CN111708992B - Report data access method and device, electronic equipment and storage medium - Google Patents

Report data access method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN111708992B
CN111708992B CN202010373255.8A CN202010373255A CN111708992B CN 111708992 B CN111708992 B CN 111708992B CN 202010373255 A CN202010373255 A CN 202010373255A CN 111708992 B CN111708992 B CN 111708992B
Authority
CN
China
Prior art keywords
report
user group
user
macro
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010373255.8A
Other languages
Chinese (zh)
Other versions
CN111708992A (en
Inventor
彭显根
孙雷
陈利乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Migu Cultural Technology Co Ltd
China Mobile Communications Group Co Ltd
Original Assignee
Migu Cultural Technology Co Ltd
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Migu Cultural Technology Co Ltd, China Mobile Communications Group Co Ltd filed Critical Migu Cultural Technology Co Ltd
Priority to CN202010373255.8A priority Critical patent/CN111708992B/en
Publication of CN111708992A publication Critical patent/CN111708992A/en
Application granted granted Critical
Publication of CN111708992B publication Critical patent/CN111708992B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a report data access method, a report data access device, electronic equipment and a storage medium, which comprise the following steps: receiving a report data access request sent by a user; determining a specified user group and a specified report corresponding to the user; if the appointed user group is determined to have the checking right of the appointed report, acquiring a first report definition body from report definition information, and checking whether a preset data authority macro exists or not; if the data authority macro classification value exists, determining the data authority macro classification value, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body; and replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in the service database, and sending the first data result to the user. Therefore, the embodiment of the invention realizes the dynamic report data authority management based on the custom macro authority, also realizes the implicit data authority control and improves the flexibility of report data authority management.

Description

Report data access method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of data management, and in particular, to a report data access method, apparatus, electronic device, and storage medium.
Background
A report may refer to data displayed in a form, chart, or the like, with corresponding report data typically stored in a report database. When users access the report data, because the access rights of different users to the report data may be different, how to control the access of the users to the report data according to the access rights of the users is a current problem to be solved.
Disclosure of Invention
Aiming at the problem of how to control the access of a user to report data according to the access authority of the user in the prior art, the embodiment of the invention provides a report data access method, a report data access device, electronic equipment and a storage medium.
In a first aspect, an embodiment of the present invention provides a report data access method, including:
receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
determining a specified user group corresponding to the user according to the user identification, and determining a specified report which the user requests to access according to the report request parameters;
If the appointed user group is determined to have the checking right of the appointed report, acquiring a first report definition body of the appointed report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body; wherein, the report definition information includes: business system identification, report identification, macro identification of declared data authority macro and report definition body;
if the fact that the preset data authority macros exist in the first report definition body is determined, determining data authority macro classification values corresponding to the preset data authority macros, and injecting the data authority macro classification values into the first report definition body to obtain a second report definition body;
and replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a business database according to the first database query statement, and sending the queried first data result to a user.
Optionally, the method further comprises:
a data authority macro related to report data authority statement, wherein the data authority macro comprises macro identification and a classification value corresponding to the macro;
Creating report definition, and referring to the data authority macros in the report definition to obtain report definition information;
creating a user group, setting one or more declared data authority macros for the user group, and selecting a classification value of the corresponding data authority macros to obtain user group creation information, wherein the user group creation information comprises a user group identifier and/or a user group name, and macro identifiers of the data authority macros corresponding to the user group and classification values of the data authority macros;
setting report viewing authority of the user group to obtain a report authority list of the user group, wherein the report authority list of the user group comprises a user group identifier, a service system identifier and a report identifier;
managing member users in the user group to obtain user group member management information, wherein the user group member management information comprises a user group identifier and a member user identifier;
and storing the data authority macros, the report definition information, the user group creation information, the user group report authority list and the user group member management information into a report knowledge base.
Optionally, the report definition information further includes: screening dimension identification; the service system identifier is used for representing the identifier of the service system which can be supported by the report data authority management system; the report definition body is used for representing dynamic database query sentences which are formed by flexibly configuring the dimension and the measurement of the business report and are used for querying corresponding business databases.
Optionally, the determining, according to the user identifier, a specified user group corresponding to the user and determining, according to the report request parameter, a specified report that the user requests to access, includes:
verifying the user identity according to the user identity;
if the identity verification result is passed, inquiring a user group to which the user belongs in a report knowledge base according to the user identification, and determining the inquired user group as the appointed user group;
detecting whether a report corresponding to the report request parameter exists in the report knowledge base;
and if the report corresponding to the report request parameter is detected to exist in the report knowledge base, determining the detected report as the specified report.
Optionally, the determining that the specified user group has the viewing authority of the specified report includes:
acquiring a user group report authority list from a report knowledge base;
querying the user group identification for the specified user group;
if the appointed user group is inquired, inquiring the appointed report in a report identifier corresponding to the appointed user group and having viewing authority;
and if the appointed report is inquired, determining that the appointed user group has the viewing authority of the appointed report.
Optionally, the determining the data authority macro classification value corresponding to the preset data authority macro, and injecting the data authority macro classification value into the first report definition body includes:
acquiring a data authority macro identifier from report definition information of a report knowledge base;
acquiring the identification of the appointed user group from the user group member management information in the report knowledge base;
acquiring a corresponding data authority macro classification value from user group creation information in the report knowledge base according to the preset data authority macro identifier and the identifier of the appointed user group;
and injecting the preset data authority macro identifier and the data authority macro classification value into the first report definition body.
Optionally, the method further comprises:
if the fact that the preset data authority macros do not exist in the first report definition body is determined, replacing variables in the first report definition body by using values of report request parameters to obtain executable second database query sentences, querying in a business database according to the second database query sentences, and sending queried second data results to a user.
In a second aspect, an embodiment of the present invention further provides a report data access device, including:
The receiving module is used for receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
the determining module is used for determining a specified user group corresponding to the user according to the user identification and determining a specified report which the user requests to access according to the report request parameters;
the checking module is used for acquiring a first report definition body of the specified report from preset report definition information and checking whether a preset data authority macro exists in the first report definition body if the specified user group is determined to have the view authority of the specified report; wherein, the report definition information includes: business system identification, report identification, macro identification of declared data authority macro and report definition body;
the injection module is used for determining a data authority macro classification value corresponding to the preset data authority macro if the preset data authority macro exists in the first report definition body, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body;
the first sending module is used for replacing the variable in the second report definition body by the value of the report request parameter to obtain an executable first database query statement, inquiring in a business database according to the first database query statement, and sending the inquired first data result to a user.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, which are called by the processor to perform the method described above.
In a fourth aspect, embodiments of the present invention also propose a non-transitory computer-readable storage medium storing a computer program, which causes the computer to carry out the above-mentioned method.
After receiving a report data access request sent by a user, the report data access method, device, electronic equipment and storage medium provided by the embodiment of the invention can determine a specified user group corresponding to the user according to the user identifier, determine a specified report requested to be accessed by the user according to the report request parameter, acquire a first report definition body of the specified report from preset report definition information when the specified user group is determined to have the check right of the specified report, check whether a preset data right macro exists in the first report definition body, determine a data right macro classification value corresponding to the preset data right macro when the preset data right macro exists in the first report definition body, inject the data right macro classification value into the first report definition body, obtain a second report definition body, replace variables in the second report definition body by using the value of the report request parameter, acquire an executable first database query statement, and send the query statement to a service data base according to the first database query statement, and realize the implicit query result based on the data management, thereby realizing the implicit query of the report and the user-defined data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 shows a flow chart of a report data access method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a report data access device according to an embodiment of the present invention;
fig. 3 shows a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
FIG. 1 shows a flow chart of a report data access method according to an embodiment of the present invention; the report data access method can be used for equipment supporting a report data access function; as shown in fig. 1, the report data access method may include the steps of:
s110, receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters.
In particular, the report data access request may be an HTTP (HyperText Transfer Protocol ) access request.
The user identity may be used to characterize the user identity of the accessing user and to perform user identity verification.
Report request parameters may be used to characterize those reports that an accessing user needs to access. The report request parameters may include report identifiers, screening dimension identifiers, and other contents. Such as: screening dimension marks are departments, provinces and the like.
S120, determining a specified user group corresponding to the user according to the user identification, and determining a specified report which the user requests to access according to the report request parameters.
Specifically, the specified user group may refer to a user group to which the accessing user belongs, and the user group is a user group created in advance by the report data authority management system, and the report data authority management system binds users of different service systems to the corresponding user group in advance.
The designated report may refer to a report that the accessing user requests to access, and the report is pre-saved to the report knowledge base by the report data authority management system.
S130, if the appointed user group is determined to have the viewing right of the appointed report, acquiring a first report definition body of the appointed report from preset report definition information, and checking whether a preset data right macro exists in the first report definition body. Wherein, the report definition information includes: business system identification, report identification, macro identification of declared data authority macro and report definition body.
Specifically, the report data authority management system can pre-declare the related data authority macros of the report data and quote the data authority macros in report definition, so that after determining that a specified user group has the view authority of a specified report, the report data authority management system can acquire the report definition BODY BODY of the specified report from report definition information on one hand, and can check whether the report definition information is preset with the data authority macros or not on the other hand.
The report definition body is usually a dynamic database query statement, and the database query statement is formed by flexibly configuring the dimension and the measurement of the business report and is used for querying in a corresponding business database.
And S140, if the fact that the preset data authority macros exist in the first report definition body is determined, determining data authority macro classification values corresponding to the preset data authority macros, and injecting the data authority macro classification values into the first report definition body to obtain a second report definition body.
Specifically, the second report definition body refers to a report definition body including a data authority macro classification value. The report data authority management system injects the data authority macro classification value into the first report definition body for the purposes of: the report viewing authority is controlled.
S150, replacing variables in the second report definition body by using the values of the report request parameters to obtain an executable first database query statement, querying in a business database according to the first database query statement, and sending the queried first data result to a user.
Specifically, the first database query statement may be SQL (Structured Query Language ) or the like.
According to the embodiment, after receiving a report data access request sent by a user, a specified user group corresponding to the user can be determined according to the user identifier, a specified report requested to be accessed by the user is determined according to the report request parameter, when the specified user group is determined to have the view right of the specified report, a first report definition body of the specified report is obtained from preset report definition information, whether a preset data authority macro exists in the first report definition body is checked, and when the preset data authority macro exists in the first report definition body, a data authority macro classification value corresponding to the preset data authority macro is determined, the data authority macro classification value is injected into the first report definition body, a second report definition body is obtained, the variable in the second report definition body is replaced by the value of the report request parameter, an executable first database query statement is obtained, the first database query statement is queried in a business database according to the first database query statement, and the query statement is sent to the first report definition body, so that the data management result is improved, and the user-defined data management authority is achieved.
Further, on the basis of the above method embodiment, before executing S110, the method may further include:
and (1-1) reporting the report data authority, wherein the report data authority comprises a macro identifier and a classification value corresponding to the macro.
Specifically, the report data authority macros are declared in the report data authority management system and stored in a report knowledge base. The macro identifier of the data authority macro may be some character strings, and the classification value of the data authority macro may be an array.
Such as: the name of the macro is APPID, and the classification value corresponding to the macro is:
[video,music,read,movie,cartoon,game]。
(1-2) creating report definition, and referring to the data authority macro in the report definition to obtain report definition information, wherein the report definition information comprises: business system identification, report identification, data authority macro identification and report definition body. The business system identifier is used for representing the identifier of the business system which can be supported by the report data authority management system; the report definition body is used for representing dynamic database query sentences which are formed by flexibly configuring the dimension and the measurement of the business report and are used for querying corresponding business databases. In addition, the report definition information may further include: and screening the dimension identification.
Specifically, a report definition is created in a report data rights management system. The service system identifier in the report definition information may be identifiers of different service systems, which is used to illustrate that the report data authority management system supports selection of different service systems. The data authority macro identification in the report definition information is selected from the declared data authority macros. The report definition body in the report definition information is usually a dynamic database query statement, and is formed by flexibly configuring the dimension and the measurement of the business report, so as to directly query in the corresponding business database. The following are provided:
Figure BDA0002478945830000081
it can be seen that the report information of a plurality of different databases is defined and managed in a uniform format in the setting knowledge base.
(1-3) creating a user group, setting one or more declared data authority macros for the user group, and selecting a classification value of the corresponding data authority macros to obtain user group creation information, wherein the user group creation information comprises a user group identification and/or a user group name, and macro identification and a classification value of the data authority macros corresponding to the user group.
Specifically, a user group [ user group identifier, user group name, macro identifier of the data authority macro, and classification value of the data authority macro ] is created in the report data authority management system.
Such as: user group macro authority 1: user_group_001, app_manager, appid, [ music, carton ].
(1-4) setting report viewing authority of the user group to obtain a report authority list of the user group, wherein the report authority list of the user group comprises a user group identifier, a service system identifier and a report identifier.
Specifically, report viewing authority [ user group identification, service system identification, report identification ] of the user group is set in a report data authority management system.
Such as: user_group_001, bus_sys_001, 001001.
And (1-5) managing member users in the user group to obtain user group member management information, wherein the user group member management information comprises a user group identifier and a member user identifier.
Specifically, member users [ user group ids ] in the user group are managed in the report data authority management system.
Such as: user_group_001zhangsan;
user_group_001lisi。
in addition, the user group and the user may be a many-to-many mapping relationship, i.e., one user may belong to a plurality of user groups according to actual needs.
(1-6) saving the data rights macro, the report definition information, the user group creation information, the user group report rights list, and the user group member management information to a report repository.
In particular, the report repository is a database dedicated to storing report data rights management content, independent of all other business systems.
As can be seen from the above embodiments, by declaring the relevant data rights macros for the report data rights, then referencing the data rights macros in the report definition; and setting report viewing authority, macro identification and classification values of the user group, so that the data authority and the business logic are decoupled, and the business database is separated from the report knowledge base, thereby reducing business risks, and realizing simple configuration of the report and flexible control of unified authority.
Further, on the basis of the above method embodiment, when executing S120, the following implementation manner may be included, but is not limited to:
(2-1) verifying the identity of the user based on the user identification.
Specifically, after receiving a report data access request sent by a user, the report data authority management system can verify the identity of the user according to the user identifier; if the authentication result is passing, the subsequent process can be continued, and if the authentication result is not passing, the process is ended.
And (2-2) if the authentication result is passed, inquiring a user group to which the user belongs in a report knowledge base according to the user identification, and determining the inquired user group as the appointed user group.
Specifically, since the report knowledge base stores the mapping relationship between the user group and the user, when determining the user group, the determination can be performed through the report knowledge base. If the appointed user group is inquired, the subsequent flow can be continued, and if the appointed user group is not inquired, the flow is ended.
(2-3) detecting whether a report corresponding to the report request parameter exists in the report knowledge base.
Specifically, since the report knowledge bases are different, the report can be determined by the report knowledge bases when determining the report. If the appointed report is inquired, the subsequent process can be continued, and if the appointed report is not inquired, the process is ended.
And (2-4) if the report corresponding to the report request parameter is detected to exist in the report knowledge base, determining the detected report as the specified report.
According to the embodiment, after the user identity passes verification, the user group to which the user belongs can be queried in the report knowledge base according to the user identity, the queried user group is determined to be the appointed user group, the report corresponding to the report request parameter is detected in the report knowledge base, and the detected report is determined to be the appointed report, so that the reliability of report data authority management is improved.
Further, on the basis of the above method embodiment, when executing S130, the method may further include:
(3-1) acquiring a user group report authority list from a report knowledge base;
(3-2) querying the specified user group in the user group identification;
(3-3) if the appointed user group is inquired, inquiring the appointed report in the report identifier with the viewing authority corresponding to the appointed user group;
and (3-4) if the specified report is queried, determining that the specified user group has the viewing authority of the specified report.
According to the embodiment, when the appointed user group is determined to have the viewing authority of the appointed report, the user group report authority list can be obtained from the report knowledge base, the appointed report is queried in the report identifier corresponding to the appointed user group and having the viewing authority, and if the appointed report is queried, the appointed user group is determined to have the viewing authority of the appointed report, so that the accuracy of determining the viewing authority is improved.
Further, on the basis of the foregoing method embodiment, when determining, in the step S140, a data authority macro classification value corresponding to the preset data authority macro and injecting the data authority macro classification value into the first report definition body, the method may include:
(4-1) acquiring a data authority macro identifier from report definition information of a report knowledge base;
(4-2) obtaining the identity of the specified user group from the user group member management information in the report knowledge base;
(4-3) acquiring corresponding data authority macro classification values from user group creation information in the report knowledge base according to the data authority macro identification and the identification of the appointed user group;
and (4-4) injecting the preset data authority macro identifier and the data authority macro classification value into the first report definition body.
According to the embodiment, when the data authority macro classification value corresponding to the preset data authority macro is determined, the data authority macro identification can be obtained from the report definition information of the report knowledge base, the identification of the appointed user group is obtained from the user group member management information in the report knowledge base, the corresponding data authority macro classification value is obtained from the user group creation information in the report knowledge base according to the data authority macro identification and the identification of the appointed user group, and the preset data authority macro identification and the data authority macro classification value are injected into the first report definition body, so that the report data authority management efficiency is improved.
Further, on the basis of the above method embodiment, after executing S130, the method may further include:
and (5-1) if the preset data authority macros do not exist in the first report definition body, replacing variables in the first report definition body by using the values of the report request parameters to obtain executable second database query sentences, querying in a business database according to the second database query sentences, and sending the queried second data results to a user.
According to the embodiment, after the fact that the preset data authority macros do not exist in the first report definition body is determined, the variables in the first report definition body can be replaced by the values of the report request parameters, an executable second database query statement is obtained, query is conducted in a business database according to the second database query statement, and the queried second data result is sent to a user, so that report data authority management implementation modes are enriched, and report data authority management practicability is improved.
Fig. 2 is a schematic structural diagram of a report data access device according to an embodiment of the present invention; the device can be used for supporting the report data access function on the equipment; as shown in fig. 2, the report data accessing apparatus may include:
The receiving module 21 is configured to receive a report data access request sent by a user, where the report data access request includes a user identifier and a report request parameter;
the determining module 22 is configured to determine, according to the user identifier, a specified user group corresponding to the user, and determine, according to the report request parameter, a specified report that the user requests to access;
the checking module 23 is configured to obtain a first report definition body of the specified report from preset report definition information if it is determined that the specified user group has the viewing right of the specified report, and check whether a preset data right macro exists in the first report definition body; wherein, the report definition information includes: business system identification, report identification, macro identification of declared data authority macro and report definition body;
the injection module 24 is configured to determine a data authority macro classification value corresponding to a preset data authority macro if it is determined that the preset data authority macro exists in the first report definition body, and inject the data authority macro classification value into the first report definition body to obtain a second report definition body;
the first sending module 25 is configured to replace the variable in the second report definition body with the value of the report request parameter, obtain an executable first database query statement, query in the service database according to the first database query statement, and send the queried first data result to the user.
Further, on the basis of the above device embodiment, the method further includes:
the statement module is used for statement data authority macros related to statement data authority statement, wherein the data authority macros comprise macro identifications and classification values corresponding to macros;
the first creating module is used for creating report definition, and referring to the data authority macros in the report definition to obtain report definition information;
the second creating module is used for creating a user group, setting one or more declared data authority macros for the user group, and selecting a classification value of the corresponding data authority macros to obtain user group creating information, wherein the user group creating information comprises a user group identifier and/or a user group name, and macro identifiers of the data authority macros corresponding to the user group and classification values of the data authority macros;
the setting module is used for setting the report viewing authority of the user group to obtain a user group report authority list, wherein the user group report authority list comprises a user group identifier, a service system identifier and a report identifier;
the management module is used for managing member users in the user group to obtain user group member management information, wherein the user group member management information comprises a user group identifier and a member user identifier;
And the storage module is used for storing the data authority macros, the report definition information, the user group report authority list and the user group member management information into a report knowledge base.
Further, on the basis of the above device embodiment, the report definition information may further include: screening dimension identification; the service system identifier is used for representing the identifier of the service system which can be supported by the report data authority management system; the report definition body is used for representing dynamic database query sentences which are formed by flexibly configuring the dimension and the measurement of the business report and are used for querying corresponding business databases.
Further, on the basis of the above apparatus embodiment, the determining module 22 may include:
the verification sub-module is used for verifying the user identity according to the user identification;
the first inquiring sub-module is used for inquiring a user group to which the user belongs in the report knowledge base according to the user identification if the identity verification result is passed, and determining the inquired user group as the appointed user group;
the detection sub-module is used for detecting whether a report corresponding to the report request parameter exists in the report knowledge base;
And the first determining submodule is used for determining the detected report as the appointed report if the report corresponding to the report request parameter exists in the report knowledge base.
Further, on the basis of the above-described device embodiment, the inspection module 23 may include:
the first acquisition sub-module is used for acquiring a user group report authority list from a report knowledge base;
a second query sub-module, configured to query the user group identifier for the specified user group;
the third query sub-module is used for querying the appointed report in the report identifier with the viewing authority corresponding to the appointed user group if the appointed user group is queried;
and the second determining submodule is used for determining that the appointed user group has the viewing authority of the appointed report if the appointed report is inquired.
Further, on the basis of the above apparatus embodiment, the injection module 24 may include:
the second acquisition sub-module is used for acquiring the data authority macro identifier from the report definition information of the report knowledge base;
the third acquisition sub-module is used for acquiring the identification of the appointed user group from the user group member management information in the report knowledge base;
A fourth obtaining sub-module, configured to obtain, according to the preset data authority macro identifier and the identifier of the specified user group, a corresponding data authority macro classification value from the user group creation information in the report knowledge base;
and the injection submodule is used for injecting the preset data authority macro identifier and the data authority macro classification value into the first report definition body.
Further, on the basis of the above device embodiment, the method further includes:
and the second sending module is used for replacing the variable in the first report definition body by using the value of the report request parameter if the preset data authority macro does not exist in the first report definition body, obtaining an executable second database query statement, inquiring in a business database according to the second database query statement, and sending the inquired second data result to a user.
The report data access device in this embodiment may be used to execute the above method embodiment, and its principle and technical effects are similar, and are not described herein again.
Fig. 3 shows a schematic physical structure of an electronic device, as shown in fig. 3, where the electronic device may include: processor 301, communication interface (Communications Interface) 302, memory (memory) 303 and communication bus 304, wherein processor 301, communication interface 302, memory 303 accomplish the communication between each other through communication bus 304. The processor 301 may call logic instructions in the memory 303 to perform the following method:
Receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
determining a specified user group corresponding to the user according to the user identification, and determining a specified report which the user requests to access according to the report request parameters;
if the appointed user group is determined to have the checking right of the appointed report, acquiring a first report definition body of the appointed report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body; wherein, the report definition information includes: business system identification, report identification, macro identification of declared data authority macro and report definition body;
if the fact that the preset data authority macros exist in the first report definition body is determined, determining data authority macro classification values corresponding to the preset data authority macros, and injecting the data authority macro classification values into the first report definition body to obtain a second report definition body;
and replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a business database according to the first database query statement, and sending the queried first data result to a user.
It should be noted that, in this embodiment, the electronic device may be a server, a PC, or other devices in the specific implementation, so long as the structure of the electronic device includes a processor 301, a communication interface 302, a memory 303, and a communication bus 304 as shown in fig. 3, where the processor 301, the communication interface 302, and the memory 303 perform communication with each other through the communication bus 304, and the processor 301 may call logic instructions in the memory 303 to execute the above method. The embodiment does not limit a specific implementation form of the electronic device.
Further, the logic instructions in the memory 303 may be implemented in the form of software functional units and stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Further, embodiments of the present invention disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-described method embodiments, for example comprising:
receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
determining a specified user group corresponding to the user according to the user identification, and determining a specified report which the user requests to access according to the report request parameters;
if the appointed user group is determined to have the checking right of the appointed report, acquiring a first report definition body of the appointed report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body; wherein, the report definition information includes: business system identification, report identification, macro identification of declared data authority macro and report definition body;
if the fact that the preset data authority macros exist in the first report definition body is determined, determining data authority macro classification values corresponding to the preset data authority macros, and injecting the data authority macro classification values into the first report definition body to obtain a second report definition body;
And replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a business database according to the first database query statement, and sending the queried first data result to a user.
In another aspect, embodiments of the present invention further provide a non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor is implemented to perform the transmission method provided in the above embodiments, for example, including:
receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
determining a specified user group corresponding to the user according to the user identification, and determining a specified report which the user requests to access according to the report request parameters;
if the appointed user group is determined to have the checking right of the appointed report, acquiring a first report definition body of the appointed report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body; wherein, the report definition information includes: business system identification, report identification, macro identification of declared data authority macro and report definition body;
If the fact that the preset data authority macros exist in the first report definition body is determined, determining data authority macro classification values corresponding to the preset data authority macros, and injecting the data authority macro classification values into the first report definition body to obtain a second report definition body;
and replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a business database according to the first database query statement, and sending the queried first data result to a user.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A report data access method is characterized by comprising the following steps:
receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
determining a specified user group corresponding to the user according to the user identification, and determining a specified report which the user requests to access according to the report request parameters;
if the appointed user group is determined to have the checking right of the appointed report, acquiring a first report definition body of the appointed report from preset report definition information, and checking whether a preset data authority macro exists in the first report definition body; wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body, wherein the report definition body comprises a dynamic database query statement;
if the fact that the preset data authority macros exist in the first report definition body is determined, determining data authority macro classification values corresponding to the preset data authority macros, and injecting the data authority macro classification values into the first report definition body to obtain a second report definition body;
And replacing the variable in the second report definition body by using the value of the report request parameter to obtain an executable first database query statement, querying in a business database according to the first database query statement, and sending the queried first data result to a user.
2. The report data access method according to claim 1, wherein before receiving a report data access request sent by a user, the report data access request includes a user identifier and report request parameters, the report data access method further includes:
a data authority macro related to report data authority statement, wherein the data authority macro comprises macro identification and a classification value corresponding to the macro;
creating report definition, and referring to the data authority macros in the report definition to obtain report definition information;
creating a user group, setting one or more declared data authority macros for the user group, and selecting classification values of the corresponding data authority macros to obtain user group creation information, wherein the user group creation information comprises a user group identifier and a user group name, and macro identifiers of the data authority macros corresponding to the user group and classification values of the data authority macros;
Setting report viewing authority of the user group to obtain a report authority list of the user group, wherein the report authority list of the user group comprises a user group identifier, a service system identifier and a report identifier;
managing member users in the user group to obtain user group member management information, wherein the user group member management information comprises a user group identifier and a member user identifier;
and storing the data authority macros, the report definition information, the user group creation information, the user group report authority list and the user group member management information into a report knowledge base.
3. The report data access method according to claim 1 or 2, wherein the report definition information further includes: screening dimension identification;
the service system identifier is used for representing the identifier of the service system which can be supported by the report data authority management system; the report definition body is used for representing dynamic database query sentences which are formed by flexibly configuring the dimension and the measurement of the business report and are used for querying corresponding business databases.
4. The report data accessing method according to claim 1 or 2, wherein the determining the specified user group corresponding to the user according to the user identifier and determining the specified report requested to be accessed by the user according to the report request parameter includes:
Verifying the user identity according to the user identity;
if the identity verification result is passed, inquiring a user group to which the user belongs in a report knowledge base according to the user identification, and determining the inquired user group as the appointed user group;
detecting whether a report corresponding to the report request parameter exists in the report knowledge base;
and if the report corresponding to the report request parameter is detected to exist in the report knowledge base, determining the detected report as the specified report.
5. The report data access method of claim 2, wherein the determining that the specified user group has viewing rights for the specified report comprises:
acquiring a user group report authority list from a report knowledge base;
querying the user group identification for the specified user group;
if the appointed user group is inquired, inquiring the appointed report in a report identifier corresponding to the appointed user group and having viewing authority;
and if the appointed report is inquired, determining that the appointed user group has the viewing authority of the appointed report.
6. The report data access method according to claim 2, wherein the determining the data authority macro classification value corresponding to the preset data authority macro and injecting the data authority macro classification value into the first report definition body includes:
Acquiring a data authority macro identifier from report definition information of a report knowledge base;
acquiring the identification of the appointed user group from the user group member management information in the report knowledge base;
acquiring a corresponding data authority macro classification value from user group creation information in the report knowledge base according to the preset data authority macro identifier and the identifier of the appointed user group;
and injecting the preset data authority macro identifier and the data authority macro classification value into the first report definition body.
7. The report data access method of claim 1, further comprising:
if the fact that the preset data authority macros do not exist in the first report definition body is determined, replacing variables in the first report definition body by using values of report request parameters to obtain executable second database query sentences, querying in a business database according to the second database query sentences, and sending queried second data results to a user.
8. A report data access device, comprising:
the receiving module is used for receiving a report data access request sent by a user, wherein the report data access request comprises a user identifier and report request parameters;
The determining module is used for determining a specified user group corresponding to the user according to the user identification and determining a specified report which the user requests to access according to the report request parameters;
the checking module is used for acquiring a first report definition body of the specified report from preset report definition information and checking whether a preset data authority macro exists in the first report definition body if the specified user group is determined to have the view authority of the specified report; wherein, the report definition information includes: the system comprises a business system identifier, a report identifier, a macro identifier of a declared data authority macro and a report definition body, wherein the report definition body comprises a dynamic database query statement;
the injection module is used for determining a data authority macro classification value corresponding to the preset data authority macro if the preset data authority macro exists in the first report definition body, and injecting the data authority macro classification value into the first report definition body to obtain a second report definition body;
the first sending module is used for replacing the variable in the second report definition body by the value of the report request parameter to obtain an executable first database query statement, inquiring in a business database according to the first database query statement, and sending the inquired first data result to a user.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the report data access method of any of claims 1-7 when the program is executed by the processor.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor performs the steps of the report data access method of any of claims 1-7.
CN202010373255.8A 2020-05-06 2020-05-06 Report data access method and device, electronic equipment and storage medium Active CN111708992B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010373255.8A CN111708992B (en) 2020-05-06 2020-05-06 Report data access method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010373255.8A CN111708992B (en) 2020-05-06 2020-05-06 Report data access method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111708992A CN111708992A (en) 2020-09-25
CN111708992B true CN111708992B (en) 2023-07-14

Family

ID=72537102

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010373255.8A Active CN111708992B (en) 2020-05-06 2020-05-06 Report data access method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111708992B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112100183B (en) * 2020-09-28 2023-09-19 中国银行股份有限公司 Report query system, device and method based on label management
CN112287365A (en) * 2020-10-23 2021-01-29 烽火通信科技股份有限公司 Binary-based database permission control method, device, medium and system
CN112307052B (en) * 2020-10-28 2024-05-10 北京锐安科技有限公司 Data management method, service system, terminal and storage medium
CN112905978B (en) * 2021-02-20 2023-06-06 成都新希望金融信息有限公司 Authority management method and device
CN114500031B (en) * 2022-01-21 2024-06-04 浙江惠瀜网络科技有限公司 System, method, electronic equipment and medium for acquiring BI report based on single sign-on

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1416078A (en) * 2001-10-30 2003-05-07 艾默生网络能源有限公司 Data processing method of monitoring system
CN103546570A (en) * 2013-10-29 2014-01-29 小米科技有限责任公司 Method, device and terminal for achieving network client-side cross-domain data request
CN104461531A (en) * 2014-12-02 2015-03-25 福建工程学院 Implementing method for self-defined functions of reporting system
US9390240B1 (en) * 2012-06-11 2016-07-12 Dell Software Inc. System and method for querying data
CN107168940A (en) * 2017-03-29 2017-09-15 长春市万易科技有限公司 A kind of report generating system and method
CN107908659A (en) * 2017-10-17 2018-04-13 深圳前海微众银行股份有限公司 Data sheet collocation method, report platform and computer-readable recording medium
CN107918600A (en) * 2017-11-15 2018-04-17 泰康保险集团股份有限公司 report development system and method, storage medium and electronic equipment
CN109409119A (en) * 2017-08-17 2019-03-01 北京京东尚科信息技术有限公司 Data manipulation method and device
CN109492056A (en) * 2018-10-24 2019-03-19 江苏满运软件科技有限公司 A kind of method and system of business intelligence data inquiry
CN109815284A (en) * 2019-01-04 2019-05-28 平安科技(深圳)有限公司 A kind of method and apparatus of data processing
CN109902100A (en) * 2019-01-31 2019-06-18 平安科技(深圳)有限公司 Report form inquiring method, device and storage medium
CN110365670A (en) * 2019-07-08 2019-10-22 深圳壹账通智能科技有限公司 Blacklist sharing method, device, computer equipment and storage medium
CN110889142A (en) * 2019-12-20 2020-03-17 中国银行股份有限公司 Data authority management method, device, system and equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8844010B2 (en) * 2011-07-19 2014-09-23 Project Slice Aggregation of emailed product order and shipping information
US20190147182A1 (en) * 2017-11-15 2019-05-16 American Express Travel Related Services Company, Inc. Data Access System

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1416078A (en) * 2001-10-30 2003-05-07 艾默生网络能源有限公司 Data processing method of monitoring system
US9390240B1 (en) * 2012-06-11 2016-07-12 Dell Software Inc. System and method for querying data
CN103546570A (en) * 2013-10-29 2014-01-29 小米科技有限责任公司 Method, device and terminal for achieving network client-side cross-domain data request
CN104461531A (en) * 2014-12-02 2015-03-25 福建工程学院 Implementing method for self-defined functions of reporting system
CN107168940A (en) * 2017-03-29 2017-09-15 长春市万易科技有限公司 A kind of report generating system and method
CN109409119A (en) * 2017-08-17 2019-03-01 北京京东尚科信息技术有限公司 Data manipulation method and device
CN107908659A (en) * 2017-10-17 2018-04-13 深圳前海微众银行股份有限公司 Data sheet collocation method, report platform and computer-readable recording medium
CN107918600A (en) * 2017-11-15 2018-04-17 泰康保险集团股份有限公司 report development system and method, storage medium and electronic equipment
CN109492056A (en) * 2018-10-24 2019-03-19 江苏满运软件科技有限公司 A kind of method and system of business intelligence data inquiry
CN109815284A (en) * 2019-01-04 2019-05-28 平安科技(深圳)有限公司 A kind of method and apparatus of data processing
CN109902100A (en) * 2019-01-31 2019-06-18 平安科技(深圳)有限公司 Report form inquiring method, device and storage medium
CN110365670A (en) * 2019-07-08 2019-10-22 深圳壹账通智能科技有限公司 Blacklist sharing method, device, computer equipment and storage medium
CN110889142A (en) * 2019-12-20 2020-03-17 中国银行股份有限公司 Data authority management method, device, system and equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MES中实时报表组态运行软件的开发及应用;陈振林;《中国优秀硕士学位论文全文数据库-信息科技辑》;全文 *
Ronald J. Fehd.Journeymen"s Tools:Data Review Macro Freq All:Using Proc SQL List Processing with Dictionary.Columns to Eliminate Macro Do Loops.《Citeseer》.2003,全文. *

Also Published As

Publication number Publication date
CN111708992A (en) 2020-09-25

Similar Documents

Publication Publication Date Title
CN111708992B (en) Report data access method and device, electronic equipment and storage medium
US10296563B2 (en) Automated testing of perceptible web page elements
CN110598280B (en) Equipment simulation system and method and computer readable storage medium
US7865521B2 (en) Access control for elements in a database object
CA3091405A1 (en) Model training system and method, and storage medium
CN107633016B (en) Data processing method and device and electronic equipment
US8713368B2 (en) Methods for testing OData services
CN107092535B (en) Method and apparatus for data storage of test interface
US9665732B2 (en) Secure Download from internet marketplace
CN108540351B (en) Automatic testing method for distributed big data service
CN118193593A (en) XML-based configurable distributed caching method, system, equipment and medium
CN111858609A (en) Fuzzy query method and device for block chain
US10942924B2 (en) LOB query performance via automatic inference of locator-less LOB by value semantics
CN110321711A (en) Detect the method and system of application server SQL injection point
CN106933888A (en) Database configuration management system
CN115733666A (en) Password management method and device, electronic equipment and readable storage medium
CN112817997B (en) Method and device for accessing S3 object storage by using dynamic user by distributed computing engine
CN114915500A (en) Self-media account management method and device based on PC desktop client
CN110493326B (en) Zookeeper-based cluster configuration file management system and method
CN111209284B (en) Meta-data-based sub-table method and device
CN113626870A (en) Access control method, device, electronic equipment and storage medium
KR102289950B1 (en) Method for managing and validating data using taxonomy manager
CN110517010A (en) A kind of data processing method, system and storage medium
CN112579559A (en) Key value pair management verification method, device, equipment and storage medium
CN118468320B (en) Data authority control method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant