CN106649772A - Method and equipment for accessing data - Google Patents
Method and equipment for accessing data Download PDFInfo
- Publication number
- CN106649772A CN106649772A CN201611227355.XA CN201611227355A CN106649772A CN 106649772 A CN106649772 A CN 106649772A CN 201611227355 A CN201611227355 A CN 201611227355A CN 106649772 A CN106649772 A CN 106649772A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- authorized user
- database
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
Abstract
The application aims to provide a method and equipment for accessing data. A management equipment terminal acquires an authorized user list set by an administrator, wherein the authorized user list comprises an authorized user, data information checked by the authorized user right and a corresponding access time limit, so that right management on data information in a database is effectively realized. When a user needs to access the data information in the database, management equipment receives a data access request sent by the user; and then the management equipment judges whether the user is the authorized user in the authorized user list or not based on the data access request; if so, whether the access time of the data access request is in the corresponding access time limit or not is judged, if so, the data information checked by the corresponding authorized user right is sent to the user. Data are directionally issued to the authorized user with the access right, the efficiency of uniformly managing the data access right is further improved, and meanwhile, the data safety is guaranteed.
Description
Technical field
The application is related to computer realm, more particularly to a kind of method and apparatus for accessing data.
Background technology
With the development of the 3rd platform with cloud computing, big data, movement and social activity as principal character, data become
The core driver of enterprise, enterprise also becomes the core component of its competitiveness for the use of data.In enterprise more
It is used in more purposes come more data, for example exploitation, test, quality management and control, data analysis, report generation etc..
The constructive ways of the data used in enterprise are typically all keeper by the number in the database on production line
According to what is obtained after being backed up, the Backup Data that backup is obtained is sent to different data and is made by keeper based on different purposes
Use personnel.Because the distribution of data is all independent and dispersion is carried out, because the distribution of Backup Data is completed by keeper,
And all carried out by way of data copy, so the flow process of the distribution of Backup Data and actual request for data is separation
, cause the distribution flow of Backup Data chaotic;Again because data have become enterprise-essential and core assets, and
The use scene of data and user of service all rapidly increasing, so for who using which data or be able to can not be used
Which data should have clearly control of authority.And prior art can only only from rule for the rights management of Backup Data
Aspect is limited up, and but rule can not be attached in actual Backup Data use, causes the management of data permission just as void
If, it is impossible to the purpose for allowing correct people to use correct data is reached, the difficulty of kernel business system is increased.Again due to backup
Chaotic and data usage rights the management of the distribution flow of data is poorly efficient, and causing the distribution flow and access right of data can not obtain
To clear and strict control, the security for causing the core data of enterprise cannot be guaranteed.
The content of the invention
One purpose of the application is to provide a kind of method and apparatus of access data, solves in prior art to database
In data be distributed during, caused data distribution is chaotic, the problem that the management of data access authority is poorly efficient, while making
Into the low problem of the security of data.
According to the one side of the application, there is provided a kind of method for accessing data at management equipment end, the method includes:
The list of authorized users of Administrator is obtained, wherein, the list of authorized users includes authorized user, authorizes and use
Data message, the corresponding access time limit checked in the authority of family;
The data access request that receive user sends;
Judge that whether the user is the authorized user in the list of authorized users based on the data access request,
If so, then judge that the access time of the data access request, if so, will be right whether within the corresponding access time limit
The data message checked in the authorized user's authority answered is sent to the user.
Further, it is described to judge whether the user is described awarding based on the data access request in said method
After authorized user in power user list, also include:
If it is not, then returning authority to the user based on the data access request does not open information.
Further, in said method, after the list of authorized users for obtaining Administrator, also include:
Obtain and looked into the hosted environment parameter information and authorized user's authority of the preset authorized user of keeper
The corresponding database environment parameter information of data message seen.
Further, it is described that the data message checked in corresponding authorized user's authority is sent into institute in said method
While stating user, also include:
The hosted environment parameter information and the database environment parameter information are sent into the user.
Further, in said method, methods described also includes:
Operation is updated to the list of authorized users, and operates corresponding renewal Operation Log to send described renewal
To audit device.
Further, in said method, the renewal Operation Log includes following at least any one:
The deletion day for changing daily record and data access authority for creating daily record, data access authority of data access authority
Will.
According to further aspect of the application, there is provided a kind of method for accessing data at authorized user device end, wherein,
Methods described includes:
Data access request is sent to management equipment, so that the management equipment judges institute based on the data access request
Whether be authorized user in the list of authorized users, when if so, then judging the access of the data access request if stating user
Between whether within the corresponding access time limit, wherein, the list of authorized users includes authorized user, checks in authorized user's authority
Data message, corresponding access time limit;
The management equipment is received based on the data access request, is checked in corresponding authorized user's authority of return
Data message;
Within the access time limit, operation is carried out to the data message and obtains Operation Log, and by the Operation Log
It is sent to audit device.
Further, it is described to send after data access request to management equipment in said method, also include:
Receive the management equipment and information is not opened based on the authority that the data access request is returned.
Further, it is described to receive the management equipment and be based on the data access request in said method, return it is right
While the data message checked in the authorized user's authority answered, also include:
Receive hosted environment parameter information and database environment parameter information that the management equipment sends.
Further, it is described within the access time limit in said method, operation is carried out to the data message and is grasped
Make daily record, and the Operation Log is sent into audit device, including:
Local host is configured based on the hosted environment parameter information;
Within the access time limit, based on the database environment parameter information, create described in the local host
The corresponding database instance of data message;
Operation is carried out to the database instance and obtains Operation Log, and the Operation Log is sent into audit device.
Further, it is described operation is carried out to the database instance to obtain Operation Log in said method, and will be described
Operation Log is sent to audit device, including:
The corresponding database positioning of the database instance is operated, state Operation Log is obtained, and by the shape
State Operation Log is sent to the audit device.
Further, it is described operation is carried out to the database instance to obtain Operation Log in said method, and will be described
Operation Log is sent to audit device, including:
The data message corresponding to the database instance is operated, and obtains data manipulation daily record, and will be described
Data manipulation daily record is sent to the audit device.
According to further aspect of the application, there is provided a kind of management equipment of access data, wherein, the management equipment
Including:
Acquisition device, for obtaining the list of authorized users of Administrator, wherein, the list of authorized users includes awarding
Data message, the corresponding access time limit checked in power user, authorized user's authority;
Request reception device, for the data access request that receive user sends;
Dispensing device is authorized, for judging whether the user is authorized user's row based on the data access request
Authorized user in table,
If so, then judge that the access time of data access request, if so, will be corresponding whether within the corresponding access time limit
The data message checked in authorized user's authority is sent to the user.
Further, in above-mentioned management equipment, the mandate dispensing device is additionally operable to:
If it is not, then returning authority to the user based on the data access request does not open information.
Further, in above-mentioned management equipment, the acquisition device is additionally operable to:
Obtain and looked into the hosted environment parameter information and authorized user's authority of the preset authorized user of keeper
The corresponding database environment parameter information of data message seen.
Further, in above-mentioned management equipment, the mandate dispensing device is additionally operable to:
The hosted environment parameter information and the database environment parameter information are sent into the user.
Further, in above-mentioned management equipment, the management equipment also includes:
Dispensing device is updated, for being updated operation to the list of authorized users, and operation correspondence is updated by described
Renewal Operation Log be sent to audit device.
Further, in above-mentioned management equipment, the renewal Operation Log includes following at least any one:
The deletion day for changing daily record and data access authority for creating daily record, data access authority of data access authority
Will.
According to further aspect of the application, there is provided a kind of authorized user device of access data, wherein, the mandate
User equipment includes:
Send-request unit, for sending data access request to management equipment, so that the management equipment is based on described
Data access request judges that whether the user is the authorized user in the list of authorized users, if so, then judges the number
According to the access time of access request whether within the corresponding access time limit, wherein, the list of authorized users include authorized user,
Data message, the corresponding access time limit checked in authorized user's authority;
Data sink, for receiving the management equipment based on the data access request, the corresponding of return is awarded
The data message checked in power user right;
Operation dispensing device, within the access time limit, carrying out operation to the data message and obtaining Operation Log,
And the Operation Log is sent into audit device.
Further, in above-mentioned authorized user device, the send-request unit is additionally operable to:
Receive the management equipment and information is not opened based on the authority that the data access request is returned.
Further, in above-mentioned authorized user device, the data sink is additionally operable to:
Receive hosted environment parameter information and database environment parameter information that the management equipment sends.
Further, in above-mentioned authorized user device, the operation dispensing device is used for:
Local host is configured based on the hosted environment parameter information;
Within the access time limit, based on the database environment parameter information, create described in the local host
The corresponding database instance of data message;
Operation is carried out to the database instance and obtains Operation Log, and the Operation Log is sent into audit device.
Further, in above-mentioned authorized user device, the operation dispensing device is used for:
The corresponding database positioning of the database instance is operated, state Operation Log is obtained, and by the shape
State Operation Log is sent to the audit device.
Further, in above-mentioned authorized user device, the operation dispensing device is used for:
The data message corresponding to the database instance is operated, and obtains data manipulation daily record, and will be described
Data manipulation daily record is sent to the audit device.
Compared with prior art, the list of authorized users that the application passes through acquisition Administrator at management equipment end, its
In, the list of authorized users includes data message, the corresponding access time limit checked in authorized user, authorized user's authority,
Realizing will have the authorized user of data accessed in the database, data message checked in authorized user's authority, corresponding
Accessing the time limit is bound, authorized user list, and then is realized and carried out effective land ownership to the data message in database
Limit management;When user needs to access the data message in database, data access request is sent to management equipment so that described
The data access request that management equipment receive user sends;Then the management equipment judges institute based on the data access request
Whether be authorized user in the list of authorized users, when if so, then judging the access of the data access request if stating user
Between whether within the corresponding access time limit, if so, the data message checked in corresponding authorized user's authority is sent to described
User, realizes effective management of the access rights to the data message in database so that the mandate with access rights is used
The data message that can be checked in authorized user's authority that family could access in database, not only realizes data orientation and is distributed to tool
There is the authorized user of access rights, also improve the efficiency being managed collectively to data access authority, while ensure that data
Security.
Description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, the application other
Feature, objects and advantages will become more apparent upon:
Fig. 1 illustrates a kind of flow chart of the method that data are accessed at management equipment end according to the application one side;
Fig. 2 is illustrated according to further aspect of the application, there is provided a kind of side that data are accessed at authorized user device end
The flow chart of method;
Fig. 3 is illustrated according to further aspect of the application, there is provided a kind of system architecture figure of access data;
Fig. 4 is illustrated according to a kind of in the access data procedures at authorized user device end of further aspect of the application
WEB tools interfaces schematic diagrames;
Fig. 5 illustrates a kind of structural representation of the management equipment of the access data according to the application one side
Fig. 6 is illustrated according to further aspect of the application, there is provided a kind of knot of the square authorized user device of access data
Structure schematic diagram.
Same or analogous reference represents same or analogous part in accompanying drawing.
Specific embodiment
The application is described in further detail below in conjunction with the accompanying drawings.
In one typical configuration of the application, terminal, the equipment of service network and trusted party include one or more
Processor (CPU), input/output interface, network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes that permanent and non-permanent, removable and non-removable media can be by any method
Or technology is realizing information Store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, magnetic disk storage or other magnetic storage apparatus or
Any other non-transmission medium, can be used to store the information that can be accessed by a computing device.Define according to herein, computer
Computer-readable recording medium does not include non-temporary computer readable media (transitory media), the such as data-signal and carrier wave of modulation.
Fig. 1 illustrates a kind of flow chart of the method that data are accessed at management equipment end according to the application one side, should
For database data using the management equipment end in system, the method includes:Step S11, step S12 and step S13, its
In,
Step S11, obtains the list of authorized users of Administrator, wherein, the list of authorized users includes awarding
Data message, the corresponding access time limit checked in power user, authorized user's authority;For example, in management equipment, in database
Data by before use, the right to use authority of the data of database is dynamically given to mandate and is used by the keeper of database
Family, make authorized user it is corresponding access the time limit in, corresponding data message can be checked, realize by the distribution of data with award
Power user list is bound, the specification distribution flow of data, and then realizes and have to the data message in database
Effect ground rights management, certainly, can also be including the source of the data message checked in authorized user's authority in the list of authorized users
The purpose database that database and authorized user are located, to realize the accurate mandate for using of database data;
Step S12, the data access request that receive user sends;For example, need to access in database in user A
During data message D1, to management equipment data access request is sent so that the data that the management equipment receive user sends are visited
Ask request;
Then step S13, judges whether the user is authorized user's row based on the data access request
Authorized user in table, if so, then judges the access time of the data access request whether within the corresponding access time limit, if
It is that the data message checked in corresponding authorized user's authority is sent into the user.For example, management equipment is based on the visit
Ask that request judges that whether the user A is the authorized user in the list of authorized users, if if, then continue to judge described in
Whether the access time of data access request is accessed in the time limit corresponding, if if, just by corresponding authorized user's authority
The interior data message D1 that can be checked is sent to the user A, realizes the access rights to the data message in database
Effectively management so that the authorized user with access rights could access awarding in database within the restricted access time limit
The data message that can be checked in power user right, not only realizes data orientation and is distributed to the authorized user with access rights,
The efficiency being managed collectively to data access authority is also improved, while ensure that the security of the data in database.
Further, step S13 judges whether the user is that described mandate is used based on the data access request
After authorized user in the list of family, also include:
If it is not, then returning authority to the user based on the data access request does not open information.For example, the step
S13 judges that whether the user A is the authorized user in the list of authorized users based on the access request, if not,
Then illustrate that the user A does not have the authority for accessing the data in database, i.e. not oriented user A of keeper opens access
The authority of the data message in database, then data access request of step S13 based on the user A for receiving is to described
User A returns authority and does not open information, to inform that the user A does not have the access right for accessing the data message in database
Limit.
Further, step S11 is obtained after the list of authorized users of Administrator, is also included:
Obtain and looked into the hosted environment parameter information and authorized user's authority of the preset authorized user of keeper
The corresponding database environment parameter information of data message seen.
It should be noted that the hosted environment parameter information for configuring the main frame that the authorized user uses can include
But it is not limited to include following at least any one:Hostname, host IP address (Internet Protocol Address, interconnection
FidonetFido address), OS Type, operating system account and operating system password.Certainly, other are existing or from now on may
The hosted environment parameter information for configuring the main frame that the authorized user uses for occurring such as is applicable to the application,
Within the application protection domain should be included in, and here is incorporated herein by reference.
It should be noted that for configuring the corresponding source database of the data message and the corresponding database of authorized user
Database environment parameter information can include following at least any one:Database-name, type of database,
Database instance title (SID), database account and database password.Certainly, other institutes that are existing or being likely to occur from now on
State for configuring the corresponding source database of the data message and the corresponding wide area information server ambient parameter letter of authorized user
Breath is such as applicable to the application, also should be included within the application protection domain, and here is incorporated herein by reference.
In the embodiment of the application one, database data using in system, Administrator list of authorized users it
Afterwards, can also the preset authorized user hosted environment parameter information and authorized user's authority in the data message pair checked
The database environment parameter information answered so that step S11 is also obtained after the list of authorized users for obtaining Administrator
Take the data letter checked in the hosted environment parameter information and authorized user's authority of the preset authorized user of keeper
Corresponding database environment parameter information is ceased, during data use, authorized user device being capable of Intrusion Detection based on host so as to subsequently
Ambient parameter information and corresponding database environment parameter information, to entering for the data message that can check in authorized user's authority
Row is accessed and/operation.
Further, the data message checked in corresponding authorized user's authority is sent to the use by step S13
While family, also include:
The hosted environment parameter information and the database environment parameter information are sent into the user.
In the embodiment of the application one, the data message that step S13 is checked in by corresponding authorized user's authority is sent out
While giving the user A of the authorized user belonged in the list of authorized users, the preset master that will be also obtained
Machine ambient parameter information and the database environment parameter information are sent to the user A, so that the follow-up user A is based on institute
Hosted environment parameter information and the database environment parameter information are stated to the data message checked in authorized user's authority
Operated, realize by the hosted environment parameter information and database environment parameter information of preset authorized user exactly under
It is sent to corresponding authorized user, it is ensured that the security of follow-up data information operation.
Further, a kind of method for accessing data at management equipment end that the application is provided also includes step S14, its
In, step S14 includes:Operation is updated to the list of authorized users, and described renewal is operated into corresponding renewal
Operation Log is sent to audit device.For example, because the authorized user in list of authorized users could access within the access time limit
Corresponding data message, so that with the change of time, step S14 can be updated operation to the list of authorized users,
The data message in the database that authorized user can only could use mandate within the access time limit bound therewith can be realized, if
More than the access time limit, then the access rights of the authorized user can be withdrawn such that it is able to which easily control has access database
Data authorized user access the time limit in use or operating right in data message so that the data permission of database
Management becomes apparent from effectively and ensure that the security of data;Step S14 is being updated operation to list of authorized users
When, the corresponding renewal Operation Log of renewal operation can be also recorded, and the renewal Operation Log is sent into design equipment, with after an action of the bowels
The data which user accesses data storehouse continuous audit device can find in by the renewal Operation Log of auditing be it is legal or
Person is illegal, if illegal then audit device can be reported to the police, to allow management equipment to process the user.
It should be noted that the renewal Operation Log can include following at least any one:Data
The modification daily record and the deletion daily record of data access authority etc. that create daily record, data access authority of access rights.It is wherein described
Create the authorized user that daily record includes establishment, data message, the source number of the data message checked in authorized user's authority
According to the target database belonging to storehouse and authorized user and corresponding access time limit etc.;The modification daily record bag of the data access authority
Modification, the corresponding source database of amended data message of data message for include authorized user, checking in authorized user's authority
With the modification in the target database belonging to authorized user and corresponding access time limit;The deletion daily record bag of the data access authority
The deletion of data message of include the deletion of authorized user, checking in authorized user's authority, the source database of the data message, award
Target database and the deletion in corresponding access time limit belonging to power user.Certainly, other are existing or are from now on likely to occur
It is described to be such as applicable to the application for configuring the renewal Operation Log, also should be included within the application protection domain, and
Here is incorporated herein by reference.
Fig. 2 is illustrated according to further aspect of the application, there is provided a kind of side that data are accessed at authorized user device end
The flow chart of method, is applied to the data of database using the management equipment end in system, and the method includes:Step S21, step
S22 and step S23, wherein,
Step S21, to management equipment data access request is sent, so that the management equipment is visited based on the data
Ask that request judges that whether the user is the authorized user in the list of authorized users, if so, then judge the data access
Whether the access time of request is accessed in the time limit corresponding, wherein, the list of authorized users includes authorized user, authorizes and use
Data message, the corresponding access time limit checked in the authority of family;
Step S22, receives the management equipment and is based on the data access request, the corresponding authorized user of return
The data message checked in authority;
Step S23, within the access time limit, operation is carried out to the data message and obtains Operation Log, and will
The Operation Log is sent to audit device, realizes authorized user device when needing to access the data in database, obtains
The data message checked in the current grant user right sended over to management equipment, and accessing in the time limit, to the number
It is believed that breath carries out operation and obtains Operation Log, realize data message and be accurately issued to corresponding authorized user, it is ensured that visit
The security of data message is asked, and Operation Log is sent into audit device, so that audit device is examined the Operation Log
Meter judges.
Further, step S21 is sent after data access request to management equipment, is also included:Receive the pipe
Reason equipment does not open information based on the authority that the data access request is returned.For example, when user A needs to access in database
During a certain data message, data access request is sent to management equipment, so that management equipment is judged based on the data access request
Whether the user A is the authorized user in the list of authorized users, if the user A is not awarding in the list of authorized users
Power user, then illustrate that the user A does not have the authority for accessing the data in database, i.e. not oriented user A of keeper
The authority for accessing the data message in database is opened, management equipment can be based on the data access request to user's A returning rights
Limit does not open information, and it is not open-minded based on the authority that the data access request is returned that the user A can receive the management equipment
Information, it is ensured that data will not be conducted interviews by the user without access rights, it is ensured that the security of database corresponding data.
Further, step S22 receives the management equipment and is based on the data access request, return it is corresponding
While the data message checked in authorized user's authority, also include:
Receive hosted environment parameter information and database environment parameter information that the management equipment sends.
It should be noted that the hosted environment parameter information for configuring the main frame that the authorized user uses can include
But it is not limited to include following at least any one:Hostname, host IP address (Internet Protocol Address, interconnection
FidonetFido address), OS Type, operating system account and operating system password.Certainly, other are existing or from now on may
The hosted environment parameter information for configuring the main frame that the authorized user uses for occurring such as is applicable to the application,
Within the application protection domain should be included in, and here is incorporated herein by reference.
It should be noted that for configuring the corresponding source database of the data message and the corresponding database of authorized user
Database environment parameter information can include following at least any one:Database-name, type of database,
Database instance title (SID), database account and database password.Certainly, other institutes that are existing or being likely to occur from now on
State for configuring the corresponding source database of the data message and the corresponding wide area information server ambient parameter letter of authorized user
Breath is such as applicable to the application, also should be included within the application protection domain, and here is incorporated herein by reference.
In the embodiment of the application one, in the data of database are using system, when user A needs to access the number in database
According to when, to management equipment send data access request after, if management equipment end judge obtain the user A have access number
According to authority, and ask access time again it is corresponding access the time limit in, then the management equipment weighs corresponding authorized user
The data message D1 checked in limit is sent to the user A, and the user A receives the management equipment in step S22
Based on the data access request, while the data message checked in corresponding authorized user's authority of return, institute is also received
The hosted environment parameter information and database environment parameter information of management equipment transmission are stated, so that the user A is based on the master
Machine ambient parameter information and the database environment parameter information are carried out to the data message checked in authorized user's authority
Operation, the user A for realizing the data access authority with database accurately obtains the authorized user's that management equipment is obtained
Hosted environment parameter information and database environment parameter information, it is ensured that the safety of the data message checked in authorized user's authority
Property.
Further, step S23 carries out operation to the data message and obtains operating day within the access time limit
Will, and the Operation Log is sent into audit device, including:
Local host is configured based on the hosted environment parameter information;
Within the access time limit, based on the database environment parameter information, create described in the local host
The corresponding database instance of data message;
Operation is carried out to the database instance and obtains Operation Log, and the Operation Log is sent into audit device.
It should be noted that the database instance created in the local host of authorized user device is in local host
One branch, in embodiments herein in, at least one branch can be created in same local host, for referring to
Show different user's application targets, wherein, each branch is an independent database instance, and during corresponding to some
Between put database state.It is mutually non-interfering between each branch, local host is having the corresponding number of branch
When being in starting state according to storehouse example, other branches should then be in halted state;If a branch in starting state and
When using another branch, then by startup, another needs the branch for using after the branch being currently up stopping,
To realize not interfere with each other between the corresponding database instance of each branch.
In the embodiment of the application one, step S23 is received within the access time limit and is based on data access from management equipment
While the data message checked in authorized user's authority that request is returned, the hosted environment that the management equipment sends is got
After parameter information and database environment parameter information, first, the user A is located based on the hosted environment parameter information
Local host is configured;Then within the access time limit, based on the database environment parameter information in described landlord
The corresponding database instance of data message checked in the user A authorities with access rights is created in machine;Then, to institute
State database instance and carry out operation and obtain Operation Log, and the Operation Log is sent into audit device, so as to follow-up audit
Whether whether equipment be authorized user and be to access in the time limit based on the user A that the Operation Log judges to access data message
Access data message and whether user A has done a large amount of inquiries to data message and be not allow operation for carrying out etc..
Further, operation is carried out to the database instance in step S23 and obtains Operation Log, and by the behaviour
Audit device is sent to as daily record, including:
The corresponding database positioning of the database instance is operated, state Operation Log is obtained, and by the shape
State Operation Log is sent to the audit device.
It should be noted that the state Operation Log can be including but not limited to include operating personnel, the operating time,
Operating database, operating database time and state operating result etc..Wherein, the state operating result can be included but not
It is limited to include following any one:Start-up operation, stop operation, forward operation, back operation, reset operation, access operation.Its
In, the start-up operation is used to indicate to start the corresponding database instance of branch so that user A is used;It is described to stop
Only operation instruction stops the corresponding database instance of branch, terminates the use of user A;The forward operation is used to indicate
The corresponding database instance of branch is placed in the state of the previous time point of current corresponding access time point;It is described to retreat behaviour
Act on the state of latter time point for indicating that the corresponding database instance of branch is placed in current corresponding access time point;
It is described to reset operation for indicating for the corresponding database instance of branch to be reset to corresponding state when branch starts for the first time;Institute
Access operation is stated for indicating to call the database instance of local host automatically, and according to the database environment parameter of configuration
Information is connected to the database instance of the local host of the user A with access rights, checks the data letter that authority internal medicine is checked
Breath.
In the embodiment of the application one, the authorized user's authority internal medicine that creates in a branch in step S23 is looked into
After the corresponding database instance of data message seen, user A is operated to the corresponding database positioning of database instance, and
Record carries out operating the state Operation Log for obtaining to database positioning, and the state Operation Log of record is sent into described examining
Meter equipment, so that audit device judges the database positioning that the database instance is presently in.
Further, the operation that carries out to the database instance in step S23 obtains Operation Log, and will be described
Operation Log is sent to audit device, including:
The data message corresponding to the database instance is operated, and obtains data manipulation daily record, and will be described
Data manipulation daily record is sent to the audit device.
It should be noted that when the data manipulation daily record can include data manipulation type, operation
Between, operating personnel and data manipulation result.Certainly, other described data manipulation daily records that are existing or being likely to occur from now on such as may be used
Suitable for the application, also should be included within the application protection domain, and here is incorporated herein by reference.
In the embodiment of the application one, the authorized user's authority internal medicine that creates in a branch in step S23 is looked into
After the corresponding database instance of data message seen, user A is operated to the corresponding database positioning of database instance, is connect
The user A data messages corresponding to the database instance to operate, and record carries out data behaviour to data message
The data manipulation daily record that work is obtained, and the data manipulation daily record is sent into the audit device, so as to audit device audit
Whether access of the user A to data message is allowed or whether have accessed sensitive information, so that audit device is to data behaviour
Processed accordingly.
Fig. 3 is illustrated according to further aspect of the application, there is provided a kind of system architecture figure of access data;It is applied to number
According to the data in storehouse using in system, the data of the database include management equipment, the mandate of data, services of data using system
The audit device of user equipment and Data Audit, wherein,
The management equipment of the data is mainly used in obtaining list of authorized users, the master to authorized user of Administrator
Machine ambient parameter information is configured, database environment parameter information is configured and sent data access request in user
When, judge whether the user for sending data access request is whether authorized user and access time are accessing in the time limit, so
The data message that can be checked in the authorized user's authority for meeting requirement is sent to afterwards the user for sending data access request, is realized
The standardization of data distribution flow process, while page ensure that the rights management of the data message of database becomes to unify, data peace
Full property is also greatly improved.
Data message and hosted environment ginseng that the authorized user device of the data, services is sended over for management equipment
Number information and database environment parameter information, create the corresponding database instance of data message, and the database instance has as follows
Function:Subfunction, startup/stopping function, advancement function, fallback function, function of reset and automatic access function etc., and will
Database instance is carried out operating the Operation Log for obtaining to be sent to audit device and is audited.
The audit device of the Data Audit is used for the record of the record to database positioning operation, database access operation
And the operation note of list of authorized users etc..
In the embodiment of the application one, the mutually knot of WEB (webpage) instrument used with database by list of authorized users
Close so that the authorized user in the authorized user device can in real time see managed devices in WEB interface in pipe
Reason person gives the data message of access right, and by WEB instruments the data message in database is carried out dynamic adjustment and
Access, it is to avoid need the participation of keeper, reduce the complexity for using of the data message in database.As shown in Figure 4
The operation interface of the corresponding database instance of branch 5 (fenzhi5) for authorized user that shows of WEB interface, the database
Not only include branch 5 in example, also including molecule 4 and branch 3 (fenzhi3).Because grant column list and database use WEB works
What is had combines, and data user of service can in real time see that the person of being managed gives the data of access right in WEB interface, and
By WEB instruments database is dynamically adjusted and accessed, this process just can be completed completely with oneself, it is not necessary to data
The participation of library manager, so as to reduce the complexity that data are used.
Fig. 5 illustrates a kind of structural representation of the management equipment of the access data according to the application one side, is applied to
The data of database are included using the management equipment end in system, the management equipment:Acquisition device 11, the request and of reception device 12
Dispensing device 13 is authorized, wherein,
The acquisition device 11, for obtaining the list of authorized users of Administrator, wherein, the list of authorized users
Including the data message, corresponding access time limit checked in authorized user, authorized user's authority;For example, in management equipment,
Before the data of database are by use, the right to use authority of the data of database is dynamically given to and is awarded by the keeper of database
Power user, makes authorized user within the corresponding access time limit, can check corresponding data message, realizes the distribution of data
Bound with list of authorized users, the specification distribution flow of data, and then realize to enter the data message in database
Row effectively rights management, certainly, can also include the data message checked in authorized user's authority in the list of authorized users
Source database and authorized user be located purpose database, to realize the accurate mandate for using of database data;
The request reception device 12, for the data access request that receive user sends;For example, need to visit in user A
When asking the data message D1 in database, data access request is sent to management equipment so that the management equipment receive user
The data access request of transmission;
Then it is described to authorize dispensing device 13, for judging whether the user is described based on the data access request
Whether the authorized user in list of authorized users, if so, then judge the access time of the data access request in corresponding visit
Ask in the time limit, if so, the data message checked in corresponding authorized user's authority is sent into the user.For example, management sets
It is standby to judge that whether the user A is the authorized user in the list of authorized users based on the access request, if if, then
Continuation judges the access time of the data access request whether within the corresponding access time limit, if if, just will be corresponding
The data message D1 that can be checked in authorized user's authority is sent to the user A, realizes to the data message in database
Access rights effective management so that the authorized user with access rights it is restricted access the time limit in, could access
The data message that can be checked in authorized user's authority in database, not only realizes data orientation and is distributed to access rights
Authorized user, the efficiency being managed collectively to data access authority is also improved, while ensure that the data in database
Security.
Further, the mandate dispensing device 13 is additionally operable to:
If it is not, then returning authority to the user based on the data access request does not open information.For example, the mandate
Dispensing device 13 judges that whether the user A is the authorized user in the list of authorized users based on the access request, if
If no, then illustrate that the user A does not have the authority for accessing the data in database, i.e. not oriented user A of keeper
The authority for accessing the data message in database is opened, then the number for authorizing dispensing device 13 based on the user A for receiving
Authority is returned according to access request to the user A and do not open information, to inform that the user A does not have the number accessed in database
It is believed that the access rights of breath.
Further, the acquisition device 11 is obtained and is additionally operable to:
Obtain and looked into the hosted environment parameter information and authorized user's authority of the preset authorized user of keeper
The corresponding database environment parameter information of data message seen.
It should be noted that the hosted environment parameter information for configuring the main frame that the authorized user uses can include
But it is not limited to include following at least any one:Hostname, host IP address (Internet Protocol Address, interconnection
FidonetFido address), OS Type, operating system account and operating system password.Certainly, other are existing or from now on may
The hosted environment parameter information for configuring the main frame that the authorized user uses for occurring such as is applicable to the application,
Within the application protection domain should be included in, and here is incorporated herein by reference.
It should be noted that for configuring the corresponding source database of the data message and the corresponding database of authorized user
Database environment parameter information can include following at least any one:Database-name, type of database,
Database instance title (SID), database account and database password.Certainly, other institutes that are existing or being likely to occur from now on
State for configuring the corresponding source database of the data message and the corresponding wide area information server ambient parameter letter of authorized user
Breath is such as applicable to the application, also should be included within the application protection domain, and here is incorporated herein by reference.
In the embodiment of the application one, database data using in system, Administrator list of authorized users it
Afterwards, can also the preset authorized user hosted environment parameter information and authorized user's authority in the data message pair checked
The database environment parameter information answered so that the acquisition device 11 obtain Administrator list of authorized users after,
Also obtain the number checked in the hosted environment parameter information and authorized user's authority of the preset authorized user of keeper
It is believed that ceasing corresponding database environment parameter information, so as to subsequently, during data use, authorized user device can be based on
Hosted environment parameter information and corresponding database environment parameter information, to the data message that can be checked in authorized user's authority
Conduct interviews and/operation.
Further, the mandate dispensing device 13 is additionally operable to:
The hosted environment parameter information and the database environment parameter information are sent into the user.
In the embodiment of the application one, the data for authorizing dispensing device 13 to check in by corresponding authorized user's authority
It is preset also by what is obtained while information is sent to the user A of the authorized user belonged in the list of authorized users
The hosted environment parameter information and the database environment parameter information are sent to the user A, so as to the follow-up user A
Based on the hosted environment parameter information and the database environment parameter information to the number checked in authorized user's authority
It is believed that breath is operated, realize the hosted environment parameter information of preset authorized user and database environment parameter information is accurate
Really it is issued to corresponding authorized user, it is ensured that the security of follow-up data information operation.
Further, a kind of method for accessing data at management equipment end that the application is provided also includes step S14, its
In, step S14 includes:Operation is updated to the list of authorized users, and described renewal is operated into corresponding renewal
Operation Log is sent to audit device.For example, because the authorized user in list of authorized users could access within the access time limit
Corresponding data message, so that with the change of time, step S14 can be updated operation to the list of authorized users,
The data message in the database that authorized user can only could use mandate within the access time limit bound therewith can be realized, if
More than the access time limit, then the access rights of the authorized user can be withdrawn such that it is able to which easily control has access database
Data authorized user access the time limit in use or operating right in data message so that the data permission of database
Management becomes apparent from effectively and ensure that the security of data;Step S14 is being updated operation to list of authorized users
When, the corresponding renewal Operation Log of renewal operation can be also recorded, and the renewal Operation Log is sent into design equipment, with after an action of the bowels
The data which user accesses data storehouse continuous audit device can find in by the renewal Operation Log of auditing be it is legal or
Person is illegal, if illegal then audit device can be reported to the police, to allow management equipment to process the user.
It should be noted that the renewal Operation Log can include following at least any one:Data
The modification daily record and the deletion daily record of data access authority etc. that create daily record, data access authority of access rights.It is wherein described
Create the authorized user that daily record includes establishment, data message, the source number of the data message checked in authorized user's authority
According to the target database belonging to storehouse and authorized user and corresponding access time limit etc.;The modification daily record bag of the data access authority
Modification, the corresponding source database of amended data message of data message for include authorized user, checking in authorized user's authority
With the modification in the target database belonging to authorized user and corresponding access time limit;The deletion daily record bag of the data access authority
The deletion of data message of include the deletion of authorized user, checking in authorized user's authority, the source database of the data message, award
Target database and the deletion in corresponding access time limit belonging to power user.Certainly, other are existing or are from now on likely to occur
It is described to be such as applicable to the application for configuring the renewal Operation Log, also should be included within the application protection domain, and
Here is incorporated herein by reference.
Fig. 6 is illustrated according to further aspect of the application, there is provided a kind of knot of the square authorized user device of access data
Structure schematic diagram, is applied to the data of database using the management equipment end in system, and the method includes:Send-request unit 21,
Step S22 and step S23, wherein,
The send-request unit 21, for sending data access request to management equipment, for the management equipment base
Judge that whether the user is the authorized user in the list of authorized users in the data access request, if so, then judge
Whether the access time of the data access request is accessed in the time limit corresponding, wherein, the list of authorized users includes awarding
Data message, the corresponding access time limit checked in power user, authorized user's authority;
Data sink 22, for receiving the management equipment based on the data access request, return it is corresponding
The data message checked in authorized user's authority;
Operation dispensing device 23, obtains operating day within the access time limit, carrying out the data message operation
Will, and the Operation Log is sent into audit device, realizing authorized user device is needing to access the data in database
When, the data message checked in the current grant user right that management equipment is sended over is got, and accessing in the time limit, it is right
The data message carries out operation and obtains Operation Log, realizes data message and is accurately issued to corresponding authorized user, protects
Demonstrate,prove and accessed the security of data message, and Operation Log has been sent into audit device, so that audit device is to the Operation Log
Carry out audit judgement.
Further, the send-request unit 21 is additionally operable to:Receiving the management equipment please based on the data access
The authority for asking return does not open information.For example, when user A needs to access a certain data message in database, set to management
Preparation send data access request, so that management equipment judges whether the user A is the mandate based on the data access request
Authorized user in user list, if the user A is not the authorized user in the list of authorized users, illustrates the user A
There is no the authority for accessing the data in database, i.e. not oriented user A of keeper opens the data accessed in database
The authority of information, management equipment can return authority and not open information based on the data access request to the user A, user's A meetings
Receive the management equipment and information is not opened based on the authority that the data access request is returned, it is ensured that data will not had
The user for having access rights conducts interviews, it is ensured that the security of database corresponding data.
Further, data sink 22 connects and is additionally operable to:
Receive hosted environment parameter information and database environment parameter information that the management equipment sends.
It should be noted that the hosted environment parameter information for configuring the main frame that the authorized user uses can include
But it is not limited to include following at least any one:Hostname, host IP address (Internet Protocol Address, interconnection
FidonetFido address), OS Type, operating system account and operating system password.Certainly, other are existing or from now on may
The hosted environment parameter information for configuring the main frame that the authorized user uses for occurring such as is applicable to the application,
Within the application protection domain should be included in, and here is incorporated herein by reference.
It should be noted that for configuring the corresponding source database of the data message and the corresponding database of authorized user
Database environment parameter information can include following at least any one:Database-name, type of database,
Database instance title (SID), database account and database password.Certainly, other institutes that are existing or being likely to occur from now on
State for configuring the corresponding source database of the data message and the corresponding wide area information server ambient parameter letter of authorized user
Breath is such as applicable to the application, also should be included within the application protection domain, and here is incorporated herein by reference.
In the embodiment of the application one, in the data of database are using system, when user A needs to access the number in database
According to when, to management equipment send data access request after, if management equipment end judge obtain the user A have access number
According to authority, and ask access time again it is corresponding access the time limit in, then the management equipment weighs corresponding authorized user
The data message D1 checked in limit is sent to the user A, and the user A receives the management in data sink 22 and sets
It is standby to be based on the data access request, while the data message checked in corresponding authorized user's authority of return, also receive
Hosted environment parameter information and database environment parameter information that the management equipment sends, so that the user A is based on described
Hosted environment parameter information and the database environment parameter information enter to the data message checked in authorized user's authority
Row operation, the user A for realizing the data access authority with database accurately obtains the authorized user of management equipment acquisition
Hosted environment parameter information and database environment parameter information, it is ensured that the safety of the data message checked in authorized user's authority
Property.
Further, dispensing device 23 is operated to be used for:
Local host is configured based on the hosted environment parameter information;
Within the access time limit, based on the database environment parameter information, create described in the local host
The corresponding database instance of data message;
Operation is carried out to the database instance and obtains Operation Log, and the Operation Log is sent into audit device.
It should be noted that the database instance created in the local host of authorized user device is in local host
One branch, in embodiments herein in, at least one branch can be created in same local host, for referring to
Show different user's application targets, wherein, each branch is an independent database instance, and during corresponding to some
Between put database state.It is mutually non-interfering between each branch, local host is having the corresponding number of branch
When being in starting state according to storehouse example, other branches should then be in halted state;If a branch in starting state and
When using another branch, then by startup, another needs the branch for using after the branch being currently up stopping,
To realize not interfere with each other between the corresponding database instance of each branch.
In the embodiment of the application one, operation dispensing device 23 is received within the access time limit is visited from management equipment based on data
While asking the data message checked in authorized user's authority that request is returned, the main frame ring that the management equipment sends is got
After border parameter information and database environment parameter information, first, the user A is located based on the hosted environment parameter information
Local host configured;Then within the access time limit, based on the database environment parameter information described local
The corresponding database instance of data message checked in the user A authorities with access rights is created in main frame;Then, it is right
The database instance carries out operation and obtains Operation Log, and the Operation Log is sent into audit device, examines so as to follow-up
Whether whether meter equipment be authorized user and be to access the time limit based on the user A that the Operation Log judges to access data message
It is interior access data message and whether user A has done a large amount of inquiries to data message and has been the operation for not allowing to carry out
Deng.
Further, dispensing device 23 is operated to be used for:
The corresponding database positioning of the database instance is operated, state Operation Log is obtained, and by the shape
State Operation Log is sent to the audit device.
It should be noted that the state Operation Log can be including but not limited to include operating personnel, the operating time,
Operating database, operating database time and state operating result etc..Wherein, the state operating result can be included but not
It is limited to include following any one:Start-up operation, stop operation, forward operation, back operation, reset operation, access operation.Its
In, the start-up operation is used to indicate to start the corresponding database instance of branch so that user A is used;It is described to stop
Only operation instruction stops the corresponding database instance of branch, terminates the use of user A;The forward operation is used to indicate
The corresponding database instance of branch is placed in the state of the previous time point of current corresponding access time point;It is described to retreat behaviour
Act on the state of latter time point for indicating that the corresponding database instance of branch is placed in current corresponding access time point;
It is described to reset operation for indicating for the corresponding database instance of branch to be reset to corresponding state when branch starts for the first time;Institute
Access operation is stated for indicating to call the database instance of local host automatically, and according to the database environment parameter of configuration
Information is connected to the database instance of the local host of the user A with access rights, checks the data letter that authority internal medicine is checked
Breath.
In the embodiment of the application one, operate in dispensing device 23 and authorized user's authority internal medicine is created in a branch
After the corresponding database instance of data message checked, user A is operated to the corresponding database positioning of database instance,
And record carries out operating the state Operation Log for obtaining to database positioning, and the state Operation Log of record is sent to described
Audit device, so that audit device judges the database positioning that the database instance is presently in.
Further, the operation dispensing device 23 is used for:
The data message corresponding to the database instance is operated, and obtains data manipulation daily record, and will be described
Data manipulation daily record is sent to the audit device.
It should be noted that when the data manipulation daily record can include data manipulation type, operation
Between, operating personnel and data manipulation result.Certainly, other described data manipulation daily records that are existing or being likely to occur from now on such as may be used
Suitable for the application, also should be included within the application protection domain, and here is incorporated herein by reference.
In the embodiment of the application one, operate in dispensing device 23 and authorized user's authority internal medicine is created in a branch
After the corresponding database instance of data message checked, user A is operated to the corresponding database positioning of database instance,
Then the user A data messages corresponding to the database instance are operated, and record carries out data to data message
The data manipulation daily record that operation is obtained, and the data manipulation daily record is sent into the audit device, so that audit device is examined
Whether access of the meter user A to data message is allowed or whether have accessed sensitive information, so that audit device is to the data
Operation is processed accordingly.
In sum, the application by management equipment end by obtain Administrator list of authorized users, wherein,
The list of authorized users includes data message, the corresponding access time limit checked in authorized user, authorized user's authority, realizes
There to be data message, the corresponding access for accessing the authorized user of the data in database, checking in authorized user's authority
Time limit is bound, authorized user list, and then is realized and carried out effectively authority pipe to the data message in database
Reason;When user needs to access the data message in database, data access request is sent to management equipment so that the management
The data access request that equipment receive user sends;Then the management equipment judges the use based on the data access request
Whether family is the authorized user in the list of authorized users, and the access time for if so, then judging the data access request is
It is no if so, the data message checked in corresponding authorized user's authority to be sent into the user within the corresponding access time limit,
Realize effective management of the access rights to the data message in database so that the ability of the authorized user with access rights
The data message that can be checked in the authorized user's authority in database is accessed, data orientation is not only realized and is distributed to access
The authorized user of authority, also improves the efficiency being managed collectively to data access authority, while ensure that the safety of data
Property.
Obviously, those skilled in the art can carry out the essence of various changes and modification without deviating from the application to the application
God and scope.So, if these modifications of the application and modification belong to the scope of the application claim and its equivalent technologies
Within, then the application is also intended to comprising these changes and modification.
It should be noted that the application can be carried out in the assembly of software and/or software with hardware, for example, can adopt
Realized with special IC (ASIC), general purpose computer or any other similar hardware device.In one embodiment
In, the software program of the application can pass through computing device to realize steps described above or function.Similarly, the application
Software program (including related data structure) can be stored in computer readable recording medium storing program for performing, for example, RAM memory,
Magnetically or optically driver or floppy disc and similar devices.In addition, some steps or function of the application can employ hardware to realize, example
Such as, as coordinating so as to perform the circuit of each step or function with processor.
In addition, the part of the application can be applied to computer program, such as computer program instructions, when its quilt
When computer is performed, by the operation of the computer, can call or provide according to the present processes and/or technical scheme.
And the programmed instruction of the present processes is called, in being possibly stored in fixed or moveable recording medium, and/or pass through
Data flow in broadcast or other signal bearing medias and be transmitted, and/or be stored according to described program instruction operation
In the working storage of computer equipment.Here, including a device according to one embodiment of the application, the device includes using
In the memory and the processor for execute program instructions of storage computer program instructions, wherein, when the computer program refers to
When order is by the computing device, method and/or skill of the plant running based on aforementioned multiple embodiments according to the application is triggered
Art scheme.
It is obvious to a person skilled in the art that the application is not limited to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of without departing substantially from spirit herein or essential characteristic, the application can be in other specific forms realized.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, scope of the present application is by appended power
Profit is required rather than described above is limited, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the application.Any reference in claim should not be considered as and limit involved claim.This
Outward, it is clear that " including ", a word was not excluded for other units or step, and odd number is not excluded for plural number.That what is stated in device claim is multiple
Unit or device can also be realized by a unit or device by software or hardware.The first, the second grade word is used for table
Show title, and be not offered as any specific order.
Claims (24)
1. it is a kind of management equipment end access data method, wherein, methods described includes:
The list of authorized users of Administrator is obtained, wherein, the list of authorized users includes that authorized user, authorized user weigh
Data message, the corresponding access time limit checked in limit;
The data access request that receive user sends;
Judge that whether the user is the authorized user in the list of authorized users based on the data access request,
If so, the access time of data access request is then judged whether within the corresponding access time limit, if so, by corresponding mandate
The data message checked in user right is sent to the user.
2. method according to claim 1, wherein, it is described to judge that whether the user is based on the data access request
After authorized user in the list of authorized users, also include:
If it is not, then returning authority to the user based on the data access request does not open information.
3. method according to claim 1, wherein, after the list of authorized users for obtaining Administrator, also wrap
Include:
Obtain what is checked in the hosted environment parameter information and authorized user's authority of the preset authorized user of keeper
The corresponding database environment parameter information of data message.
4. method according to claim 3, wherein, it is described to send out the data message checked in corresponding authorized user's authority
While giving the user, also include:
The hosted environment parameter information and the database environment parameter information are sent into the user.
5. method according to any one of claim 1 to 4, wherein, methods described also includes:
Operation is updated to the list of authorized users, and it is careful to operate corresponding renewal Operation Log to be sent to the renewal
Meter equipment.
6. method according to claim 5, wherein, the renewal Operation Log includes following at least any one:
Establishment daily record, the modification daily record of data access authority and the deletion daily record of data access authority of data access authority.
7. it is a kind of authorized user device end access data method, wherein, methods described includes:
Data access request is sent to management equipment, so that the management equipment judges the use based on the data access request
Whether family is the authorized user in the list of authorized users, and the access time for if so, then judging the data access request is
It is no to access in the time limit corresponding, wherein, the list of authorized users includes the number checked in authorized user, authorized user's authority
It is believed that breath, corresponding access time limit;
The management equipment is received based on the data access request, the data checked in corresponding authorized user's authority of return
Information;
Within the access time limit, operation is carried out to the data message and obtains Operation Log, and the Operation Log is sent
To audit device.
8. the method according to right wants 7, wherein, it is described to send after data access request to management equipment, also include:
Receive the management equipment and information is not opened based on the authority that the data access request is returned.
9. method according to claim 7, wherein, it is described to receive the management equipment and be based on the data access request,
While the data message checked in the corresponding authorized user's authority for returning, also include:
Receive hosted environment parameter information and database environment parameter information that the management equipment sends.
10. the method according to any one of claim 7 to 9, wherein, it is described within the access time limit, to the number
It is believed that breath carries out operation and obtains Operation Log, and the Operation Log is sent into audit device, including:
Local host is configured based on the hosted environment parameter information;
Within the access time limit, based on the database environment parameter information, the data are created in the local host
The corresponding database instance of information;
Operation is carried out to the database instance and obtains Operation Log, and the Operation Log is sent into audit device.
11. methods according to claim 10, wherein, it is described the database instance is carried out operation obtain operate day
Will, and the Operation Log is sent into audit device, including:
The corresponding database positioning of the database instance is operated, state Operation Log is obtained, and the state is grasped
The audit device is sent to as daily record.
12. methods according to claim 11, wherein, it is described the database instance is carried out operation obtain operate day
Will, and the Operation Log is sent into audit device, including:
The data message corresponding to the database instance is operated, and obtains data manipulation daily record, and by the data
Operation Log is sent to the audit device.
A kind of 13. management equipments for accessing data, wherein, the management equipment includes:
Acquisition device, for obtaining the list of authorized users of Administrator, wherein, the list of authorized users includes authorizing to be used
Data message, the corresponding access time limit checked in family, authorized user's authority;
Request reception device, for the data access request that receive user sends;
Dispensing device is authorized, for judging whether the user is in the list of authorized users based on the data access request
Authorized user,
If so, the access time of data access request is then judged whether within the corresponding access time limit, if so, by corresponding mandate
The data message checked in user right is sent to the user.
14. management equipments according to claim 13, wherein, the mandate dispensing device is additionally operable to:
If it is not, then returning authority to the user based on the data access request does not open information.
15. management equipments according to claim 13, wherein, the acquisition device is additionally operable to:
Obtain what is checked in the hosted environment parameter information and authorized user's authority of the preset authorized user of keeper
The corresponding database environment parameter information of data message.
16. management equipments according to claim 15, wherein, the mandate dispensing device is additionally operable to:
The hosted environment parameter information and the database environment parameter information are sent into the user.
17. management equipments according to any one of claim 13 to 16, wherein, the management equipment also includes:
Dispensing device is updated, it is for being updated operation to the list of authorized users and the renewal operation is corresponding more
New Operation Log is sent to audit device.
18. management equipments according to claim 17, wherein, the renewal Operation Log includes following at least any one:
Establishment daily record, the modification daily record of data access authority and the deletion daily record of data access authority of data access authority.
A kind of 19. authorized user devices for accessing data, wherein, the authorized user device includes:
Send-request unit, for sending data access request to management equipment, so that the management equipment is based on the data
Access request judges that whether the user is the authorized user in the list of authorized users, if so, then judges that the data are visited
The access time of request is asked whether within the corresponding access time limit, wherein, the list of authorized users includes authorized user, authorizes
Data message, the corresponding access time limit checked in user right;
Data sink, for receiving the management equipment based on the data access request, the corresponding mandate of return is used
The data message checked in the authority of family;
Operation dispensing device, within the access time limit, carrying out operation to the data message Operation Log is obtained, and will
The Operation Log is sent to audit device.
20. authorized user devices according to right wants 19, wherein, the send-request unit is additionally operable to:
Receive the management equipment and information is not opened based on the authority that the data access request is returned.
21. authorized user devices according to claim 19, wherein, the data sink is additionally operable to:
Receive hosted environment parameter information and database environment parameter information that the management equipment sends.
22. authorized user devices according to any one of claim 19 to 21, wherein, the operation dispensing device is used
In:
Local host is configured based on the hosted environment parameter information;
Within the access time limit, based on the database environment parameter information, the data are created in the local host
The corresponding database instance of information;
Operation is carried out to the database instance and obtains Operation Log, and the Operation Log is sent into audit device.
23. authorized user devices according to claim 22, wherein, the operation dispensing device is used for:
The corresponding database positioning of the database instance is operated, state Operation Log is obtained, and the state is grasped
The audit device is sent to as daily record.
24. authorized user devices according to claim 23, wherein, the operation dispensing device is used for:
The data message corresponding to the database instance is operated, and obtains data manipulation daily record, and by the data
Operation Log is sent to the audit device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611227355.XA CN106649772A (en) | 2016-12-27 | 2016-12-27 | Method and equipment for accessing data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611227355.XA CN106649772A (en) | 2016-12-27 | 2016-12-27 | Method and equipment for accessing data |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106649772A true CN106649772A (en) | 2017-05-10 |
Family
ID=58831481
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611227355.XA Pending CN106649772A (en) | 2016-12-27 | 2016-12-27 | Method and equipment for accessing data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106649772A (en) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107193910A (en) * | 2017-05-14 | 2017-09-22 | 四川盛世天成信息技术有限公司 | A kind of database tamper resistant method and system applied to data safety class product |
CN108512854A (en) * | 2018-04-09 | 2018-09-07 | 平安科技(深圳)有限公司 | Institutional information method for safety monitoring, device, computer equipment and storage medium |
CN109165521A (en) * | 2018-07-23 | 2019-01-08 | 武汉智领云科技有限公司 | A kind of integrated big data access managing and control system and method |
CN109241699A (en) * | 2018-07-27 | 2019-01-18 | 安徽云图信息技术有限公司 | Authorizing secure auditing system |
CN109428885A (en) * | 2017-08-22 | 2019-03-05 | 罗伯特·博世有限公司 | Method and apparatus for protecting equipment |
CN109522368A (en) * | 2018-09-28 | 2019-03-26 | 北京英视睿达科技有限公司 | A kind of method for managing user right and system |
CN110069911A (en) * | 2019-04-19 | 2019-07-30 | 奇安信科技集团股份有限公司 | Access control method, device, system, electronic equipment and readable storage medium storing program for executing |
CN110363021A (en) * | 2019-06-13 | 2019-10-22 | 平安科技(深圳)有限公司 | A kind of system access management-control method and platform |
CN110365628A (en) * | 2018-04-11 | 2019-10-22 | 北京嘀嘀无限科技发展有限公司 | The processing method and processing device of request of data |
CN110990812A (en) * | 2019-11-29 | 2020-04-10 | 维沃移动通信有限公司 | Device access setting method, device access setting control method, device access control device, electronic device, and medium |
CN111027033A (en) * | 2019-11-27 | 2020-04-17 | 中国银行股份有限公司 | Interface access method and device |
CN111143798A (en) * | 2019-12-31 | 2020-05-12 | 中国银行股份有限公司 | Security verification method and device |
CN111145887A (en) * | 2019-12-24 | 2020-05-12 | 嘉兴太美医疗科技有限公司 | Blind breaking method of medicine warning system, blind breaking system and computer readable medium |
CN111339049A (en) * | 2020-02-04 | 2020-06-26 | 浙江大华技术股份有限公司 | Data sharing method and terminal |
CN111611555A (en) * | 2020-05-19 | 2020-09-01 | 北京金山云网络技术有限公司 | Physical layer authorization and access method and device |
CN111737291A (en) * | 2020-06-11 | 2020-10-02 | 青岛海尔科技有限公司 | Method, device and database for inquiring equipment information |
CN112019537A (en) * | 2020-08-26 | 2020-12-01 | 中国银行股份有限公司 | Method and system for accessing data |
CN115118736A (en) * | 2022-06-27 | 2022-09-27 | 西安万像电子科技有限公司 | Authority management method and system |
CN115314229A (en) * | 2021-04-20 | 2022-11-08 | 中国移动通信集团河北有限公司 | Data access method, device, equipment and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103488791A (en) * | 2013-09-30 | 2014-01-01 | 华为技术有限公司 | Data access method and system and data warehouse |
CN105512569A (en) * | 2015-12-17 | 2016-04-20 | 浪潮电子信息产业股份有限公司 | Database security reinforcing method and device |
-
2016
- 2016-12-27 CN CN201611227355.XA patent/CN106649772A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103488791A (en) * | 2013-09-30 | 2014-01-01 | 华为技术有限公司 | Data access method and system and data warehouse |
CN105512569A (en) * | 2015-12-17 | 2016-04-20 | 浪潮电子信息产业股份有限公司 | Database security reinforcing method and device |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107193910A (en) * | 2017-05-14 | 2017-09-22 | 四川盛世天成信息技术有限公司 | A kind of database tamper resistant method and system applied to data safety class product |
CN109428885A (en) * | 2017-08-22 | 2019-03-05 | 罗伯特·博世有限公司 | Method and apparatus for protecting equipment |
CN108512854B (en) * | 2018-04-09 | 2021-09-07 | 平安科技(深圳)有限公司 | System information safety monitoring method and device, computer equipment and storage medium |
CN108512854A (en) * | 2018-04-09 | 2018-09-07 | 平安科技(深圳)有限公司 | Institutional information method for safety monitoring, device, computer equipment and storage medium |
CN110365628B (en) * | 2018-04-11 | 2020-12-04 | 滴图(北京)科技有限公司 | Data request processing method and device |
CN110365628A (en) * | 2018-04-11 | 2019-10-22 | 北京嘀嘀无限科技发展有限公司 | The processing method and processing device of request of data |
CN109165521A (en) * | 2018-07-23 | 2019-01-08 | 武汉智领云科技有限公司 | A kind of integrated big data access managing and control system and method |
CN109241699A (en) * | 2018-07-27 | 2019-01-18 | 安徽云图信息技术有限公司 | Authorizing secure auditing system |
CN109522368A (en) * | 2018-09-28 | 2019-03-26 | 北京英视睿达科技有限公司 | A kind of method for managing user right and system |
CN110069911A (en) * | 2019-04-19 | 2019-07-30 | 奇安信科技集团股份有限公司 | Access control method, device, system, electronic equipment and readable storage medium storing program for executing |
CN110069911B (en) * | 2019-04-19 | 2021-05-14 | 奇安信科技集团股份有限公司 | Access control method, device, system, electronic equipment and readable storage medium |
CN110363021A (en) * | 2019-06-13 | 2019-10-22 | 平安科技(深圳)有限公司 | A kind of system access management-control method and platform |
CN111027033A (en) * | 2019-11-27 | 2020-04-17 | 中国银行股份有限公司 | Interface access method and device |
CN110990812A (en) * | 2019-11-29 | 2020-04-10 | 维沃移动通信有限公司 | Device access setting method, device access setting control method, device access control device, electronic device, and medium |
CN111145887A (en) * | 2019-12-24 | 2020-05-12 | 嘉兴太美医疗科技有限公司 | Blind breaking method of medicine warning system, blind breaking system and computer readable medium |
CN111145887B (en) * | 2019-12-24 | 2021-01-29 | 上海亿锎智能科技有限公司 | Blind breaking method of medicine warning system, blind breaking system and computer readable medium |
CN111143798A (en) * | 2019-12-31 | 2020-05-12 | 中国银行股份有限公司 | Security verification method and device |
CN111339049A (en) * | 2020-02-04 | 2020-06-26 | 浙江大华技术股份有限公司 | Data sharing method and terminal |
CN111611555A (en) * | 2020-05-19 | 2020-09-01 | 北京金山云网络技术有限公司 | Physical layer authorization and access method and device |
CN111737291A (en) * | 2020-06-11 | 2020-10-02 | 青岛海尔科技有限公司 | Method, device and database for inquiring equipment information |
CN111737291B (en) * | 2020-06-11 | 2023-07-21 | 青岛海尔科技有限公司 | Method, device and database for inquiring equipment information |
CN112019537A (en) * | 2020-08-26 | 2020-12-01 | 中国银行股份有限公司 | Method and system for accessing data |
CN115314229A (en) * | 2021-04-20 | 2022-11-08 | 中国移动通信集团河北有限公司 | Data access method, device, equipment and storage medium |
CN115314229B (en) * | 2021-04-20 | 2024-03-19 | 中国移动通信集团河北有限公司 | Data access method, device, equipment and storage medium |
CN115118736A (en) * | 2022-06-27 | 2022-09-27 | 西安万像电子科技有限公司 | Authority management method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106649772A (en) | Method and equipment for accessing data | |
CN101336433B (en) | Systems and methods for securing customer data in a multi-tenant environment | |
DE102019122933A1 (en) | BLOCKCHAIN-BASED EXCHANGE OF DIGITAL DATA | |
CN105681276B (en) | A kind of sensitive information leakage actively monitoring and confirmation of responsibility method and apparatus | |
CN107196951B (en) | A kind of implementation method and firewall system of HDFS system firewall | |
CN101217404B (en) | Method and system for providing audit log information | |
US20110184982A1 (en) | System and method for capturing and reporting online sessions | |
Stuart et al. | Current state of play: records management and the cloud | |
US9875372B2 (en) | Redacting restricted content in files | |
CN110661776B (en) | Sensitive data tracing method, device, security gateway and system | |
CN107403108A (en) | A kind of method and system of data processing | |
CN107786551B (en) | Method for accessing intranet server and device for controlling access to intranet server | |
US11550943B2 (en) | Monitoring code provenance | |
CN112328558B (en) | Access log storage method and system of medical system based on block chain | |
JP2023520212A (en) | Privacy-centric data security in cloud environments | |
KR100926735B1 (en) | Web source security management system and method | |
CN112115436B (en) | AD domain account password modification method and device | |
US8931048B2 (en) | Data system forensics system and method | |
CN111506661B (en) | Content access management method, device and storage medium | |
Silowash et al. | Insider threat control: Understanding data loss prevention (DLP) and detection by correlating events from multiple sources | |
US20040210773A1 (en) | System and method for network security | |
CN108965317B (en) | Network data protection system | |
US20160092585A1 (en) | Resource distribution based upon search signals | |
CN108304731A (en) | A kind of method, system and information processing platform that management business data calls | |
CN105518663B (en) | The automatic blocking of bad behavior people |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170510 |