CN108737371A - Hive data access control methods, server and computer storage media - Google Patents
Hive data access control methods, server and computer storage media Download PDFInfo
- Publication number
- CN108737371A CN108737371A CN201810306263.3A CN201810306263A CN108737371A CN 108737371 A CN108737371 A CN 108737371A CN 201810306263 A CN201810306263 A CN 201810306263A CN 108737371 A CN108737371 A CN 108737371A
- Authority
- CN
- China
- Prior art keywords
- application layer
- layer user
- hive
- access
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention discloses a kind of Hive data access control methods, the first access request that this method is sent by receiving application layer user, the competence profile for obtaining application layer user controls the data access of application layer user based on the first access request and competence profile;Equivalent to increase the competence profile of application layer user, and based on the data access of competence profile control application layer user, data access is carried out compared to the permission for directly relying on system-level user, more careful permission control can be carried out;The invention also discloses a kind of server and computer storage medias to solve the problems, such as that existing scheme is unfavorable for carrying out permission control by implementing said program.
Description
Technical field
The present invention relates to network technique fields, more specifically to a kind of Hive data access control methods, server
And computer storage media.
Background technology
Hive is a kind of data warehouse based on Apache Hadoop platforms, can map the data file of structuring
For a database table, and sql (Structured Query Language, structured query language) query function is provided, ten
Divide the statistical analysis of suitable data warehouse.Hive maintains a metadata information, is primarily used to storage Hive libraries and table
Basic information and authority information etc..The authority information stored in metadata information be typically (SuSE) Linux OS user or
A kind of user group (system-level user) corresponding authority information does not store the related letter of application layer user in metadata information
Breath, therefore currently, application layer user, which accesses to Hive data, directly relies on the authority information of system-level user, that is to say with
" name " of corresponding system grade user carries out Hive data access.
Specifically, when application layer user needs that data access into the libraries Hive, sent out first to corresponding server
It send access request HQL (query language HiveQL, abbreviation HQL in type a SQL, Hive), server to receive the HQL, and is it
Specified specific system-level user, and the HQL is sent to corresponding Hive servers, it is equivalent to the name of the system-level user
Justice accesses Hive, and Hive servers ask the data accessed with the permission of the system-level user to inquire application layer user, and
The data inquired are returned into application layer user by the server, are accessed to realize.Due to the power of system-level user
Limit is usually higher, and application layer user is accessed with the permission of system-level user, can theoretically obtain the system-level user
All Hive data under permission, therefore the data being unfavorable in the libraries Hive carry out finer permission control.
Invention content
The technical problem to be solved in the present invention is:In existing Hive data access, application layer user is directly based upon accordingly
The permission of system-level user accesses, and is unfavorable for carrying out permission control.For the technical problem, a kind of Hive data visit is provided
Ask control method, server and computer storage media.
In order to solve the above technical problems, the present invention provides a kind of Hive data access control methods, the Hive data are visited
Ask that control method includes:
The first access request that application layer user sends is received, the competence profile of application layer user is obtained, is based on institute
It states the first access request and controls the data access of the application layer user with the competence profile.
Optionally, described to control the application layer user's based on first access request and the competence profile
Data access includes:
It parses first access request and asks the data information accessed, according to competence profile determination
The corresponding authority information of application layer user judges whether the application layer user has to the data according to the authority information
The access rights of information, and access of the application layer user to the data information is controlled based on the first judging result.
Optionally, described that access packet of the application layer user to the data information is controlled based on the first judging result
It includes:
When first judging result has the access rights to the data information for the application layer user, by institute
It states the first access request and is sent to Hive servers, to obtain the content of the data information;
When first judging result is that the application layer user does not have the access rights to the data information, sentence
Whether the application layer user of breaking has the access rights at least partly content in the data information, and sentences according to second
Access of the application layer user to the data information described in disconnected output control.
Optionally, described that access packet of the application layer user to the data information is controlled according to the second judging result
It includes:
Have at least partly content in the data information for the application layer user in second judging result
Access rights when, first access request is defined to generate the second access request, second access request is used
In accessing at least partly content, and second access request is sent to the Hive servers with described in obtaining at least
Partial content;
It is that the application layer user does not have at least partly interior in the data information in second judging result
When the access rights of appearance, generates access exception message and be sent to the application layer user.
Optionally, the competence profile is that the characteristic information based on each application layer user is configured, the spy
Reference breath includes at least one of subscriber service class, owning user group classification.
Optionally, the Hive data access control methods further include:
When detecting that the characteristic information of application layer user changes, the characteristic information after variation is obtained, and according to institute
The characteristic information after variation is stated to be updated the corresponding authority information of the application layer user in the competence profile.
Optionally, the Hive data access control methods further include:
It receives application layer user to ask the update of own right information, with to answering described in the competence profile
It is updated with the corresponding authority information of grade user.
Optionally, the Hive data access control methods further include:
The content that Hive servers are sent is received, and the content is sent to the application layer user.
Further, the present invention also provides a kind of server, the server include input/output bus, processor,
Memory and communication device;
The input/output bus is for realizing the connection between the processor, the memory and the communication device
Communication;
The processor for executing one or more program stored in memory, and control the communication device with
The step of realizing the Hive data access control methods as described in any one of claim 1-8.
Further, the present invention also provides a kind of computer storage media, the computer storage media is stored with one
A or multiple programs, one or more of programs can be executed by one or more processor, as above any to realize
Described in Hive data access control methods the step of.
Advantageous effect
A kind of Hive data access control methods of present invention offer, server and computer storage media, for existing
During Hive data access, the permission that application layer user is directly based upon corresponding system grade user accesses, and is unfavorable for carrying out
The defect of permission control;The first access request sent by receiving application layer user, obtains the authority configuration of application layer user
File controls the data access of application layer user based on the first access request and competence profile;Equivalent to increase answering
With the competence profile of grade user, and the data access of application layer user is controlled based on the competence profile, compared to straight
The permission progress data access for relying on system-level user is connect, more careful permission control can be carried out.
Description of the drawings
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the Hive data access control flow schematic diagrams that first embodiment of the invention provides;
Fig. 2 is the Hive data access control flow schematic diagrams that first embodiment of the invention provides;
Fig. 3 is the structural schematic diagram for the server that second embodiment of the invention provides.
Specific implementation mode
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
First embodiment
During solving existing Hive data access, the authority information of system-level user is directly relied on, it is unfavorable to cause
In carry out permission control the problem of, the present embodiment provides a kind of Hive data access control methods, by be pre-configured with preserve it is each
The competence profile of application layer user, when application layer user carries out Hive data access, based in the competence profile
The corresponding authority information of application layer user accesses control, and the permission for directly relying on system-level user is avoided to access,
So as to relatively more careful carry out permission control, more it is bonded with the permission of application layer user itself.
Fig. 1 is referred to, Fig. 1 is Hive data access control methods flow diagram provided in this embodiment, this method packet
Include following steps:
S11, the first access request that application layer user sends is received.
It should be noted that application layer user that is to say nonsystematic grade user, the mandate of Hive servers is not obtained,
The authority information of application layer user is not stored in Hive metadata;Opposite, it can be given on Hive servers system-level
User authorizes, and after mandate, the authority information of each system-level user is stored in Hive metadata, to corresponding Hive data
With access rights, when system-level user accesses to the data in its extent of competence, Hive can directly allow to access
To return to corresponding data content.And mandate of the application layer user due to not obtaining Hive servers, if directly being used with application layer
Family accesses, it is impossible to normally be accessed, it is therefore desirable to which with corresponding system grade user, (general acquiescence is appointed as Hive services
The ROOT user of device can access all data stored in Hive) permission realize access process.Existing scheme is due to direct
Realized and accessed with the permission of corresponding system grade user, and and the authority information that should have of unbonded application layer user itself,
Application layer user can theoretically access all data under the permission of the system-level user, be unfavorable for application layer user
Carry out permission control.This programme combines the competence profile of preconfigured application layer user namely application layer user real
The corresponding authority information in border, to control Hive data access.
First access request can be compiled by the query language HiveQL (abbreviation HQL belongs to a type SQL) in Hive
It writes, may include the data information for asking to access, the user information etc. of application layer user in first access request.The
The format of one access request can be as follows:
" select*from default.download_info where ds=2018-01-01group by ds ";
Above-mentioned first access request asks the data information accessed to that is to say " default.download_info
Where ds=2018-01-01group by ds ", the specially libraries default, under download_info tables, time is
The Hive data of 2018-01-01.
Illustrate it should be understood that above-mentioned the first exemplified access request is only used for description, in practical application, the
The format of one access request can be adjusted flexibly according to practical situations.
In the present embodiment, application layer user sends the first access request to local terminal (being here server) can be by as follows
Several user interfaces are realized, including CLI, Client and HWI, wherein CLI (Command Line) that is to say the shape with order line
Formula sends access request, and Client is the client of Hive, when starting Client patterns, it should be pointed out that Hive servers
Place node, and start Hive Server in the node.HWI (Hive Web Interface) is the side by browser
Formula accesses.
S12, the competence profile for obtaining application layer user.
When receiving the first access request of application layer user transmission, trigger the server obtains preconfigured server
The competence profile of application layer user may include the permission letter of each application layer user in system in the competence profile
Breath, that is to say property rights of each application layer user to specific data in corresponding library, table and table in Hive.Assuming that system is worked as
Before there are User1, User2 and User3 these three application layers user, corresponding authority information is as shown in table 1 below:
Table 1
User name | Authority information |
User1 | Database:Default, table:Download_info, field:AppName=" visual field " |
User2 | database:Default, table:Download_info, field:AppName=" application shop " |
User3 | database:Default, table:Session_info, field:AppName=" theme shop " |
Corresponding, the competence profile should can characterize the authority information of each application layer user, for first
Application layer user User1 has the access rights to " visual field " under the download_info tables of the libraries default, for second
Application layer user User2 has to the access rights of " application shop " under the download_info tables of the libraries default, and third
A application layer user has the access rights to " theme shop " under the session_info tables of the libraries default.
In the present embodiment, competence profile can be that the characteristic information based on each application layer user is pre-configured with
, when each application layer user registers generation in the server, server can be believed according to the feature of current application layer user
Breath configures its permission, and the authority information of the information of corresponding application layer user and corresponding configuration is stored in
In competence profile.Wherein, the characteristic information of application layer user includes but not limited to subscriber service class, owning user group class
Not etc..It also can be based at least one of above-mentioned subscriber service class, owning user group classification come respective application grade user
Permission configured.
For according to subscriber service class, server can obtain the class of service of application layer user, such as exploitation dimension
The user's (can be described as an account) for protecting in above-mentioned table 1 " visual field " can be regarded as a kind of subscriber service class, for exploitation
Safeguard in above-mentioned table 1 that the user of " application shop " and " theme shop " can be regarded as other two kinds of subscriber service class.For
The user of " visual field " is developed, server can configure its authority information to Database:Default, table:download_
Info, field:AppName=" visual field ";Safeguard that the user of " application shop ", server can believe its permission for exploitation
Breath is configured to database:Default, table:Download_info, field:AppName=" application shop ";For opening
Hair safeguards that the user in " theme shop ", server can configure its authority information to database:Default, table:
Session_info, field:AppName=" theme shop ".Namely server can be according to the customer service of application layer user
Classification configures corresponding authority information, and details are not described herein for detailed process.
Server can also be according to owning user group classification to the corresponding Authorization Attributes of application layer user configuration.For one
System-level user is usually corresponding with multiple application layer users, to form a user group.Server can be used according to application layer
User group classification belonging to family configures the authority information of application layer user, such as according to following owning user group classification and power
The correspondence of limit information is configured:
Table 2
Owning user group classification | Authority information |
User group A | The libraries Hive 1 |
User group B | Table 1 in the libraries Hive 2 |
User group C | The libraries Hive 3 |
It for the competence profile of generation, can be stored on server local, when server needs, directly from this
Ground obtains, and response quickly and is not take up resource.
In order to preferably meet user's actual access demand, it there is a need to and processing is updated to competence profile, take
Business device can automatically be updated processing, can also be to be carried out again more in the update request for receiving respective application grade user
New processing.Wherein, server carry out automatically updating processing include:Detecting that the characteristic information of application layer user changes
When, the characteristic information after variation is obtained, and according to the characteristic information after the variation to application layer user in competence profile
Corresponding authority information is updated processing.The characteristic information for detecting application layer user can be according to pre-set time interval
It carries out, when prefixed time interval reaches, trigger the server is detected.When detecting that characteristic information changes, by phase
The authority information of application layer user is answered to be revised as the corresponding authority information of characteristic information after variation.
Server can also be when receiving the update request that application layer user actively sends, then to competence profile
In the corresponding authority information of application layer user be updated.In some instances, update request includes the power before update
Limit information (being assumed to be authority information M) and updated authority information (being assumed to be authority information N), server is by authority configuration
The corresponding authority information of application layer user is updated to authority information N in file, realizes update processing.In some instances, more
New request can not also include authority information, and server, will be to the feature of application layer user after receiving update request
Information is detected, and when detecting that its characteristic information changes, the authority information of application layer user is revised as currently
The corresponding authority information of characteristic information.Wherein, the correspondence between characteristic information and authority information may refer to above description,
Details are not described herein.
S13, the data access that application layer user is controlled based on the first access request and competence profile.
The data that server controls application layer user based on the first access request and the competence profile got are visited
Ask process.It avoids current server when receiving the access request of application layer user, is transmitted directly to the progress of Hive servers
Data query can not access the Hive of application layer user and carry out corresponding permission control.
In the present embodiment, server parses the data information for asking to access in the first access request, according to the power of acquisition
Limit configuration file determines the corresponding authority information of application layer user, then judges that application layer user is according to the authority information
The no access rights having to the data information, and application layer user is controlled to the data information based on the first judging result
It accesses.
Optionally, when the first judging result has the access rights to the data information for application layer user, by this
First access request is sent to Hive servers, to obtain the content of the data information;It is the application in the first judging result
When grade user does not have the access rights to the data information, judge whether application layer user has in the data information
At least partly access rights of content, and access of the application layer user to the data information is controlled according to the second judging result.
Optionally, have at least partly content in the data information for application layer user in the second judging result
When access rights, which is defined to generate the second access request, wherein second access request is used for
At least partly content is accessed, and second access request is sent to Hive servers to obtain at least partly content;?
When second judging result is that application layer user does not have the access rights at least partly content in the data information, generate
Access exception message is sent to application layer user.
Continue by taking User1, User2 and User3 in above-mentioned table 1 as an example, and refer to Fig. 2, includes the following steps:
S21:Receive the first access request.
Assuming that three users have submitted the first access request " select*from to server
default.download_info where ds>=2018-01-01group by ds ".
S22:First access request is parsed, the data information for needing to access is obtained.
Server receives the first access request of three application layer users submission, and is solved to first access request
Analysis obtains each application layer user and the data information accessed, three users is needed to be required for accessing download_ in the libraries default
Info tables whole Hive data of that month from 1 day January in 2018.
S23:Competence profile is parsed, authority information is obtained.
Server also needs to parsing competence profile, to obtain the authority information of these three users.It should be appreciated that permission
The authority information that these three application layers user should at least be included in configuration file, is also possible that other application grade user certainly
Authority information.Based on above-mentioned table 1, the authority information that can obtain User1 is Database:Default, table:
Download_info, field:AppName=" visual field ";The authority information of User2 is database:Default, table:
Download_info, field:AppName=" application shop ";The authority information of User3 is database:Default,
table:Session_info, field:AppName=" theme shop ".
S24:Judge whether with the access rights to the data information;If so, going to step S28;If not, going to step
S25。
Then judge whether application layer user there are the access rights to corresponding data information, three to be required for accessing
Download_info tables whole Hive data of that month from 1 day January in 2018 in the libraries default, and the permission of three is believed
It is under the Hive data of " visual field ", download_info tables that breath can only access appName under download_info tables respectively
AppName is the Hive data that appName is " theme shop " under the Hive data of " application shop ", session_info tables,
Namely three does not have the access rights to the data information, turns now to step S25.
S25:Judge whether with the access rights at least partly content in the data information;If so, going to step
S26;If not, going to step S27.
Server judges whether each application layer user has the access rights of at least partly content in the data information, can
Although obtaining User3 not having still at least partly access rights of content in download_info tables (because it can only be accessed
Partial content under session_info tables), but User1 and User2 has at least partly content in download_info tables
Access rights, specifically to the appName in the download_info tables be " visual field " Hive data and appName
For the Hive data of " application shop ".Server is directed to the first access request of User3 at this time, goes to step S27, namely generate
Access exception message is sent to User3, and access rights are limited, cannot carry out this access;And for User1's and User2
First access request then enters next step S26.
S26:First access request is defined to generate the second access request, and the second access request is sent to
Hive servers are to obtain at least partly content.
In this step, since User1 and User2 does not have the access rights to total data in download_info tables,
But its access rights with which part content, it is " visual field " that User1, which has to appName in download_info tables,
Access rights, User2 have to appName in download_info tables be " application shop " access rights, service at this time
Device is defined decoration respectively to respective first access request, with generate for access this at least partly content second access
Request refers to as shown in table 3 below:
Table 3
And the second access request limited after modifying is sent to Hive servers, to obtain corresponding Hive contents.It keeps away
Exempt from existing scheme the first access request be directly sent to Hive servers to inquire, and to be accordingly in query process
The permission of irrespective of size user carries out, therefore corresponding Hive data contents usually can directly be accessed, namely three users at this time
All whole Hive data of that month from 1 day January in 2018 by download_info tables are got, cannot reach it is effective and
Careful permission control.
S27:It generates access exception message and is sent to application layer user.
S28:First access request is sent to Hive servers to obtain the full content of the data information.
Certainly, if application layer user has to the access rights of the data information, server first can visit this
Ask that request is sent to Hive servers to obtain the full content of the data information.
In the present embodiment, server is sent by corresponding access request (the first access request or the second access request)
After corresponding Hive servers, the content that the Hive servers are inquired according to corresponding access request can also be received,
And the content is sent to corresponding application layer user.
It should be noted that in the present solution, the access of application layer user's Hive data, also needs with system-level user's
Permission realizes access process, but from existing scheme unlike, for Hive access process, and application layer user in existing scheme
The permission that correspondence system grade user can be relied on accesses, and the permission of system-level user is higher, thus cannot carry out it is more careful
Permission control;And this programme in application layer user's access process, can be carried out more by preset competence profile
Good careful permission control, meanwhile, for application layer user, without inputting more careful access request, service
Device can carry out modification restriction to the access request received, with obtain user it is practically necessary be naturally also in extent of competence
Interior Hive data contents, therefore also more preferably it is bonded the actual access demand of user.
More convenient for permission modification, existing scheme, which can only pass through the permission modification of application layer user, changes first number
According to, so that application layer user is become system-level user, it is cumbersome;This programme need not change metadata, directly pass through the power of amendment
Limit configuration file.
Second embodiment
The present embodiment provides a kind of server on the basis of first embodiment, for realizing above-mentioned first embodiment institute
The Hive data access control methods stated, it is shown in Figure 3, show for the structure of one provided in this embodiment optional server
It is intended to, which includes at least:Input and output (IO) bus 31, processor 32, memory 33 and communication device 34.Its
In,
Input and output (IO) bus 31 respectively with itself belonging to server other components (processor 32, memory 33
With communication device 34) connection, and can also provide transmission lines for other components.
Processor 32 can control the overall operation of the server belonging to itself.In the present embodiment, processor 32 is for holding
One or more program stored in line storage 33, and the communication device 34 is controlled to realize described in first embodiment
The step of Hive data access control methods.Wherein, processor 32 can be central processing unit (CPU).
Memory 33 stores the software code that processor is readable, processor is executable, and it includes for control processor 32
Execute the instruction of Hive data access control functions described herein (i.e. software executes function).
Communication device 34, generally includes one or more components, allows the server belonging to itself and wireless communication system
Radio communication between system or network.
3rd embodiment
The embodiment of the present invention provides a kind of computer storage media, and there are one the computer storage media storages or more
A program, one or more of programs can be executed by one or more processor, to realize above-mentioned first embodiment
Each step of Hive data access control methods.Detailed process refers to the description of first embodiment, and details are not described herein.
It should be noted that herein, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that process, method, article or device including a series of elements include not only those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including this
There is also other identical elements in the process of element, method, article or device.
The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical scheme of the present invention substantially in other words does the prior art
Going out the part of contribution can be expressed in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal (can be mobile phone, computer, service
Device, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited in above-mentioned specific
Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art
Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much
Form, all of these belong to the protection of the present invention.
Claims (10)
1. a kind of Hive data access control methods, which is characterized in that the Hive data access control methods include:
The first access request that application layer user sends is received, the competence profile of application layer user is obtained, based on described the
One access request controls the data access of the application layer user with the competence profile.
2. Hive data access control methods as described in claim 1, which is characterized in that described accessed based on described first is asked
The data access for controlling the application layer user with the competence profile is asked to include:
It parses first access request and asks the data information accessed, the application is determined according to the competence profile
The corresponding authority information of grade user judges whether the application layer user has to the data information according to the authority information
Access rights, and access of the application layer user to the data information is controlled based on the first judging result.
3. Hive data access control methods as claimed in claim 2, which is characterized in that described to be based on the first judging result control
Make the application layer user includes to the access of the data information:
When to be the application layer user have to the access rights of the data information first judging result, by described the
One access request is sent to Hive servers, to obtain the content of the data information;
When first judging result is that the application layer user does not have the access rights to the data information, institute is judged
Application layer user is stated whether with the access rights at least partly content in the data information, and judges to tie according to second
Fruit controls access of the application layer user to the data information.
4. Hive data access control methods as claimed in claim 3, which is characterized in that described according to the second judging result control
Make the application layer user includes to the access of the data information:
In second judging result being the application layer user has visit at least partly content in the data information
When asking permission, first access request is defined to generate the second access request, second access request is for visiting
Ask at least partly content, and second access request is sent to the Hive servers with obtain it is described at least partly
Content;
It is that the application layer user does not have at least partly content in the data information in second judging result
When access rights, generates access exception message and be sent to the application layer user.
5. Hive data access control methods according to any one of claims 1-4, which is characterized in that the authority configuration text
Part is that the characteristic information based on each application layer user is configured, and the characteristic information includes subscriber service class, affiliated use
At least one of family group classification.
6. Hive data access control methods as claimed in claim 5, which is characterized in that the Hive data access controlling party
Method further includes:
When detecting that the characteristic information of application layer user changes, the characteristic information after variation is obtained, and according to the change
Characteristic information after change is updated the corresponding authority information of the application layer user in the competence profile.
7. Hive data access control methods as claimed in claim 5, which is characterized in that the Hive data access controlling party
Method further includes:
It receives application layer user to ask the update of own right information, with to the application layer in the competence profile
The corresponding authority information of user is updated.
8. Hive data access control methods according to any one of claims 1-4, which is characterized in that the Hive data are visited
Ask that control method further includes:
The content that Hive servers are sent is received, and the content is sent to the application layer user.
9. a kind of server, which is characterized in that the server includes input/output bus, processor, memory and communication dress
It sets;
The input/output bus is logical for realizing the connection between the processor, the memory and the communication device
Letter;
The processor controls the communication device to realize for executing one or more program stored in memory
The step of Hive data access control methods as described in any one of claim 1-8.
10. a kind of computer storage media, which is characterized in that the computer storage media is stored with one or more journey
Sequence, one or more of programs can be executed by one or more processor, to realize such as any one of claim 1-8
The step of described Hive data access control methods.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810306263.3A CN108737371A (en) | 2018-04-08 | 2018-04-08 | Hive data access control methods, server and computer storage media |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810306263.3A CN108737371A (en) | 2018-04-08 | 2018-04-08 | Hive data access control methods, server and computer storage media |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108737371A true CN108737371A (en) | 2018-11-02 |
Family
ID=63941255
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810306263.3A Pending CN108737371A (en) | 2018-04-08 | 2018-04-08 | Hive data access control methods, server and computer storage media |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108737371A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109543448A (en) * | 2018-11-16 | 2019-03-29 | 深圳前海微众银行股份有限公司 | HDFS file access authority control method, equipment and storage medium |
CN112817997A (en) * | 2021-02-24 | 2021-05-18 | 广州市品高软件股份有限公司 | Method and device for accessing S3 object storage by using dynamic user through distributed computing engine |
CN112948884A (en) * | 2021-03-25 | 2021-06-11 | 中国电子科技集团公司第三十研究所 | Method and system for implementing big data access control on application level user |
WO2023173908A1 (en) * | 2022-03-17 | 2023-09-21 | 华为云计算技术有限公司 | Method, apparatus and system for accessing file, and storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101056178A (en) * | 2007-05-28 | 2007-10-17 | 中兴通讯股份有限公司 | A method and system for controlling the user network access right |
CN101335637A (en) * | 2007-06-26 | 2008-12-31 | 王立刚 | Method and device for multicast control |
CN101571897A (en) * | 2009-06-04 | 2009-11-04 | 浙江大学 | Method for controlling access permission of massive objects in computer system |
CN101616126A (en) * | 2008-06-23 | 2009-12-30 | 华为技术有限公司 | Realize method, the Apparatus and system of data access authority control |
CN102917006A (en) * | 2012-08-31 | 2013-02-06 | 杭州斯凯网络科技有限公司 | Method and device for achieving uniform control management of computing resource and object authority |
US20140195818A1 (en) * | 2013-01-09 | 2014-07-10 | Thomson Licensing | Method and device for privacy respecting data processing |
CN105912949A (en) * | 2016-04-13 | 2016-08-31 | 北京京东尚科信息技术有限公司 | Data permission management method, data permission management system and service management system |
CN107566375A (en) * | 2017-09-08 | 2018-01-09 | 郑州云海信息技术有限公司 | Access control method and device |
-
2018
- 2018-04-08 CN CN201810306263.3A patent/CN108737371A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101056178A (en) * | 2007-05-28 | 2007-10-17 | 中兴通讯股份有限公司 | A method and system for controlling the user network access right |
CN101335637A (en) * | 2007-06-26 | 2008-12-31 | 王立刚 | Method and device for multicast control |
CN101616126A (en) * | 2008-06-23 | 2009-12-30 | 华为技术有限公司 | Realize method, the Apparatus and system of data access authority control |
CN101571897A (en) * | 2009-06-04 | 2009-11-04 | 浙江大学 | Method for controlling access permission of massive objects in computer system |
CN102917006A (en) * | 2012-08-31 | 2013-02-06 | 杭州斯凯网络科技有限公司 | Method and device for achieving uniform control management of computing resource and object authority |
US20140195818A1 (en) * | 2013-01-09 | 2014-07-10 | Thomson Licensing | Method and device for privacy respecting data processing |
CN105912949A (en) * | 2016-04-13 | 2016-08-31 | 北京京东尚科信息技术有限公司 | Data permission management method, data permission management system and service management system |
CN107566375A (en) * | 2017-09-08 | 2018-01-09 | 郑州云海信息技术有限公司 | Access control method and device |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109543448A (en) * | 2018-11-16 | 2019-03-29 | 深圳前海微众银行股份有限公司 | HDFS file access authority control method, equipment and storage medium |
CN112817997A (en) * | 2021-02-24 | 2021-05-18 | 广州市品高软件股份有限公司 | Method and device for accessing S3 object storage by using dynamic user through distributed computing engine |
CN112948884A (en) * | 2021-03-25 | 2021-06-11 | 中国电子科技集团公司第三十研究所 | Method and system for implementing big data access control on application level user |
WO2023173908A1 (en) * | 2022-03-17 | 2023-09-21 | 华为云计算技术有限公司 | Method, apparatus and system for accessing file, and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8959114B2 (en) | Entitlement management in an on-demand system | |
US8924361B2 (en) | Monitoring entitlement usage in an on-demand system | |
CA2861676C (en) | Presenting metadata from multiple perimeters | |
CN108234475B (en) | Account management method, electronic equipment and computer storage medium | |
US11886388B1 (en) | Recent file synchronization and aggregation methods and systems | |
CN108737371A (en) | Hive data access control methods, server and computer storage media | |
CN104335523B (en) | A kind of authority control method, client and server | |
CN103841134B (en) | Based on API transmission, the method for receive information, apparatus and system | |
US10402585B2 (en) | Management of privacy policies | |
CN108710528A (en) | Access, control method, device, equipment and the storage medium of desktop cloud virtual machine | |
CN111580820A (en) | Applet generation method and device | |
US20110093367A1 (en) | Method, apparatus, and computer product for centralized account provisioning | |
CN109218368A (en) | Realize method, apparatus, electronic equipment and the readable medium of Http reverse proxy | |
DK1969815T3 (en) | Device for the use of ERP systems in connection with preferably mobile end devices | |
CN103581111A (en) | Communication method and system | |
CN1761188B (en) | Simple point logging in method and simple point logging out method | |
KR101044343B1 (en) | Cloud disk sharing system | |
CN103778379B (en) | Application in management equipment performs and data access | |
CN106815501A (en) | The application management method and device of mobile terminal | |
CN102833328A (en) | Unified application calling method and unified calling client | |
CN103763370B (en) | A kind of method, system and device for changing mobile terminal workspace screen-lock password | |
CN105224541B (en) | Uniqueness control method, information storage means and the device of data | |
KR101031554B1 (en) | System and method for offering application using unique identification code | |
EP2913957B1 (en) | Method and apparatus for controlling internet access | |
WO2021171125A1 (en) | Messaging campaign manager, messaging campaign manager system, bulk or mass messaging system, method of bulk or mass messaging, computer program, computer-readable medium, graphical user interface. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181102 |
|
RJ01 | Rejection of invention patent application after publication |