CN114201554A - Data access method and device - Google Patents
Data access method and device Download PDFInfo
- Publication number
- CN114201554A CN114201554A CN202111394539.6A CN202111394539A CN114201554A CN 114201554 A CN114201554 A CN 114201554A CN 202111394539 A CN202111394539 A CN 202111394539A CN 114201554 A CN114201554 A CN 114201554A
- Authority
- CN
- China
- Prior art keywords
- data
- access
- data mart
- identifier
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/283—Multi-dimensional databases or data warehouses, e.g. MOLAP or ROLAP
Abstract
The embodiment of the invention provides a data access method and a device, a data management system can obtain a target user identifier and a target data mart identifier corresponding to the data access message by responding to a detected data access message sent by a first user terminal, select a target data mart corresponding to the target data mart identifier, obtain a target user group corresponding to the target data mart, send an access instruction to the target data mart if the target user identifier exists in the target user group, the target data mart is used for executing the access instruction, send an access result corresponding to the access message to the first user terminal, configure the access authority of the data mart, so that the data mart can be accessed by the corresponding user group, effectively reduce the data management cost, set user groups according to the user access authority, and realize the personalized management of users with different access authorities, the management cost is further reduced.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data access method and a data access device.
Background
When data processing is performed in the big data field, data cleaning and calculation of various service sources are performed to different degrees, so as to obtain a data calculation result set of a user target, which is convenient for analysis. In the technical aspect, the processed data is stored in the form of a Hive table and an HDFS (Hadoop Distributed File System) File. However, in consideration of data security policy, the data is not opened to all people, or part of sensitive information is not opened to all people, so that the problem of data access right is involved.
At present, data are physically isolated, that is, data with different access rights are respectively stored in different physical hard disks to form a physically isolated data mart, and a user accesses the data through a distributed designated physical machine user. However, as the complexity of the service gradually increases and the amount of data increases, such a physical isolation manner for data is not suitable, and a manner capable of adapting to current data management is needed.
Disclosure of Invention
In view of the foregoing problems, embodiments of the present invention provide a data access method, an apparatus, an electronic device, and a computer-readable storage medium, so as to solve or partially solve the problems in the prior art that isolation of a data source depends on physical isolation, so that data management cost is high, and users with different access rights cannot be effectively handled.
In order to solve the above problem, an embodiment of the present invention discloses a data access method, which is applied to a data management system, wherein the data management system is in communication connection with a data warehouse cluster, the data warehouse cluster includes a plurality of data marts, each data mart is configured with a corresponding user group, and the method includes:
responding to the detected data access message sent by the first user terminal, and acquiring a target user identifier and a target data mart identifier corresponding to the data access message;
selecting a target data mart corresponding to the target data mart identifier, and acquiring a target user group corresponding to the target data mart;
and if the target user identification exists in the target user group, sending an access instruction to the target data mart, wherein the target data mart is used for executing the access instruction and sending an access result corresponding to the access message to the first user terminal.
Optionally, the method further comprises:
in response to detecting a selection operation for a data mart, selecting a first data mart corresponding to the selection operation and acquiring at least one first user identifier for the first data mart;
acquiring read-write permission information and a first data mart identifier aiming at the first data mart;
adopting the read-write permission information to configure access permission information aiming at the first data mart;
and establishing a first user group aiming at the first data mart by adopting the first data mart identifier, the access authority information and the at least one first user identifier.
Optionally, the method further comprises:
responding to the detected authority application message sent by the second user terminal, and acquiring a second user identifier and a second data mart identifier corresponding to the authority application message;
selecting a second data mart corresponding to the second data set identifier, and acquiring a second user group corresponding to the second data mart;
and adding the second user identification to the second user group, and generating a reply message aiming at the permission application message, wherein the reply message is a message for informing that the second user terminal has the permission to access the second data mart.
Optionally, the method further comprises:
and if the target user identification does not exist in the target user group, sending an access refusing message to the target user terminal.
The embodiment of the invention also discloses a data access device, which is applied to a data management system, wherein the data management system is in communication connection with the data warehouse cluster, the data warehouse cluster comprises a plurality of data marts, each data mart is configured with a corresponding user group, and the device comprises:
the data access message acquisition module is used for responding to the detection of a data access message sent by a first user terminal and acquiring a target user identifier and a target data mart identifier corresponding to the data access message;
the target user group acquisition module is used for selecting a target data mart corresponding to the target data mart identifier and acquiring a target user group corresponding to the target data mart;
and the access instruction sending module is used for sending an access instruction to the target data mart if the target user identifier exists in the target user group, and the target data mart is used for executing the access instruction and sending an access result corresponding to the access message to the first user terminal.
Optionally, the method further comprises:
the system comprises a first identifier acquisition module, a second identifier acquisition module and a first identifier generation module, wherein the first identifier acquisition module is used for responding to detection of selection operation aiming at a data mart, selecting a first data mart corresponding to the selection operation and acquiring at least one first user identifier aiming at the first data mart;
the information acquisition module is used for acquiring the read-write permission information and the first data mart identifier aiming at the first data mart;
the access authority information configuration module is used for configuring access authority information aiming at the first data mart by adopting the read-write authority information;
a first user group establishing module, configured to establish a first user group for the first data mart by using the first data mart identifier, the access right information, and the at least one first user identifier.
Optionally, the method further comprises:
the second identifier acquisition module is used for responding to the permission application message sent by the second user terminal and acquiring a second user identifier and a second data mart identifier corresponding to the permission application message;
the second user group selection module is used for selecting a second data mart corresponding to the second data set identifier and acquiring a second user group corresponding to the second data mart;
and the reply message sending module is used for adding the second user identifier to the second user group, generating a reply message aiming at the permission application message, and sending the reply message to the second user terminal, wherein the reply message is a message for informing that the second user terminal has the permission to access the second data mart.
Optionally, the method further comprises:
and the access denial message sending module is used for sending an access denial message to the target user terminal if the target user identifier does not exist in the target user group.
The embodiment of the invention also discloses an electronic device, which comprises:
one or more processors; and
one or more machine-readable media having instructions stored thereon, which when executed by the one or more processors, cause the electronic device to perform the method as described above.
Embodiments of the present invention also disclose a computer-readable storage medium having instructions stored thereon, which, when executed by one or more processors, cause the processors to perform the method as described above.
The embodiment of the invention has the following advantages:
in the embodiment of the invention, the data management system can acquire the target user identifier and the target data mart identifier corresponding to the data access message in response to detecting the data access message sent by the first user terminal, then select the target data mart corresponding to the target data mart identifier and acquire the target user group corresponding to the target data mart, if the target user identifier exists in the target user group, send the access instruction to the target data mart, the target data mart is used for executing the access instruction, send the access result corresponding to the access message to the first user terminal, and configure the access authority of the data mart, so that the data mart can be accessed by the corresponding user group, thereby solving the problem that the isolation of the data source depends on physical isolation, effectively reducing the data management cost, and setting the user group according to the user access authority, the method and the system realize personalized management on users with different access rights and further reduce the management cost.
Drawings
FIG. 1 is a flowchart illustrating steps of a method for accessing data according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a data access method according to an embodiment of the present invention;
fig. 3 is a block diagram of a data access apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
As an example, when data processing is performed in a big data field, data of various service sources are generally subjected to data cleaning and calculation to different degrees, so as to obtain a data calculation result set of a user target, which is convenient for analysis. On the technical level, the processed data is stored in the form of a Hive table and an HDFS file. However, in consideration of data security policy, the data is not opened to all people, or part of sensitive information is not opened to all people, so that the problem of data access right is involved.
In dealing with the problem of data access rights, a method of physically isolating data is available, for example, data with different rights are stored in different physical hard disks to form a physically isolated data mart, and a user accesses data through a designated physical terminal to be distributed. However, although implementing the security data protection measure, as the complexity of the service gradually increases and the amount of data increases, other problems also arise, including:
1. the complex business requires the intercommunication of partial data authorities among all data marts, so that the access authorities of partial users need to be processed independently, the workload of operation and maintenance personnel is increased, and the maintenance of historical manual records is required;
2. the user read-write authority of the data is configured by operation and maintenance personnel independently, and the opening of the history is manually recorded.
In view of the above, one of the core invention points of the embodiment of the present invention is that a user group corresponding to a data mart is established by configuring access permissions for the data mart, and a user in the user group can access the data mart, so that the data mart can be accessed by the corresponding user group by configuring the access permissions of the data mart, thereby solving the problem that isolation of data sources depends on physical isolation, effectively reducing data management cost, and setting the user group according to the user access permissions, thereby realizing personalized management of users with different access permissions, and further reducing management cost.
Specifically, referring to fig. 1, a flowchart of steps of a data access method provided in an embodiment of the present invention is shown, and is applied to a data management system, where the data management system is in communication connection with a data warehouse cluster, the data warehouse cluster includes a plurality of data marts, and each data mart is configured with a corresponding user group, where the method specifically includes the following steps:
as an example, an operation environment for managing the same logical data cluster can be provided for the operation and maintenance personnel, that is, the data management system, and the operation and maintenance personnel can manage the existing logical data marts after logging in the data management system, plan a new data mart, and open and close the access right of the data in each data mart for the relevant user.
In the embodiment of the invention, the data management system can be a Range system, and the management and control of the logic data mart are realized by secondarily encapsulating the interface provided by the Range system and utilizing the safety policy function of the Range system for the Hive component. For the data marts, the data marts can be stored in a multidimensional mode to meet the requirements of specific departments or users, the multidimensional mode comprises defining dimensions, indexes needing to be calculated, the hierarchy of the dimensions and the like, a data cube facing the decision analysis requirements is generated, and a plurality of data marts can form a data warehouse cluster.
The data warehouse clusters can be arranged in physical terminals of the same network segment, and the network is completely communicated in the process of building the data warehouse clusters, so that part or all data among different data marts can be shared, and operation and maintenance personnel can configure the access authority of the data marts in the provided system as required. Meanwhile, in the aspect of data security, the permission is opened only through a corresponding approval process.
In an optional embodiment of the invention, for configuration of the data mart access right, the system may select a first data mart corresponding to a selection operation in response to detecting the selection operation for the data mart, and obtain at least one first user identifier for the first data mart; acquiring read-write permission information and a first data mart identifier aiming at the first data mart; adopting the read-write permission information to configure access permission information aiming at the first data mart; and establishing a first user group aiming at the first data mart by adopting the first data mart identifier, the access authority information and the at least one first user identifier.
In a specific implementation, when an operation and maintenance worker needs to configure a corresponding access right for a data mart, the corresponding data mart may be selected in the data management system, and then read-write right information for the data mart and a user identifier corresponding to a user who needs to open and access the data mart are obtained. The read-write permission information can be read-write permission of a user to the data mart, and comprises read-write operation of all data of the data mart, read-write operation of partial data of the data mart and the like, and the access permission information aiming at the data mart can be configured according to the read-write permission information, so that whether the user has all read-write permission or partial read-write permission aiming at the data mart is determined, and if the user has partial read-write permission, which part of the data of the partial read-write permission is limited, and the like.
Meanwhile, aiming at the data mart needing to be configured with the access authority, a first data mart identifier can be distributed to the data mart, then a user group corresponding to the first data mart is established by adopting the first data mart identifier, the access authority information and at least one user identifier, and users in the user group can perform data read-write access on the data mart.
In one example, the operation and maintenance personnel may map each data mart selected or created to a range independent policy for Hive component management, which may be expressed as a right to read and write access to the database of the data mart. Specifically, for each data mart, a two-digit abbreviated code can be given to the data mart in the system, then a corresponding Hive library can be generated in Hive by using the abbreviated code as a prefix, and corresponding read-write permission information is acquired through an application programming interface of range, access permission information (access policy) corresponding to the data mart is created in a Hive table, which represents that the data mart is open with all read-write access permissions or partial read-write access permissions, as shown in table 1 below:
| hive library | Access policy |
| xx-data marts A | All are |
| xx-data marts B | In part |
| xx-data marts C | All are |
| … |
TABLE 1
The operation and maintenance personnel can select the data marts and give corresponding brevity codes by using the brevity codes in range, the data mart A, B, C and the like as data mart identifiers, corresponding xx-data mart N is generated in the Hive base, and corresponding access strategies can be maintained in a strategy list of the range system to the Hive components, the strategies can be 'xx-data mart A-all-database, table, column', the access strategies can be expressed as all table and column information in the database corresponding to the data mart A, the access strategies for the access authority of the open part are similar to the above process, and are not repeated here.
In addition, after obtaining the policy list, a corresponding user identifier may be added to the policy list to generate a corresponding user group, as shown in table 2 below:
| hive library | Access policy | User identification |
| XV-data mart A | All are | User a, user b, and user c |
| XY-data marts B | In part | User b, user c, and user d |
| XZ-data marts C | All are | User a, user c, and user d |
| … |
TABLE 1
The user groups corresponding to the data marts A comprise a user a, a user b and a user c; the user group corresponding to the data mart B comprises a user B, a user c and a user d; the user groups corresponding to the data mart C include user a, user C, user d, and so on. In addition, user a has full access to data mart a and data mart C; the user B has all access rights to the data mart A and partial access rights to the data mart B; user C has full access rights to data mart a and data mart C; the user d has partial access authority to the data mart B, and all access authority to the data mart C, and the like, so that the configuration of the access authority of the data mart is realized by configuring different access authorities to different users, the data mart is prevented from being isolated in a physical isolation mode, and the cost of data management is effectively reduced.
In another optional embodiment of the present invention, when the user wants to access the data in the corresponding data mart but does not have the corresponding access right, the data management system may initiate a right application message to request to acquire the corresponding access right. Specifically, an operation and maintenance person may receive an authority application message sent by a user terminal through a data management system, obtain a second user identifier and a second data mart identifier corresponding to the authority application message, select a second data mart corresponding to the second data set identifier, obtain a second user group corresponding to the second data mart, add the second user identifier to the second user group, and generate a reply message for the authority application message, where the reply message is a message notifying that the second user terminal has an authority to access the second data mart.
In the specific implementation, if a user needs to access a corresponding data mart but does not have corresponding access authority, an authority application message can be sent to the data management system through the user terminal, the data management system determines the data mart which the user needs to apply for access according to the received data mart identification, then a user group corresponding to the data mart is obtained, the user identification corresponding to the user is added into the user group, then a reply message is sent to the user terminal to inform the user that the authorization is finished, the data mart can be accessed, therefore, different access authorities are configured for different users, configuration of access authority of the data mart is achieved, isolation of the data mart through a physical isolation mode is avoided, and cost of data management is effectively reduced. For example, when a user x needs to access the data mart a, an operation and maintenance person puts the data mart a user group corresponding to the data mart, directly adds a user identifier to the user group of the data mart in range, completes configuration of access authority of the user, and records the opened data mart and mart users in the user group in the system, so that the operation and maintenance person can conveniently perform data statistics and check, and the efficiency of data management is improved.
After the operation and maintenance personnel finish configuring the access authority of each data mart on the data management system, the data management system can judge the access authority of the user terminal according to the data access message sent by the user terminal, so that automatic processing is realized. Specifically, the user may log in a corresponding account in the user terminal, and send a data access message to the data management system through the user terminal to access, operate, and the like data in the data mart, and the data management system obtains a target user identifier and a target data mart identifier corresponding to the data access message in response to detecting the data access message sent by the first user terminal.
102, selecting a target data mart corresponding to the target data mart identifier, and acquiring a target user group corresponding to the target data mart;
the data management system can select a corresponding target data mart from the data warehouse clusters through the target data mart identifier, and acquire a target user group corresponding to the target data mart.
After a target user group corresponding to the target data mart is obtained, comparing the target user identification with the user identification in the target user group, judging whether the target user identification exists in the target user group, if so, sending an access instruction to the target data mart, wherein the target data mart is used for executing the access instruction and sending an access result corresponding to the access message to the first user terminal; and if the target user identification does not exist in the target user group, sending an access refusing message to the target user terminal.
For example, if the target user group of the target data mart includes a user a, a user b, and a user c, when the target user is identified as any one of the three, an access instruction is sent to the target data mart, so that the target data mart returns corresponding data to the user terminal, or performs an operation sent by the user terminal, and the like; if the target user identification does not belong to any one of the three, a message of denying access is sent to the target user terminal, and the user terminal is allowed to access the target data mart after applying for the corresponding access right and authorizing.
It should be noted that the embodiments of the present invention include, but are not limited to, the above examples, and it is understood that, under the guidance of the idea of the present invention, those skilled in the art may also set the embodiments according to actual needs, and the present invention is not limited to these.
In the embodiment of the invention, the data management system can acquire the target user identifier and the target data mart identifier corresponding to the data access message in response to detecting the data access message sent by the first user terminal, then select the target data mart corresponding to the target data mart identifier and acquire the target user group corresponding to the target data mart, if the target user identifier exists in the target user group, send the access instruction to the target data mart, the target data mart is used for executing the access instruction, send the access result corresponding to the access message to the first user terminal, and configure the access authority of the data mart, so that the data mart can be accessed by the corresponding user group, thereby solving the problem that the isolation of the data source depends on physical isolation, effectively reducing the data management cost, and setting the user group according to the user access authority, the method and the system realize personalized management on users with different access rights and further reduce the management cost.
In order to make those skilled in the art better understand the technical solutions of the embodiments of the present invention, the following description is made by way of an example.
Referring to fig. 2, which is a schematic flow chart illustrating a data access method provided in an embodiment of the present invention, for an operation and maintenance worker, after logging in a system, a target data mart may be selected or newly created, if a data mart is newly created, a corresponding default policy (that is, data access permission information) is automatically generated, and a mart foundation library is established in Hive to form a data warehouse cluster; if the target data mart is selected, the strategy of the target data mart can be set, and after the setting is finished, the strategy is mapped to the Range system, so that the mapped strategy rule is recorded in the database of Range. Then, corresponding participants (namely users with corresponding access rights) can be set, a range policy user system is formed by adding user identifications to the range specified policy mapping, and a user group system is formed in the system, so that the access rights of the users can be judged when the users access data.
For a user, after logging in a system, if the user has access right, the relevant operation can be executed, including sending an operation request to a Ranger system, after receiving the operation request of the user, the Ranger system pulls a corresponding policy, executes a content matching policy, judges whether the policy passes, namely judges the access right of the user, and if the user has the corresponding access right, sends operating data to a data warehouse cluster, so that the data warehouse cluster executes the corresponding operation.
The access authority of the data mart is configured, so that the data mart can be accessed by the corresponding user group, the problem that the isolation of the data source depends on physical isolation is solved, the data management cost is effectively reduced, the user group is set according to the access authority of the user, the personalized management of the users with different access authorities is realized, and the management cost is further reduced.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 3, a block diagram of a data access apparatus according to an embodiment of the present invention is shown, and is applied to a data management system, where the data management system is in communication connection with a data warehouse cluster, where the data warehouse cluster includes a plurality of data marts, and each data mart is configured with a corresponding user group, where the data warehouse access apparatus specifically includes the following modules:
a data access message obtaining module 301, configured to, in response to detecting a data access message sent by a first user terminal, obtain a target user identifier and a target data mart identifier corresponding to the data access message;
a target user group obtaining module 302, configured to select a target data mart corresponding to the target data mart identifier, and obtain a target user group corresponding to the target data mart;
an access instruction sending module 303, configured to send an access instruction to the target data mart if the target user identifier exists in the target user group, where the target data mart is configured to execute the access instruction and send an access result corresponding to the access message to the first user terminal.
In an optional embodiment of the present invention, further comprising:
the system comprises a first identifier acquisition module, a second identifier acquisition module and a first identifier generation module, wherein the first identifier acquisition module is used for responding to detection of selection operation aiming at a data mart, selecting a first data mart corresponding to the selection operation and acquiring at least one first user identifier aiming at the first data mart;
the information acquisition module is used for acquiring the read-write permission information and the first data mart identifier aiming at the first data mart;
the access authority information configuration module is used for configuring access authority information aiming at the first data mart by adopting the read-write authority information;
a first user group establishing module, configured to establish a first user group for the first data mart by using the first data mart identifier, the access right information, and the at least one first user identifier.
In an optional embodiment of the present invention, further comprising:
the second identifier acquisition module is used for responding to the permission application message sent by the second user terminal and acquiring a second user identifier and a second data mart identifier corresponding to the permission application message;
the second user group selection module is used for selecting a second data mart corresponding to the second data set identifier and acquiring a second user group corresponding to the second data mart;
and the reply message sending module is used for adding the second user identifier to the second user group, generating a reply message aiming at the permission application message, and sending the reply message to the second user terminal, wherein the reply message is a message for informing that the second user terminal has the permission to access the second data mart.
In an optional embodiment of the present invention, further comprising:
and the access denial message sending module is used for sending an access denial message to the target user terminal if the target user identifier does not exist in the target user group.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
An embodiment of the present invention further provides an electronic device, including:
one or more processors; and
one or more machine-readable media having instructions stored thereon, which when executed by the one or more processors, cause the electronic device to perform methods as described in embodiments of the invention.
Embodiments of the present invention also provide a computer-readable storage medium having stored thereon instructions, which, when executed by one or more processors, cause the processors to perform a method according to embodiments of the present invention.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, EEPROM, Flash, eMMC, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The foregoing describes in detail a data access method and a data access device provided by the present invention, and specific examples are applied herein to explain the principles and embodiments of the present invention, and the descriptions of the foregoing examples are only used to help understand the method and the core ideas of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A method for accessing data, the method being applied to a data management system, the data management system being communicatively connected to a data warehouse cluster, the data warehouse cluster including a plurality of data marts, each of the data marts being configured with a corresponding user group, the method comprising:
responding to the detected data access message sent by the first user terminal, and acquiring a target user identifier and a target data mart identifier corresponding to the data access message;
selecting a target data mart corresponding to the target data mart identifier, and acquiring a target user group corresponding to the target data mart;
and if the target user identification exists in the target user group, sending an access instruction to the target data mart, wherein the target data mart is used for executing the access instruction and sending an access result corresponding to the access message to the first user terminal.
2. The method of claim 1, further comprising:
in response to detecting a selection operation for a data mart, selecting a first data mart corresponding to the selection operation and acquiring at least one first user identifier for the first data mart;
acquiring read-write permission information and a first data mart identifier aiming at the first data mart;
adopting the read-write permission information to configure access permission information aiming at the first data mart;
and establishing a first user group aiming at the first data mart by adopting the first data mart identifier, the access authority information and the at least one first user identifier.
3. The method of claim 1, further comprising:
responding to the detected authority application message sent by the second user terminal, and acquiring a second user identifier and a second data mart identifier corresponding to the authority application message;
selecting a second data mart corresponding to the second data set identifier, and acquiring a second user group corresponding to the second data mart;
and adding the second user identification to the second user group, and generating a reply message aiming at the permission application message, wherein the reply message is a message for informing that the second user terminal has the permission to access the second data mart.
4. The method of claim 1, further comprising:
and if the target user identification does not exist in the target user group, sending an access refusing message to the target user terminal.
5. An apparatus for accessing data, the apparatus being applied to a data management system, the data management system being communicatively connected to a data warehouse cluster, the data warehouse cluster including a plurality of data marts, each of the data marts being configured with a corresponding user group, the apparatus comprising:
the data access message acquisition module is used for responding to the detection of a data access message sent by a first user terminal and acquiring a target user identifier and a target data mart identifier corresponding to the data access message;
the target user group acquisition module is used for selecting a target data mart corresponding to the target data mart identifier and acquiring a target user group corresponding to the target data mart;
and the access instruction sending module is used for sending an access instruction to the target data mart if the target user identifier exists in the target user group, and the target data mart is used for executing the access instruction and sending an access result corresponding to the access message to the first user terminal.
6. The apparatus of claim 5, further comprising:
the system comprises a first identifier acquisition module, a second identifier acquisition module and a first identifier generation module, wherein the first identifier acquisition module is used for responding to detection of selection operation aiming at a data mart, selecting a first data mart corresponding to the selection operation and acquiring at least one first user identifier aiming at the first data mart;
the information acquisition module is used for acquiring the read-write permission information and the first data mart identifier aiming at the first data mart;
the access authority information configuration module is used for configuring access authority information aiming at the first data mart by adopting the read-write authority information;
a first user group establishing module, configured to establish a first user group for the first data mart by using the first data mart identifier, the access right information, and the at least one first user identifier.
7. The apparatus of claim 5, further comprising:
the second identifier acquisition module is used for responding to the permission application message sent by the second user terminal and acquiring a second user identifier and a second data mart identifier corresponding to the permission application message;
the second user group selection module is used for selecting a second data mart corresponding to the second data set identifier and acquiring a second user group corresponding to the second data mart;
and the reply message sending module is used for adding the second user identifier to the second user group, generating a reply message aiming at the permission application message, and sending the reply message to the second user terminal, wherein the reply message is a message for informing that the second user terminal has the permission to access the second data mart.
8. The apparatus of claim 5, further comprising:
and the access denial message sending module is used for sending an access denial message to the target user terminal if the target user identifier does not exist in the target user group.
9. An electronic device, comprising:
one or more processors; and
one or more machine-readable media having instructions stored thereon that, when executed by the one or more processors, cause the electronic device to perform the method of any of claims 1-4.
10. A computer-readable storage medium having stored thereon instructions, which when executed by one or more processors, cause the processors to perform the method of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111394539.6A CN114201554A (en) | 2021-11-23 | 2021-11-23 | Data access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111394539.6A CN114201554A (en) | 2021-11-23 | 2021-11-23 | Data access method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114201554A true CN114201554A (en) | 2022-03-18 |
Family
ID=80648458
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111394539.6A Pending CN114201554A (en) | 2021-11-23 | 2021-11-23 | Data access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114201554A (en) |
-
2021
- 2021-11-23 CN CN202111394539.6A patent/CN114201554A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7222036B2 (en) | Model training system and method and storage medium | |
| CN110912938B (en) | Access verification method and device for network access terminal, storage medium and electronic equipment | |
| CN110298188B (en) | Control method and system for dynamic access authority | |
| US9148435B2 (en) | Establishment of a trust index to enable connections from unknown devices | |
| CN108259422B (en) | Multi-tenant access control method and device | |
| CN111552936B (en) | Cross-system access right control method and system based on scheduling mechanism level | |
| US20120167167A1 (en) | Enabling granular discretionary access control for data stored in a cloud computing environment | |
| US11658982B2 (en) | Efficient authentication in a file system with multiple security groups | |
| CN108092945B (en) | Method and device for determining access authority and terminal | |
| US20040268125A1 (en) | Method, system and computer program for managing user authorization levels | |
| US11580206B2 (en) | Project-based permission system | |
| US7730179B2 (en) | System and method for policy-based registration of client devices | |
| CN112019543A (en) | Multi-tenant permission system based on BRAC model | |
| CN105119886A (en) | Account ownership determination method and device | |
| US10333939B2 (en) | System and method for authentication | |
| CN107566375B (en) | Access control method and device | |
| CN112866212A (en) | Access control method and device for cloud computing resources, computer equipment and medium | |
| CN114201554A (en) | Data access method and device | |
| US10951600B2 (en) | Domain authentication | |
| CN115955346A (en) | Multi-tenant management system and method based on identity authentication system | |
| CN111491021B (en) | License data processing method and device for distributed cluster | |
| CN114386092A (en) | Authority control method applied to semiconductor process equipment and semiconductor process equipment | |
| CN108898027B (en) | Authority control method and device and server cluster | |
| US8176320B1 (en) | System and method for data access and control | |
| US11803569B2 (en) | Computer system and method for accessing user data that is distributed within a multi-zone computing platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |