A Active CN105912949B (en) 2016-04-13 2016-04-13 Data permission management method, data right management system and business management system

Country Status (1)

Country Link
CN (1) CN105912949B (en)

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778341A (en) * 2016-12-02 2017-05-31 华北计算技术研究所(中国电子科技集团公司第十五研究所) data right management system and method
CN106778310A (en) * 2016-12-26 2017-05-31 北京恒华伟业科技股份有限公司 A kind of data managing method and system
CN107025411B (en) * 2017-03-22 2019-11-26 红有软件股份有限公司 A kind of system and method for fine-grained data permission dynamic control
CN107133505B (en) * 2017-03-30 2020-07-31 武汉斗鱼网络科技有限公司 Authority management method, authentication method and system
CN108268798B (en) * 2017-06-30 2023-09-05 勤智数码科技股份有限公司 Data item authority allocation method and system
CN107563206A (en) * 2017-07-18 2018-01-09 北京奥鹏远程教育中心有限公司 Unified rights method of servicing and system
CN107358122A (en) * 2017-07-24 2017-11-17 郑州云海信息技术有限公司 The access management method and system of a kind of data storage
CN107679414A (en) * 2017-09-25 2018-02-09 用友网络科技股份有限公司 Data permission management method, device, computer equipment and readable storage medium storing program for executing
CN107895123A (en) * 2017-11-13 2018-04-10 医渡云(北京)技术有限公司 Data access authority control method and device, method for managing user right
CN107943523B (en) * 2017-11-15 2021-03-16 中国银行股份有限公司 User permission judgment method and device for electronic bank
CN107908973A (en) * 2017-11-22 2018-04-13 中国南方电网有限责任公司超高压输电公司 A kind of dynamic data authority control method based on AOP technologies
CN108173839B (en) * 2017-12-26 2021-07-09 北京奇虎科技有限公司 Authority management method and system
CN108737371A (en) * 2018-04-08 2018-11-02 努比亚技术有限公司 Hive data access control methods, server and computer storage media
CN109766686A (en) * 2018-04-25 2019-05-17 新华三大数据技术有限公司 Rights management
CN109241358A (en) * 2018-08-14 2019-01-18 中国平安财产保险股份有限公司 Metadata management method, device, computer equipment and storage medium
CN109298854B (en) * 2018-09-13 2021-05-18 南京国电南自轨道交通工程有限公司 Method for realizing remote control authorization function of monitoring system
CN111125642B (en) * 2018-10-31 2022-06-03 北京数聚鑫云信息技术有限公司 Method and device for managing API, storage medium and computer equipment
CN109815731A (en) * 2018-12-29 2019-05-28 深圳云天励飞技术有限公司 Permission processing method and relevant device
CN111385264A (en) * 2018-12-29 2020-07-07 卓望数码技术(深圳)有限公司 Communication service data access system and method
CN110188089B (en) * 2019-05-31 2021-07-27 杭州安恒信息技术股份有限公司 Database operation and maintenance management and control method and device
CN110188250A (en) * 2019-06-03 2019-08-30 政采云有限公司 A kind of generation method and device of query statement
CN110347747A (en) * 2019-06-14 2019-10-18 平安科技(深圳)有限公司 Database data synchronic method, system, computer equipment and storage medium
CN112241418B (en) * 2019-07-17 2023-04-18 金篆信科有限责任公司 Distributed database preprocessing method, agent layer, system and storage medium
CN110727930B (en) * 2019-10-12 2022-07-19 推想医疗科技股份有限公司 Authority control method and device
CN110968602A (en) * 2019-11-29 2020-04-07 曙光信息产业股份有限公司 Data query method and device and storage medium
CN110968568B (en) * 2019-12-04 2023-08-18 常熟理工学院 Database management system
CN110889142B (en) * 2019-12-20 2022-08-26 中国银行股份有限公司 Data authority management method, device, system and equipment
CN111177246B (en) * 2019-12-27 2023-03-14 腾讯云计算(北京)有限责任公司 Service data processing method and device
CN111079188B (en) * 2019-12-27 2022-04-15 苏州海管家物流科技有限公司 mybatis field encryption and decryption device and encryption and decryption system
CN111339507A (en) * 2020-02-24 2020-06-26 杭州数梦工场科技有限公司 Method, system, equipment and readable storage medium for processing access request
CN112347124A (en) * 2020-11-12 2021-02-09 浙江百应科技有限公司 Metadata management platform and metadata management method
CN112632625A (en) * 2020-12-31 2021-04-09 深圳昂楷科技有限公司 Database security gateway system, data processing method and electronic equipment
CN113114635A (en) * 2021-03-25 2021-07-13 北京金山云网络技术有限公司 Authority management method and system
CN113285933A (en) * 2021-05-13 2021-08-20 京东数字科技控股股份有限公司 User access control method and device, electronic equipment and storage medium
CN113190870A (en) * 2021-05-27 2021-07-30 新华三技术有限公司 Redis database access authority control method and device
CN114021108A (en) * 2021-10-13 2022-02-08 百安居信息技术(上海)有限公司 Cross-application data authority management, configuration and control method and device
CN114692208B (en) * 2022-05-31 2022-09-27 中建电子商务有限责任公司 Processing method of data query service authority

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103049684A (en) * 2012-12-21 2013-04-17 大唐软件技术股份有限公司 Data authority control method and data authority control system based on RBAC (role-based access control) model extension
CN103078859A (en) * 2012-12-31 2013-05-01 普天新能源有限责任公司 Service system authority management method, equipment and system
CN104156640A (en) * 2014-08-01 2014-11-19 浪潮软件股份有限公司 Data access right control method
CN105262780A (en) * 2015-11-27 2016-01-20 国网信息通信产业集团有限公司 Authority control method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103049684A (en) * 2012-12-21 2013-04-17 大唐软件技术股份有限公司 Data authority control method and data authority control system based on RBAC (role-based access control) model extension
CN103078859A (en) * 2012-12-31 2013-05-01 普天新能源有限责任公司 Service system authority management method, equipment and system
CN104156640A (en) * 2014-08-01 2014-11-19 浪潮软件股份有限公司 Data access right control method
CN105262780A (en) * 2015-11-27 2016-01-20 国网信息通信产业集团有限公司 Authority control method and system

Also Published As

Publication number Publication date
CN105912949A (en) 2016-08-31

Similar Documents

Publication Publication Date Title
CN105912949B (en) Data permission management method, data right management system and business management system
Biswas et al. Interoperability and synchronization management of blockchain-based decentralized e-health systems
US10193953B2 (en) Self describing configuration
US20240289479A1 (en) System supporting operations on securely commingling self-governing data sets from a plurality of publishers
EP3356964B1 (en) Policy enforcement system
US10972506B2 (en) Policy enforcement for compute nodes
US10586061B2 (en) Federated search
CA3025404C (en) Defining application programming interfaces (apis) using object schemas
US10592684B2 (en) Automatic operation detection on protected field
US10496837B2 (en) Support sharing the same table for protected and non-protected data columns
EP3365832B1 (en) Self describing configuration with support for sharing data tables
US10180984B2 (en) Pivot facets for text mining and search
CN110023923A (en) It generates data and converts workflow
CN109918378B (en) Remote sensing data storage method and storage system based on block chain
CN106547766A (en) A kind of data access method and device
CN105993011A (en) Pattern matching across multiple input data streams
JP7165715B2 (en) Automatic motion detection on protected fields with support for federated search
US20230018975A1 (en) Monolith database to distributed database transformation
KR20170118116A (en) Query the data source on the network
US11580250B2 (en) Efficient traversal of hierarchical datasets
EP3188072B1 (en) Systems and methods for automatic and customizable data minimization of electronic data stores
CN108829879A (en) A kind of charging pile data monitoring method
CN113918149A (en) Interface development method and device, computer equipment and storage medium
CN114003634A (en) Big data analysis and retrieval system and method based on ES technology
Li et al. Fedsa: A data federation platform for law enforcement management

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant