CN112597463A - Database data processing method, device and system - Google Patents
Database data processing method, device and system Download PDFInfo
- Publication number
- CN112597463A CN112597463A CN202011638686.9A CN202011638686A CN112597463A CN 112597463 A CN112597463 A CN 112597463A CN 202011638686 A CN202011638686 A CN 202011638686A CN 112597463 A CN112597463 A CN 112597463A
- Authority
- CN
- China
- Prior art keywords
- data processing
- information
- authority
- user
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 28
- 238000012545 processing Methods 0.000 claims abstract description 302
- 238000000034 method Methods 0.000 claims abstract description 38
- 238000012986 modification Methods 0.000 claims abstract description 29
- 230000004048 modification Effects 0.000 claims abstract description 29
- 238000004590 computer program Methods 0.000 claims description 17
- 238000010586 diagram Methods 0.000 description 13
- 238000004519 manufacturing process Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 11
- 238000002955 isolation Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 10
- 238000007792 addition Methods 0.000 description 5
- 238000012217 deletion Methods 0.000 description 5
- 230000037430 deletion Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000000007 visual effect Effects 0.000 description 5
- 238000012800 visualization Methods 0.000 description 5
- 238000000586 desensitisation Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000015572 biosynthetic process Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005553 drilling Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000013515 script Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000012916 structural analysis Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention provides a database data processing method, a device and a system, which can be used in the technical field of information security, wherein the method comprises the following steps: receiving a data processing request transmitted by a user; determining the authority information of the user according to the data processing request and the authority management information; and performing statement modification on the data processing request according to the permission information to obtain a data processing instruction, and transmitting the data processing instruction to a database to execute corresponding data processing operation.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to the field of information security technologies, and in particular, to a database data processing method, apparatus, and system.
Background
With the development of banking business and the continuous improvement of big data technology capability, the use demands of various business departments and basic level lines on production business data are increasing day by day, and data analysts or client managers of many business departments want to directly access the production data through SQL query statements, and can perform flexible query statistics and other processing on the production data.
Disclosure of Invention
The invention aims to provide a database data processing method, which is used for carrying out authority control on data processing and preventing user information from being leaked. Another object of the present invention is to provide a database data processing apparatus. It is a further object of this invention to provide a database data processing system. It is a further object of the present invention to provide a computer apparatus. It is a further object of this invention to provide such a readable medium.
In order to achieve the above object, the present invention discloses a database data processing method, including:
receiving a data processing request transmitted by a user;
determining the authority information of the user according to the data processing request and the authority management information;
and performing statement modification on the data processing request according to the authority information to obtain a data processing instruction, and transmitting the data processing instruction to a database to execute corresponding data processing operation.
Preferably, before receiving the data processing request transmitted by the user, the method further comprises:
receiving a data processing condition input by a user;
converting the data processing conditions into data processing statements;
and obtaining a data processing request according to the data processing statement and the user information.
Preferably, the determining the authority information of the user according to the data processing request and the authority management information specifically includes:
determining a target group corresponding to the user according to the user information in the data processing request and the user group in the authority management information;
and determining the authority information according to the authority table corresponding to the target group.
Preferably, the permission information includes a data table permission, and the obtaining of the data processing instruction by performing statement modification on the data processing request according to the permission information specifically includes:
determining the data table which can be accessed according to the data table authority;
and modifying the access data table information in the data processing request according to the data table to obtain a data processing instruction.
Preferably, the permission information includes a data permission, and the obtaining of the data processing instruction by performing statement modification on the data processing request according to the permission information specifically includes:
determining the accessible data range according to the data authority;
and modifying the data range of the data table accessed in the data processing request according to the data range to obtain a data processing instruction.
Preferably, the method further comprises the following steps:
determining the sensitive information authority of the user information according to the data processing request;
determining target data according to the data processing request;
and desensitizing the sensitive information in the target data according to the sensitive information authority and transmitting the desensitized sensitive information to a terminal.
Preferably, the method further comprises the following steps:
acquiring a data processing request and a processing result of data processing operation to obtain a processing record;
determining the processing success rate and the processing duration of the data processing request according to the processing record;
and if at least one of the processing success rate and the processing duration reaches an alarm condition, forming notification information and feeding the notification information back to the user.
The invention also discloses a database data processing device, which comprises:
the request receiving module is used for receiving a data processing request transmitted by a user;
the authority matching module is used for determining the authority information of the user according to the data processing request and the authority management information;
and the statement modification module is used for modifying the statement of the data processing request according to the authority information to obtain a data processing instruction and transmitting the data processing instruction to a database to execute corresponding data processing operation.
The invention also discloses a database data processing system, which comprises a terminal, a database data processing device and a database:
the terminal is used for forming a data processing request according to the data processing information of the user and transmitting the data processing request to the database data processing device;
the database data processing device is used for receiving a data processing request transmitted by a user; determining the authority information of the user according to the data processing request and the authority management information; and performing statement modification on the data processing request according to the authority information to obtain a data processing instruction, and transmitting the data processing instruction to a database to execute corresponding data processing operation.
The invention also discloses a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor,
the processor, when executing the program, implements the method as described above.
The invention also discloses a computer-readable medium, having stored thereon a computer program,
which when executed by a processor implements the method as described above.
The invention receives the data processing request transmitted by the user, and determines the authority information of the user according to the preset authority management information, thereby obtaining the authority of the user operable data. And further performing statement modification on the data processing request according to the authority information to obtain a final data processing instruction to transmit to the database, and implementing corresponding data processing operation on the data. According to the invention, the data processing instruction corresponding to the user authority is obtained by setting the authority management information to perform statement modification on the data processing request of the user, so that the processing of production data can be effectively controlled according to different user authorities, and the user information is prevented from being leaked.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow diagram illustrating one embodiment of a database data processing method of the present invention;
FIG. 2 is a flow diagram illustrating a database data processing method according to one embodiment of the present invention including forming a data processing request;
FIG. 3 is a flow chart of a database data processing method S200 according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating the formation of data processing instructions when the authority information includes the authority of a data table in S300 according to an embodiment of the database data processing method of the present invention;
FIG. 5 is a flowchart illustrating the formation of data processing instructions when the authority information includes data authority in an embodiment S300 of the database data processing method according to the present invention;
FIG. 6 is a flow chart of data processing including sensitive information permissions according to a specific embodiment of the database data processing method of the present invention;
FIG. 7 is a flow chart of a database data processing method including data processing process monitoring according to an embodiment of the present invention;
FIG. 8 is a flow chart showing a concrete example of the database data processing method of the present invention;
FIG. 9 is a flow chart of one embodiment of a database data processing apparatus of the present invention;
FIG. 10 shows a schematic block diagram of a computer device suitable for use in implementing embodiments of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the database data processing method and system disclosed in the present application may be used in the technical field of information security, and may also be used in any field other than the technical field of information security.
Considering that production data in financial fields such as banks generally contain sensitive information of users, processing operations such as querying and modifying the production data containing the sensitive information may cause leakage of the user information, and further may endanger privacy and property security of the users. Therefore, the invention provides a database data processing method, which is used for carrying out authority control on data processing and preventing user information from being leaked.
In order to implement the present invention, in one or more embodiments of the present invention, a database data processing apparatus for implementing the database data processing method is also provided. The database data processing device can be in communication connection with a plurality of user terminal devices, and the database data processing device can specifically access the user terminal devices through the application server.
It is understood that the terminal device may include a smart phone, a tablet electronic device, a network set-top box, a portable computer, a desktop computer, a Personal Digital Assistant (PDA), an in-vehicle device, a smart wearable device, and the like. Wherein, intelligence wearing equipment can include intelligent glasses, intelligent wrist-watch, intelligent bracelet etc..
In other embodiments of the present invention, the portion performing the database data processing may be executed by the database data processing apparatus as described above, or all the operations may be performed in the user terminal device. Specifically, the selection may be performed according to the processing capability of the user terminal device, the limitation of the user usage scenario, and the like. This is not a limitation of the present application. If all the operations are completed in the user terminal device, the user terminal device may further include a processor for performing database data processing.
The terminal device may have a communication module (i.e., a communication unit), and may be communicatively connected to a remote server to implement data transmission with the server. For example, the communication unit may transmit the data processing request to a server of the sort processing center so that the server performs database data processing according to the data processing request. The communication unit may also receive a processing result returned by the server. The server may include a server on the task scheduling center side, and in other implementation scenarios, the server may also include a server on an intermediate platform, for example, a server on a third-party server platform that is communicatively linked to the task scheduling center server. The server may include a single computer device, or may include a server cluster formed by a plurality of servers, or a server structure of a distributed apparatus.
The server and the client device may communicate using any suitable network protocol, including network protocols not yet developed at the filing date of this application. The network protocol may include, for example, a TCP/IP protocol, a UDP/IP protocol, an HTTP protocol, an HTTPS protocol, or the like. Of course, the network Protocol may also include, for example, an RPC Protocol (Remote Procedure Call Protocol), a REST Protocol (Representational State Transfer Protocol), and the like used above the above Protocol.
The database data processing method, the database data processing device, the electronic equipment and the computer readable storage medium receive a data processing request transmitted by a user, and determine the authority information of the user according to the preset authority management information, so that the authority of the user operable data is obtained. Furthermore, statement modification is carried out on the data processing request according to the authority information to obtain a final data processing instruction to be transmitted to the database, processing operation corresponding to the data is achieved, authority control can be carried out on the data processing, and user information leakage is prevented. According to one aspect of the invention, the embodiment discloses a database data processing method. As shown in fig. 1, in this embodiment, the method includes:
s100: and receiving a data processing request transmitted by a user.
Here, it is understood that the user may form the data processing request through the terminal and transmit the data processing request to the database data processing apparatus. Specifically, the user can perform human-computer interaction with the terminal, and the user inputs corresponding data processing information to the terminal through the human-computer interaction function of the terminal, where the data processing information may include data processing operations such as query, modification, addition, deletion, and the like of production data, and the data query may include a data table name, a condition range, a field name, and other query conditions. The terminal can form a corresponding data processing request according to the data processing information input by the user and transmit the data processing request to the database data processing device.
It should be noted that the data processing request may include user information and SQL statements. The user information may be used to identify the identity of the user, may include identification information such as a user name and a user level, and is used to calibrate the authority of the user. SQL (Structured Query Language) statements are one Language in which databases are operated upon. Structured query language is a database query and programming language for accessing data and querying, updating and managing relational database systems.
S200: and determining the authority information of the user according to the data processing request and the authority management information.
It can be understood that, the authority management information for managing and storing the authority information of the user can be preset, and the authority management information can store the user information and the corresponding authority information. After a data processing request transmitted by a terminal is received through a database data processing device, permission information corresponding to user information can be searched and obtained in preset permission management information according to the user information in the data processing request. The authority information is used for limiting the authority range of the user capable of processing the data of the database, and the authority of the user capable of performing data processing such as adding, deleting, modifying and inquiring on the data of the database is different according to the difference of the authority information. For example, a user with high authority may implement various data processing of data addition, deletion, modification and query, a user with low authority may only perform query processing on data of the database, and the authority management information may be flexibly set in advance according to needs, which is not limited by the present invention.
S300: and performing statement modification on the data processing request according to the authority information to obtain a data processing instruction, and transmitting the data processing instruction to a database to execute corresponding data processing operation.
It can be understood that the actual data processing of the database by the general data processing request is realized by SQL statements. The SQL statement in the data processing request can be subjected to structural analysis and parameter extraction to obtain the table and the field of the database data to be processed by the SQL statement, and parameters such as processing operation and the like. After each database processing parameter corresponding to the user data processing information obtained by analyzing the SQL statement is matched with the authority information of the user, whether the data processing information of the user is in the authority information range or not is determined, if the data processing information of the user exceeds the authority information of the user, the SQL statement in the data processing request can be adaptively modified according to the authority information of the user, the processing of the database data by the modified SQL statement is in the authority range of the user, and the problem of information safety which can be easily caused can be solved by all users.
The invention receives the data processing request transmitted by the user, and determines the authority information of the user according to the preset authority management information, thereby obtaining the authority of the user operable data. And further performing statement modification on the data processing request according to the authority information to obtain a final data processing instruction to transmit to the database, and implementing corresponding data processing operation on the data. According to the invention, the data processing instruction corresponding to the user authority is obtained by setting the authority management information to perform statement modification on the data processing request of the user, so that the processing of production data can be effectively controlled according to different user authorities, and the user information is prevented from being leaked.
In a preferred embodiment, as shown in fig. 2, the method further comprises, before receiving the data processing request transmitted by the user:
s010: and receiving a data processing condition input by a user.
S020: and converting the data processing conditions into data processing statements.
S030: and obtaining a data processing request according to the data processing statement and the user information.
It is understood that when the database data processing apparatus is integrated with the terminal, the user inputs corresponding data processing information through the human-computer interaction function of the terminal, the data processing information may include data processing operations such as query, modification, addition and deletion of production data, wherein the data query may include data table names, condition ranges, field names, and other query conditions. The database data processing device in the terminal can form a corresponding data processing request according to the data processing information input by the user. Specifically, the data processing request may include user information and an SQL statement. The user information may be used to identify the identity of the user, may include identification information such as a user name and a user level, and is used to calibrate the authority of the user. SQL (Structured Query Language) statements are one Language in which databases are operated upon. Structured query language is a database query and programming language for accessing data and querying, updating and managing relational database systems.
In one embodiment, the database data processing device may provide access to data processing requirements for users such as data analysts or business managers. Specifically, the database data processing device may include a sentence injection unit and a visualization unit. The statement injection unit converts data processing information formed according to user input or configuration into a standard SQL statement, the SQL statement can include query tables, query conditions, display fields and other query operation parameters, and in practical application, the SQL statement can also include other operation parameters, so that the data processing information of the user can be obtained by parameter extraction of the SQL statement. Of course, in other embodiments, the user is also supported to directly input a complex SQL statement, and the SQL statement and the user information form a data processing request and then transmit the data processing request to the database data processing apparatus for subsequent processing.
Further, in order to present the data processing result to the user, the data processing result may be presented to the user through a visualization unit. Preferably, the visualization unit may present the data processing result to the user in various forms, for example, for the data result obtained after query, the data query result may be presented in a form of a chart including a pie chart, a bar chart, a coordinate chart, a word cloud, a quadrant chart, a morgan chart, an indicator card, a thermodynamic diagram and other common charts, or a custom chart and other charts, and may further provide a filtering function of pull-down filtering of a date, a date interval, a numerical value interval and a text. Furthermore, display functions such as drilling data, hyperlinks, mobile phone ends and large-screen display can be extracted, and the requirements of personalized charts of users are met.
Preferably, the database data processing device may further include a visualization configuration unit. The visual configuration unit can configure the input and output information display styles so as to meet the requirements of various users. In a specific example, for the chart presentation, the visualization configuration unit may adopt two configurations including, but not limited to: the chart configuration is embedded into a database data processing device in a page form for what you see is what you get, and the business requirements of displaying fields and configuring chart styles in a self-defined mode, previewing the effect of customizing the chart in real time and finishing the statistical analysis of the data fast conversion chart are supported. The other is a drag type configuration: and field dragging, configuration dimension sequencing, index function calculation, configuration of specified screening field controls and data ranges are supported, and visual configuration of the chart is realized. The follow-up plan supports visual dragging and deploying operation scripts, so that the personalized operation requirements of the user are met quickly, and the use threshold of the user is reduced.
In a preferred embodiment, as shown in fig. 3, the determining, in S200, the authority information of the user according to the data processing request and the authority management information specifically includes:
s210: and determining a target group corresponding to the user according to the user information in the data processing request and the user group in the authority management information.
S220: and determining the authority information according to the authority table corresponding to the target group.
It will be appreciated that in the preferred embodiment, the user may be arranged in groups, each group corresponding to a permission level, and the range of permissions at which each permission level can process data is determined according to the supportable data processing operations. In a specific example, after receiving a data processing request transmitted by a user terminal through the database data processing device, user information including the number of user packets and the like can be obtained according to the data processing request. And further matching the number of the user group with the user group number in the authority management information to obtain the authority level of the user.
And presetting a permission table for each permission level, wherein the permission table comprises permission information of database data. For example, the authority table may set operation authorities for deletion, addition, modification, query, and the like of different data tables in the database, where each operation authority may also set authorities corresponding to isolation conditions such as time, amount, category, and the like, so as to implement authority limitation on data processing of multiple dimensions of a user.
It should be noted that, in other embodiments, the user information may further include information such as a terminal identifier, an IP address, a call time, and an interface for sending the data processing request, and the authority management information corresponding to the user information and the authority information is preset, so that the authority information corresponding to the data processing request may also be determined.
In a preferred embodiment, as shown in fig. 4, if the authority information includes a data table authority, the S300 performing statement modification on the data processing request according to the authority information to obtain a data processing instruction may specifically include:
s311: and determining the data table which can be accessed according to the data table authority.
S312: and modifying the access data table information in the data processing request according to the data table to obtain a data processing instruction.
The data processing method includes the steps that a data processing authority limit is set in authority limit information, and the data processing authority limit is set in a database.
Preferably, the data tables in the database (data lake) can be divided into different data table groups, such as a money table group, an account table group and the like, the access authority of each table group is different, the access control authority can be flexibly set, and each table setting is divided into different table groups for realizing the control of the authority. The data table authority in the authority table can comprise table groups accessible at different authority levels, after the authority table of the user is determined, the information of the table groups accessible by the authority levels of the user can be determined according to the authority table, the table set in the access table group is obtained, the table to be accessed and the tables in the table group are matched, and after the matching is successful, the user has the processing authority of accessing the table and the like. Accurate control of which tables a person can access is achieved.
In a preferred embodiment, as shown in fig. 5, the authority information includes a data authority, and the S300 performing statement modification on the data processing request according to the authority information to obtain a data processing instruction specifically includes:
s321: and determining the accessible data range according to the data authority.
S322: and modifying the data range of the data table accessed in the data processing request according to the data range to obtain a data processing instruction.
It can be understood that, in order to further control the data processing range of the data table in the database by the user, the data authority may be set in the authority information, that is, the isolation condition of the data table is preset, and the data range in each data table that the user can process may be limited according to the difference of the isolation condition corresponding to the data authority in the user authority information. In a specific example, different isolation conditions can be set for data in a data table, for example, for a user with a low permission level, only data before one year can be accessed at most, only the access amount is smaller than the preset amount, and the like, the isolation conditions of the table data can be set independently, or the isolation conditions of the table data can be set together with a data table group, so that data isolation management according to the group is realized, an SQL statement of the isolation conditions is added to a data processing request according to the permission level of the user, and thus, accurate control of which data in the table can be seen by a person can be realized.
It should be noted that, in this embodiment, performing statement modification on the SQL statement according to the permission information includes changing parameters in the SQL statement or adding a limitation parameter, so that a data range that can be processed by the SQL statement is within a data range specified by the user permission information, and a person skilled in the art can automatically modify the SQL statement according to the permission information according to actual needs, which is not described herein again.
In a preferred embodiment, as shown in fig. 6, the method further comprises:
s410: and determining the sensitive information authority of the user information according to the data processing request.
S420: and determining target data according to the data processing request.
S430: and desensitizing the sensitive information in the target data according to the sensitive information authority and transmitting the desensitized sensitive information to a terminal.
It will be appreciated that for financial industries such as banking, production data developed in a production system typically includes sensitive information about the user. In order to avoid leakage of sensitive information of the user, in the preferred embodiment, the permission of the sensitive information may be preset, that is, a field including the sensitive information of the user is set as the sensitive information, and the processing permission of the sensitive information corresponds to the user information. After the target data is determined according to the data processing request, desensitization processing can be carried out on the target data according to the sensitive information authority corresponding to the user information, and then the desensitization processing is returned to the user through the terminal.
The sensitive information of the user can comprise information such as a name, an identification number, a telephone and the like. The desensitization treatment for the sensitive information of the user can be various desensitization treatment modes such as encryption treatment, default value treatment or partial information hiding and the like. In a specific example, in the data query process, if it is determined that sensitive information exists in target data to be processed through the sensitive information authority, the sensitive information can be set as a default value, and the true value of the sensitive information is not returned to a user, so that the sensitive information of the user is prevented from being leaked.
In a preferred embodiment, as shown in fig. 7, the method further comprises the step of monitoring the data processing process:
s510: acquiring a data processing request and a processing result of data processing operation to obtain a processing record;
s520: determining the processing success rate and the processing duration of the data processing request according to the processing record;
s530: and if at least one of the processing success rate and the processing duration reaches an alarm condition, forming notification information and feeding the notification information back to the user.
It can be understood that the data processing request, the processing result returned to the terminal and other related processing information can be collected, the collected information can include the terminal identification, the ip address, the time for receiving the data processing request, the interface and the parameters in the request, and the database response time and the processing result of the data processing request can be collected.
In a specific example, the processing success rate and the average processing time of the data processing request may be summarized and counted at a minute level, and for an interface that receives the data processing request and has a failure rate exceeding a certain preset value, for example, 20% within a preset time period of the same terminal, or has an excessively long processing time, relevant processing information may be collected in time, notification information may be formed in a form of a mail to notify a corresponding developer, thereby implementing early warning in the event, and enabling a worker to analyze and optimize a service interface program for the interface having an excessively long response time and a high service failure rate.
The present invention will be further described below by way of a specific example. As shown in fig. 8, in this specific example, the database data processing method specifically includes:
s401: the user A drags a query condition or inputs a data SQL statement to perform data query on the visual query interface, for example, the user drags the configuration to query the fund flow detail of a certain client B in the last two years.
S402: converting the related dragging query conditions or statements into standard SQL statements, wherein the converted statements are as follows:
SELECT name, account, and date from the same person idcard, customer B's identification number and date < two years.
S403: performing statement explanation and splitting on a standard SQL statement, and acquiring a table amtgle, a field name, an account number, an amount running water amount, a date and a query condition parameter of the statement: identity card number.
S404: and the query statements are monitored and monitored by the module, and the success rate and the average duration of the call response are summarized and counted in minute levels.
S405: and judging whether the threshold is exceeded or errors occur, and if the threshold is exceeded, carrying out early warning or analysis by mail sending related development or monitoring personnel.
S406: and acquiring the authority of the access table group C according to the user group of the user A.
S407: and determining the authority of the table group C and the user group D according to the table group C where the access table is located, and determining whether the user can access the table.
S408: adding a data isolation condition to the SQL statement according to the isolation condition set by the access table, for example, if the isolation condition set by this table is one year, then his query condition becomes: idcard ═ customer B's identification number and date < one year.
S409: and processing the field sensitive information of the SQL statement according to the sensitive information set by the access table. For example, the account numbers in the tables are set as sensitive information, and the account number field information of the statement is directly changed into 'account number field sensitive'.
S410: and judging the addition and deletion of the table to change the authority, and assembling a new SQL statement according to the previous processing rule. The new statement is as follows: SELECT name, account number field sensitive, and account, date from the same name where idcard ═ customer B's identity and date < one year.
S411: and (3) performing data query in a data lake (database), returning a query or processing result to the visual interface, and obtaining the processing result by a user.
Based on the same principle, the embodiment also discloses a database data processing device. As shown in fig. 9, in the present embodiment, the apparatus includes a request receiving module 11, a permission matching module 12, and a statement modifying module 13.
The request receiving module 11 is configured to receive a data processing request transmitted by a user.
The permission matching module 12 is configured to determine permission information of the user according to the data processing request and the permission management information.
The statement modification module 13 is configured to perform statement modification on the data processing request according to the permission information to obtain a data processing instruction, and transmit the data processing instruction to a database to execute a corresponding data processing operation.
Since the principle of the device for solving the problems is similar to the method, the implementation of the device can refer to the implementation of the method, and the detailed description is omitted here.
Based on the same principle, the embodiment also discloses a database data processing system. The system comprises a terminal, a database data processing device and a database.
The terminal is used for forming a data processing request according to data processing information of a user and transmitting the data processing request to the database data processing device.
The database data processing device is used for receiving a data processing request transmitted by a user; determining the authority information of the user according to the data processing request and the authority management information; and performing statement modification on the data processing request according to the authority information to obtain a data processing instruction, and transmitting the data processing instruction to a database to execute corresponding data processing operation.
Since the principle of the system for solving the problem is similar to the above method, the implementation of the system can refer to the implementation of the method, and the detailed description is omitted here.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer device, which may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
In a typical example, the computer device comprises in particular a memory, a processor and a computer program stored on the memory and executable on the processor, which when executed by the processor implements the method as described above.
Referring now to FIG. 10, shown is a schematic diagram of a computer device 600 suitable for use in implementing embodiments of the present application.
As shown in fig. 10, the computer apparatus 600 includes a Central Processing Unit (CPU)601 which can perform various appropriate works and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM)) 603. In the RAM603, various programs and data necessary for the operation of the system 600 are also stored. The CPU601, ROM602, and RAM603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output section 607 including a Cathode Ray Tube (CRT), a liquid crystal feedback (LCD), and the like, and a speaker and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted as necessary on the storage section 608.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (11)
1. A database data processing method, comprising:
receiving a data processing request transmitted by a user;
determining the authority information of the user according to the data processing request and the authority management information;
and performing statement modification on the data processing request according to the authority information to obtain a data processing instruction, and transmitting the data processing instruction to a database to execute corresponding data processing operation.
2. The database data processing method of claim 1, further comprising, before receiving the data processing request transmitted by the user:
receiving a data processing condition input by a user;
converting the data processing conditions into data processing statements;
and obtaining a data processing request according to the data processing statement and the user information.
3. The database data processing method according to claim 1, wherein the determining the authority information of the user according to the data processing request and the authority management information specifically comprises:
determining a target group corresponding to the user according to the user information in the data processing request and the user group in the authority management information;
and determining the authority information according to the authority table corresponding to the target group.
4. The database data processing method according to claim 1, wherein the authority information includes a data table authority, and the performing statement modification on the data processing request according to the authority information to obtain a data processing instruction specifically includes:
determining the data table which can be accessed according to the data table authority;
and modifying the access data table information in the data processing request according to the data table to obtain a data processing instruction.
5. The database data processing method according to claim 1, wherein the authority information includes a data authority, and the performing statement modification on the data processing request according to the authority information to obtain a data processing instruction specifically includes:
determining the accessible data range according to the data authority;
and modifying the data range of the data table accessed in the data processing request according to the data range to obtain a data processing instruction.
6. The database data processing method according to claim 1, further comprising:
determining the sensitive information authority of the user information according to the data processing request;
determining target data according to the data processing request;
and desensitizing the sensitive information in the target data according to the sensitive information authority and transmitting the desensitized sensitive information to a terminal.
7. The database data processing method according to claim 1, further comprising:
acquiring a data processing request and a processing result of data processing operation to obtain a processing record;
determining the processing success rate and the processing duration of the data processing request according to the processing record;
and if at least one of the processing success rate and the processing duration reaches an alarm condition, forming notification information and feeding the notification information back to the user.
8. A database data processing apparatus, comprising:
the request receiving module is used for receiving a data processing request transmitted by a user;
the authority matching module is used for determining the authority information of the user according to the data processing request and the authority management information;
and the statement modification module is used for modifying the statement of the data processing request according to the authority information to obtain a data processing instruction and transmitting the data processing instruction to a database to execute corresponding data processing operation.
9. A database data processing system is characterized by comprising a terminal, a database data processing device and a database:
the terminal is used for forming a data processing request according to the data processing information of the user and transmitting the data processing request to the database data processing device;
the database data processing device is used for receiving a data processing request transmitted by a user; determining the authority information of the user according to the data processing request and the authority management information; and performing statement modification on the data processing request according to the authority information to obtain a data processing instruction, and transmitting the data processing instruction to a database to execute corresponding data processing operation.
10. A computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor,
the processor, when executing the program, implements the method of any of claims 1-7.
11. A computer-readable medium, having stored thereon a computer program,
the program when executed by a processor implementing the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011638686.9A CN112597463A (en) | 2020-12-31 | 2020-12-31 | Database data processing method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011638686.9A CN112597463A (en) | 2020-12-31 | 2020-12-31 | Database data processing method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112597463A true CN112597463A (en) | 2021-04-02 |
Family
ID=75206706
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011638686.9A Pending CN112597463A (en) | 2020-12-31 | 2020-12-31 | Database data processing method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112597463A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114036489A (en) * | 2021-11-11 | 2022-02-11 | 国网山东省电力公司 | Information security management method and system based on big data |
| CN117251871A (en) * | 2023-11-16 | 2023-12-19 | 支付宝(杭州)信息技术有限公司 | Data processing method and system for secret database |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108874863A (en) * | 2018-04-19 | 2018-11-23 | 华为技术有限公司 | A kind of control method and database access device of data access |
| CN109271807A (en) * | 2018-08-20 | 2019-01-25 | 深圳萨摩耶互联网金融服务有限公司 | The data safety processing method and system of database |
| CN109815284A (en) * | 2019-01-04 | 2019-05-28 | 平安科技(深圳)有限公司 | A kind of method and apparatus of data processing |
| CN110956431A (en) * | 2018-09-26 | 2020-04-03 | 富泰华工业(深圳)有限公司 | Data authority control method and system, computer device and readable storage medium |
| CN111460506A (en) * | 2020-04-03 | 2020-07-28 | 中国工商银行股份有限公司 | Data access control method and device |
| CN112069536A (en) * | 2020-08-31 | 2020-12-11 | 上海上讯信息技术股份有限公司 | Method and equipment for realizing desensitization access of database data |
-
2020
- 2020-12-31 CN CN202011638686.9A patent/CN112597463A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108874863A (en) * | 2018-04-19 | 2018-11-23 | 华为技术有限公司 | A kind of control method and database access device of data access |
| CN109271807A (en) * | 2018-08-20 | 2019-01-25 | 深圳萨摩耶互联网金融服务有限公司 | The data safety processing method and system of database |
| CN110956431A (en) * | 2018-09-26 | 2020-04-03 | 富泰华工业(深圳)有限公司 | Data authority control method and system, computer device and readable storage medium |
| CN109815284A (en) * | 2019-01-04 | 2019-05-28 | 平安科技(深圳)有限公司 | A kind of method and apparatus of data processing |
| CN111460506A (en) * | 2020-04-03 | 2020-07-28 | 中国工商银行股份有限公司 | Data access control method and device |
| CN112069536A (en) * | 2020-08-31 | 2020-12-11 | 上海上讯信息技术股份有限公司 | Method and equipment for realizing desensitization access of database data |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114036489A (en) * | 2021-11-11 | 2022-02-11 | 国网山东省电力公司 | Information security management method and system based on big data |
| CN117251871A (en) * | 2023-11-16 | 2023-12-19 | 支付宝(杭州)信息技术有限公司 | Data processing method and system for secret database |
| CN117251871B (en) * | 2023-11-16 | 2024-03-01 | 支付宝(杭州)信息技术有限公司 | Data processing method and system for secret database |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9348879B2 (en) | Data lineage transformation analysis | |
| US10496657B2 (en) | Displaying an interactive communication time series | |
| EP3267377B1 (en) | Identifying network security risks | |
| US11941137B2 (en) | Use of multi-faceted trust scores for decision making, action triggering, and data analysis and interpretation | |
| US10120923B2 (en) | Data discovery and analysis tool | |
| US10884891B2 (en) | Interactive detection of system anomalies | |
| CN107871083A (en) | Desensitize regular collocation method, application server and computer-readable recording medium | |
| CN110647522B (en) | Data mining method, device and system | |
| CN110266510B (en) | Network control strategy generation method and device, network control method and storage medium | |
| US20200104911A1 (en) | Dynamic monitoring and profiling of data exchanges within an enterprise environment | |
| US20170161855A1 (en) | Optimized small screen device to display visual elements in a real property dashboard involving predictive analytics | |
| CN112597463A (en) | Database data processing method, device and system | |
| CN115689752A (en) | Method, device and equipment for adjusting wind control rule and storage medium | |
| US20180253654A1 (en) | Generating rules based on patterns in a communication time series | |
| CN110618990B (en) | List report setting method, system and list report acquisition method | |
| CN108830441B (en) | Resource query method and device | |
| US20220365974A1 (en) | Computer-based systems and/or computing devices configured for assembling and executing directed acyclic graph recipes for assembling feature data for pattern recognition models | |
| KR102449831B1 (en) | Electronic device for providing information regarding new text, server for identifying new text and operation method thereof | |
| WO2019221060A1 (en) | Assist system and assist method | |
| CN114282674A (en) | Employee state prediction method and device, electronic equipment and computer readable medium | |
| CN117289840A (en) | Menu determination method, device, equipment, medium and product based on portrait tag | |
| CN114240220A (en) | Government affair data processing method, device, equipment, medium and program product | |
| CN116738490A (en) | Data desensitization processing method, device, equipment and storage medium | |
| CN115525908A (en) | Resource authority control method, device and storage medium | |
| CN114218240A (en) | Data changing method, device, equipment, medium and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |