CN111027093A - Access right control method and device, electronic equipment and storage medium - Google Patents

Access right control method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN111027093A
CN111027093A CN201911154035.XA CN201911154035A CN111027093A CN 111027093 A CN111027093 A CN 111027093A CN 201911154035 A CN201911154035 A CN 201911154035A CN 111027093 A CN111027093 A CN 111027093A
Authority
CN
China
Prior art keywords
field
permission
data
authority
record
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911154035.XA
Other languages
Chinese (zh)
Inventor
叶萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beike Technology Co Ltd
Original Assignee
Beike Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beike Technology Co Ltd filed Critical Beike Technology Co Ltd
Priority to CN201911154035.XA priority Critical patent/CN111027093A/en
Publication of CN111027093A publication Critical patent/CN111027093A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an access right control method, an access right control device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring an authority setting request; when a first permission setting request is determined to be obtained, visitor attribute identification and data fields carried by the first permission setting request are obtained; generating and storing a first authority record; wherein the first permission record comprises a permission field and a controlled field; the permission field is the visitor attribute identification, and the controlled field is the data field. The method can improve the efficiency of permission setting and improve the user experience.

Description

Access right control method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method and an apparatus for controlling access rights, an electronic device, and a storage medium.
Background
The existing index system writes a filtering condition of an attribute in a project code aiming at the attribute in a billboard page, thereby realizing the incidence relation between the user attribute and a certain authority point, and the setting mode of the access authority is easy to couple and is not beneficial to maintenance and expansion.
Disclosure of Invention
In view of this, the present application provides an access right control method, an access right control apparatus, an electronic device, and a storage medium, which can improve efficiency of setting a right and improve user experience.
In order to solve the technical problem, the technical scheme of the application is realized as follows:
in one embodiment, there is provided an access right control method, the method including:
acquiring an authority setting request;
when a first permission setting request is determined to be obtained, visitor attribute identification and data fields carried by the first permission setting request are obtained;
generating and storing a first authority record; wherein the first permission record comprises a permission field and a controlled field; the permission field is the visitor attribute identification, and the controlled field is the data field.
Wherein the method further comprises: setting a visitor attribute template for the data field in advance;
the method further comprises:
when a second permission setting request is determined to be obtained, obtaining a data field and a visitor attribute template identifier carried by the second permission setting request;
generating and storing a second authority record; wherein the second rights record includes a rights field and a controlled field; the permission field is the visitor attribute template identification, and the controlled field is the data field.
Wherein the method further comprises:
generating an authority query identifier by using the identifier of the data source table where the data field is located, the identifier of the data source corresponding to the data source table, and the identifier of the data report corresponding to the data source;
and identifying the authority record corresponding to the data field by using the authority inquiry identification.
Wherein the method further comprises:
when a request of a user for accessing a data report is received, if the data source table corresponding to the data report is determined to be subjected to permission setting, generating a permission query identifier corresponding to the data source table;
inquiring corresponding authority records by using the authority inquiry identification;
acquiring a controlled field corresponding to a data field in the data source table according to the inquired authority record;
analyzing the controlled field to obtain a controlled range;
and determining whether to output the data corresponding to the data field for the user according to whether the visitor attribute of the user belongs to the controlled range.
Wherein, the analyzing the controlled field to obtain the controlled range includes:
if the permission record is determined to be the first permission record, the content corresponding to the controlled field is the visitor attribute identification;
and if the permission record is determined to be the second permission record, the content corresponding to the controlled field is the visitor attribute template identification.
In another embodiment, there is provided an access right control apparatus including: the device comprises an acquisition unit, a determination unit, a generation unit and a storage unit;
the acquisition unit is used for acquiring the permission setting request; when the determining unit determines that the acquired permission setting request is a first permission setting request, acquiring visitor attribute identification and data fields carried by the first permission setting request;
the determining unit is used for determining whether the permission setting request acquired by the acquiring unit is a first permission setting request;
the generating unit is used for generating a first authority record; wherein the first permission record comprises a permission field and a controlled field; the permission field is the visitor attribute identification, and the controlled field is the data field;
the storage unit is used for storing the first authority record generated by the generation unit.
Wherein the apparatus further comprises: a setting unit;
the setting unit is used for setting a visitor attribute template for the data field in advance;
the determining unit is further configured to determine whether the permission setting request acquired by the acquiring unit is a second permission setting request;
the obtaining unit is further configured to obtain a data field and a visitor attribute template identifier carried by the second permission setting request when the determining unit determines that the obtained permission setting request is the second permission setting request;
the generating unit is further used for generating a second authority record; wherein the second rights record includes a rights field and a controlled field; the permission field is the visitor attribute template identification, and the controlled field is the data field;
the storage unit is further configured to store the second authority record generated by the generation unit.
Wherein,
the generating unit is further configured to generate an authority query identifier using an identifier of a data source table where the data field is located, an identifier of a data source corresponding to the data source table, and an identifier of a data report corresponding to the data source; and identifying the authority record corresponding to the data field by using the authority inquiry identification.
Wherein,
the acquiring unit is further used for receiving a request of a user for accessing the data report;
the determining unit is further configured to determine whether the data source table corresponding to the data report is subjected to permission setting when the obtaining unit receives a request for accessing the data report from a user; determining whether to output data corresponding to the data field for the user according to whether the visitor attribute of the user belongs to the controlled range determined by the storage unit;
the generating unit is further configured to generate an authority query identifier corresponding to the data source table if the determining unit determines that the data source table corresponding to the data report is subjected to authority setting;
the storage unit is further configured to query the corresponding authority record by using the authority query identifier generated by the generation unit; acquiring a controlled field corresponding to a data field in the data source table according to the inquired authority record; and analyzing the controlled field to obtain a controlled range.
Wherein,
the storage unit is specifically configured to, if it is determined that the permission record is a first permission record, determine that content corresponding to the controlled field is a guest attribute identifier; and if the permission record is determined to be the second permission record, the content corresponding to the controlled field is the visitor attribute template identification.
In another embodiment, an electronic device is provided, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the access right control method when executing the program.
In another embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the access rights control method.
It can be seen from the above technical solutions that in the above embodiments, the control of the access right is implemented by setting the controlled guest attribute of the data field in the configuration page of the data report by the user. According to the scheme, the access right item of the data field can be set by the user, and the setting of the row-level authority is flexibly realized. The efficiency of authority setting can be improved, and user experience is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a schematic diagram illustrating a first data field permission setting process in an embodiment of the present application;
FIG. 2 is a diagram illustrating a privilege configuration in an embodiment of the present application;
FIG. 3 is a diagram illustrating a second data field permission setting process in an embodiment of the present application;
FIG. 4 is a diagram illustrating another privilege configuration in an embodiment of the present application;
FIG. 5 is a schematic flow chart illustrating processing of a user request for access to a data report according to an embodiment of the present application;
FIG. 6 is a schematic diagram of an apparatus for implementing the above technique in an embodiment of the present application;
fig. 7 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements explicitly listed, but may include other steps or elements not explicitly listed or inherent to such process, method, article, or apparatus.
The technical solution of the present invention will be described in detail with specific examples. Several of the following embodiments may be combined with each other and some details of the same or similar concepts or processes may not be repeated in some embodiments.
The embodiment of the application provides an access right control method, which is applied to a data analysis platform and realizes the control of access right by setting controlled visitor attributes of data fields on a configuration page of a data report by a user. According to the scheme, the access right item of the data field can be set by the user, and the setting of the row-level authority is flexibly realized. The efficiency of authority setting can be improved, and user experience is improved.
When the access authority control implementation process is given, the following relation between the names is firstly defined:
relationship of data report, data table and data source:
a user can configure any one data report;
the data report contains n charts, each chart presents a data form derived from a data table in a unique data source, and each data table comprises one or more data fields.
Second, the relationship between the visitor attribute and the chart attribute:
a visitor has many attributes in the user's center called visitor attributes including the city, department, job title, etc.
Data produced by a chart comes from multiple fields of a data table, called data table fields.
The data corresponding to the data fields in a chart is referred to as the accessed data.
The permission setting mode of the data field provided in the embodiment of the application comprises the following steps: first, and/or second, the following procedure for each privilege setting is given respectively:
the first method comprises the following steps:
settable guest attributes are provided for corresponding data fields of the data report.
Referring to fig. 1, fig. 1 is a schematic diagram of a first data field permission setting process in this embodiment.
The method comprises the following specific steps:
step 101, when it is determined that a first permission setting request is obtained, obtaining a visitor attribute identifier and a data field carried by the first permission setting request.
In the embodiment of the application, an interface for setting the authority is provided for the user, so that the user can input the authority setting request through the interface.
In the embodiment of the present application, taking an example that a user inputs a first permission setting request, determining whether the permission setting request input by the user and acquired by the data analysis platform is the first permission setting request is specifically implemented as follows:
and when the acquired permission setting request carries the visitor attribute identifier and the data field, determining that the permission setting request is a first permission setting request.
In specific implementation, a specific field is carried in an authority setting request which can be input by a user to identify that the current request is a first authority setting request.
Referring to fig. 2, fig. 2 is a schematic diagram of an authority configuration mode in the embodiment of the present application.
When the general configuration permission configuration interface is selected in fig. 2, a user is provided with selectable data source tables, data fields, and guest attributes;
the data source table as selected in FIG. 2 is the presentation flow-Sheet 1, the data field selected is "a", and the guest attribute selected is the city code;
after the information selection is completed, the association relationship is directly clicked and added, and then a first permission setting request can be input.
Fig. 2 is only an example of a right configuration, and the specific implementation is not limited to the input of the first right setting request shown in fig. 2.
102, generating a first authority record and storing the first authority record; wherein the first permission record comprises a permission field and a controlled field; the permission field is the visitor attribute identification, and the controlled field is the data field.
The authority record generated by the received first authority setting request is marked and recorded as a first authority record.
And marking different authority records so as to obtain corresponding controlled ranges in the following.
The authority record indicates that the controlled field (a) is controlled by the authority field, and the effect after the authority is set is as follows: the city of the user a as the visitor is beijing, and the accessed data corresponding to the data field (controlled field) a only has the content corresponding to beijing.
The generated authority record can be stored locally or in an authority system.
When storing the corresponding authority record, generating an authority query identifier for the authority record, specifically:
generating an authority query identifier by using the identifier of the data source table where the data field is located, the identifier of the data source corresponding to the data source table, and the identifier of the data report corresponding to the data source;
and identifying the authority record corresponding to the data field by using the authority inquiry identification.
According to the scheme, the visitor attributes corresponding to the data fields are set in a one-to-one correspondence manner, the permission setting that the access corresponding to the data fields is controlled by the set visitor attributes is realized, the setting of the access permission can be actively, conveniently and flexibly carried out according to the self requirements of the user, the efficiency of the permission setting control is improved, and the user experience is improved.
And the second method comprises the following steps:
a corresponding guest attribute template is provided for a corresponding data field of the data report.
Setting a visitor attribute template for the data field in advance; for deciding on the personalized customization of the received guest attribute control;
for example, the city where the visitor attribute of the user is located is Beijing, and the user is set to have access to the data content of the places such as Beijing, Shanghai and the like in the data field city.
Referring to fig. 3, fig. 3 is a schematic diagram of a second data field permission setting process in this embodiment.
The method comprises the following specific steps:
step 301, when it is determined that a second permission setting request is obtained, obtaining a data field and a visitor attribute template identifier carried by the second permission setting request.
In the embodiment of the application, an interface for setting the authority is provided for the user, so that the user can input the authority setting request through the interface.
In the embodiment of the present application, taking an example that a user inputs a second permission setting request, determining whether the permission setting request input by the user and acquired by the data analysis platform is the second permission setting request is specifically implemented as follows:
and when the acquired permission setting request carries the visitor attribute template identifier and the data field, determining that the permission setting request is a second permission setting request.
In specific implementation, a specific field is carried in the permission setting request which can be input by the user to identify that the current request is the second permission setting request.
Referring to fig. 4, fig. 4 is a schematic diagram of another authority configuration mode in the embodiment of the present application.
When the template configuration authority configuration interface is selected in fig. 4, a selectable data source table and data fields are provided for the user; although the template display frame is displayed on the interface, the template display frame cannot be selected because the template display frame is preset, and only the template display frame is displayed for the user to browse, such as province-city row level authority (code); province-city row level authority (name) and store owners can be selected, and specific implementation can be set according to actual needs, and the method is not limited to the template content given in fig. 4.
If the selected data source table in fig. 4 is the demonstration flow-Sheet 1 and the selected data field is "city-code", the permission template identifier configured for the field is automatically displayed and is not selectable by the user;
after the information selection is completed, the determining button is directly clicked, and then a second permission setting request can be input.
Fig. 4 is only an example of a right configuration, and the specific implementation is not limited to the input of the second right setting request shown in fig. 4.
Step 302, generating a second authority record and storing the second authority record; wherein the second rights record includes a rights field and a controlled field; the permission field is the visitor attribute template identification, and the controlled field is the data field.
And marking the authority record generated by the received second authority setting request as a second authority record.
And marking different authority records so as to obtain corresponding controlled ranges in the following.
The authority record represents a controlled field which can be accessed by the authority field, the controlled field is a city code (Beijing), and the effect of the authority field such as the city code (Beijing and Shanghai) after the authority is set is as follows: user a, as a visitor, is in beijing in a city, and is then accessible for data fields (controlled fields) of both beijing and shanghai.
The generated authority record can be stored locally or in an authority system.
When storing the corresponding authority record, generating an authority query identifier for the authority record, specifically:
generating an authority query identifier by using the identifier of the data source table where the data field is located, the identifier of the data source corresponding to the data source table, and the identifier of the data report corresponding to the data source;
and identifying the authority record corresponding to the data field by using the authority inquiry identification.
Meanwhile, a second mark is set for the manner that the authority record generated by receiving the second authority setting request is convenient for acquiring the corresponding controlled range in the following.
According to the technical scheme, the user sets the authority of the corresponding data field in the authority setting interface in a template mode, personalized setting of the user can be met more conveniently, and row-level authority setting is achieved more comprehensively. The scheme can actively, conveniently and flexibly set the access authority according to the self requirements of the user, so that the efficiency of setting the authority control is improved, and the user experience is improved.
In the above scheme, the data sources corresponding to the data reports are set in two ways, and the field in the data source table corresponding to the data source is set with the authority, that is, the data report with the authority set for the data field needs to be marked, so that the user can control the data report by the set authority item when accessing the data report.
The process of accessing data reports by a user is given below in conjunction with the figures.
Referring to fig. 5, fig. 5 is a schematic flowchart illustrating a process of processing a request for a user to access a data report according to an embodiment of the present application. The method comprises the following specific steps:
step 501, when a request of a user for accessing a data report is received, if it is determined that a data table corresponding to the data report is set with a right, a right query identifier corresponding to the data table is generated.
In the specific implementation of the present application, the data report with the permission and the data table with the permission in the data report need to be marked, so that when querying the corresponding data report, the data report and whether the corresponding data table has the permission set are determined first.
If the permission setting is not carried out, the visitors on the data platform can access, and if the permission setting is carried out, only the visitors with corresponding permissions can access the data of the corresponding data fields.
And 502, inquiring the authority record by using the authority inquiry identifier, and acquiring a controlled field corresponding to a data field in the data table according to the inquired authority record.
If the authority record is stored locally, directly acquiring the corresponding controlled field from the local;
if the rights record is stored in the rights system, the corresponding controlled field is obtained from the rights system.
Step 503, analyzing the controlled field to obtain the controlled range.
In this step, analyzing the controlled field to obtain a controlled range includes:
if the permission record is determined to be the first permission record, the content corresponding to the controlled field is the visitor attribute identification;
and if the permission record is determined to be the second permission record, the content corresponding to the controlled field is the visitor attribute template identification.
And encapsulating the controlled range in an access report request of a visitor, and executing a subsequent query process to determine whether the visitor can access the data corresponding to the data field.
Step 504, determining whether to output the data corresponding to the data field for the user according to whether the visitor attribute of the user belongs to the controlled range.
In summary, in the above embodiments of the present application, when a visitor accesses a data report with permission set, a controlled range corresponding to a controlled field needs to be queried, and then it is determined whether a visitor attribute of the visitor belongs to the controlled range, and whether the visitor can access corresponding data is determined. The scheme realizes the control capability of the hierarchical authority, can improve the control efficiency of the access authority, and improves the user experience.
The embodiment of the application ingeniously avoids the defect that the authority cannot be mapped to the corresponding data report due to the self limitation of the authority system, and associates the controlled diagram with the data report configuration page more flexibly, so that the flexibility and the possibility of free configuration of the authority control of the user on the report are greatly facilitated.
With the increase of visitors and the diversification of data reports, various personalized customized templates can be added for perfecting the permission configuration and realizing the diversification of the permission configuration.
Based on the same inventive concept, the embodiment of the application also provides an access right control device. Referring to fig. 6, fig. 6 is a schematic structural diagram of an apparatus applied to the above technology in the embodiment of the present application. The device includes: an acquisition unit 601, a determination unit 602, a generation unit 603, and a storage unit 604;
an acquisition unit 601 configured to acquire an authority setting request; when the determining unit 602 determines that the obtained permission setting request is a first permission setting request, obtaining a visitor attribute identifier and a data field carried by the first permission setting request;
a determining unit 602 configured to determine whether the permission setting request acquired by the acquiring unit 601 is a first permission setting request;
a generating unit 603 configured to generate a first permission record; wherein the first permission record comprises a permission field and a controlled field; the permission field is the visitor attribute identification, and the controlled field is the data field;
a storage unit 604, configured to store the first authority record generated by the generation unit 603.
Preferably, the apparatus further comprises: a setting unit 605;
a setting unit 605, configured to set a visitor attribute template for the data field in advance;
a determining unit 602, further configured to determine whether the permission setting request acquired by the acquiring unit 601 is a second permission setting request;
an obtaining unit 601, configured to obtain a data field and a guest attribute template identifier carried in an obtained second permission setting request when the determining unit 602 determines that the obtained permission setting request is the second permission setting request;
a generating unit 603, further configured to generate a second authority record; wherein the second rights record includes a rights field and a controlled field; the permission field is the visitor attribute template identification, and the controlled field is the data field;
the storage unit 604 is further configured to store the second authority record generated by the generation unit 603.
Preferably, the first and second electrodes are formed of a metal,
a generating unit 603, further configured to generate an authority query identifier using an identifier of a data source table where the data field is located, an identifier of a data source corresponding to the data source table, and an identifier of a data report corresponding to the data source; and identifying the authority record corresponding to the data field by using the authority inquiry identification.
Preferably, the first and second electrodes are formed of a metal,
an obtaining unit 601, further configured to receive a request for accessing a data report from a user;
a determining unit 602, further configured to determine, when the obtaining unit 601 receives a request for accessing a data report from a user, whether a data source table corresponding to the data report is set for permission; and determines whether to output the data corresponding to the data field for the user according to whether the visitor attribute of the user belongs to the controlled range determined by the storage unit 604;
a generating unit 603, configured to generate an authority query identifier corresponding to the data source table if the determining unit 602 determines that the authority setting is performed on the data source table corresponding to the data report;
the storage unit 604 is further configured to query the corresponding permission record using the permission query identifier generated by the generation unit 603; acquiring a controlled field corresponding to a data field in the data source table according to the inquired authority record; and analyzing the controlled field to obtain a controlled range.
Preferably, the first and second electrodes are formed of a metal,
a storage unit 604, configured to, if it is determined that the permission record is a first permission record, determine that content corresponding to the controlled field is a guest attribute identifier; and if the permission record is determined to be the second permission record, the content corresponding to the controlled field is the visitor attribute template identification.
The units of the above embodiments may be integrated into one body, or may be separately deployed; may be combined into one unit or further divided into a plurality of sub-units.
In another embodiment, an electronic device is further provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor executes the computer program to implement the steps of the access right control method.
In another embodiment, a computer readable storage medium is also provided, having stored thereon computer instructions, which when executed by a processor, may implement the steps in the access right control method.
Fig. 7 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention. As shown in fig. 7, the electronic device may include: a processor (processor)710, a communication Interface (Communications Interface)720, a memory (memory)730, and a communication bus 740, wherein the processor 710, the communication Interface 720, and the memory 730 communicate with each other via the communication bus 740. Processor 710 may call logic instructions in memory 730 to perform the following method:
when a first permission setting request input by a user is received, visitor attribute identification and data fields carried by the first permission setting request are obtained;
generating and storing a permission record; wherein the permission record comprises a permission field and a controlled field; the permission field is the visitor attribute identification, and the controlled field is the data field.
In addition, the logic instructions in the memory 730 can be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. An access right control method, characterized in that the method comprises:
acquiring an authority setting request;
when a first permission setting request is determined to be obtained, visitor attribute identification and data fields carried by the first permission setting request are obtained;
generating and storing a first authority record; wherein the first permission record comprises a permission field and a controlled field; the permission field is the visitor attribute identification, and the controlled field is the data field.
2. The method of claim 1, further comprising: setting a visitor attribute template for the data field in advance;
the method further comprises:
when a second permission setting request is determined to be obtained, obtaining a data field and a visitor attribute template identifier carried by the second permission setting request;
generating and storing a second authority record; wherein the second rights record includes a rights field and a controlled field; the permission field is the visitor attribute template identification, and the controlled field is the data field.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
generating an authority query identifier by using the identifier of the data source table where the data field is located, the identifier of the data source corresponding to the data source table, and the identifier of the data report corresponding to the data source;
and identifying the authority record corresponding to the data field by using the authority inquiry identification.
4. The method of claim 3, further comprising:
when a request of a user for accessing a data report is received, if the data source table corresponding to the data report is determined to be subjected to permission setting, generating a permission query identifier corresponding to the data source table;
inquiring corresponding authority records by using the authority inquiry identification;
acquiring a controlled field corresponding to a data field in the data source table according to the inquired authority record;
analyzing the controlled field to obtain a controlled range;
and determining whether to output the data corresponding to the data field for the user according to whether the visitor attribute of the user belongs to the controlled range.
5. The method of claim 4, wherein the parsing the controlled field to obtain a controlled scope comprises:
if the permission record is determined to be the first permission record, the content corresponding to the controlled field is the visitor attribute identification;
and if the permission record is determined to be the second permission record, the content corresponding to the controlled field is the visitor attribute template identification.
6. An access authority control apparatus, characterized in that the apparatus comprises: the device comprises an acquisition unit, a determination unit, a generation unit and a storage unit;
the acquisition unit is used for acquiring the permission setting request; when the determining unit determines that the acquired permission setting request is a first permission setting request, acquiring visitor attribute identification and data fields carried by the first permission setting request;
the determining unit is used for determining whether the permission setting request acquired by the acquiring unit is a first permission setting request;
the generating unit is used for generating a first authority record; wherein the first permission record comprises a permission field and a controlled field; the permission field is the visitor attribute identification, and the controlled field is the data field;
the storage unit is used for storing the first authority record generated by the generation unit.
7. The apparatus of claim 6, further comprising: a setting unit;
the setting unit is used for setting a visitor attribute template for the data field in advance;
the determining unit is further configured to determine whether the permission setting request acquired by the acquiring unit is a second permission setting request;
the obtaining unit is further configured to obtain a data field and a visitor attribute template identifier carried by the second permission setting request when the determining unit determines that the obtained permission setting request is the second permission setting request;
the generating unit is further used for generating a second authority record; wherein the second rights record includes a rights field and a controlled field; the permission field is the visitor attribute template identification, and the controlled field is the data field;
the storage unit is further configured to store the second authority record generated by the generation unit.
8. The apparatus according to claim 6 or 7,
the generating unit is further configured to generate an authority query identifier using an identifier of a data source table where the data field is located, an identifier of a data source corresponding to the data source table, and an identifier of a data report corresponding to the data source; and identifying the authority record corresponding to the data field by using the authority inquiry identification.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1-5 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of any one of claims 1 to 5.
CN201911154035.XA 2019-11-22 2019-11-22 Access right control method and device, electronic equipment and storage medium Pending CN111027093A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911154035.XA CN111027093A (en) 2019-11-22 2019-11-22 Access right control method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911154035.XA CN111027093A (en) 2019-11-22 2019-11-22 Access right control method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111027093A true CN111027093A (en) 2020-04-17

Family

ID=70207206

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911154035.XA Pending CN111027093A (en) 2019-11-22 2019-11-22 Access right control method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111027093A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159729A (en) * 2019-12-13 2020-05-15 中移(杭州)信息技术有限公司 Authority control method, device and storage medium
CN112699407A (en) * 2020-12-31 2021-04-23 北京字跳网络技术有限公司 Service data access method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1967560A (en) * 2006-11-09 2007-05-23 华为技术有限公司 Controlling method of business operations competence and generating method of relational database
CN101964779A (en) * 2009-07-21 2011-02-02 中兴通讯股份有限公司 Resource access control method and system based on capability maturity model
CN103441986A (en) * 2013-07-29 2013-12-11 中国航天科工集团第二研究院七〇六所 Data resource security control method in thin client mode
CN107392053A (en) * 2017-08-11 2017-11-24 四川长虹电器股份有限公司 A kind of data permission control method in enterprise staff information database
CN108319864A (en) * 2018-01-17 2018-07-24 链家网(北京)科技有限公司 A kind of information inspection control method and device
CN109840250A (en) * 2018-12-14 2019-06-04 平安科技(深圳)有限公司 Access authority management method, device, equipment and the storage medium of middle field

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1967560A (en) * 2006-11-09 2007-05-23 华为技术有限公司 Controlling method of business operations competence and generating method of relational database
CN101964779A (en) * 2009-07-21 2011-02-02 中兴通讯股份有限公司 Resource access control method and system based on capability maturity model
CN103441986A (en) * 2013-07-29 2013-12-11 中国航天科工集团第二研究院七〇六所 Data resource security control method in thin client mode
CN107392053A (en) * 2017-08-11 2017-11-24 四川长虹电器股份有限公司 A kind of data permission control method in enterprise staff information database
CN108319864A (en) * 2018-01-17 2018-07-24 链家网(北京)科技有限公司 A kind of information inspection control method and device
CN109840250A (en) * 2018-12-14 2019-06-04 平安科技(深圳)有限公司 Access authority management method, device, equipment and the storage medium of middle field

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159729A (en) * 2019-12-13 2020-05-15 中移(杭州)信息技术有限公司 Authority control method, device and storage medium
CN112699407A (en) * 2020-12-31 2021-04-23 北京字跳网络技术有限公司 Service data access method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN103516591B (en) The implementation method of enterprise's address list and device in immediate communication platform
CN106649164B (en) Hardware interface management method
CN109145047A (en) Configuration method, data processing equipment and the storage medium of user tag portrait
JP2021518021A (en) Data processing methods, equipment and computer readable storage media
CN110046287A (en) A kind of the data query method, apparatus and storage medium unrelated with type of database
CN109740129B (en) Report generation method, device and equipment based on blockchain and readable storage medium
CN109639750A (en) Business data processing method and equipment
US11244153B2 (en) Method and apparatus for processing information
CN111090803A (en) Data processing method and device, electronic equipment and storage medium
CN110472109B (en) Dynamic data quality analysis method and platform system
WO2015117540A1 (en) Method and system for multi-state attendance which can indicate staff whereabouts
CN111027093A (en) Access right control method and device, electronic equipment and storage medium
CN110806866A (en) Generation method and device of front-end management system
CN111177698B (en) Processing method and device of portal system and computer equipment
CN111143410A (en) Accommodation public security management method, device and system
CN105871998A (en) Data displaying method and device
CN108520401B (en) User list management method, device, platform and storage medium
CN114386853A (en) Data auditing processing method, device and equipment based on universal auditing model
CN111200645B (en) Service request processing method, device, equipment and readable storage medium
CN111984293A (en) Information processing method, device and storage medium
JP6501029B1 (en) INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM
CN108388809B (en) Data range control method and system
CN116610667A (en) Service data processing method, device, computer equipment and storage medium
CN111143426A (en) Multi-system user information association method and device
CN115953119A (en) Form authority management method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200417

RJ01 Rejection of invention patent application after publication