CN113420327A - Data authority control method, system, electronic device and storage medium - Google Patents
Data authority control method, system, electronic device and storage medium Download PDFInfo
- Publication number
- CN113420327A CN113420327A CN202110699153.XA CN202110699153A CN113420327A CN 113420327 A CN113420327 A CN 113420327A CN 202110699153 A CN202110699153 A CN 202110699153A CN 113420327 A CN113420327 A CN 113420327A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- data access
- authority
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 230000007246 mechanism Effects 0.000 claims abstract description 146
- 238000001914 filtration Methods 0.000 claims abstract description 55
- 230000008520 organization Effects 0.000 claims abstract description 46
- 238000004590 computer program Methods 0.000 claims description 5
- 238000013075 data extraction Methods 0.000 claims description 5
- 239000000126 substance Substances 0.000 claims 1
- 238000012545 processing Methods 0.000 abstract description 12
- 238000011161 development Methods 0.000 abstract description 6
- 238000012544 monitoring process Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 16
- 230000006870 function Effects 0.000 description 9
- 239000000243 solution Substances 0.000 description 9
- 238000002955 isolation Methods 0.000 description 4
- 235000014510 cooky Nutrition 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000008447 perception Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of safety monitoring, and discloses a data authority control method, which comprises the following steps: the method comprises the steps that authority configuration is carried out on a system server side, and data access authority information of a user is injected into a user token according to a user authority control table; wherein, an organization code list of which the user has data access authority is stored in the user authority control table; capturing a data access request of a user through an interceptor, determining a mechanism code which accords with a data access authority in the data access request according to a token of the user, and further filtering mechanism codes which are not in the data access authority; and extracting data which accords with the data access authority of the user from a corresponding database according to the filtered data access request. By using the method and the system, the data access efficiency of the user can be improved, system developers do not need to pay attention to the authority processing problem of the data, the development efficiency can be improved, and the problem of data crossing caused by human negligence can be avoided.
Description
Technical Field
The present invention relates to the field of security monitoring technologies, and in particular, to a method and a system for controlling data permissions, an electronic device, and a computer-readable storage medium.
Background
In the development process of the intelligent agriculture-digital village integrated platform application system, due to the fact that the related mechanisms, project contents and access object hierarchy types are various, the problem of data authority needs to be frequently handled. For example, data of different organizations on the same level need to be isolated from each other, a superior organization can view data of a subordinate organization or can only view data of a current organization, the subordinate organization may have limited access to specific data of a peer organization or the superior organization, and the problem of file data access authority which needs to be noticed in the actual operation process can be uniformly summarized as the problem of data authority control of a large platform system.
In the past, when the problem of data permission is processed, developers need to manually set query conditions one by one according to actual permission requirements, and the method for setting the permission one by one not only can generate a large amount of redundant codes, but also is easy to miss, so that the permission is out of bounds. Meanwhile, in the intelligent agriculture-digital country integrated platform, as the mechanisms are numerous and have levels, a plurality of mechanisms also manage a plurality of sub-mechanisms, and the sub-mechanisms also have sub-mechanisms, all the sub-mechanisms contained in the current mechanism need to be inquired through recursion in order to inquire all data which can be checked by the current mechanism until the current mechanism does not contain the sub-mechanisms. The existing recursive query methods generally include the following three types:
1. and (5) querying a code loop. If the code loop mode is adopted for realizing the query code, although the loop code is simple to write, the query process needs to be established for many times and connected with different sub-organization databases, the processing load of the system is increased, and the query speed is low;
2. the database is queried recursively. If the database recursive query is used when the query code is realized, the requirement on the database processing capacity of developers is high, and part of databases do not support the recursive query, so that the recursive query mode of the database cannot be flexibly applied to all database queries;
3. redundant queries. Aiming at the problems that the intelligent agriculture-digital country integrated platform has various mechanisms and is diversified in name identification, if recursive query is carried out by adopting a field mode of redundancy all upper and lower mechanisms on all mechanism data tables, the query means is single and tedious, complex and changeable mechanism depth design in practical application cannot be met, all mechanism data tables need to be changed when the mechanism levels are changed, and later-stage system maintenance work is greatly increased.
For the terminal user, if data access is required in the intelligent agriculture-digital village integrated platform, due to different authorities of each person, the mechanism and/or the sub-mechanism data under the mechanism which can be accessed are different, and for the data access requirements of different mechanisms and different authority ranges under the same mechanism, the specific data access can be realized only by continuously performing frequent authority authentication after the system is logged in, which brings great inconvenience for operation.
Disclosure of Invention
The invention provides a data authority control method, a data authority control system, electronic equipment and a storage medium, and mainly aims to solve the problems of low data query speed, inconvenient system operation and two major problems of later maintenance work in the prior art.
In order to achieve the above object, the present invention provides a data authority control method applied to an electronic device, including:
the method comprises the steps that authority configuration is carried out on a system server side, and data access authority information of a user is injected into a user token according to a user authority control table prestored in the system server side; a field structure code is reserved in the user authority control table, the field structure code is used for coding all mechanisms related to the system according to a preset mechanism coding rule, and the data access authority information comprises a mechanism coding list of which a user has data access authority;
capturing a data access request of a user through an interceptor, determining a mechanism code which accords with the data access authority in the data access request according to a user token, and further performing data filtering on the data access request to filter out the mechanism code which is not in the data access authority;
and extracting data which accords with the data access authority of the user from the data access request of the user from a corresponding database according to the filtered data access request.
In order to solve the above problem, the present invention further provides a data authority control system, including:
the system comprises a permission configuration unit, a user token and a permission configuration unit, wherein the permission configuration unit is used for carrying out permission configuration at a system server and injecting data access permission information of a user into the user token according to a user permission control table prestored by the system server; a field structure code is reserved in the user authority control table, the field structure code is used for coding all mechanisms related to the system according to a preset mechanism coding rule, and the data access authority information comprises a mechanism coding list of which a user has data access authority;
the interception filtering unit is used for capturing a data access request of a user through an interceptor, determining the mechanism code which accords with the data access authority in the data access request according to a user token, and further filtering the data access request to filter the mechanism code which is not in the data access authority;
and the data extraction unit is used for extracting data which accords with the data access authority of the user from the data access request of the user from a corresponding database according to the filtered data access request.
In order to solve the above problem, the present invention also provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the steps of the aforementioned data permission control method.
In order to solve the above problem, the present invention further provides a computer-readable storage medium, in which at least one instruction is stored, and the at least one instruction is executed by a processor in an electronic device to implement the data authority control method described above.
According to the data authority control scheme provided by the invention, mechanisms related to an intelligent agriculture-digital country integrated platform are regularly coded according to preset rules to form a mechanism code list, data access authorities of users to the mechanisms related to the mechanism code list are embedded into a token at a system server, and when a client side puts forward a query request, the query request is intercepted by combining a data interception function of an interceptor in a system frame and the data access authorities of the users are directly analyzed from the token, so that data filtering conditions are added for the current query of the users, and therefore, the sensorless data filtering query is realized. By using the invention, system developers do not need to pay attention to the authority processing problem of the data, so that the development efficiency can be improved, and the problem of data border crossing caused by human negligence can be avoided.
Drawings
FIG. 1 is a flow chart illustrating a data right control method according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart illustrating a process of a user accessing a database through data authority control according to an embodiment of the present invention;
FIG. 3 is a block diagram of a logical structure of a data authority control system according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an internal structure of an electronic device implementing a data right control method according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Based on the problems in the prior art, the invention provides a solution for controlling data access authority from a user side, a mechanism code list is formed by regularly coding mechanisms related in an intelligent agriculture-digital country integrated platform according to preset rules, the data access authority of a user to the mechanisms related in the mechanism code list is embedded into a token at a system service side, when the user provides a query request through a client side, the query request is intercepted by combining a data interception function of an interceptor in a system frame, the data access authority of the user is directly analyzed from the token, and data filtering conditions are added for the current query of the user, so that the non-perception data filtering query is realized.
The invention provides a data authority control method. Fig. 1 is a schematic flow chart of a data right control method according to an embodiment of the present invention. The method may be performed by an apparatus, which may be implemented by software and/or hardware.
In this embodiment, the data authority control method includes:
s110: carrying out authority configuration at a system server, and injecting data access authority information of a user into a user token (token) according to a user authority control table prestored at the system server; and reserving a field architecture code org _ code in the user authority control table, wherein the field architecture code org _ code is used for encoding all organizations related to the system according to a preset organization encoding rule, and the data access authority information comprises an organization encoding list of which a user has data access authority.
Specifically, the user authority control table of the system server stores the data access authority of all users of the system, when a user logs in the system, the system determines the authority of the user according to the user login information and the user authority control table pre-stored in the system, and the user authority control table may be established and completed in the process of system creation and application, such as: and setting data access authority and the like for the users at the system server side by a system administrator according to the actual data access processing authority of each user.
When a user logs in the system, the system server side injects the data access authority of the logged-in user into the user token according to the login operation. For example, it is determined whether the login user is an administrator, and when the user logs in, the system server automatically injects the information about whether the user is an administrator into the user token.
The user token is issued to the client by the system server. And in the process of generating the system server side, the user token injects the data access authority of the user, and then the user token is put into the requestheader. After receiving the user token, the client carries with the user token in the following request process.
That is to say, after the user logs in successfully, the server generates a user token according to the user log in, acquires the data access right of the user token through query in the process of generating the user token, then places the data access right into the user token together for issuing to the user, and the user performs subsequent data access according to the user token.
The existing user authority authentication mode comprises token-based authentication and traditional session authentication.
The http protocol is a stateless protocol, and this means that if a user provides a user name and a password to a system application for user authentication, the user needs to perform user authentication again when requesting next time, because the system cannot know which user issued the request according to the http protocol, in order to make the system application recognize which user issued the request, only one piece of user login information can be stored in the server, and this login information is transferred to the browser in response, and is stored as a cookie to be sent to the system application when requesting next time, so that the system application can recognize which user the request came from, which is the traditional session-based authentication.
However, the session-based authentication makes the application itself difficult to expand, and as the number of different client users increases, an independent server cannot bear more users, and at this time, the problems of session-based authentication of the application become apparent, such as:
1. after each user is authenticated by the system application, the system application needs to make a record at the server side once so as to facilitate the authentication of the next request of the user, generally speaking, sessions are stored in a memory, and the overhead of the server side is obviously increased along with the increase of authenticated users.
2. After the user is authenticated, the server makes an authentication record, and if the authenticated record is stored in the memory, this means that the user must request on the server next time to obtain the authorized resource, so that in a distributed application, the capability of the load balancer is correspondingly limited, and the expansion capability of the application is also limited.
3. Since session is based on cookie for user identification, if a cookie is intercepted, the user is vulnerable to cross-site request forgery.
The token-based authentication mechanism is stateless like http protocol, and does not need to keep the authentication information or session information of the user at the service end. This means that the token authentication mechanism based application does not need to consider which server the user is logged on at, which provides convenience for application extension. Based on the above reasons, the invention adopts an authentication mechanism based on token in the specific implementation process.
In one embodiment of the present application, the data access right information includes the following three items: the system comprises an is _ admin, an org _ code _ list and an enable _ right _ light, wherein the is _ admin is used for identifying whether a current user is a super administrator, the super administrator is not controlled by data authority and can check all data; the org _ code _ list is an organization code list which can be checked by a current user, enable _ right _ light indicates whether to start right fuzzy query, if so, the data of all sub-organizations contained in the organization contained in the org _ code _ list can be queried, otherwise, the data query authority only has the organization listed in the org _ code _ list.
After the user logs in successfully, a user token is obtained, and then subsequent data access can be carried out according to the token in the requestheader, so that the data access authority analysis and data filtering can be carried out according to the token through the interceptor in the process of submitting the data access request.
S120: capturing a data access request of a user through an interceptor, determining a mechanism code which accords with the data access authority in the data access request according to a token of the user, and further performing data filtering on the data access request to filter out the mechanism code which is not in the data access authority.
Specifically, if a user sends a data access request to a certain database at a client, a user token is sent along with the data access request, and an interceptor can obtain the data access authority by capturing the data access request, analyzing the user token, and further filter the data access request of the user according to the data access authority.
After an interceptor captures a data access request sent by a user through a client, firstly analyzing user data access authority from a user token, and then injecting data filtering conditions for current query according to the user data access authority; and filtering data exceeding the user data access authority in the data access request, and determining authority data of the data access request, namely mechanism codes conforming to the data access authority.
After the data access requests which are limited by the exceeding-exceeding right are filtered, the corresponding database query extraction can be carried out on the data access requests which accord with the user right.
Among the existing system frameworks are many that can provide data interception plug-ins, such as MyBatis, MyBatis-Plus, etc. The interceptor of the system framework can intercept all data access requests and perform data filtering, namely adding filtering conditions to query statements of the user data access requests, thereby realizing authority control.
MyBatis is a persistent layer framework that supports generic SQL queries, stored procedures and advanced mappings, and can map interfaces and Java POJOs (Plain Ordinary Java Objects) into records in a database using simple XML or annotations for configuration and raw mapping. MyBatis-Plus (MP for short) is an enhancement tool of MyBatis, and is only enhanced on the basis of MyBatis without change, so that the MyBatis-Plus-MP-enhancement tool is used for simplifying development and improving efficiency. MyBatis and MyBatis-Plus can provide the required interceptor of this application, for the convenience of expression, in a data access authority's solution of this application, adopt the interceptor's platform International based on MyBatis-Plus to realize the interception of user's data access request and the filtration of authority access data.
In addition, the interceptor may also be implemented based on Hibernate, Jpa. Similar to Mybatis, Hibernate can realize a filter and an interceptor, can realize a related data interception function by inheriting an EmptyInterreceptor class, realizes an onSave () method of the EmptyInterreceptor class by the class, and can carry out related interception by calling the method when data is saved.
Specifically, as an example, the method for performing data filtering on the data access request to filter out mechanism codes which are not in the data access right includes:
determining a mechanism code list which can be viewed by a current user through the org _ code _ list, and filtering data which is not contained in the org _ code _ list and is requested by the user;
determining whether a current user starts a right fuzzy query or not through enable _ right _ light; if the right fuzzy query is started, the current user has the data query authority of all sub-organizations of the organization contained in the org _ code _ list; if the right fuzzy query is not opened, the current user only has the data query authority of the organization listed in the org _ code _ list.
S130: and extracting data which accords with the data access authority of the user from the data access request of the user from a corresponding database according to the filtered data access request.
The extracted data can be returned to the client through the interceptor, and data presentation is carried out from the client. The extracted authority data can also be transmitted to a target address specified by the data access request according to the data access request.
The specific details of the above-mentioned data right control method will be further detailed by specific implementation examples.
In a specific implementation manner of the present application, since the user data access right information is applied to an integrated platform of smart agriculture-digital rural area, which includes numerous organizations at different levels, the user data access right information in this embodiment at least includes an organization code list to which the user can access data, in order to facilitate the definition and filtering of the access right.
When designing an organization table organ, in order to identify the hierarchy between organizations, field structure codes need to be reserved for all tables requiring authority control: org _ code to facilitate quick location of the agencies. In the prior art, although a parent _ id field can also find hierarchical relationships layer by layer, the hierarchical relationship query in the parent _ id mode needs to write many additional codes, and the org _ code mode is simple and clear and is convenient for quick positioning.
Therefore, in a specific embodiment of the application, a paging interceptor pageationinterceptor is used for filtering all database requests in a Mybatis-Plus framework, an authority control table capable of normalizing query conditions is designed and added in the interceptor, and field architecture coding org _ code is reserved in the authority control table to realize data authority control of each organization level, so that the authority control table can simply, conveniently and quickly confirm data access authority of different hierarchies, and developers do not need to manually process limitations of various authority controls.
In another embodiment of the present application, the user data access right information may further include other more detailed right restriction information, such as whether unlimited data access is enjoyed, whether data access extending within the organization hierarchy is available, and the like.
As an example, fig. 2 shows a more specific implementation flow of the present solution. As shown in fig. 2, after the user logs in successfully at the client, the system server injects three attributes of is _ admin, org _ code _ list, enable _ right _ like into the user token by querying the data authority that the user has; the user token is used as identity authentication of the user access data authority, and not only comprises identity information such as a user id, but also comprises data access authority information of the user defined by the three attributes.
The is _ admin is used for identifying whether the current user is a super administrator, the super administrator can access any data, and the data access authority of the super administrator is not controlled by the data authority; the org _ code _ list is used for marking a mechanism code list which can be used for viewing data by a current user; enable _ right _ light indicates whether the current user starts the right fuzzy query, and the starting of the right fuzzy query indicates that the user can query the sub-agency data contained in the authority of the user.
In order to realize the quick positioning of each mechanism, in the application, the sub-mechanism data contained in the mechanism coding list is formed by adopting a preset mechanism coding rule; specifically, each level of mechanism is composed of N (N is an integer greater than 1) characters, and the lower level of mechanism comprises the code of the upper level of mechanism, and so on.
For example, the following steps are carried out: if each level of organization is represented using 3-bit encoding, department information is as follows:
the mechanism code formed by the coding rule can convert the mechanism ID which has no meaning and cannot identify the correlation relationship into the code with the hierarchical structure, and because the lower mechanism code comprises all the upper mechanism codes, when the inquiry is needed, the comprehensive inquiry of the data authority can be realized by adopting the right fuzzy inquiry, and simultaneously because the mechanism has the hierarchical structure of the data layer through the coding, the mechanism code can be managed by using the index.
Moreover, the mechanism code designed by the coding rule not only converts the mechanism information which can be obtained only through recursive query into the mechanism information which is expressed through embedded code, but also converts the coding information of the sub-mechanism into the coding information of all the upper-level mechanisms, and does not contain other mechanism information, thereby realizing the isolation of data authority and data, realizing the access of the mechanism data without introducing complex recursive query, and effectively solving the problem of poor performance of the recursive query in a plurality of mechanisms in the platform system.
After the codes are applied to the mechanisms at all levels, the codes can be applied to mechanism identification in the data access process.
Specifically, after a user initiates a data access request at a client, all data access requests are intercepted by an interceptor pageationinterposer, the data access request includes user identity information, a user token, data access information and other data access request information, and the interceptor performs corresponding data access authority filtering from user authority analyzed in the user token according to the data access request information.
Specifically, as an example, if is _ admin is true, it indicates that the user is a super administrator and has an unlimited right to access all data, so that all requested data can be viewed without adding data access right filtering. If is _ admin is false, which indicates that the user is not a super administrator, data access right filtering needs to be performed on the data requested by the user.
In the process of filtering the data access authority of the data requested by the user, the mechanism list of the current user needs to be injected into a query condition, firstly, the mechanism coding list of the data which can be checked by the current user is determined through the org _ code _ list, and the data which are not contained in the org _ code _ list in the data requested by the user are filtered; then, determining whether the current user starts the right fuzzy query or not through enable _ right _ light, wherein if enable _ right _ light is true, the right fuzzy query needs to be used: org _ code RLIKE 'org _ code | org _ code | org _ code | …', that is, the sub-agency data that the current user can query for the authority (agency in org _ code _ list) of the user; if enable _ right _ light is false, the sub-organization data cannot be queried: org _ code IN org _ code _ list; only the data of the organization listed in the org _ code _ list can be queried.
More specifically, as an example, if the data authority information of the current user is { is _ admin: true, org _ code _ list [ ], enable _ right _ light: false }, it indicates that the current user is an administrator, and all organization information can be viewed without authority filtering; if the data authority information of the current user is { is _ admin: false, org _ code _ list: [001001,002001], enable _ right _ light: true }, the current user represents that the current user is not an administrator, and the data of 'organization one sub-organization one', 'organization two sub-organization one' and all subordinate sub-organizations can be checked; if the data authority information of the current user is { is _ admin: false, org _ code _ list: [001001,002001], enable _ right _ light: false }, it indicates that the current user is not an administrator, and can view data of two organizations, namely organization one and organization two.
Due to the characteristics of the mechanisms, the number of the same-level mechanisms of some mechanisms is large, and the number of the same-level mechanisms of some mechanisms is small, so that in the specific application process, the length of each-level codes needs to be reasonably arranged when each-level mechanism is designed, if the number of each-level mechanisms is too large, longer codes can be adopted, and if the number of each-level mechanisms is small, shorter codes can be adopted, so that the space waste is avoided. For example, if only numbers are used, if the code length is 1, nine mechanisms including 1-9 can be accommodated in each stage, if the code length is 2, 99 mechanisms including 1-99 can be accommodated in each stage, and if the code length is three, 999 mechanisms including 1-999 can be accommodated in each stage, at this time, almost all enterprise architectures can be satisfied, and for most enterprises, it is difficult for each stage to exceed 99 mechanisms, so in a specific implementation manner of the present application, the length of the code of the mechanism represented by the numbers is set to 2, which not only takes the margin into consideration, but also avoids the waste of the code. If the encoding uses a combination of letters and numbers, the amount of data that can be accommodated per stage will be greater.
According to the data authority control method provided by the application, the authority of the user data is injected into the token of the user through the authority injection of the system server, the authority can be effective in real time along with the request of the user, all the user requests are captured through a PaginationInterreceptor interceptor, the data filtering condition is added into the query statement through the interceptor, and the data filtering without perception is realized; by utilizing the solution of the data access permission provided by the invention, system developers do not need to pay attention to the permission processing problem of the data, so that the development efficiency can be improved, and the problem of data border crossing caused by human negligence can be avoided.
In addition, the invention also converts the mechanism information which can be obtained only through recursion query into the representation through embedded coding by designing coding, the coding information of the sub-mechanism comprises the coding information of all superior mechanisms but does not comprise other mechanism information, only one field is needed, and all superior mechanism information is hidden, thus only the coding of the current mechanism is needed, the related data of the current mechanism and all subordinate mechanisms can be queried, and the index can be used, the isolation of data authority and data is realized, and the complex recursion query is not needed to be introduced.
Corresponding to the data authority control method, the invention also provides a data authority control system. Fig. 3 illustrates functional modules of a data authority control system according to an embodiment of the present invention.
As shown in fig. 3, the data right control system 300 provided by the present invention can be installed in an electronic device. Depending on the implemented functions, the data right control system 300 may include a right configuration unit 310, an interception filter unit 320, and a data extraction unit 330. The units of the invention, which may also be referred to as modules, refer to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a certain fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the authority configuration unit 310 is configured to perform authority configuration at a system server, and inject data access authority information of a user into a user token according to a user authority control table prestored in the system server; a field architecture code org _ code is reserved in the user authority control table, the field architecture code org _ code is used for encoding all organizations related to the system according to a preset organization encoding rule, and the data access authority information comprises an organization encoding list of which a user has data access authority;
the interception filtering unit 320 is configured to capture a data access request of a user through an interceptor, determine an organization code in the data access request, which meets the data access right, according to a token of the user, and further perform data filtering on the data access request to filter out the organization code that is not in the data access right;
the data extracting unit 330 is configured to extract, according to the filtered data access request, data that conforms to the data access permission of the user from the data access request of the user from a corresponding database.
The authority configuration unit 310 is arranged at the system server, and injects the data access authority information of the user into the user token according to a user authority control table pre-stored at the system server, so that the user carries the data access authority information through the user token when initiating a data access request, and the data access authority information is provided for the interception and filtering unit to perform authority identification and filtering processing.
In one embodiment of the present application, the data access right information may include the following three items: is _ admin, org _ code _ list, enable _ right _ light. The is _ admin is used for identifying whether the current user is a super administrator, and the super administrator is not controlled by data authority and can check all data; the org _ code _ list is an organization code list which can be checked by a current user, enable _ right _ light indicates whether to start right fuzzy query, if so, the data of all sub-organizations contained in the organization contained in the org _ code _ list can be queried, otherwise, the data query authority only has the organization listed in the org _ code _ list.
If a user sends a data access request to a certain database at a client, the user token is sent along with the data access request, and the interception filtering unit 320 can filter the data access request of the user according to the data access authority by capturing the data access request, analyzing the user token and obtaining the data access authority.
Specifically, after the interception filtering unit 320 captures a data access request sent by a user through a client, a user data access right is firstly analyzed from a user token, and then a data filtering condition is injected for the current query according to the user data access right; and filtering data exceeding the user data access authority in the data access request, and determining authority data of the data access request, namely mechanism codes conforming to the data access authority. After the data access requests that exceed the override limits are filtered, the data extraction unit 330 may perform corresponding database query extraction on the data access requests that meet the user authority.
In another embodiment of the present invention, the intercepting filter unit 320 further includes a request intercepting unit 321, an authority parsing unit 322, and a filter unit 323, wherein the request intercepting unit 321 is configured to intercept a data access request of a capturing user; the authority analyzing unit 322 is configured to analyze the data access authority of the user according to the user token in the intercepted data access request of the captured user, and determine an organization code in the data access request of the user, which conforms to the data access authority; the filtering unit 323 performs filtering processing on the data access request of the user according to the data access right, that is, performs data filtering on the data access request to filter mechanism codes which are not in the data access right.
More specifically, the filtering unit 323 further includes a mechanism code filtering unit and a right fuzzy query filtering unit (not shown in fig. 3). The mechanism code filtering unit is used for determining a mechanism code list which can be used by a current user for viewing data through org _ code _ list, and filtering data which are not contained in org _ code _ list in data requested by the user; the right fuzzy query filtering unit is used for determining whether the current user starts the right fuzzy query or not through enable _ right _ light; if the right fuzzy query is started, the current user has the data query authority of all sub-organizations of the organization contained in the org _ code _ list; if the right fuzzy query is not opened, the current user only has the data query authority of the organization listed in the org _ code _ list.
After the intercepting filter unit 320 completes the filtering of the data access request, the data extracting unit 330 may extract data that conforms to the data access authority of the user from the corresponding database according to the filtered data access request.
In another embodiment of the present invention, the data authority control system 300 may further include an access data feedback unit (not shown in fig. 3) for returning the extracted data to the client via the interceptor for data presentation from the client after the data extraction unit 330 extracts the data conforming to the data access authority of the user; or the extracted authority data is transmitted to the target address specified by the data access request according to the related feedback indication information recorded in the data access request.
It should be noted that the user data access right information in the present invention is not limited to the above three types, and may be specifically limited according to the specific application platform characteristics. In a specific implementation manner of the present application, since it is applied to an integrated platform of smart agriculture-digital rural area, which includes a plurality of organizations at different levels, in order to facilitate defining and filtering access rights, the user data access rights information in this embodiment at least includes a mechanism code list that the user can access data.
In an embodiment of the present invention, the data authority control system 300 may further include an organization coding unit, configured to code all organizations involved in the platform system according to a preset organization coding rule, so as to identify a hierarchy among the organizations and a fast location of each organization. In this embodiment, the sub-mechanism data included in the mechanism code list formed by the mechanism coding unit is formed by using a preset mechanism coding rule; specifically, each level of mechanism is composed of N (N is an integer greater than 1) characters, and the lower level of mechanism comprises the code of the upper level of mechanism, and so on.
For example, the following steps are carried out: if each level of organization is represented using 3-bit encoding, department information is as follows:
the mechanism code formed by the coding rule can convert the mechanism ID which has no meaning and cannot identify the correlation relationship into the code with the hierarchical structure, and because the lower mechanism code comprises all the upper mechanism codes, when the inquiry is needed, the comprehensive inquiry of the data authority can be realized by adopting the right fuzzy inquiry, and simultaneously because the mechanism has the hierarchical structure of the data layer through the coding, the mechanism code can be managed by using the index.
Moreover, the mechanism code formed by the mechanism coding unit not only converts the mechanism information which can be obtained only through recursive query into the mechanism information which is represented through embedded code, but also converts the coding information of the sub-mechanism into the coding information of all the upper-level mechanisms, but not other mechanism information, thereby realizing the isolation of data authority and data, realizing the access of the mechanism data without introducing complex recursive query, and effectively solving the problem of poor performance of the recursive query in a plurality of mechanisms in the platform system.
After the codes are applied to the mechanisms at all levels, the codes can be applied to mechanism identification in the data access process.
More specific implementation manners of the data permission control system provided by the present invention can be described with reference to the above embodiments of the data permission control method, and are not listed here.
According to the data authority control system, user data access authority information including an accessible mechanism coding list and the like is injected into a user token through authority injection of a system server, the user data access authority information can take effect in real time along with a user request, all the user requests are captured through a PaginationInterreceptor interceptor, data filtering conditions are added into query statements through the interceptor, and therefore, the non-perception data filtering is achieved; by utilizing the solution of the data access authority provided by the invention, not only index query is realized through mechanism coding, but also data authority and data isolation are realized, and compared with the prior method of traversing subordinate mechanisms or redundant fields through recursion, the data query efficiency is greatly improved; moreover, system developers do not need to pay attention to the authority processing problem of the data, development efficiency can be improved, and the problem of data border crossing caused by human negligence can be avoided.
Fig. 4 is a schematic structural diagram of an electronic device implementing the data right control method according to the present invention.
The electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program, such as a data right control program 12, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, and the readable storage medium includes a flash memory, a removable hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, for example a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as codes of a data authority control program, but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 1 by running or executing programs or modules (e.g., data authority Control programs, etc.) stored in the memory 11 and calling data stored in the memory 11.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 4 only shows an electronic device with components, and it will be understood by those skilled in the art that the structure shown in fig. 4 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so as to implement functions of charge management, discharge management, power consumption management, and the like through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used for establishing a communication connection between the electronic device 1 and other electronic devices.
Optionally, the electronic device 1 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the embodiments described are for illustrative purposes only and that the scope of the claimed invention is not limited to this configuration.
The memory 11 in the electronic device 1 is a computer-readable storage medium, and at least one instruction is stored in the computer-readable storage medium, and the at least one instruction is executed by a processor in the electronic device to implement the data authority control method described above. Specifically, as an example, the data authority control program 12 stored in the memory 11 is a combination of a plurality of instructions, and when running in the processor 10, can implement:
carrying out authority configuration at a system server, and injecting data access authority information of a user into a user token according to a user authority control table prestored in the system server; a field architecture code org _ code is reserved in the user authority control table, the field architecture code org _ code is used for encoding all organizations related to the system according to a preset organization encoding rule, and the data access authority information comprises an organization encoding list of which a user has data access authority;
capturing a data access request of a user through an interceptor, determining a mechanism code which accords with the data access authority in the data access request according to a token of the user, and further performing data filtering on the data access request to filter out the mechanism code which is not in the data access authority;
and extracting data which accords with the data access authority of the user from the data access request of the user from a corresponding database according to the filtered data access request.
Optionally, the data access permission information includes is _ admin, org _ code _ list, enable _ right _ like, where the is _ admin is used to identify whether the current user is a super administrator, and the super administrator is not controlled by the data permission and can view all data; the org _ code _ list is used for identifying a mechanism code list of which the current user can view data; enable _ right _ light is used for identifying whether a right fuzzy query is started or not, and the right fuzzy query is used for querying sub-agency data contained in an agency.
Optionally, the capturing, by the interceptor, the data access request of the user, and determining, according to the token of the user, the mechanism code in the data access request, which conforms to the data access right, includes:
capturing a data access request sent by a user at a client to a database through an interceptor, wherein the user token is sent along with the data access request;
analyzing the token according to the data access request, and determining the mechanism code which accords with the data access authority in the data access request according to the data access authority information in the user token.
Optionally, the method for data filtering the data access request to filter out mechanism codes which are not in the data access right includes:
determining a mechanism code list which can be viewed by a current user through the org _ code _ list, and filtering data which is not contained in the org _ code _ list and is requested by the user;
determining whether a current user starts a right fuzzy query or not through enable _ right _ light; if the right fuzzy query is started, the current user has the data query authority of all sub-organizations of the organization contained in the org _ code _ list; if the right fuzzy query is not opened, the current user only has the data query authority of the organization listed in the org _ code _ list.
Optionally, after extracting, according to the filtered data access request, data that conforms to the data access right of the user in the data access request of the user from a corresponding database, the method further includes:
returning the extracted data to the client through the interceptor, and displaying the data from the client; and/or transmitting the extracted data to a target address specified by the data access request according to the data access request.
Optionally, the preset organization coding rule includes: each level of mechanism is composed of N characters, and the lower level mechanism code comprises an upper level mechanism code; wherein N is an integer of 2 or more.
Optionally, the interceptor is implemented based on one of MyBatis, MyBatis-Plus, Hibernate, Jpa.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
In the embodiments provided by the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (10)
1. A data authority control method is applied to an electronic device and is characterized by comprising the following steps:
the method comprises the steps that authority configuration is carried out on a system server side, and data access authority information of a user is injected into a user token according to a user authority control table prestored in the system server side; a field structure code is reserved in the user authority control table, the field structure code is used for coding all mechanisms related to the system according to a preset mechanism coding rule, and the data access authority information comprises a mechanism coding list of which a user has data access authority;
capturing a data access request of a user through an interceptor, determining a mechanism code which accords with the data access authority in the data access request according to a user token, and further performing data filtering on the data access request to filter out the mechanism code which is not in the data access authority;
and extracting data which accords with the data access authority of the user from the data access request of the user from a corresponding database according to the filtered data access request.
2. The data authority control method of claim 1, wherein the data access authority information includes is admin, org code list, enable right list, wherein,
the is _ admin is used for identifying whether the current user is a super administrator, and the super administrator is not controlled by data authority and can check all data;
the org _ code _ list is used for identifying a mechanism code list of which the current user can view data;
enable _ right _ light is used for identifying whether a right fuzzy query is started or not, and the right fuzzy query is used for querying sub-agency data contained in an agency.
3. The data authority control method of claim 2, wherein the capturing the data access request of the user by the interceptor, determining the mechanism code in the data access request according with the data access authority according to the user token, comprises:
capturing a data access request sent by a user at a client to a database through an interceptor, wherein the user token is sent with the data access request;
and analyzing the user token according to the data access request, and determining the mechanism code which accords with the data access authority in the data access request according to the data access authority information in the user token.
4. The method of data authority control as recited in claim 3 wherein the method of data filtering the data access request to filter out authority codes that are not within the data access authority comprises:
determining a mechanism code list which can be viewed by a current user through the org _ code _ list, and filtering data which is not contained in the org _ code _ list and is requested by the user;
determining whether a current user starts a right fuzzy query or not through enable _ right _ light; if the right fuzzy query is started, the current user has the data query authority of all sub-organizations of the organization contained in the org _ code _ list; if the right fuzzy query is not opened, the current user only has the data query authority of the organization listed in the org _ code _ list.
5. The data authority control method of claim 1, further comprising, after extracting data in the data access request of the user that conforms to the data access authority of the user from a corresponding database according to the filtered data access request:
returning the extracted data to the client through the interceptor, and displaying the data from the client; and/or the presence of a gas in the gas,
and transmitting the extracted data to a target address specified by the data access request according to the data access request.
6. The data right control method according to claim 5, wherein the preset authority encoding rule includes: each level of mechanism is composed of N characters, and the lower level mechanism code comprises an upper level mechanism code; wherein N is an integer of 2 or more.
7. The data permission control method of claim 6, wherein the interceptor is implemented based on one of MyBatis, MyBatis-Plus, Hibernate, Jpa.
8. A data right control system, characterized in that the system comprises:
the system comprises a permission configuration unit, a user token and a permission configuration unit, wherein the permission configuration unit is used for carrying out permission configuration at a system server and injecting data access permission information of a user into the user token according to a user permission control table prestored by the system server; a field structure code is reserved in the user authority control table, the field structure code is used for coding all mechanisms related to the system according to a preset mechanism coding rule, and the data access authority information comprises a mechanism coding list of which a user has data access authority;
the interception filtering unit is used for capturing a data access request of a user through an interceptor, determining the mechanism code which accords with the data access authority in the data access request according to a user token, and further filtering the data access request to filter the mechanism code which is not in the data access authority;
and the data extraction unit is used for extracting data which accords with the data access authority of the user from the data access request of the user from a corresponding database according to the filtered data access request.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the steps of the data permission control method of any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements a data right control method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110699153.XA CN113420327A (en) | 2021-06-23 | 2021-06-23 | Data authority control method, system, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110699153.XA CN113420327A (en) | 2021-06-23 | 2021-06-23 | Data authority control method, system, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113420327A true CN113420327A (en) | 2021-09-21 |
Family
ID=77716379
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110699153.XA Pending CN113420327A (en) | 2021-06-23 | 2021-06-23 | Data authority control method, system, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113420327A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107465641A (en) * | 2016-06-02 | 2017-12-12 | 上海海典软件股份有限公司 | Based on three-tier architecture software systems and its data request method |
| CN110334545A (en) * | 2019-06-28 | 2019-10-15 | 北京淇瑀信息科技有限公司 | A kind of authority control method based on SQL, device and electronic equipment |
| CN111079104A (en) * | 2019-11-21 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Authority control method, device, equipment and storage medium |
| WO2020233039A1 (en) * | 2019-05-22 | 2020-11-26 | 深圳壹账通智能科技有限公司 | User operation permission control method and apparatus, device, and medium |
| CN112149108A (en) * | 2020-09-15 | 2020-12-29 | 京东数字科技控股股份有限公司 | Access control method, device, electronic equipment and storage medium |
| CN112446022A (en) * | 2020-12-14 | 2021-03-05 | 招商局金融科技有限公司 | Data authority control method and device, electronic equipment and storage medium |
| CN112615849A (en) * | 2020-12-15 | 2021-04-06 | 平安科技(深圳)有限公司 | Micro-service access method, device, equipment and storage medium |
| CN112818391A (en) * | 2021-01-26 | 2021-05-18 | 四川天翼网络服务有限公司 | Permission control method based on tangent plane programming |
-
2021
- 2021-06-23 CN CN202110699153.XA patent/CN113420327A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107465641A (en) * | 2016-06-02 | 2017-12-12 | 上海海典软件股份有限公司 | Based on three-tier architecture software systems and its data request method |
| WO2020233039A1 (en) * | 2019-05-22 | 2020-11-26 | 深圳壹账通智能科技有限公司 | User operation permission control method and apparatus, device, and medium |
| CN110334545A (en) * | 2019-06-28 | 2019-10-15 | 北京淇瑀信息科技有限公司 | A kind of authority control method based on SQL, device and electronic equipment |
| CN111079104A (en) * | 2019-11-21 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Authority control method, device, equipment and storage medium |
| CN112149108A (en) * | 2020-09-15 | 2020-12-29 | 京东数字科技控股股份有限公司 | Access control method, device, electronic equipment and storage medium |
| CN112446022A (en) * | 2020-12-14 | 2021-03-05 | 招商局金融科技有限公司 | Data authority control method and device, electronic equipment and storage medium |
| CN112615849A (en) * | 2020-12-15 | 2021-04-06 | 平安科技(深圳)有限公司 | Micro-service access method, device, equipment and storage medium |
| CN112818391A (en) * | 2021-01-26 | 2021-05-18 | 四川天翼网络服务有限公司 | Permission control method based on tangent plane programming |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112615849B (en) | Micro-service access method, device, equipment and storage medium | |
| CN106874461B (en) | A kind of workflow engine supports multi-data source configuration security access system and method | |
| KR102514325B1 (en) | Model training system and method, storage medium | |
| CN103023918B (en) | The mthods, systems and devices logged in are provided for multiple network services are unified | |
| US7356840B1 (en) | Method and system for implementing security filters for reporting systems | |
| US8745088B2 (en) | System and method of performing risk analysis using a portal | |
| CN105450636A (en) | Cloud computing management system and management method of cloud computing management system | |
| US8051168B1 (en) | Method and system for security and user account integration by reporting systems with remote repositories | |
| CN101208702A (en) | Architecture for computer-implemented authentication and authorization | |
| US20100106712A1 (en) | Search system | |
| CN113434901A (en) | Intelligent data query method and device, electronic equipment and storage medium | |
| CN112446022A (en) | Data authority control method and device, electronic equipment and storage medium | |
| US7801967B1 (en) | Method and system for implementing database connection mapping for reporting systems | |
| CN110719298A (en) | Method and device for supporting user-defined change of privileged account password | |
| CN110659418A (en) | Content searching method and device, storage medium and computing equipment | |
| CN112287326A (en) | Security authentication method and device, electronic equipment and storage medium | |
| CN113382017A (en) | Permission control method and device based on white list, electronic equipment and storage medium | |
| CN112818038A (en) | Data management method based on combination of block chain and IPFS (Internet protocol file system) and related equipment | |
| CN113420327A (en) | Data authority control method, system, electronic device and storage medium | |
| CN110427770A (en) | A kind of Access and control strategy of database method and system for supporting service security to mark | |
| WO2002054222A1 (en) | Method for accessing a database | |
| CN112988888B (en) | Key management method, device, electronic equipment and storage medium | |
| KR20120077830A (en) | Method, device and server for providing automated information extraction service | |
| KR101304452B1 (en) | A cloud system for document management using location | |
| US20150237034A1 (en) | Method and system for accessing data in a distributed network system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |