CN110188089B - Database operation and maintenance management and control method and device - Google Patents
Database operation and maintenance management and control method and device Download PDFInfo
- Publication number
- CN110188089B CN110188089B CN201910467397.8A CN201910467397A CN110188089B CN 110188089 B CN110188089 B CN 110188089B CN 201910467397 A CN201910467397 A CN 201910467397A CN 110188089 B CN110188089 B CN 110188089B
- Authority
- CN
- China
- Prior art keywords
- database
- approval
- business
- operation instruction
- database operation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2457—Query processing with adaptation to user needs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computational Linguistics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a database operation and maintenance management and control method and a device, which relate to the technical field of information management and comprise the steps of obtaining database operation instructions and information of a host sending the database operation instructions, and judging whether the host is a host with preset authorized operation or not according to the information of the host; if so, converting each database operation instruction into a corresponding business operation statement, examining and approving the business operation statement according to an examination and approval mode and a preset examination and approval rule, and if the examination and approval is passed, allowing the database operation instruction to perform corresponding database operation on the database to be controlled. The method limits that only a host computer with preset authorized operation has authority to operate and maintain the database, examines and approves the business operation statements corresponding to the database operation statements according to a preset examination and approval mode and examination and approval rules, allows the database operation instructions to perform corresponding database operation on the database to be controlled only if the examination and approval is passed, and solves the technical problem that the existing database management and control method is poor in safety.
Description
Technical Field
The invention relates to the technical field of information management, in particular to a database operation and maintenance control method and device.
Background
At present, most enterprises pay great attention to information security of databases, after one database is created, special operation and maintenance personnel need to carry out daily operation and maintenance on the database, however, if the operation and maintenance personnel steal sensitive data to carry out illegal activities or misoperation occurs in daily operation and maintenance, important information in the database is deleted, most of the existing solutions are to process after audit, but certain loss is caused to the enterprises by executed database operation.
In conclusion, the existing database management and control method has the technical problem of poor safety.
Disclosure of Invention
The invention aims to provide a database operation and maintenance control method and a database operation and maintenance control device, which are used for solving the technical problem that the existing database management and control method is poor in safety.
In a first aspect, the present invention provides a database operation and maintenance management and control method, including:
the method comprises the steps of obtaining a database operation instruction and information of a host sending the database operation instruction, wherein the database operation instruction is used for carrying out database operation on a database to be controlled, and the information of the host at least comprises the following steps: IP address information of the host and MAC address information of the host;
judging whether the host is a host with preset authorization operation according to the information of the host;
if so, converting each database operation instruction into a corresponding business operation statement;
and examining and approving the business operation statement according to an examination and approval mode and a preset examination and approval rule, wherein the examination and approval mode comprises any one of the following modes: the system comprises an automatic approval mode and a manual approval mode, wherein the approval rules comprise: operation and maintenance time rules and/or business operation content rules;
and if the examination and approval is passed, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
Further, converting each database operation instruction into a corresponding business operation statement comprises:
performing syntax analysis on each database operation instruction to obtain an analysis result, wherein the analysis result comprises: action information indicated by the database operation instruction and an operation object corresponding to the action information;
and matching the analysis result with an operation dictionary and a business dictionary respectively, and determining a business operation statement corresponding to the analysis result according to the matching result, wherein the operation dictionary represents the comparison relationship between the action information and the business operation instruction, and the business dictionary represents the comparison relationship between the operation object and the business operation object.
Further, the approval mode is the automatic approval mode;
the process of examining and approving the business operation statement according to the examination and approval mode and the preset examination and approval rule comprises the following steps:
judging whether the current operation time corresponding to the database operation instruction accords with the operation and maintenance time rule and/or whether the business operation statement accords with the business operation content rule;
if the result is consistent, the approval is passed.
Further, the approval mode is the manual approval mode;
the process of examining and approving the business operation statement according to the examination and approval mode and the preset examination and approval rule comprises the following steps:
classifying the business operation statements based on a preset approval rule to obtain classified business operation statements;
sending the classified business operation statements to a corresponding approval inbox to be approved of an approval person, and informing the approval person to perform approval according to a preset informing mode, wherein the preset informing mode at least comprises one of the following modes: e-mail mode, short message mode;
receiving an approval result returned by the approval personnel, wherein the approval result comprises any one of the following: and examining and approving the passed result and the failed result.
Further, the method further comprises:
if the approval is passed, determining a target database operation instruction corresponding to the approved business operation statement in the database operation instruction;
and storing the target database operation instruction into an operable and maintainable database operation instruction library.
Further, the method further comprises:
after the host is judged to be the host with preset authorization operation according to the information of the host, judging whether the current operation time corresponding to the database operation instruction accords with an operation and maintenance time rule or not;
if yes, judging whether an operable and maintainable database operation instruction matched with the database operation instruction exists in an operable and maintainable database operation instruction library, wherein the operable and maintainable database operation instruction library comprises database operation instructions of authorized operation;
and if so, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
Further, the method further comprises:
if not, determining a corresponding business operation statement based on the database operation instruction;
judging whether the business operation statement conforms to the business operation content rule or not;
and if so, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
In a second aspect, the present invention further provides a database operation and maintenance management and control apparatus, including:
the obtaining module is used for obtaining a database operation instruction and information of a host sending the database operation instruction, wherein the database operation instruction is used for performing database operation on a database to be managed and controlled, and the information of the host at least comprises: IP address information of the host and MAC address information of the host;
the judging module is used for judging whether the host is a host with preset authorized operation according to the information of the host;
if yes, converting each database operation instruction into a corresponding business operation statement;
the approval module is used for approving the business operation statement according to an approval mode and a preset approval rule, wherein the approval mode comprises any one of the following modes: the system comprises an automatic approval mode and a manual approval mode, wherein the approval rules comprise: operation and maintenance time rules and/or business operation content rules;
and the execution module allows the database operation instruction to perform corresponding database operation on the database to be controlled if the examination and approval is passed.
Further, the conversion module comprises:
a syntax analysis unit, configured to perform syntax analysis on each database operation instruction to obtain an analysis result, where the analysis result includes: action information indicated by the database operation instruction and an operation object corresponding to the action information;
and the matching unit is used for matching the analysis result with an operation dictionary and a business dictionary respectively, and determining a business operation statement corresponding to the analysis result according to the matching result, wherein the operation dictionary represents the comparison relationship between the action information and the business operation instruction, and the business dictionary represents the comparison relationship between the operation object and the business operation object.
Further, the approval mode is the automatic approval mode;
the approval module comprises:
the judging unit is used for judging whether the current operation time corresponding to the database operation instruction accords with the operation and maintenance time rule and/or whether the business operation statement accords with the business operation content rule;
and the determining unit passes the approval if the data are matched.
The invention provides a database operation and maintenance control method, which comprises the following steps: the method comprises the steps of obtaining a database operation instruction and information of a host sending the database operation instruction, wherein the database operation instruction is used for carrying out database operation on a database to be controlled, and the information of the host at least comprises the following steps: IP address information of the host and MAC address information of the host; judging whether the host is a host with preset authorized operation or not according to the information of the host; if so, converting each database operation instruction into a corresponding business operation statement; and examining and approving the business operation statement according to an examination and approval mode and a preset examination and approval rule, wherein the examination and approval mode comprises any one of the following modes: the system comprises an automatic approval mode and a manual approval mode, wherein approval rules comprise: operation and maintenance time rules and/or business operation content rules; and if the examination and approval is passed, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
In the prior art, if operation and maintenance personnel steal sensitive data to perform illegal activities or misoperation occurs in daily operation and maintenance, important information in a database is deleted, most solutions are to audit and process the data afterwards, but executed database operation causes certain loss to enterprises. Compared with the processing mode in the prior art, the database operation and maintenance control method provided by the invention comprises the steps of firstly judging according to the information of the obtained host sending the database operation instruction, if the host is determined to be the host with preset authorization operation, further converting the obtained database operation instruction into a service operation statement convenient for examination and approval, then examining and approving the service operation statement according to an examination and approval mode and preset examination and approval rules, and allowing the database operation instruction to carry out corresponding database operation on a to-be-controlled database only if the examination and approval is passed. The method limits that only the host with preset authorized operation has the authority to operate and maintain the database to be controlled, and only the approved database operation instruction can operate the database to be controlled, so that the technical problem of poor safety of the existing database control method is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a database operation and maintenance management and control method according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating that when the approval mode is the automatic approval mode, the business operation statement is approved according to the approval mode and the preset approval rule according to the embodiment of the present invention;
fig. 3 is a flowchart of another database operation and maintenance management and control method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a database operation and maintenance management and control apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment is as follows:
fig. 1 is a flowchart of a database operation and maintenance management and control method provided in an embodiment of the present invention, where the method includes the following steps:
step S102, obtaining a database operation instruction and information of a host sending the database operation instruction, wherein the database operation instruction is used for performing database operation on a database to be controlled, and the information of the host at least comprises: IP address information of the host and MAC address information of the host;
in the embodiment of the invention, to perform operation and maintenance on a database to be controlled, a database approval system firstly needs to acquire database operation instructions and information of a host sending the database operation instructions, and a database operation and maintenance worker can store the database operation instructions and the information of the host sending the database operation instructions into a target file in advance and then log in the database approval system to import the target file; the information of the host computer which can respectively input the database operation instruction and send the database operation instruction can also be recorded after logging in the database approval system, wherein the database operation instruction can be multiple or one, the database approval system obtains the database operation instruction and obtains the current operation time corresponding to the database operation instruction, the information of the host computer can automatically obtain the return information by adopting an input command mode, and the information of the host computer at least comprises: IP address information of the host and MAC address information of the host.
Step S104, judging whether the host is a host with preset authorization operation according to the information of the host;
after the information of the host sending the database operation instruction is acquired, whether the host sending the database operation instruction is a host with preset authorized operation or not is judged according to the information of the host, and if not, subsequent database operation is not performed.
Step S106, if yes, converting each database operation instruction into a corresponding business operation statement;
if the host sending the database operation instruction is a host preset with authorization operation, each database operation instruction is converted into a business operation statement which can be conveniently approved by an approver, wherein the business operation statement can be conveniently approved by the approver for the database operation instruction, and the conversion process is described in detail below.
Step S108, the business operation statement is approved according to an approval mode and a preset approval rule, wherein the approval mode comprises any one of the following modes: the system comprises an automatic approval mode and a manual approval mode, wherein approval rules comprise: operation and maintenance time rules and/or business operation content rules;
after the business operation statement is obtained, the business operation statement is approved according to an approval mode (an automatic approval mode or a manual approval mode) and a preset approval rule, wherein the approval rule comprises the following steps: in general, when the examining and approving personnel are busy or out, the database examination and approval system may be set to an automatic examination and approval mode, and the process of examining and approving in the automatic examination and approval mode and the manual examination and approval mode will be described in detail below.
And step S110, if the approval is passed, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
If the business operation statement conforms to the preset approval rule, the business operation statement is approved, and then the database operation instruction is allowed to perform corresponding database operation on the database to be controlled; if the business operation statement does not accord with the preset approval rule, the approval is not passed, namely the database operation instruction is not allowed to operate the database to be controlled.
In the prior art, if operation and maintenance personnel steal sensitive data to perform illegal activities or misoperation occurs in daily operation and maintenance, important information in a database is deleted, most solutions are to audit and process the data afterwards, but executed database operation causes certain loss to enterprises. Compared with the processing mode in the prior art, the database operation and maintenance control method provided by the invention comprises the steps of firstly judging according to the information of the obtained host sending the database operation instruction, if the host is determined to be the host with preset authorization operation, further converting the obtained database operation instruction into a service operation statement convenient for examination and approval, then examining and approving the service operation statement according to an examination and approval mode and preset examination and approval rules, and allowing the database operation instruction to carry out corresponding database operation on a to-be-controlled database only if the examination and approval is passed. The method limits that only the host with preset authorized operation has the authority to operate and maintain the database to be controlled, and only the approved database operation instruction can operate the database to be controlled, so that the technical problem of poor safety of the existing database control method is solved.
The operation steps of the database operation and maintenance control method of the present invention are briefly described above, and a process of converting each database operation instruction into a corresponding service operation statement is described in detail below.
In an optional embodiment, the step of converting each database operation instruction into a corresponding business operation statement includes the following steps:
step S1061, performing syntax analysis on each database operation instruction to obtain an analysis result, wherein the analysis result comprises: action information indicated by the database operation instruction and an operation object corresponding to the action information;
specifically, since the database operation command is generally expressed in a standard structured query language, the operation information indicated by the database operation command and the operation object corresponding to the operation information can be obtained by the syntax analysis, and the obtained content can be used as the analysis result of the syntax analysis.
And step S1062, respectively matching the analysis result with an operation dictionary and a service dictionary, and determining a service operation statement corresponding to the analysis result according to the matching result, wherein the operation dictionary represents a comparison relationship between the action information and the service operation instruction, and the service dictionary represents a comparison relationship between the operation object and the service operation object.
And after the analysis result is obtained, matching the analysis result with an operation dictionary and a service dictionary respectively, wherein the operation dictionary is independently designed and maintained and represents the comparison relationship between the action information and the service operation instruction, the service dictionary is the comparison relationship between an operation object and a service operation object provided by a service system corresponding to the database to be controlled, the matching is finished to obtain a matching result, and the service operation statement corresponding to the analysis result is determined according to the matching result.
For ease of understanding, the following description illustrates the process of converting each database operation instruction into a corresponding business operation statement:
if the database operation instruction is 'delete from user', the action information indicated by the database operation instruction obtained by the analysis result is 'delete', the operation object corresponding to the action information is 'user', the analysis result is matched with the operation dictionary to obtain 'delete' of the service operation instruction, the analysis result is matched with the service dictionary to obtain 'user table' of the service operation object, and then the service operation statement corresponding to the analysis result is determined to be 'delete user table content' according to the matching result.
The process of converting each database operation instruction into a corresponding service operation statement is described in detail above, and the process of approving two different approval modes is described in detail below.
In an alternative embodiment, as shown in fig. 2, the approval mode is an automatic approval mode, and the approval of the business operation statement according to the approval mode and the preset approval rule includes the following steps:
step S1081, judging whether the current operation time corresponding to the database operation instruction conforms to the operation and maintenance time rule, and/or whether the business operation statement conforms to the business operation content rule;
and step S1082, if the result is consistent with the standard result, the approval is passed.
Specifically, when designing the approval rule, only the operation and maintenance time rule or only the service operation content rule may be set, and a dual approval rule may also be set, that is, both the operation and maintenance time rule and the service operation content rule are determined, and it should be noted that a user may define the determination sequence of the operation and maintenance time rule and the service operation content rule;
the following is a detailed description of one case of setting the double approval rule:
the operation and maintenance time rule may be understood as that operation and maintenance of the database to be controlled by operation and maintenance personnel in a peak time period is automatically avoided by predefining the peak time period of use of the database, that is, the operation and maintenance time rule is preferably set to be that no operation is allowed to be performed on the database to be controlled in the peak time period, and a user may also set other operation and maintenance time rules according to actual conditions, and the operation and maintenance time rule is not specifically limited in the present invention, and for convenience of understanding, the following operation and maintenance time rule is exemplified:
if the operation and maintenance time rule is set to be 8 to 10 am and 2 to 4 pm, the operation and maintenance of the database to be controlled cannot be carried out, namely, 8 to 10 am and 2 to 4 pm are limited operation time periods, when the database approval system receives a database operation instruction, firstly, whether the current operation time is in the limited operation time period is judged, if the current operation time is 3 pm, the relevant operation is not allowed to be carried out on the database to be controlled, and if the current operation time is 12 pm, the business operation statement is further judged to determine whether the business operation statement conforms to the business operation content rule.
Specifically, the business operation content rule may be set according to an actual situation, preferably, the limited table, the limited data and the limited operation may be logically combined, and a combination result thereof is set as the business operation content rule, and for convenience of understanding, the business operation content rule is exemplified as follows:
if the user table in the database to be controlled belongs to a table with a higher security level, the business operation content rule sets that operation and maintenance personnel are not allowed to perform any operation on the user table, and all operations related to the user table, such as checking the user table, editing the user table, deleting the user table and the like in the business operation statement are rejected; or predefining operations such as checking, editing or deleting the data related to the identity card information in the user table, and the like, but other data in the user table are not particularly limited, the operation of setting all the data related to the identity card information in the user table by the business operation content rule is rejected; or the set target data can only be checked and cannot be edited, so that the business operation statements checking the target data in the business operation statements conform to the rules and can be approved, and other operation approvals related to the target data do not pass.
In an optional embodiment, the approval mode is a manual approval mode, and the approval of the business operation statement according to the approval mode and a preset approval rule includes the following contents:
firstly, classifying business operation statements based on a preset approval rule to obtain classified business operation statements;
then, the classified business operation statements are sent to a corresponding approval inbox of the corresponding approval staff, and the approval staff are notified to perform approval according to a preset notification mode, wherein the preset notification mode at least comprises one of the following modes: e-mail mode, short message mode;
in order to optimize the approval process and improve the approval accuracy, firstly classifying the business operation statements to obtain classified business operation statements, and specifically how to classify users can set the system according to actual conditions; or dividing the examining and approving personnel into shifts according to time in advance, distributing different examining and approving personnel according to the current operation time corresponding to the database operation instruction, and dispersing the examination and approving pressure.
Furthermore, the classified business operation sentences are sent to the corresponding approval inbox of the approval staff, and particularly, when the approval staff approves the sentences, the business operation sentences can be seen, and the corresponding database operation instructions can also be selected to be seen. In order to improve the efficiency of the examination and approval, the database examination and approval system informs the examination and approval personnel to carry out the examination and approval according to a preset notification mode, wherein the preset notification mode can be a mail mode, a short message mode or other notification modes, and can also be a plurality of notification modes which are used together.
And finally, receiving an approval result returned by the approval personnel, wherein the approval result comprises any one of the following: and examining and approving the passed result and the failed result.
And after the approval of the approval personnel is finished, the database approval system receives an approval result returned by the approval personnel, returns a result of approval passing if the business operation statement conforms to the preset approval rule, and returns a result of approval failing if the business operation statement does not conform to the preset approval rule.
In particular, when the manual approval mode is set, the approval staff may also approve some business operation statements that do not conform to the preset approval rules in principle according to actual conditions, for example, it is assumed that the operation time corresponding to the database operation instruction does not conform to the operation and maintenance time rule, but due to an emergency situation, the approval staff may exceptionally approve the database operation, thereby alleviating the emergency situation, that is, the manual approval mode is a more flexible approval mode.
The process of approving the two different modes of approval is described in detail above, and further details of the method of the invention are described below.
In an alternative embodiment, the method further comprises the steps of:
step S112, if the approval is passed, determining a target database operation instruction corresponding to the approved business operation statement in the database operation instruction;
and step S114, storing the target database operation instruction into the operable and maintainable database operation instruction library.
Specifically, if a certain business operation statement passes the approval, a target database operation instruction corresponding to the business operation statement is determined among a plurality of database operation instructions, and then the target database operation instruction is stored in a operable and maintainable database operation instruction library, where the operable and maintainable database operation instruction library is used to store all approved database operation instructions.
The above describes in detail one embodiment of the database operation and maintenance management and control method of the present invention, and another embodiment is described in detail below.
In an alternative embodiment, as shown in fig. 3, the method further comprises the steps of:
step S201, after the host is judged to be the host with preset authorization operation according to the information of the host, judging whether the current operation time corresponding to the database operation instruction accords with the operation and maintenance time rule;
specifically, in the operation and maintenance process of the to-be-controlled database, if the host sending the database operation instruction is the host of the preset authorized operation, it may be further determined whether the current operation time corresponding to the database operation instruction conforms to the operation and maintenance time rule, and the setting of the operation and maintenance time rule is related to the above detailed description, which is not repeated herein, and the determination mode may be set by a worker, and an automatic determination mode or a manual determination mode may be selected.
Step S202, if yes, judging whether an operable and maintainable database operation instruction matched with the database operation instruction exists in an operable and maintainable database operation instruction library, wherein the operable and maintainable database operation instruction library comprises the database operation instruction of authorized operation;
step S203, if yes, allowing the database operation instruction to perform corresponding database operation on the database to be managed and controlled.
If the current operation time corresponding to the database operation instruction accords with the preset time rule, further judging whether the operable and maintainable database operation instruction matched with the database operation instruction exists in the operable and maintainable database operation instruction library, because the operable and maintainable database operation instruction library includes the database operation instructions authorized to be operated, that is, all the database operation instructions corresponding to the business operation statements approved once are stored in the operable and maintainable database operation instruction library, whether the database operation instructions approved once pass is judged, if the operable database operation instruction matched with the database operation instruction exists in the operable database operation instruction library, subsequent approval processes are not needed, the database operation instruction can be directly allowed to carry out corresponding database operation on the database to be controlled, and the operation and maintenance efficiency is improved.
In practical application, the process of determining whether the current operation time corresponding to the database operation instruction meets the operation and maintenance time rule may be omitted, that is, after determining that the host is a host with preset authorized operation according to the information of the host, the method may directly determine whether there is an operation instruction of the operable and maintenance database matching the database operation instruction in the operable and maintenance database operation instruction library, that is, the operation and maintenance time rule may be set as an optional determination item according to the actual situation.
In an optional embodiment, the method further comprises:
step S204, if not, determining a corresponding business operation statement based on the database operation instruction;
further, if there is no operable database operation instruction matching with the database operation instruction in the operable database operation instruction library, the database operation instruction needs to be converted into a corresponding service operation statement, and the conversion method has been described in detail above and is not described herein again.
Step S205, judging whether the business operation statement conforms to the business operation content rule;
and step S206, if the operation result is consistent with the preset operation result, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
After the business operation statement is obtained, whether the business operation statement conforms to the business operation content rule is further judged, and if not, the database operation instruction is not allowed to operate the database to be controlled; and if the business operation statement conforms to the business operation content rule, allowing the database operation instruction to perform corresponding database operation on the database to be controlled. The setting of the relevant service operation content rule is described in detail above, and is not repeated here, and the determination mode may be set by a worker, and an automatic determination mode or a manual determination mode may be selected.
To sum up, the database operation and maintenance control method provided by the embodiment of the invention has the following advantages:
1. the method can convert the database operation instruction into the business operation statement, and is more convenient for the examination and approval personnel to examine and approve;
2. the user can set operation and maintenance time rules, for example, the operation of the database at the peak time is limited, and the operation and maintenance of the database to be controlled by operation and maintenance personnel at the peak time is automatically avoided;
3. the business operation statements are judged according to the business operation content rules, so that complete comparison can be realized;
4. the automatic approval mode can improve the approval efficiency of the database operation;
5. the manual approval mode can more flexibly process the application of database operation and can also improve the accuracy of approval.
Example two:
the embodiment of the present invention further provides a database operation and maintenance control device, which is mainly used for executing the database operation and maintenance control method provided by the embodiment of the present invention, and the following describes the database operation and maintenance control device provided by the embodiment of the present invention in detail.
Fig. 4 is a schematic diagram of a database operation and maintenance management and control device according to an embodiment of the present invention, as shown in fig. 4, the device mainly includes an obtaining module 10, a determining module 20, a transforming module 30, an examining and approving module 40, and an executing module 50, where:
the acquisition module is used for acquiring database operation instructions and information of a host sending the database operation instructions, wherein the database operation instructions are used for performing database operation on a database to be managed and controlled, and the information of the host at least comprises: IP address information of the host and MAC address information of the host;
the judging module is used for judging whether the host is a host with preset authorized operation according to the information of the host;
if yes, converting each database operation instruction into a corresponding business operation statement;
the approval module is used for approving the business operation statements according to an approval mode and a preset approval rule, wherein the approval mode comprises any one of the following modes: the system comprises an automatic approval mode and a manual approval mode, wherein approval rules comprise: operation and maintenance time rules and/or business operation content rules;
and the execution module allows the database operation instruction to perform corresponding database operation on the database to be controlled if the examination and approval is passed.
In the prior art, if operation and maintenance personnel steal sensitive data to perform illegal activities or misoperation occurs in daily operation and maintenance, important information in a database is deleted, most solutions are to audit and process the data afterwards, but executed database operation causes certain loss to enterprises. Compared with the processing mode in the prior art, the database operation and maintenance control method provided by the invention comprises the steps of firstly judging according to the information of the obtained host sending the database operation instruction, if the host is determined to be the host with preset authorization operation, further converting the obtained database operation instruction into a service operation statement convenient for examination and approval, then examining and approving the service operation statement according to an examination and approval mode and preset examination and approval rules, and allowing the database operation instruction to carry out corresponding database operation on a to-be-controlled database only if the examination and approval is passed. The method limits that only the host with preset authorized operation has the authority to operate and maintain the database to be controlled, and only the approved database operation instruction can operate the database to be controlled, so that the technical problem of poor safety of the existing database control method is solved.
Further, the conversion module comprises:
the syntax analysis unit is used for performing syntax analysis on each database operation instruction to obtain an analysis result, wherein the analysis result comprises: action information indicated by the database operation instruction and an operation object corresponding to the action information;
and the matching unit is used for matching the analysis result with the operation dictionary and the service dictionary respectively, and determining a service operation statement corresponding to the analysis result according to the matching result, wherein the operation dictionary represents the comparison relationship between the action information and the service operation instruction, and the service dictionary represents the comparison relationship between the operation object and the service operation object.
Further, the approval mode is an automatic approval mode; the approval module comprises:
the judging unit is used for judging whether the current operation time corresponding to the database operation instruction accords with the operation and maintenance time rule and/or whether the business operation statement accords with the business operation content rule;
and the determining unit passes the approval if the data are matched.
Further, the mode of approving is the manual mode of approving, and the module of approving includes:
the classification unit is used for classifying the business operation statements based on a preset approval rule to obtain the classified business operation statements;
the sending unit is used for sending the classified business operation statements to a to-be-approved inbox of a corresponding approval person, and informing the approval person to perform approval according to a preset informing mode, wherein the preset informing mode at least comprises one of the following modes: e-mail mode, short message mode;
the receiving unit is used for receiving an approval result returned by an approval person, wherein the approval result comprises any one of the following: and examining and approving the passed result and the failed result.
Further, the apparatus is further configured to:
if the approval is passed, determining a target database operation instruction corresponding to the approved business operation statement in the database operation instruction;
and storing the target database operation instruction into an operable and maintainable database operation instruction library.
Further, the apparatus is further configured to:
after the host is judged to be the host with preset authorized operation according to the information of the host, judging whether the current operation time corresponding to the database operation instruction accords with the operation and maintenance time rule or not;
if yes, judging whether an operable and maintainable database operation instruction matched with the database operation instruction exists in an operable and maintainable database operation instruction library, wherein the operable and maintainable database operation instruction library comprises the database operation instruction authorized to be operated;
and if so, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
Further, the apparatus is further configured to:
if not, determining a corresponding business operation statement based on the database operation instruction;
judging whether the business operation statement conforms to the business operation content rule or not;
and if so, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A database operation and maintenance management and control method is characterized by comprising the following steps:
the method comprises the steps of obtaining a database operation instruction and information of a host sending the database operation instruction, wherein the database operation instruction is used for carrying out database operation on a database to be controlled, and the information of the host at least comprises the following steps: IP address information of the host and MAC address information of the host;
judging whether the host is a host with preset authorization operation according to the information of the host;
if so, converting each database operation instruction into a corresponding business operation statement;
and examining and approving the business operation statement according to an examination and approval mode and a preset examination and approval rule, wherein the examination and approval mode comprises any one of the following modes: the system comprises an automatic approval mode and a manual approval mode, wherein the approval rules comprise: operation and maintenance time rules and/or business operation content rules;
and if the examination and approval is passed, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
2. The method of claim 1, wherein translating each database operation instruction into a corresponding business operation statement comprises:
performing syntax analysis on each database operation instruction to obtain an analysis result, wherein the analysis result comprises: action information indicated by the database operation instruction and an operation object corresponding to the action information;
and matching the analysis result with an operation dictionary and a business dictionary respectively, and determining a business operation statement corresponding to the analysis result according to the matching result, wherein the operation dictionary represents the comparison relationship between the action information and the business operation instruction, and the business dictionary represents the comparison relationship between the operation object and the business operation object.
3. The method of claim 1, wherein the approval mode is the automatic approval mode;
the process of examining and approving the business operation statement according to the examination and approval mode and the preset examination and approval rule comprises the following steps:
judging whether the current operation time corresponding to the database operation instruction accords with the operation and maintenance time rule and/or whether the business operation statement accords with the business operation content rule;
if the result is consistent, the approval is passed.
4. The method of claim 1, wherein the approval mode is the manual approval mode;
the process of examining and approving the business operation statement according to the examination and approval mode and the preset examination and approval rule comprises the following steps:
classifying the business operation statements based on a preset approval rule to obtain classified business operation statements;
sending the classified business operation statements to a corresponding approval inbox to be approved of an approval person, and informing the approval person to perform approval according to a preset informing mode, wherein the preset informing mode at least comprises one of the following modes: e-mail mode, short message mode;
receiving an approval result returned by the approval personnel, wherein the approval result comprises any one of the following: and examining and approving the passed result and the failed result.
5. The method of claim 1, further comprising:
if the approval is passed, determining a target database operation instruction corresponding to the approved business operation statement in the database operation instruction;
and storing the target database operation instruction into an operable and maintainable database operation instruction library.
6. The method of claim 1, further comprising:
after the host is judged to be the host with preset authorization operation according to the information of the host, judging whether the current operation time corresponding to the database operation instruction accords with an operation and maintenance time rule or not;
if yes, judging whether an operable and maintainable database operation instruction matched with the database operation instruction exists in an operable and maintainable database operation instruction library, wherein the operable and maintainable database operation instruction library comprises database operation instructions of authorized operation;
and if so, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
7. The method of claim 6, further comprising:
if not, determining a corresponding business operation statement based on the database operation instruction;
judging whether the business operation statement conforms to the business operation content rule or not;
and if so, allowing the database operation instruction to perform corresponding database operation on the database to be controlled.
8. The utility model provides a database operation and maintenance management and control device which characterized in that includes:
the obtaining module is used for obtaining a database operation instruction and information of a host sending the database operation instruction, wherein the database operation instruction is used for performing database operation on a database to be managed and controlled, and the information of the host at least comprises: IP address information of the host and MAC address information of the host;
the judging module is used for judging whether the host is a host with preset authorized operation according to the information of the host;
if yes, converting each database operation instruction into a corresponding business operation statement;
the approval module is used for approving the business operation statement according to an approval mode and a preset approval rule, wherein the approval mode comprises any one of the following modes: the system comprises an automatic approval mode and a manual approval mode, wherein the approval rules comprise: operation and maintenance time rules and/or business operation content rules;
and the execution module allows the database operation instruction to perform corresponding database operation on the database to be controlled if the examination and approval is passed.
9. The apparatus of claim 8, wherein the conversion module comprises:
a syntax analysis unit, configured to perform syntax analysis on each database operation instruction to obtain an analysis result, where the analysis result includes: action information indicated by the database operation instruction and an operation object corresponding to the action information;
and the matching unit is used for matching the analysis result with an operation dictionary and a business dictionary respectively, and determining a business operation statement corresponding to the analysis result according to the matching result, wherein the operation dictionary represents the comparison relationship between the action information and the business operation instruction, and the business dictionary represents the comparison relationship between the operation object and the business operation object.
10. The apparatus of claim 8, wherein the approval mode is the automatic approval mode;
the approval module comprises:
the judging unit is used for judging whether the current operation time corresponding to the database operation instruction accords with the operation and maintenance time rule and/or whether the business operation statement accords with the business operation content rule;
and the determining unit passes the approval if the data are matched.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910467397.8A CN110188089B (en) | 2019-05-31 | 2019-05-31 | Database operation and maintenance management and control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910467397.8A CN110188089B (en) | 2019-05-31 | 2019-05-31 | Database operation and maintenance management and control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110188089A CN110188089A (en) | 2019-08-30 |
| CN110188089B true CN110188089B (en) | 2021-07-27 |
Family
ID=67719218
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910467397.8A Active CN110188089B (en) | 2019-05-31 | 2019-05-31 | Database operation and maintenance management and control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110188089B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111125759A (en) * | 2019-12-19 | 2020-05-08 | 上海上讯信息技术股份有限公司 | Database login account shielding method and device and electronic equipment |
| CN111984672B (en) * | 2020-08-11 | 2024-03-15 | 成都安恒信息技术有限公司 | Method for providing rule matching capability for command request in operation and maintenance audit system |
| CN116032758A (en) * | 2022-12-28 | 2023-04-28 | 中国联合网络通信集团有限公司 | Network equipment management and control method, device, equipment and storage medium |
Family Cites Families (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4093482B2 (en) * | 2003-12-24 | 2008-06-04 | インターナショナル・ビジネス・マシーンズ・コーポレーション | ACCESS CONTROL SYSTEM, ACCESS CONTROL DEVICE, ACCESS CONTROL METHOD, PROGRAM, AND RECORDING MEDIUM |
| US8769604B2 (en) * | 2006-05-15 | 2014-07-01 | Oracle International Corporation | System and method for enforcing role membership removal requirements |
| US8600120B2 (en) * | 2008-01-03 | 2013-12-03 | Apple Inc. | Personal computing device control using face detection and recognition |
| CN101788992A (en) * | 2009-05-06 | 2010-07-28 | 厦门东南融通系统工程有限公司 | Method and system for converting query sentence of database |
| CN101867490B (en) * | 2010-06-09 | 2014-07-02 | 中兴通讯股份有限公司 | Maintenance operation system and method |
| CN102033951B (en) * | 2010-12-15 | 2012-09-05 | 北京新媒传信科技有限公司 | WEB database platform |
| CN102306258B (en) * | 2011-09-23 | 2013-09-25 | 国网电力科学研究院 | UNIX host safety configuration auditing method based on configurable knowledge base |
| US8978124B2 (en) * | 2011-10-17 | 2015-03-10 | Raytheon Company | Service oriented secure collaborative system for compartmented networks |
| CN103902542B (en) * | 2012-12-25 | 2019-01-15 | 百度在线网络技术(北京)有限公司 | The O&M method and system of database in a kind of test environment |
| CN104090941B (en) * | 2014-06-30 | 2017-08-25 | 北京华电天益信息科技有限公司 | A kind of database audit system and its auditing method |
| CN104156439B (en) * | 2014-08-12 | 2017-06-09 | 华北电力大学 | A kind of method of novel maintenance intelligent auditing |
| CN104391995A (en) * | 2014-12-15 | 2015-03-04 | 北京趣拿软件科技有限公司 | SQL (Structured Query Language) statement auditing method, and database operation and maintenance method and system |
| CN104766023B (en) * | 2015-02-02 | 2017-09-19 | 苏州全维软件科技有限公司 | User management method based on ORACLE databases |
| CN105553940A (en) * | 2015-12-09 | 2016-05-04 | 北京中科云集科技有限公司 | Safety protection method based on big data processing platform |
| CN105912949B (en) * | 2016-04-13 | 2019-11-05 | 北京京东尚科信息技术有限公司 | Data permission management method, data right management system and business management system |
| CN107656858A (en) * | 2016-07-26 | 2018-02-02 | 深圳联友科技有限公司 | A kind of method and system of automatic O&M monitoring oracle database |
-
2019
- 2019-05-31 CN CN201910467397.8A patent/CN110188089B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110188089A (en) | 2019-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110188089B (en) | Database operation and maintenance management and control method and device | |
| CN111343161B (en) | Abnormal information processing node analysis method, abnormal information processing node analysis device, abnormal information processing node analysis medium and electronic equipment | |
| CN109460400B (en) | System and method for establishing safety baseline library of power monitoring system | |
| CN112818305A (en) | Data access control method and device for resource guarantee investment and electronic equipment | |
| CN115982012A (en) | Evaluation model and method for interface management capability maturity | |
| CN104008107A (en) | Implement method of knowledge base on operation and maintenance management | |
| US8176019B2 (en) | Extending the sparcle privacy policy workbench methods to other policy domains | |
| CN114168830A (en) | Public opinion data processing system and method, computer storage medium and electronic equipment | |
| CN110928864A (en) | Scientific research project management method and system | |
| CN104573053B (en) | A kind of configuration item template dynamic customization method based on XML | |
| CN112395370A (en) | Data processing method, device, equipment and storage medium | |
| US8595095B2 (en) | Framework for integrated storage of banking application data | |
| Hinrichs et al. | An ISO 9001: 2000 Compliant Quality Management System for Data Integration in Data Warehouse Systems. | |
| CN114416767B (en) | Multi-network-segment network disk account synchronization method and device, network disk and storage medium | |
| CN112199347B (en) | Power supply service knowledge sharing platform system | |
| CN115130130A (en) | Network disk file unlocking method and device, network disk and storage medium | |
| CN113407530A (en) | Permission data recovery method, management device and storage medium | |
| CN113407527A (en) | Permission data acquisition method, management device and storage medium | |
| CN111143322A (en) | Data standard treatment system and method | |
| US20100250621A1 (en) | Financial-analysis support apparatus and financial-analysis support method | |
| US20230015123A1 (en) | Systems and methods for personally identifiable information metadata governance | |
| WO2022267178A1 (en) | Project file management method and apparatus, electronic device, and storage medium | |
| CN113407528A (en) | Authority data synchronization method, management device and storage medium | |
| CN113407529A (en) | Method and device for managing authority data lake and storage medium | |
| CN114238235A (en) | Intelligent file cabinet, file management system and file positioning method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |