CN114003215A - Dynamic data authorization method, medium and equipment based on visualization rule configuration - Google Patents
Dynamic data authorization method, medium and equipment based on visualization rule configuration Download PDFInfo
- Publication number
- CN114003215A CN114003215A CN202111150131.4A CN202111150131A CN114003215A CN 114003215 A CN114003215 A CN 114003215A CN 202111150131 A CN202111150131 A CN 202111150131A CN 114003215 A CN114003215 A CN 114003215A
- Authority
- CN
- China
- Prior art keywords
- rule
- data authorization
- dynamic data
- visualization
- authorization method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/34—Graphical or visual programming
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/38—Creation or generation of source code for implementing user interfaces
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Human Computer Interaction (AREA)
- Computer Hardware Design (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention relates to a dynamic data authorization method, medium and equipment based on visualization rule configuration, wherein the method comprises the following steps: dynamically acquiring virtual organization information of an object to be authorized, wherein the virtual organization information is determined based on a service project; based on the virtual organization information, calling an authorization rule configuration page, visualizing, responding to an operation instruction and generating a data authorization rule; and reconstructing SQL based on the data authorization rule to finish authorization. Compared with the prior art, the method has the advantages of simple operation, good interchangeability and the like.
Description
Technical Field
The present invention relates to a data authorization method, and in particular, to a dynamic data authorization method, medium, and device configured based on visualization rules.
Background
With the rapid development of information technologies such as big data, cloud computing, internet of things, artificial intelligence and the like, the data scale in the network space shows exponential growth. The value of the data itself and its supporting role for the above-mentioned technologies make the data more and more important. Under the circumstances described above, data is now the latest economic resource and data capitalization is also common knowledge in the information age. The circulation value of the future information society is increasingly shown as an effective asset, and the role of a data authorization system in the data circulation process is very critical.
The existing data authorization mainly has the following characteristics:
1. data authorization is realized by configuring roles for employees, and data authorization control logic and business processing logic are mixed together, namely: the data authorization control logic invades into the conventional business processing logic, violates the basic principle of software design and is not beneficial to later code maintenance;
2. the data authority control is realized in a hard coding mode in the development process, when the data authorization access requirement is changed, a code developer is required to modify, for an application system which is operated online, the steps of subsequent packaging and deployment and the like are also required to be matched for completion, the application system is also involved in the process of stopping service and restarting, the operation and maintenance cost of the system is greatly increased, and the availability of the system is reduced.
The method is not intuitive in the process of setting data authorization, is too complex for system operation and maintenance personnel without software development technology foundation, and has poor interchangeability.
Disclosure of Invention
The present invention is directed to overcome the above-mentioned drawbacks of the prior art, and provides a method, a medium, and an apparatus for dynamic data authorization configured based on visualization rules, which are simple in operation and good in interchangeability.
The purpose of the invention can be realized by the following technical scheme:
the invention provides a dynamic data authorization method based on visualization rule configuration, which comprises the following steps:
dynamically acquiring virtual organization information of an object to be authorized, wherein the virtual organization information is determined based on a service project;
based on the virtual organization information, calling an authorization rule configuration page, visualizing, responding to an operation instruction and generating a data authorization rule;
and reconstructing SQL based on the data authorization rule to finish authorization.
Furthermore, each object to be authorized corresponds to at least one piece of virtual organization information.
Further, the virtual organization information is a multi-level structure.
Further, the authorization rule configuration comprises a rule main item configuration and a rule sub item configuration.
Further, each rule main item corresponds to a plurality of rule sub items.
Further, the rule main item comprises an association table or an association view.
Further, the rule sub-term includes a filtering rule.
Further, the SQL is dynamically reconstructed by a Mybatis interceptor.
The present invention also provides an electronic device comprising:
one or more processors;
a memory; and
one or more programs stored in the memory, the one or more programs including instructions for performing a dynamic data authorization method configured based on visualization rules as described above.
The present invention also provides a computer-readable storage medium comprising one or more programs for execution by one or more processors of an electronic device, the one or more programs including instructions for performing a visualization rule configuration-based dynamic data authorization method as described above.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention separates the data authorization and the function authorization in configuration by configuring the virtual organization for the staff, and dynamically reads the virtual organization information of the staff during the data authorization to control the data authority, and simultaneously can adapt to the real working scene.
2. The invention can decouple the data authority control logic and the service processing logic, reduce the code complexity and improve the code robustness.
3. According to the method and the device, the table name or the view name of the executed sql is obtained through the Mybatis interceptor, the rule is searched through the table name or the view name, and the original sql is reconstructed according to the rule, so that the method and the device are convenient and reliable.
4. The visual data authorization rule is configured and takes effect immediately without redeployment, and the operation is simple and the interchangeability is good.
Drawings
FIG. 1 is a schematic flow diagram of the present invention;
FIG. 2 is a diagram illustrating virtual organization information in accordance with an embodiment of the present invention;
fig. 3 is a schematic visualization diagram of a rule configuration page in the embodiment of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. The present embodiment is implemented on the premise of the technical solution of the present invention, and a detailed implementation manner and a specific operation process are given, but the scope of the present invention is not limited to the following embodiments.
Example 1
The embodiment provides a dynamic data authorization method based on visualization rule configuration, which is applied to data authorization of employees and comprises the following steps:
step S100, dynamically obtaining virtual organization information of an object to be authorized, wherein the virtual organization information is determined based on a service project. Each object to be authorized corresponds to at least one piece of virtual organization information.
In an actual working scene, employees often participate in the work of a plurality of projects, so that data authorities of the employees are related to business projects, and the data authorities are managed and controlled according to role information of the employees in the projects during data authorization. In order to improve the reliability of data authorization, the data authorization and the function authorization are separated in configuration, and the method of the invention configures virtual organizations for employees. One example of the virtual organization relationship diagram is shown in fig. 2, in which the virtual organization information has a multi-level structure including a division, a sales office, a sales group, a staff, and the like.
And step S200, calling an authorization rule configuration page based on the virtual organization information, visualizing the authorization rule configuration page, and responding to an operation instruction to generate a data authorization rule.
The rule configuration mainly comprises a rule main item and a rule sub item, wherein the rule main item is established through a page, the rule main item is associated with a specific table or view, and the rule sub item is associated with a specific filtering rule. And decoupling the data authority control logic and the service processing logic by configuring a data authority rule. Firstly configuring a rule main item, corresponding to a corresponding table or view, and then configuring related sub items of the main item, wherein the related sub items are in a one-to-many relationship, and the sub items mainly specify specific fields to be filtered and filtering logic. An example of a rule configuration is shown in fig. 3.
And step S300, reconstructing SQL based on the data authorization rule, and completing authorization.
The conventional Mybatis interceptor can not change the original sql, and the method obtains the table name or the view name of the executed sql through the Mybatis interceptor, searches the rule through the table name or the view name and reconstructs the original sql according to the rule.
The above functions, if implemented in the form of software functional units and sold or used as a separate product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Example 2
The present embodiments provide an electronic device comprising one or more processors, memory, and one or more programs stored in the memory, the one or more programs including instructions for performing the visualization rule configuration based dynamic data authorization method of embodiment 1.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.
Claims (10)
1. A dynamic data authorization method based on visualization rule configuration is characterized by comprising the following steps:
dynamically acquiring virtual organization information of an object to be authorized, wherein the virtual organization information is determined based on a service project;
based on the virtual organization information, calling an authorization rule configuration page, visualizing, responding to an operation instruction and generating a data authorization rule;
and reconstructing SQL based on the data authorization rule to finish authorization.
2. The visualization rule configuration-based dynamic data authorization method according to claim 1, wherein each object to be authorized corresponds to at least one virtual organization information.
3. The visualization rule configuration-based dynamic data authorization method according to claim 1, wherein the virtual organization information is a multi-level structure.
4. The visualization rule configuration based dynamic data authorization method of claim 1, wherein the authorization rule configuration comprises a rule main item configuration and a rule sub item configuration.
5. A visualization rule configuration-based dynamic data authorization method according to claim 1, wherein each rule main item corresponds to a plurality of the rule sub items.
6. The visualization rule configuration based dynamic data authorization method of claim 4, wherein the rule master item comprises an association table or an association view.
7. The visualization rule configuration based dynamic data authorization method of claim 4, wherein the rule sub-item comprises a filtering rule.
8. The visualization rule configuration based dynamic data authorization method of claim 1, wherein the SQL is dynamically reconfigured by a Mybatis interceptor.
9. An electronic device, comprising:
one or more processors;
a memory; and
one or more programs stored in the memory, the one or more programs including instructions for performing the visualization rule configuration based dynamic data authorization method of any of claims 1-8.
10. A computer-readable storage medium comprising one or more programs for execution by one or more processors of an electronic device, the one or more programs including instructions for performing the visualization rule configured based dynamic data authorization method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111150131.4A CN114003215A (en) | 2021-09-29 | 2021-09-29 | Dynamic data authorization method, medium and equipment based on visualization rule configuration |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111150131.4A CN114003215A (en) | 2021-09-29 | 2021-09-29 | Dynamic data authorization method, medium and equipment based on visualization rule configuration |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114003215A true CN114003215A (en) | 2022-02-01 |
Family
ID=79922015
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111150131.4A Pending CN114003215A (en) | 2021-09-29 | 2021-09-29 | Dynamic data authorization method, medium and equipment based on visualization rule configuration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114003215A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116361770A (en) * | 2023-02-23 | 2023-06-30 | 杭州幂链科技有限公司 | Automatic API authentication method and system of integrated platform |
-
2021
- 2021-09-29 CN CN202111150131.4A patent/CN114003215A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116361770A (en) * | 2023-02-23 | 2023-06-30 | 杭州幂链科技有限公司 | Automatic API authentication method and system of integrated platform |
| CN116361770B (en) * | 2023-02-23 | 2024-01-16 | 杭州幂链科技有限公司 | Automatic API authentication method and system of integrated platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20130304713A1 (en) | System and method for metadata level validation of custom setup objects | |
| CN107688500A (en) | A kind of distributed task scheduling processing method, device, system and equipment | |
| CN106873949A (en) | Code generating method and its device | |
| CN106878363A (en) | A kind of information processing method, apparatus and system | |
| CN111190892B (en) | Method and device for processing abnormal data in data backfilling | |
| CN110046287A (en) | A kind of the data query method, apparatus and storage medium unrelated with type of database | |
| US20140007038A1 (en) | Social project management system and marketplace | |
| CN112860744A (en) | Business process processing method and device | |
| CN114650170B (en) | Cross-cluster resource management method, device, equipment and storage medium | |
| CN114003215A (en) | Dynamic data authorization method, medium and equipment based on visualization rule configuration | |
| CN114637682A (en) | SAAS system interface cloud debugging method, system, device and medium | |
| CN112947907B (en) | Method for creating code branches | |
| CN109978512A (en) | The control method of project management system, electronic equipment, storage medium | |
| CN116701053B (en) | Method, device, equipment and medium for restoring data backup of production environment database | |
| CN116483707A (en) | Test method, test device, test apparatus, test program, and test program | |
| CN116402325A (en) | Automatic business process processing method and device | |
| CN111414591B (en) | Workflow management method and device | |
| US11562105B2 (en) | System and method for module engineering with sequence libraries | |
| CN113626281A (en) | Slow SQL statement tracking method and device, electronic equipment and storage medium | |
| US20240112067A1 (en) | Managed solver execution using different solver types | |
| US20170277730A1 (en) | Keyword identification for an enterprise resource planning manager | |
| US20240111831A1 (en) | Multi-tenant solver execution service | |
| US20240111832A1 (en) | Solver execution service management | |
| CN115484149B (en) | Network switching method, network switching device, electronic equipment and storage medium | |
| US11960927B2 (en) | Task correlation framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |