CN111444543B - Data authority management method and system - Google Patents

Data authority management method and system Download PDF

Info

Publication number
CN111444543B
CN111444543B CN202010253893.6A CN202010253893A CN111444543B CN 111444543 B CN111444543 B CN 111444543B CN 202010253893 A CN202010253893 A CN 202010253893A CN 111444543 B CN111444543 B CN 111444543B
Authority
CN
China
Prior art keywords
configuration information
sql statement
role
value
redis cache
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010253893.6A
Other languages
Chinese (zh)
Other versions
CN111444543A (en
Inventor
易文锋
翟羽佳
蔡子琪
马鸿超
杨赛
昌宇顺
梁培
罗珍明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Southern Power Grid Digital Platform Technology Guangdong Co ltd
Original Assignee
China Southern Power Grid Digital Platform Technology Guangdong Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Southern Power Grid Digital Platform Technology Guangdong Co ltd filed Critical China Southern Power Grid Digital Platform Technology Guangdong Co ltd
Priority to CN202010253893.6A priority Critical patent/CN111444543B/en
Publication of CN111444543A publication Critical patent/CN111444543A/en
Application granted granted Critical
Publication of CN111444543B publication Critical patent/CN111444543B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computational Linguistics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides a method and a system for managing data authority, which comprises the following steps: based on operation on a visual operation interface, setting an incidence relation between an ID of an SQL statement and first configuration information, an incidence relation between the ID of the SQL statement and role ID and a incidence relation between a user account ID and the role ID, updating all the incidence relations into a Redis cache, when the SQL statement to be executed is intercepted, acquiring target first configuration information corresponding to the ID of the SQL statement to be executed from the Redis cache, acquiring a target role ID corresponding to a currently logged user account ID from the Redis cache, then acquiring the ID of the SQL statement to be executed and target second configuration information corresponding to the target role ID from the Redis cache, and finally adding the target first configuration information and the target second configuration information to the SQL statement to be executed to obtain a new SQL statement. Namely, the manager can manage the data authority corresponding to the user account ID only by performing simple operation on the visual operation interface.

Description

Data authority management method and system
Technical Field
The present invention relates to the field of data management technologies, and in particular, to a method and a system for managing data permissions.
Background
At present, authority management is carried out on a piece of service data, a large amount of complex service codes are required to be carried out, and an SQL script is compiled by taking column names in a service form as the basis of service data authority control. And compiling different SQL scripts for the user accounts with different data viewing permissions.
Once a new user account needs to be added, a new SQL script needs to be written and the service system needs to be restarted by patch sending, or the data viewing permission of a certain user account needs to be modified, and a new SQL script needs to be written and the service system needs to be restarted by patch sending.
The method for configuring the data viewing permission for the user account by writing the SQL script needs to be implemented by a technician, and a great amount of time and energy are needed for the technician.
Disclosure of Invention
The invention mainly aims to provide a method and a system for managing data permission, and aims to solve the technical problems in the prior art.
In order to achieve the above object, an embodiment of the present invention provides a method for managing data permissions, where the method for managing data permissions includes:
updating the ID and first configuration information of the SQL statement to a Redis cache in a key-value mode based on a first operation on a visual operation interface, wherein the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQL statement, and the value is the first configuration information;
updating the ID, the role ID and second configuration information of the SQL statement to a Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID of the SQL statement and the role ID, and the value is the second configuration information;
updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
when an execution command is received, intercepting an SQL statement to be executed corresponding to the execution command;
acquiring corresponding target first configuration information from the Redis cache by taking the ID of the SQL statement to be executed as a key value;
taking the ID of the currently logged-in user account as a key value, and acquiring a corresponding target role ID from the Redis cache;
acquiring corresponding target second configuration information from the Redis cache by taking the ID of the SQL statement to be executed and the target role ID as key values;
adding the target first configuration information and the target second configuration information to the SQL sentence to be executed to obtain a new SQL sentence;
and executing the new SQL statement.
Optionally, after the updating the ID of the SQL statement and the first configuration information to the Redis cache in the form of key-value or the updating the ID of the SQL statement, the role ID and the second configuration information to the Redis cache in the form of key-value, the method further includes:
when a modification instruction is received, modifying the first or second configuration information to obtain new first or second configuration information;
and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
In addition, to achieve the above object, an embodiment of the present invention further provides a system for managing data permissions, where the system for managing data permissions includes:
the system comprises a setting module, a display module and a display module, wherein the setting module is used for updating an ID and first configuration information of an SQL statement to a Redis cache in a key-value mode based on first operation on a visual operation interface, the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQL statement, and the value is the first configuration information; updating the ID, the role ID and second configuration information of the SQL statement to a Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, a key value is the ID and the role ID of the SQL statement, and a value is the second configuration information; updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
the interception module is used for intercepting the SQL sentence to be executed corresponding to the execution command when the execution command is received;
the acquisition module is used for acquiring corresponding target first configuration information from the Redis cache by taking the ID of the SQL statement to be executed as a key value; taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache; acquiring corresponding target second configuration information from the Redis cache by taking the ID of the SQL statement to be executed and the target role ID as key values;
the generating module is used for adding the target first configuration information and the target second configuration information to the SQL statement to be executed to obtain a new SQL statement;
and the execution module is used for executing the new SQL statement.
Optionally, the system for managing data rights further includes:
the modification module is used for modifying the first or second configuration information when a modification instruction is received to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
According to the method and the device, when the data viewing authority is set for the user account, the corresponding SQL script is not required to be written, the user only needs to operate on a visual operation interface, the association relation between the ID of the SQL statement and the first configuration information is set, the association relation between the ID of the SQL statement and the association relation between the role ID and the second configuration information is set, the association relation between the ID of the user account and the role ID is set, all the association relations are updated to Redis cache, when the SQL statement to be executed is intercepted, the corresponding target first configuration information is obtained from the Redis cache according to the ID of the SQL statement to be executed, the corresponding target role ID is obtained from the Redis cache according to the currently logged user account ID, then the corresponding target second configuration information is obtained from the Redis cache according to the ID of the SQL statement to be executed and the target role ID, finally the target first configuration information and the target second configuration information are added to the SQL statement to be executed, the corresponding alias data in a user account list can be simply managed, and the corresponding alias data in the SQL statement can be simply viewed, and the management of the data can be realized before the professional data is managed.
Drawings
FIG. 1 is a flowchart illustrating a method for managing data permissions according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a scenario of setting an ID of an SQL statement and a table alias corresponding to the ID in an embodiment;
FIG. 3 is a diagram illustrating a scenario in which first configuration information is set according to an embodiment;
FIG. 4 is a diagram illustrating information that can be queried by an SQL statement without additional configuration information in an embodiment;
FIG. 5 is a diagram illustrating information that can be queried by an SQL statement with configuration information added thereto in an embodiment;
FIG. 6 is a functional block diagram of a system for managing data permissions according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for managing data permissions according to an embodiment of the present invention. In one embodiment, as shown in fig. 1, a method for managing data rights includes:
step S10, updating the ID and first configuration information of the SQL statement to Redis cache in a key-value mode based on a first operation on a visual operation interface, wherein the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQL statement, and the value is the first configuration information;
in this embodiment, a visual operation interface is provided, and a user sets an ID of an SQL statement and a table alias corresponding to the ID by clicking, inputting, and the like. Wherein, the ID is the abbreviation of the corresponding SQL statement, and the table alias is the abbreviation of the corresponding data table. One or more IDs may be set, with a table alias for each ID.
For example, ID1, ID2, and ID3 are set, where ID1 corresponds to SQL statement 1, ID2 corresponds to SQL statement 2, and ID3 corresponds to SQL statement 3.
Referring to fig. 2, fig. 2 is a schematic view of a scenario in an embodiment of setting an ID of an SQL statement and a table alias corresponding to the ID. A user clicks the [ new ] button on the service object management menu interface (visual operation interface 1) to pop up a service object editing window (visual operation interface 2) shown in fig. 2, and the user operates on the service object editing window, fills in information and stores the information, thereby defining a service object. And then clicking (adding) or (batch adding) buttons in the service object editing window to open a declaration SQL editing window (a visual operation interface 3) and edit the declaration SQL. Wherein the corresponding input box [ ID ] is the ID of the SQL sentence input by the user, and the corresponding input box [ default filter body ] is the table alias input by the user. Therefore, based on the operation of the user on the visual operation interface, the ID of the SQL statement and the table alias corresponding to the ID can be set.
And then, the user continues to operate on the visual operation interface, and first configuration information is set, wherein the first configuration information comprises the first filtering field and the second filtering condition. For example, the first configuration information is set as age < 20, where "age" is the first filtering field and "< 20" is the first filtering condition. The user can set the first configuration information required by the user according to actual needs, and the specific content of the first configuration information is not limited herein.
Referring to fig. 3, fig. 3 is a schematic view of a scenario of setting the first configuration information in an embodiment. As shown in fig. 3, a user configures a filter rule in a rule editing window (visual operation interface 4), where configuring the filter rule is to configure a first filter field and a first filter condition, where [ ORG _ CODE ] shown in fig. 3 is the first filter field, a filter symbol is [ ]), a filter range [ 1122 ] is a specific condition value, and the filter symbol and the filter range constitute a first filter condition, "> 1122". After the information is edited, the first filtering field and the first filtering condition are set by clicking and storing, and the first configuration information is set.
After the ID and the first configuration information of the SQL statement are set, the ID and the first configuration information of the SQL statement are updated to a Redis cache in a key-value mode, wherein the key value is the ID of the SQL statement, and the value is the first configuration information. As shown in table 1, table 1 is an exemplary table in which the key value is the ID of the SQL statement, and the value is the first configuration information.
key value
ID1 of SQL statement First configuration information 1
ID2 of SQL statement First configuration information 2
SQL languageSentence ID3 First configuration information 3
TABLE 1
Step S20, updating the ID, the role ID and second configuration information of the SQL statement to Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID and the role ID of the SQL statement, and the value is the second configuration information;
in this embodiment, similar to the embodiment of step S10, the user performs an operation on the visual operation interface, and sets the ID, the role ID, and the second configuration information of the SQL statement, where the second configuration information includes a second filtering field and a second filtering condition, and the second filtering field and the second filtering condition are set according to actual needs, which is not limited here.
After the ID, the role ID and the second configuration information of the SQL statement are set, the ID, the role ID and the second configuration information of the SQL statement are updated to a Redis cache in a key-value mode, wherein the key value is the ID and the role ID of the SQL statement, and the value is the second configuration information. As shown in table 2, table 2 is an indication table in which the key value is the ID of the SQL statement plus the role ID, and the value is the second configuration information.
key value
ID1+ role ID1 of SQL statement Second configuration information 1
ID1+ role ID2 of SQL statement Second configuration information 2
ID2+ role ID1 of SQL statement Second configuration information 3
ID2+ role ID2 of SQL statement Second configuration information 4
ID3+ role ID1 of SQL statement Second configuration information 5
ID3+ role ID2 of SQL statement Second configuration information 6
TABLE 2
Step S30, updating the user account ID and the role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein the key value is the user account ID, and the value is the role ID;
in this embodiment, a user continues to operate on a visual operation interface, a user account ID determined by a mouse click operation or a keyboard input mode based on the user and a role ID corresponding to the user account ID are acquired, and then the user account ID and the role ID are updated to a Redis cache in a key-value form, where the key value is the user account ID and the value is the role ID. As shown in table 3, table 3 is an indication table in which the key value is the user account ID and the value is the role ID.
key value
User account ID1 Role ID1
User account ID2 Role ID2
User account ID3 Role ID3
TABLE 3
Step S40, intercepting the SQL sentence to be executed corresponding to the execution command when the execution command is received;
in this embodiment, when the execution command is received, the interceptor intercepts the to-be-executed SQL statement corresponding to the execution command.
Step S50, taking the ID of the SQL statement to be executed as a key value, and acquiring corresponding target first configuration information from the Redis cache;
in this embodiment, as shown in table 1, when the ID of the SQL statement to be executed is ID1 of the SQL statement, the corresponding target first configuration information obtained from the Redis cache is first configuration information 1; when the ID of the SQL statement to be executed is ID2 of the SQL statement, acquiring corresponding target first configuration information from the Redis cache, wherein the target first configuration information is the first configuration information 2; when the ID of the SQL statement to be executed is ID3 of the SQL statement, the corresponding target first configuration information obtained from the Redis cache is the first configuration information 3.
Step S60, taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache;
in this embodiment, as shown in table 3, when the user account ID is the user account ID1, obtaining a corresponding target role ID from the Redis cache is the role ID1; when the user account ID is the user account ID2, acquiring a corresponding target role ID from the Redis cache as the role ID2; and when the user account ID is the user account ID3, acquiring the corresponding target role ID from the Redis cache, namely the role ID3.
Step S70, taking the ID of the SQL statement to be executed and the target role ID as key values, and acquiring corresponding target second configuration information from the Redis cache;
in an embodiment, as shown in table 2, if the ID of the to-be-executed SQL statement is ID3 of the SQL statement and the target role ID is role ID2, the corresponding target second configuration information is obtained from the Redis cache and is second configuration information 6; if the ID of the SQL statement to be executed is ID2 of the SQL statement and the target role ID is role ID2, then the corresponding target second configuration information obtained from the Redis cache is second configuration information 4.
Step S80, adding the target first configuration information and the target second configuration information to the SQL sentence to be executed to obtain a new SQL sentence;
and step S90, executing the new SQL statement.
In an embodiment, if the target first configuration information is the first configuration information 3 and the target second configuration information is the second configuration information 6, the first configuration information 3 and the second configuration information 6 are added to the executed SQL statement to obtain a new SQL statement, and then the new SQL statement is executed.
Referring to fig. 4, fig. 4 is a schematic diagram illustrating information that can be queried by an SQL statement without additional configuration information in an embodiment. As shown in fig. 4, the SQL statement queries users in all organizations, the department to which the currently registered user account belongs is the personnel department (code 1122), and the user to which the currently registered user account belongs can query users in all departments by directly executing the SQL statement without adding configuration information.
Referring to fig. 5, fig. 5 is a schematic diagram illustrating information that can be queried by an SQL statement with configuration information added in an embodiment. The SQL statement is used for querying users under all organizations, and the configuration information includes target first configuration information and target second configuration information, where a first filter field of the target first configuration information is department, a first filter condition is none, a second filter field of the target second configuration information is department, and a second filter condition is greater than 1122 (personnel department), and then the SQL statement to which the configuration information is added is a user who queries the personnel department and its subordinate departments, and as shown in fig. 5, the SQL statement to which the configuration information is added is executed, and then the user to which the currently logged-in user account belongs can only query users in the personnel department and its subordinate departments.
According to the embodiment, when the data viewing authority is set for the user account, a corresponding SQL script is not required to be written, the user only needs to operate on a visual operation interface, the association relationship between the ID of the SQL statement and the first configuration information is set, the association relationship between the ID of the SQL statement and the association relationship between the role ID and the second configuration information are set, the association relationship between the ID of the user account and the role ID is set, all the association relationships are updated to the Redis cache, when the SQL statement to be executed is intercepted, the corresponding target first configuration information is obtained from the Redis cache according to the ID of the SQL statement to be executed, the corresponding target role ID is obtained from the Redis cache according to the currently logged user account ID, then the corresponding target second configuration information is obtained from the Redis cache according to the ID of the SQL statement to be executed and the target role ID, finally the target first configuration information and the target second configuration information are added to the SQL statement to be executed to obtain a new SQL statement, and the corresponding alias data management table of the corresponding data can be simply managed before the login of the user account data is viewed, and the professional data management can be realized.
Further, in an embodiment, after the updating the ID of the SQL statement and the first configuration information to the Redis cache in the form of key-value or the updating the ID of the SQL statement, the role ID and the second configuration information to the Redis cache in the form of key-value, the method further includes:
when a modification instruction is received, modifying the first or second configuration information to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
In this embodiment, the first configuration information or the second configuration information may be modified based on actual conditions to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information, thereby realizing the modification of the data viewing permission corresponding to the user ID.
The invention further provides a management system of data permissions, and referring to fig. 6, fig. 6 is a functional module schematic diagram of an embodiment of the management system of data permissions. In one embodiment, a system for managing data rights includes:
the setting module 10 is configured to update an ID of an SQL statement and first configuration information to a Redis cache in a key-value form based on a first operation on a visual operation interface, where the first configuration information includes a first filtering field and a first filtering condition, a key value is the ID of the SQL statement, and a value is the first configuration information; updating the ID, the role ID and second configuration information of the SQL statement to a Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID of the SQL statement and the role ID, and the value is the second configuration information; updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
the interception module 20 is configured to intercept, when an execution command is received, an SQL statement to be executed corresponding to the execution command;
an obtaining module 30, configured to obtain, with the ID of the to-be-executed SQL statement as a key value, corresponding target first configuration information from the Redis cache; taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache; acquiring corresponding target second configuration information from the Redis cache by taking the ID of the SQL statement to be executed and the target role ID as key values;
a generating module 40, configured to add the target first configuration information and the target second configuration information to the to-be-executed SQL statement to obtain a new SQL statement;
and the execution module 50 is used for executing the new SQL statement.
Further, in an embodiment, the system for managing data rights further includes:
the modification module is used for modifying the first or second configuration information when a modification instruction is received to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
The specific embodiment of the data right management system of the present invention is basically the same as the embodiments of the data right management method, and is not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for causing a terminal device to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and all equivalent structures or equivalent processes performed by the present invention or directly or indirectly applied to other related technical fields are also included in the scope of the present invention.

Claims (2)

1. A method for managing data authority is characterized in that the method for managing the data authority comprises the following steps:
updating the ID and first configuration information of the SQL statement to a Redis cache in a key-value mode based on a first operation on a visual operation interface, wherein the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQL statement, and the value is the first configuration information;
updating the ID, the role ID and second configuration information of the SQL statement to a Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID of the SQL statement and the role ID, and the value is the second configuration information;
updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
when an execution command is received, intercepting an SQL statement to be executed corresponding to the execution command;
acquiring corresponding target first configuration information from the Redis cache by taking the ID of the SQL statement to be executed as a key value;
taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache;
acquiring corresponding target second configuration information from the Redis cache by taking the ID of the SQL statement to be executed and the target role ID as key values;
adding the target first configuration information and the target second configuration information to the SQL statement to be executed to obtain a new SQL statement;
executing the new SQL statement;
after the updating the ID and the first configuration information of the SQL statement to the Redis cache in the form of key-value or the updating the ID and the role ID of the SQL statement and the second configuration information to the Redis cache in the form of key-value, the method further includes:
when a modification instruction is received, modifying the first or second configuration information to obtain new first or second configuration information;
and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
2. A system for managing data rights, the system comprising:
the system comprises a setting module, a display module and a display module, wherein the setting module is used for updating an ID and first configuration information of an SQL statement to a Redis cache in a key-value mode based on first operation on a visual operation interface, the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQL statement, and the value is the first configuration information; updating the ID, the role ID and second configuration information of the SQL statement to a Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID of the SQL statement and the role ID, and the value is the second configuration information; updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
the interception module is used for intercepting the SQL sentence to be executed corresponding to the execution command when the execution command is received;
the acquisition module is used for acquiring corresponding target first configuration information from the Redis cache by taking the ID of the SQL statement to be executed as a key value; taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache; acquiring corresponding target second configuration information from the Redis cache by taking the ID of the SQL statement to be executed and the target role ID as key values;
the generating module is used for adding the target first configuration information and the target second configuration information to the SQL statement to be executed to obtain a new SQL statement;
the execution module is used for executing the new SQL statement;
the modification module is used for modifying the first or second configuration information when a modification instruction is received to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
CN202010253893.6A 2020-04-02 2020-04-02 Data authority management method and system Active CN111444543B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010253893.6A CN111444543B (en) 2020-04-02 2020-04-02 Data authority management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010253893.6A CN111444543B (en) 2020-04-02 2020-04-02 Data authority management method and system

Publications (2)

Publication Number Publication Date
CN111444543A CN111444543A (en) 2020-07-24
CN111444543B true CN111444543B (en) 2023-02-28

Family

ID=71649620

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010253893.6A Active CN111444543B (en) 2020-04-02 2020-04-02 Data authority management method and system

Country Status (1)

Country Link
CN (1) CN111444543B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112307068A (en) * 2020-11-10 2021-02-02 天元大数据信用管理有限公司 Dynamic SQL query method
CN113157781A (en) * 2021-01-28 2021-07-23 绿瘦健康产业集团有限公司 Data visualization method and device, terminal equipment and storage medium
CN117688615B (en) * 2024-02-02 2024-05-07 北京原点数安科技有限公司 Cloud asset management method and device, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102789457A (en) * 2011-05-17 2012-11-21 航天信息股份有限公司 Method for dynamically customizing filter conditions
CN104077284A (en) * 2013-03-26 2014-10-01 中国移动通信集团湖北有限公司 Data security access method and data security access system
CN105653982A (en) * 2015-12-31 2016-06-08 中国建设银行股份有限公司 Method and system used for data permission control
CN106469282A (en) * 2015-08-21 2017-03-01 阿里巴巴集团控股有限公司 data access authority control method and device
CN108509807A (en) * 2018-04-13 2018-09-07 南京新贝金服科技有限公司 A kind of the table data authority control system and method for based role
CN109597814A (en) * 2018-12-06 2019-04-09 广州万惠信息技术咨询服务有限公司 A kind of online quick delivery system of back-stage management information system
CN109815284A (en) * 2019-01-04 2019-05-28 平安科技(深圳)有限公司 A kind of method and apparatus of data processing
CN110298192A (en) * 2019-06-05 2019-10-01 中国长江三峡集团有限公司 A kind of classification rights manager component of the management information system of adapted to multi-type tissue

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102789457A (en) * 2011-05-17 2012-11-21 航天信息股份有限公司 Method for dynamically customizing filter conditions
CN104077284A (en) * 2013-03-26 2014-10-01 中国移动通信集团湖北有限公司 Data security access method and data security access system
CN106469282A (en) * 2015-08-21 2017-03-01 阿里巴巴集团控股有限公司 data access authority control method and device
CN105653982A (en) * 2015-12-31 2016-06-08 中国建设银行股份有限公司 Method and system used for data permission control
CN108509807A (en) * 2018-04-13 2018-09-07 南京新贝金服科技有限公司 A kind of the table data authority control system and method for based role
CN109597814A (en) * 2018-12-06 2019-04-09 广州万惠信息技术咨询服务有限公司 A kind of online quick delivery system of back-stage management information system
CN109815284A (en) * 2019-01-04 2019-05-28 平安科技(深圳)有限公司 A kind of method and apparatus of data processing
CN110298192A (en) * 2019-06-05 2019-10-01 中国长江三峡集团有限公司 A kind of classification rights manager component of the management information system of adapted to multi-type tissue

Also Published As

Publication number Publication date
CN111444543A (en) 2020-07-24

Similar Documents

Publication Publication Date Title
CN111444543B (en) Data authority management method and system
US10289286B2 (en) Thing modeler for internet of things
KR100692330B1 (en) System and method for selectively defining accesss to application features
CN108762760B (en) Software interface self-defining method, device, computer equipment and storage medium
CN110298189B (en) Database authority management method and device
US7636725B2 (en) XML multi-stage policy implementation in XSLT
CN109669693A (en) A kind of method and system generating forms pages based on dynamic page
CN108228846B (en) Resource file management method and device
CN103729448A (en) Method and device for querying data
CN111209592A (en) Method and system for controlling data authority based on spliced SQL (structured query language) statement
Mont et al. On parametric obligation policies: Enabling privacy-aware information lifecycle management in enterprises
US20140114916A1 (en) Code generation and implementation method, system, and storage medium for delivering bidirectional data aggregation and updates
US7523506B1 (en) Approach for managing functionalities within a system
CN116702213A (en) Service system data authority management method, device and equipment for multi-level enterprise
US20100082621A1 (en) Mechanism for enabling new task types to be added to a system for managing distributed nodes
CN111131472A (en) Building method of Apollo configuration center
CN111881475B (en) Method for selecting role authority based on authority association
KR101993723B1 (en) Security policy automation support system and method
CN112988798A (en) Log processing method, device, equipment and medium
US8516438B2 (en) Method and apparatus for user-defined managed objects
Mont Towards scalable management of privacy obligations in enterprises
CN110781170B (en) Historical data protection method and device based on AOP
CN112149107B (en) Unified authority management method, system, device and storage medium
KR20150064599A (en) Method for management common code of multi-tenane environment, server performing the same and storage media storing the same
Martins et al. MANAGING ARCHIVER RULES FOR INDIVIDUAL EPICS PVS IN FRIB'S DIAGNOSTICS SYSTEM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: China Southern Power Grid Digital Platform Technology (Guangdong) Co.,Ltd.

Address before: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province

Applicant before: China Southern Power Grid Shenzhen Digital Power Grid Research Institute Co.,Ltd.

Address after: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: China Southern Power Grid Shenzhen Digital Power Grid Research Institute Co.,Ltd.

Address before: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province

Applicant before: SHENZHEN COMTOP INFORMATION TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant