CN111708992A - Report data access method and device, electronic equipment and storage medium - Google Patents
Report data access method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111708992A CN111708992A CN202010373255.8A CN202010373255A CN111708992A CN 111708992 A CN111708992 A CN 111708992A CN 202010373255 A CN202010373255 A CN 202010373255A CN 111708992 A CN111708992 A CN 111708992A
- Authority
- CN
- China
- Prior art keywords
- report
- macro
- user group
- user
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 7
- 238000005259 measurement Methods 0.000 claims description 6
- 238000012216 screening Methods 0.000 claims description 6
- 238000002347 injection Methods 0.000 claims description 5
- 239000007924 injection Substances 0.000 claims description 5
- 238000007726 management method Methods 0.000 description 39
- 238000004891 communication Methods 0.000 description 11
- 239000000243 solution Substances 0.000 description 9
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2282—Tablespace storage structures; Management thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a report data access method, a report data access device, electronic equipment and a storage medium, wherein the report data access method comprises the following steps: receiving a report data access request sent by a user; determining an appointed user group and an appointed report form corresponding to a user; if the specified user group is determined to have the checking authority of the specified report, acquiring a first report definition body from the report definition information, and checking whether a preset data authority macro exists or not; if yes, determining a data authority macro classification value, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body; and replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a business database, and sending a first data result to a user. Therefore, the embodiment of the invention realizes dynamic report data authority management based on the user-defined macro authority, realizes implicit data authority control and also improves the flexibility of report data authority management.
Description
Technical Field
The invention relates to the field of data management, in particular to a report data access method and device, electronic equipment and a storage medium.
Background
A report may refer to displaying data in a table, chart, etc. format, with corresponding report data typically stored in a report database. When a user accesses the report data, since different users may have different access rights to the report data, how to control the user's access to the report data according to the user access rights is a problem to be solved urgently.
Disclosure of Invention
Aiming at the problem of how to control the access of a user to report data according to the access authority of the user in the prior art, the embodiment of the invention provides a report data access method, a report data access device, electronic equipment and a storage medium.
In a first aspect, an embodiment of the present invention provides a report data access method, including:
receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
determining a designated user group corresponding to the user according to the user identification, and determining a designated report which is requested to be accessed by the user according to the report request parameter;
if the specified user group is determined to have the checking authority of the specified report, acquiring a first report definition body of the specified report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body; wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body;
if the fact that the first report definition body has the preset data authority macro is determined, determining a data authority macro classification value corresponding to the preset data authority macro, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body;
and replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a service database according to the first database query statement, and sending a queried first data result to a user.
Optionally, the method further comprises:
the data authority macro related to the report data authority statement comprises macro identification and classification values corresponding to the macro;
creating a report definition, and quoting the data authority macro in the report definition to obtain report definition information;
creating a user group, setting one or more declared data permission macros for the user group, and selecting a classification value of the corresponding data permission macro to obtain user group creation information, wherein the user group creation information comprises a user group identifier and/or a user group name, and a macro identifier of the data permission macro and a classification value of the data permission macro corresponding to the user group;
setting report viewing permission of the user group to obtain a user group report permission list, wherein the user group report permission list comprises a user group identifier, a service system identifier and a report identifier;
managing member users in the user group to obtain user group member management information, wherein the user group member management information comprises a user group identifier and a member user identifier;
and storing the data authority macro, the report definition information, the user group creation information, the user group report authority list and the user group member management information into a report knowledge base.
Optionally, the report definition information further includes: screening dimension identification; the business system identification is used for representing the identification of the business system which can be supported by the report data authority management system; the report definition body is used for representing dynamic database query statements, and the database query statements are formed by flexibly configuring the dimensionality and the measurement of the business report and are used for querying in the corresponding business database.
Optionally, the determining, according to the user identifier, the specified user group corresponding to the user and the specified report requested to be accessed by the user according to the report request parameter include:
verifying the user identity according to the user identification;
if the identity verification result is passed, inquiring a user group to which the user belongs in a report knowledge base according to the user identification, and determining the inquired user group as the specified user group;
detecting whether a report corresponding to the report request parameter exists in the report knowledge base;
and if the report corresponding to the report request parameter is detected in the report knowledge base, determining the detected report as the specified report.
Optionally, the determining that the specified user group has the viewing right of the specified report includes:
acquiring a user group report authority list from a report knowledge base;
querying the specified user group in the user group identification;
if the specified user group is inquired, inquiring the specified report in a report mark with viewing authority corresponding to the specified user group;
and if the specified report is inquired, determining that the specified user group has the viewing permission of the specified report.
Optionally, the determining a data authority macro classification value corresponding to the preset data authority macro, and injecting the data authority macro classification value into the first report definition body includes:
acquiring a data authority macro identifier from report definition information of a report knowledge base;
acquiring the identifier of the specified user group from the user group member management information in the report knowledge base;
acquiring a corresponding data permission macro classification value from user group creating information in the report knowledge base according to the preset data permission macro identification and the identification of the specified user group;
and injecting the preset data authority macro identification and the data authority macro classification value into the first report definition body.
Optionally, the method further comprises:
and if the fact that the first report definition body does not have the preset data authority macro is determined, replacing the variable in the first report definition body by using the value of the report request parameter to obtain an executable second database query statement, querying in a service database according to the second database query statement, and sending a queried second data result to a user.
In a second aspect, an embodiment of the present invention further provides a report data access apparatus, including:
the receiving module is used for receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
the determining module is used for determining a specified user group corresponding to the user according to the user identifier and determining a specified report which is requested to be accessed by the user according to the report request parameter;
the checking module is used for acquiring a first report definition body of the specified report from preset report definition information and checking whether a preset data authority macro exists in the first report definition body if the specified user group is determined to have the checking authority of the specified report; wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body;
the injection module is used for determining a data authority macro classification value corresponding to a preset data authority macro if the preset data authority macro exists in the first report definition body, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body;
and the first sending module is used for replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying a service database according to the first database query statement, and sending a queried first data result to a user.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, which when called by the processor are capable of performing the above-described methods.
In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium storing a computer program, which causes the computer to execute the above method.
After receiving a report data access request sent by a user, the report data access method, the report data access device, the electronic device and the storage medium provided by the embodiments of the present invention can determine an appointed user group corresponding to the user according to the user identifier, determine an appointed report requested to be accessed by the user according to the report request parameter, and when it is determined that the appointed user group has the viewing right of the appointed report, obtain a first report definition body of the appointed report from preset report definition information, check whether a preset data right macro exists in the first report definition body, and determine a data right macro classification value corresponding to the preset data right macro and inject the data right macro classification value into the first report definition body, and obtaining a second report definition body, replacing variables in the second report definition body by using the values of the report request parameters to obtain an executable first database query statement, querying in a service database according to the first database query statement, and sending a queried first data result to a user, so that dynamic report data authority management based on self-defined macro authority is realized, implicit data authority control is also realized, and the flexibility of report data authority management is also improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart illustrating a report data access method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram illustrating a report data access apparatus according to an embodiment of the present invention;
fig. 3 shows a schematic structural diagram of an electronic device provided in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
FIG. 1 is a flow chart illustrating a report data access method according to an embodiment of the present invention; the report data access method can be used for equipment supporting the report data access function; as shown in fig. 1, the report data access method may include the following steps:
s110, receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters.
Specifically, the report data access request may be an HTTP (HyperText Transfer Protocol) access request.
The user identification may be used to characterize the user identity of the accessing user and to perform a user identity check.
The report request parameters may be used to characterize those reports that the accessing user needs to access. The report request parameter may include contents such as a report identifier and a screening dimension identifier. Such as: the screening dimension is marked as department, province, etc.
S120, determining a designated user group corresponding to the user according to the user identification, and determining a designated report which is requested to be accessed by the user according to the report request parameter.
Specifically, the designated user group may refer to a user group to which the access user belongs, and the user group is a user group created in advance by the report data authority management system, and the report data authority management system binds users of different service systems to the corresponding user group in advance.
The specified report can refer to the report which is requested to be accessed by the accessing user, and the report is pre-saved into the report knowledge base by the report data authority management system.
S130, if the specified user group is determined to have the checking authority of the specified report, acquiring a first report definition body of the specified report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body. Wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body.
Specifically, the report data permission management system declares the relevant data permission macro to the report data permission in advance, and refers the data permission macro in the report definition, so that after determining that the specified user group has the viewing permission of the specified report, the report data permission management system obtains the report definition BODY of the specified report from the report definition information on one hand, and checks whether the data permission macro is preset in the report definition information on the other hand.
The report definition body is usually a dynamic database query statement, which is formed by flexibly configuring the dimensionality and the measurement of the business report and is used for querying in a corresponding business database.
S140, if the fact that the first report definition body has the preset data authority macro is determined, determining a data authority macro classification value corresponding to the preset data authority macro, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body.
Specifically, the second report definitional body refers to a report definitional body including a data authority macro classification value. The report data authority management system injects the data authority macro classification value into the first report definition body for the following purposes: and the control on the report viewing authority is realized.
S150, replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a business database according to the first database query statement, and sending a queried first data result to a user.
Specifically, the first database Query statement may be SQL (Structured Query Language) or the like.
It can be seen from the above embodiments that, after receiving a report data access request sent by a user, an appointed user group corresponding to the user can be determined according to the user identifier, an appointed report requested to be accessed by the user can be determined according to the report request parameter, and when it is determined that the appointed user group has the viewing right of the appointed report, a first report definitional body of the appointed report is obtained from preset report definition information, and whether a preset data right macro exists in the first report definitional body is checked, and when it is determined that the preset data right macro exists in the first report definitional body, a data right macro classification value corresponding to the preset data right macro is determined, and the data right macro classification value is injected into the first report definitional body to obtain a second report definitional body, and a variable in the second report definitional body is replaced by using the value of the report request parameter, and obtaining an executable first database query statement, querying in a business database according to the first database query statement, and sending a queried first data result to a user, so that dynamic report data authority management based on user-defined macro authority is realized, implicit data authority control is also realized, and flexibility of report data authority management is also improved.
Further, on the basis of the above method embodiment, before performing S110, the method may further include:
and (1-1) reporting a data authority macro related to the data authority statement, wherein the data authority macro comprises a macro identifier and a classification value corresponding to the macro.
Specifically, the statement data authority macro in the report data authority management system is stored in the report knowledge base. The macro identification of the data authority macro can be some character strings, and the classification value of the data authority macro can be an array.
Such as: the macro name is APPID, and the corresponding classification value of the macro is as follows:
[video,music,read,movie,cartoon,game]。
(1-2) creating a report definition, and referring the data authority macro in the report definition to obtain report definition information, wherein the report definition information comprises: the system comprises a business system identifier, a report identifier, a data authority macro identifier and a report definition body. The business system identification is used for representing the identification of the business system which can be supported by the report data authority management system; the report definition body is used for representing dynamic database query statements, and the database query statements are formed by flexibly configuring the dimensionality and the measurement of the business report and are used for querying in the corresponding business database. In addition, the report definition information may further include: and screening dimension identification.
Specifically, a report definition is created in a report data rights management system. The service system identifier in the report definition information may be an identifier of a different service system, and is used to indicate that the report data authority management system supports selection of a different service system. The data permission macro in the report definition information is selected from the declared data permission macros. The report definition body in the report definition information is usually a dynamic database query statement, is formed by flexibly configuring the dimensionality and the measurement of the business report and is used for directly querying in a corresponding business database. The following were used:
therefore, the report information of a plurality of different databases is defined and managed in the set knowledge base according to a uniform format.
(1-3) creating a user group, creating the user group, setting one or more declared data permission macros for the user group, and selecting the classification value of the corresponding data permission macro to obtain user group creation information, wherein the user group creation information comprises a user group identifier and/or a user group name, and the macro identifier of the data permission macro corresponding to the user group and the classification value of the data permission macro.
Specifically, a user group (user group identification, user group name, macro identification of the data permission macro and classification value of the data permission macro) is created in the report data permission management system.
Such as: user group macro authority 1: user _ group _001, app _ manager, APPID, [ music, carton ].
And (1-4) setting report viewing permission of the user group to obtain a user group report permission list, wherein the user group report permission list comprises a user group identifier, a service system identifier and a report identifier.
Specifically, the report viewing permissions [ user group identification, service system identification, and report identification ] of the user group are set in the report data permission management system.
Such as: user _ group _001, bus _ sys _001, 001001.
And (1-5) managing member users in the user group to obtain user group member management information, wherein the user group member management information comprises a user group identifier and a member user identifier.
Specifically, member users [ user group id, member user userid ] in the user group are managed in the report data authority management system.
Such as: user _ group _001 zhangsan;
user_group_001lisi。
in addition, the user groups and the users can be in a many-to-many mapping relationship, that is, one user can belong to a plurality of user groups according to actual needs.
And (1-6) storing the data authority macro, the report definition information, the user group creation information, the user group report authority list and the user group member management information into a report knowledge base.
Specifically, the report knowledge base is a database specially used for storing report data authority management contents, and is independent of all other business systems.
According to the embodiment, the data authority macro related to the report data authority statement is used, and then the data authority macro is referred to in the report definition; and setting report viewing authority, macro identification and classification value of the user group, so as to decouple the data authority and service logic, and separate the service database from the report knowledge base, thereby reducing service risk, and realizing simple configuration of the report and flexible control of uniform authority.
Further, on the basis of the above method embodiment, when performing S120, the following implementation manners may be included, but are not limited to:
and (2-1) verifying the user identity according to the user identification.
Specifically, after receiving a report data access request sent by a user, the report data authority management system can verify the identity of the user according to the user identification; if the identity verification result is passed, the subsequent process can be continued, and if the identity verification result is not passed, the process is ended.
And (2-2) if the identity verification result is passed, inquiring the user group to which the user belongs in a report knowledge base according to the user identification, and determining the inquired user group as the specified user group.
Specifically, the report knowledge base stores the mapping relationship between the user group and the user, so when the user group is determined, the determination can be performed through the report knowledge base. If the specified user group is inquired, the subsequent process can be continued, and if the specified user group is not inquired, the process is ended.
And (2-3) detecting whether the report corresponding to the report request parameter exists in the report knowledge base.
Specifically, because the report knowledge base is different in storage, when the report is determined, the determination can be performed through the report knowledge base. If the specified report is inquired, the subsequent process can be continued, and if the specified report is not inquired, the process is ended.
And (2-4) if the report corresponding to the report request parameter is detected in the report knowledge base, determining the detected report as the specified report.
According to the embodiment, after the user identity is verified, the user group to which the user belongs can be inquired in the report knowledge base according to the user identification, the inquired user group is determined as the specified user group, the report corresponding to the report request parameter is detected in the report knowledge base, and the detected report is determined as the specified report, so that the reliability of the report data authority management is improved.
Further, on the basis of the above method embodiment, when performing S130, the method may further include:
(3-1) acquiring a user group report authority list from a report knowledge base;
(3-2) inquiring the specified user group in the user group identification;
(3-3) if the specified user group is inquired, inquiring the specified report in a report mark with the viewing authority corresponding to the specified user group;
and (3-4) if the specified report is inquired, determining that the specified user group has the viewing permission of the specified report.
According to the embodiment, when the appointed user group is determined to have the viewing authority of the appointed report, the user group report authority list can be obtained from the report knowledge base, the appointed report is inquired in the report mark with the viewing authority corresponding to the appointed user group, and if the appointed report is inquired, the appointed user group is determined to have the viewing authority of the appointed report, so that the accuracy of determining the viewing authority is improved.
Further, on the basis of the above method embodiment, when determining the data authority macro classification value corresponding to the preset data authority macro and injecting the data authority macro classification value into the first report definition body in step S140, the method may include:
(4-1) acquiring a data authority macro identifier from report definition information of a report knowledge base;
(4-2) acquiring the identifier of the specified user group from the user group member management information in the report knowledge base;
(4-3) acquiring a corresponding data permission macro classification value from user group creation information in the report knowledge base according to the data permission macro identification and the identification of the specified user group;
and (4-4) injecting the preset data authority macro identification and the data authority macro classification value into the first report definition body.
As can be seen from the above embodiments, when the data permission macro classification value corresponding to the preset data permission macro is determined, the data permission macro identifier may be obtained from report definition information of a report knowledge base, the identifier of the specified user group may be obtained from user group member management information in the report knowledge base, the corresponding data permission macro classification value may be obtained from user group creation information in the report knowledge base according to the data permission macro identifier and the identifier of the specified user group, and the preset data permission macro identifier and the data permission macro classification value may be injected into the first report definition body, thereby improving efficiency of report data permission management.
Further, on the basis of the above method embodiment, after performing S130, the method may further include:
(5-1) if it is determined that the first report definition body does not have the preset data authority macro, replacing the variable in the first report definition body by using the value of the report request parameter to obtain an executable second database query statement, querying in a business database according to the second database query statement, and sending a queried second data result to a user.
As can be seen from the above embodiments, after it is determined that there is no preset data permission macro in the first report definitional body, the variable in the first report definitional body may be replaced by using the value of the report request parameter to obtain an executable second database query statement, and query in the service database according to the second database query statement, and send the queried second data result to the user, thereby enriching the implementation manner of the report data permission management and improving the practicality of the report data permission management.
FIG. 2 is a schematic structural diagram illustrating a report data access apparatus according to an embodiment of the present invention; the device can be used on equipment supporting report data access function; as shown in fig. 2, the report data access device may include:
the receiving module 21 is configured to receive a report data access request sent by a user, where the report data access request includes a user identifier and a report request parameter;
the determining module 22 is configured to determine, according to the user identifier, an appointed user group corresponding to the user, and determine, according to the report request parameter, an appointed report that the user requests to access;
the checking module 23 is configured to, if it is determined that the specified user group has the viewing right of the specified report, obtain a first report definitional body of the specified report from preset report definition information, and check whether a preset data right macro exists in the first report definitional body; wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body;
the injection module 24 is configured to determine a data authority macro classification value corresponding to a preset data authority macro if it is determined that the preset data authority macro exists in the first report definition body, and inject the data authority macro classification value into the first report definition body to obtain a second report definition body;
and the first sending module 25 is configured to replace the variable in the second report definition body with the value of the report request parameter to obtain an executable first database query statement, query the service database according to the first database query statement, and send a queried first data result to the user.
Further, on the basis of the above device embodiment, the method further includes:
the statement module is used for declaring related data permission macros for the statement data permission, and the data permission macros comprise macro identifications and classification values corresponding to the macros;
the first creating module is used for creating a report definition and quoting the data authority macro in the report definition to obtain report definition information;
the second creation module is used for creating a user group, setting one or more declared data permission macros for the user group, and selecting the classification value of the corresponding data permission macro to obtain user group creation information, wherein the user group creation information comprises a user group identifier and/or a user group name, and the macro identifier of the data permission macro corresponding to the user group and the classification value of the data permission macro;
the setting module is used for setting the report viewing permission of the user group to obtain a user group report permission list, and the user group report permission list comprises a user group identifier, a service system identifier and a report identifier;
the management module is used for managing member users in the user group to obtain user group member management information, and the user group member management information comprises a user group identifier and a member user identifier;
and the storage module is used for storing the data authority macros, the report definition information, the user group report authority list and the user group member management information into a report knowledge base.
Further, on the basis of the above device embodiment, the report definition information may further include: screening dimension identification; the business system identification is used for representing the identification of the business system which can be supported by the report data authority management system; the report definition body is used for representing dynamic database query statements, and the database query statements are formed by flexibly configuring the dimensionality and the measurement of the business report and are used for querying in the corresponding business database.
Further, on the basis of the above apparatus embodiment, the determining module 22 may include:
the verification submodule is used for verifying the user identity according to the user identification;
the first query submodule is used for querying a user group to which the user belongs in a report knowledge base according to the user identification if the identity verification result is passed, and determining the queried user group as the specified user group;
the detection submodule is used for detecting whether a report corresponding to the report request parameter exists in the report knowledge base;
and the first determining submodule is used for determining the detected report as the specified report if the report corresponding to the report request parameter is detected in the report knowledge base.
Further, on the basis of the above device embodiment, the checking module 23 may include:
the first acquisition submodule is used for acquiring a user group report authority list from a report knowledge base;
the second query submodule is used for querying the specified user group in the user group identification;
the third query sub-module is used for querying the specified report in the report identifier with the viewing authority corresponding to the specified user group if the specified user group is queried;
and the second determining submodule is used for determining that the specified user group has the viewing permission of the specified report if the specified report is inquired.
Further, on the basis of the above-mentioned embodiment of the apparatus, the injection module 24 may include:
the second acquisition submodule is used for acquiring the data authority macro identifier from the report definition information of the report knowledge base;
the third acquisition submodule is used for acquiring the identifier of the specified user group from the user group member management information in the report knowledge base;
the fourth obtaining submodule is used for obtaining a corresponding data permission macro classification value from user group creating information in the report knowledge base according to the preset data permission macro identification and the identification of the specified user group;
and the injection submodule is used for injecting the preset data authority macro identification and the data authority macro classification value into the first report definition body.
Further, on the basis of the above device embodiment, the method further includes:
and the second sending module is used for replacing the variable in the first report definition body by using the value of the report request parameter to obtain an executable second database query statement if the first report definition body is determined to have no preset data authority macro, querying in a service database according to the second database query statement, and sending a queried second data result to a user.
The report data access device described in this embodiment may be used to implement the above method embodiments, and the principle and technical effect are similar, which are not described herein again.
Fig. 3 is a schematic physical structure diagram of an electronic device, which may include, as shown in fig. 3: a processor (processor)301, a communication Interface (communication Interface)302, a memory (memory)303 and a communication bus 304, wherein the processor 301, the communication Interface 302 and the memory 303 complete communication with each other through the communication bus 304. Processor 301 may call logic instructions in memory 303 to perform the following method:
receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
determining a designated user group corresponding to the user according to the user identification, and determining a designated report which is requested to be accessed by the user according to the report request parameter;
if the specified user group is determined to have the checking authority of the specified report, acquiring a first report definition body of the specified report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body; wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body;
if the fact that the first report definition body has the preset data authority macro is determined, determining a data authority macro classification value corresponding to the preset data authority macro, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body;
and replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a service database according to the first database query statement, and sending a queried first data result to a user.
It should be noted that, when being implemented specifically, the electronic device in this embodiment may be a server, a PC, or other devices, as long as the structure includes the processor 301, the communication interface 302, the memory 303, and the communication bus 304 shown in fig. 3, where the processor 301, the communication interface 302, and the memory 303 complete mutual communication through the communication bus 304, and the processor 301 may call a logic instruction in the memory 303 to execute the above method. The embodiment does not limit the specific implementation form of the electronic device.
In addition, the logic instructions in the memory 303 may be implemented in the form of software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Further, embodiments of the present invention disclose a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions, which when executed by a computer, the computer is capable of performing the methods provided by the above-mentioned method embodiments, for example, comprising:
receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
determining a designated user group corresponding to the user according to the user identification, and determining a designated report which is requested to be accessed by the user according to the report request parameter;
if the specified user group is determined to have the checking authority of the specified report, acquiring a first report definition body of the specified report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body; wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body;
if the fact that the first report definition body has the preset data authority macro is determined, determining a data authority macro classification value corresponding to the preset data authority macro, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body;
and replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a service database according to the first database query statement, and sending a queried first data result to a user.
In another aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented to perform the transmission method provided in the foregoing embodiments when executed by a processor, and for example, the method includes:
receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
determining a designated user group corresponding to the user according to the user identification, and determining a designated report which is requested to be accessed by the user according to the report request parameter;
if the specified user group is determined to have the checking authority of the specified report, acquiring a first report definition body of the specified report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body; wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body;
if the fact that the first report definition body has the preset data authority macro is determined, determining a data authority macro classification value corresponding to the preset data authority macro, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body;
and replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a service database according to the first database query statement, and sending a queried first data result to a user.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A report data access method is characterized by comprising the following steps:
receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
determining a designated user group corresponding to the user according to the user identification, and determining a designated report which is requested to be accessed by the user according to the report request parameter;
if the specified user group is determined to have the checking authority of the specified report, acquiring a first report definition body of the specified report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body; wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body;
if the fact that the first report definition body has the preset data authority macro is determined, determining a data authority macro classification value corresponding to the preset data authority macro, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body;
and replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a service database according to the first database query statement, and sending a queried first data result to a user.
2. The reporting data access method as recited in claim 1, further comprising:
the data authority macro related to the report data authority statement comprises macro identification and classification values corresponding to the macro;
creating a report definition, and quoting the data authority macro in the report definition to obtain report definition information;
creating a user group, setting one or more declared data permission macros for the user group, and selecting a classification value of the corresponding data permission macro to obtain user group creation information, wherein the user group creation information comprises a user group identifier and/or a user group name, and a macro identifier of the data permission macro and a classification value of the data permission macro corresponding to the user group;
setting report viewing permission of the user group to obtain a user group report permission list, wherein the user group report permission list comprises a user group identifier, a service system identifier and a report identifier;
managing member users in the user group to obtain user group member management information, wherein the user group member management information comprises a user group identifier and a member user identifier;
and storing the data authority macro, the report definition information, the user group creation information, the user group report authority list and the user group member management information into a report knowledge base.
3. The reporting data access method as recited in claim 1 or 2, wherein the reporting definition information further comprises: screening dimension identification;
the business system identification is used for representing the identification of the business system which can be supported by the report data authority management system; the report definition body is used for representing dynamic database query statements, and the database query statements are formed by flexibly configuring the dimensionality and the measurement of the business report and are used for querying in the corresponding business database.
4. The report data access method according to claim 1 or 2, wherein the determining of the designated user group corresponding to the user according to the user identifier and the determining of the designated report to which the user requests access according to the report request parameter include:
verifying the user identity according to the user identification;
if the identity verification result is passed, inquiring a user group to which the user belongs in a report knowledge base according to the user identification, and determining the inquired user group as the specified user group;
detecting whether a report corresponding to the report request parameter exists in the report knowledge base;
and if the report corresponding to the report request parameter is detected in the report knowledge base, determining the detected report as the specified report.
5. The report data access method according to claim 1 or 2, wherein the determining that the specified user group has the viewing authority of the specified report comprises:
acquiring a user group report authority list from a report knowledge base;
querying the specified user group in the user group identification;
if the specified user group is inquired, inquiring the specified report in a report mark with viewing authority corresponding to the specified user group;
and if the specified report is inquired, determining that the specified user group has the viewing permission of the specified report.
6. The report data access method according to claim 1 or 2, wherein the determining the data authority macro classification value corresponding to the preset data authority macro and injecting the data authority macro classification value into the first report definition body comprises:
acquiring a data authority macro identifier from report definition information of a report knowledge base;
acquiring the identifier of the specified user group from the user group member management information in the report knowledge base;
acquiring a corresponding data permission macro classification value from user group creating information in the report knowledge base according to the preset data permission macro identification and the identification of the specified user group;
and injecting the preset data authority macro identification and the data authority macro classification value into the first report definition body.
7. The reporting data access method as recited in claim 1, further comprising:
and if the fact that the first report definition body does not have the preset data authority macro is determined, replacing the variable in the first report definition body by using the value of the report request parameter to obtain an executable second database query statement, querying in a service database according to the second database query statement, and sending a queried second data result to a user.
8. A reporting data access apparatus, comprising:
the receiving module is used for receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
the determining module is used for determining a specified user group corresponding to the user according to the user identifier and determining a specified report which is requested to be accessed by the user according to the report request parameter;
the checking module is used for acquiring a first report definition body of the specified report from preset report definition information and checking whether a preset data authority macro exists in the first report definition body if the specified user group is determined to have the checking authority of the specified report; wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body;
the injection module is used for determining a data authority macro classification value corresponding to a preset data authority macro if the preset data authority macro exists in the first report definition body, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body;
and the first sending module is used for replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying a service database according to the first database query statement, and sending a queried first data result to a user.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of the report data access method according to any of claims 1-7.
10. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the report data access method according to any of the claims 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010373255.8A CN111708992B (en) | 2020-05-06 | 2020-05-06 | Report data access method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010373255.8A CN111708992B (en) | 2020-05-06 | 2020-05-06 | Report data access method and device, electronic equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111708992A true CN111708992A (en) | 2020-09-25 |
CN111708992B CN111708992B (en) | 2023-07-14 |
Family
ID=72537102
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010373255.8A Active CN111708992B (en) | 2020-05-06 | 2020-05-06 | Report data access method and device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111708992B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112100183A (en) * | 2020-09-28 | 2020-12-18 | 中国银行股份有限公司 | Report query system, device and method based on label management |
CN112287365A (en) * | 2020-10-23 | 2021-01-29 | 烽火通信科技股份有限公司 | Binary-based database permission control method, device, medium and system |
CN112307052A (en) * | 2020-10-28 | 2021-02-02 | 北京锐安科技有限公司 | Data management method, service system, terminal and storage medium |
CN112905978A (en) * | 2021-02-20 | 2021-06-04 | 成都新希望金融信息有限公司 | Authority management method and device |
CN114500031A (en) * | 2022-01-21 | 2022-05-13 | 浙江惠瀜网络科技有限公司 | System, method, electronic device and medium for obtaining BI report form based on single sign-on |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1416078A (en) * | 2001-10-30 | 2003-05-07 | 艾默生网络能源有限公司 | Data processing method of monitoring system |
US20130024924A1 (en) * | 2011-07-19 | 2013-01-24 | Brady Scott J | Aggregation of Emailed Product Order and Shipping Information |
CN103546570A (en) * | 2013-10-29 | 2014-01-29 | 小米科技有限责任公司 | Method, device and terminal for achieving network client-side cross-domain data request |
CN104461531A (en) * | 2014-12-02 | 2015-03-25 | 福建工程学院 | Implementing method for self-defined functions of reporting system |
US9390240B1 (en) * | 2012-06-11 | 2016-07-12 | Dell Software Inc. | System and method for querying data |
CN107168940A (en) * | 2017-03-29 | 2017-09-15 | 长春市万易科技有限公司 | A kind of report generating system and method |
CN107908659A (en) * | 2017-10-17 | 2018-04-13 | 深圳前海微众银行股份有限公司 | Data sheet collocation method, report platform and computer-readable recording medium |
CN107918600A (en) * | 2017-11-15 | 2018-04-17 | 泰康保险集团股份有限公司 | report development system and method, storage medium and electronic equipment |
CN109409119A (en) * | 2017-08-17 | 2019-03-01 | 北京京东尚科信息技术有限公司 | Data manipulation method and device |
CN109492056A (en) * | 2018-10-24 | 2019-03-19 | 江苏满运软件科技有限公司 | A kind of method and system of business intelligence data inquiry |
US20190147182A1 (en) * | 2017-11-15 | 2019-05-16 | American Express Travel Related Services Company, Inc. | Data Access System |
CN109815284A (en) * | 2019-01-04 | 2019-05-28 | 平安科技(深圳)有限公司 | A kind of method and apparatus of data processing |
CN109902100A (en) * | 2019-01-31 | 2019-06-18 | 平安科技(深圳)有限公司 | Report form inquiring method, device and storage medium |
CN110365670A (en) * | 2019-07-08 | 2019-10-22 | 深圳壹账通智能科技有限公司 | Blacklist sharing method, device, computer equipment and storage medium |
CN110889142A (en) * | 2019-12-20 | 2020-03-17 | 中国银行股份有限公司 | Data authority management method, device, system and equipment |
-
2020
- 2020-05-06 CN CN202010373255.8A patent/CN111708992B/en active Active
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1416078A (en) * | 2001-10-30 | 2003-05-07 | 艾默生网络能源有限公司 | Data processing method of monitoring system |
US20130024924A1 (en) * | 2011-07-19 | 2013-01-24 | Brady Scott J | Aggregation of Emailed Product Order and Shipping Information |
US9390240B1 (en) * | 2012-06-11 | 2016-07-12 | Dell Software Inc. | System and method for querying data |
CN103546570A (en) * | 2013-10-29 | 2014-01-29 | 小米科技有限责任公司 | Method, device and terminal for achieving network client-side cross-domain data request |
CN104461531A (en) * | 2014-12-02 | 2015-03-25 | 福建工程学院 | Implementing method for self-defined functions of reporting system |
CN107168940A (en) * | 2017-03-29 | 2017-09-15 | 长春市万易科技有限公司 | A kind of report generating system and method |
CN109409119A (en) * | 2017-08-17 | 2019-03-01 | 北京京东尚科信息技术有限公司 | Data manipulation method and device |
CN107908659A (en) * | 2017-10-17 | 2018-04-13 | 深圳前海微众银行股份有限公司 | Data sheet collocation method, report platform and computer-readable recording medium |
CN107918600A (en) * | 2017-11-15 | 2018-04-17 | 泰康保险集团股份有限公司 | report development system and method, storage medium and electronic equipment |
US20190147182A1 (en) * | 2017-11-15 | 2019-05-16 | American Express Travel Related Services Company, Inc. | Data Access System |
CN109492056A (en) * | 2018-10-24 | 2019-03-19 | 江苏满运软件科技有限公司 | A kind of method and system of business intelligence data inquiry |
CN109815284A (en) * | 2019-01-04 | 2019-05-28 | 平安科技(深圳)有限公司 | A kind of method and apparatus of data processing |
CN109902100A (en) * | 2019-01-31 | 2019-06-18 | 平安科技(深圳)有限公司 | Report form inquiring method, device and storage medium |
CN110365670A (en) * | 2019-07-08 | 2019-10-22 | 深圳壹账通智能科技有限公司 | Blacklist sharing method, device, computer equipment and storage medium |
CN110889142A (en) * | 2019-12-20 | 2020-03-17 | 中国银行股份有限公司 | Data authority management method, device, system and equipment |
Non-Patent Citations (2)
Title |
---|
RONALD J. FEHD: "Journeymen\"s Tools:Data Review Macro Freq All:Using Proc SQL List Processing with Dictionary.Columns to Eliminate Macro Do Loops", 《CITESEER》 * |
陈振林: "MES中实时报表组态运行软件的开发及应用", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112100183A (en) * | 2020-09-28 | 2020-12-18 | 中国银行股份有限公司 | Report query system, device and method based on label management |
CN112100183B (en) * | 2020-09-28 | 2023-09-19 | 中国银行股份有限公司 | Report query system, device and method based on label management |
CN112287365A (en) * | 2020-10-23 | 2021-01-29 | 烽火通信科技股份有限公司 | Binary-based database permission control method, device, medium and system |
CN112307052A (en) * | 2020-10-28 | 2021-02-02 | 北京锐安科技有限公司 | Data management method, service system, terminal and storage medium |
CN112307052B (en) * | 2020-10-28 | 2024-05-10 | 北京锐安科技有限公司 | Data management method, service system, terminal and storage medium |
CN112905978A (en) * | 2021-02-20 | 2021-06-04 | 成都新希望金融信息有限公司 | Authority management method and device |
CN114500031A (en) * | 2022-01-21 | 2022-05-13 | 浙江惠瀜网络科技有限公司 | System, method, electronic device and medium for obtaining BI report form based on single sign-on |
CN114500031B (en) * | 2022-01-21 | 2024-06-04 | 浙江惠瀜网络科技有限公司 | System, method, electronic equipment and medium for acquiring BI report based on single sign-on |
Also Published As
Publication number | Publication date |
---|---|
CN111708992B (en) | 2023-07-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111708992A (en) | Report data access method and device, electronic equipment and storage medium | |
JP2021504832A (en) | Model training system and method and storage medium | |
CN108628748B (en) | Automatic test management method and automatic test management system | |
CN110309125A (en) | Data verification method, electronic device and storage medium | |
CN109255056B (en) | Data reference processing method, device, equipment and storage medium of block chain | |
CN113656780B (en) | Cross-chain access control method and device | |
CN107092535B (en) | Method and apparatus for data storage of test interface | |
CN110806916B (en) | Method and system for realizing personalized login page of each tenant of SAAS platform | |
CN111556005A (en) | Authority management method, device, electronic equipment and storage medium | |
US11138153B2 (en) | Data tagging | |
CN110968760A (en) | Webpage data crawling method and device, and webpage login method and device | |
US20160004850A1 (en) | Secure download from internet marketplace | |
CN113946837A (en) | Data access and data access authority configuration method, device and storage medium | |
CN111125017A (en) | Data storage method and device based on tree structure and computer equipment | |
CN114356898A (en) | Data storage method and device, electronic equipment and storage medium | |
CN109544207A (en) | A kind of information processing method, storage medium and server | |
CN114625407A (en) | Method, system, equipment and storage medium for implementing AB experiment | |
CN110321711A (en) | Detect the method and system of application server SQL injection point | |
CN106790160B (en) | Security level identification and method of calibration and device | |
CN113239048B (en) | Data management method and device, electronic equipment and storage medium | |
CN113949578A (en) | Automatic detection method and device for unauthorized vulnerability based on flow and computer equipment | |
CN112580307A (en) | Multi-data source access method, device, system and readable storage medium | |
CN114115933A (en) | Method, system, device, electronic equipment and medium for software upgrading | |
CN110493326B (en) | Zookeeper-based cluster configuration file management system and method | |
CN112783843A (en) | Data reading method and device and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |