CN114491618A - Search engine processing method, search method and related device - Google Patents

Search engine processing method, search method and related device Download PDF

Info

Publication number
CN114491618A
CN114491618A CN202111609804.8A CN202111609804A CN114491618A CN 114491618 A CN114491618 A CN 114491618A CN 202111609804 A CN202111609804 A CN 202111609804A CN 114491618 A CN114491618 A CN 114491618A
Authority
CN
China
Prior art keywords
user
authority
information
condition data
filtering condition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111609804.8A
Other languages
Chinese (zh)
Inventor
王泓崴
李琳
张践鳌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Original Assignee
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Technology Group Co Ltd, Secworld Information Technology Beijing Co Ltd filed Critical Qianxin Technology Group Co Ltd
Priority to CN202111609804.8A priority Critical patent/CN114491618A/en
Publication of CN114491618A publication Critical patent/CN114491618A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/332Query formulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/3331Query processing
    • G06F16/334Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/335Filtering based on additional data, e.g. user or group profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The application relates to a search engine processing method, a search method and a related device. The method comprises the following steps: acquiring user authority information of each document associated with a search engine, wherein the user authority information corresponds to the user information and is used for representing whether a user has authority to access the document; processing the user authority information according to a preset rule to obtain authority filtering condition data; storing the authority filtering condition data to an access control field area which is created in advance in a corresponding document; wherein the permission filter condition data is used for matching a query statement, and the search engine executes the query statement to search for a document conforming to the query statement. According to the scheme provided by the application, the user authority information can be stored in each document associated with the search engine, and data search in a specific range of the search engine is realized.

Description

Search engine processing method, search method and related device
Technical Field
The present application relates to the field of data management technologies, and in particular, to a search engine processing method, a search method, and a related apparatus.
Background
Existing search engine technology generally opens data in a search engine to all users who can use the search engine. When a user initiates a search operation, the search engine searches for data required by the user from all data, and cannot determine which data the user has the search right to, and thus cannot control the searchable range of the user.
Disclosure of Invention
In order to solve or partially solve the problems in the related art, the application provides a search engine processing method, a search method and a related device, which can store user authority information in each document associated with a search engine and realize data search in a specific range of the search engine.
A first aspect of the present application provides a search engine processing method, where the method includes:
acquiring user authority information of each document associated with a search engine, wherein the user authority information corresponds to the user information and is used for representing whether a user has authority to access the document;
processing the user authority information according to a preset rule to obtain authority filtering condition data;
storing the authority filtering condition data to an access control field area which is created in advance in a corresponding document;
wherein the permission filter condition data is used for matching a query statement, and the search engine executes the query statement to search for a document conforming to the query statement.
Optionally, when the user permission information is one permission feature data or a union of multiple permission feature data, the processing the user permission information according to a preset rule to obtain permission filtering condition data includes:
and generating authority filtering condition data based on the or relation of each authority characteristic data.
Optionally, when the user permission information is a set of mixed logics of a plurality of permission feature data, the processing the user permission information according to a preset rule to obtain permission filtering condition data includes:
generating a character string for representing the mixed logic relation among the authority characteristic data;
and converting the character string into a preset identification code according to a preset algorithm, and taking the preset identification code as the authority filtering condition data.
Optionally, the method further includes:
and storing the preset identification code and the user authority information corresponding to the preset identification code to a service database associated with the search engine.
Optionally, the user information includes at least one of the following: user personal information, user attribute information.
A second aspect of the present application provides a search method of a search engine obtained based on the method described above, where the method includes:
acquiring corresponding user authority information based on the received user information;
acquiring corresponding authority filtering condition data based on the user authority information corresponding to the user information;
generating a query statement containing the authority filtering condition data;
and executing the query statement to acquire the document which accords with the query statement in the associated documents of the search engine.
Optionally, the obtaining of the corresponding user right information based on the received user information includes: searching user authority information matched with the user information in a service database associated with the search engine based on the user information, wherein the user authority information and a corresponding preset identification code are stored in the service database in advance;
the acquiring of the corresponding authority filtering condition data based on the user authority information corresponding to the user information includes:
if the user authority information corresponding to the user information is matched in the service database, taking a preset identification code corresponding to the matched user authority information as authority filtering condition data;
and if the user authority information corresponding to the user information is not matched in the service database, generating a data expression by one or more pieces of authority characteristic data corresponding to the user information based on an OR relationship, and taking the data expression as authority filtering condition data.
Preferably, before generating the query statement including the authority filter condition data, the method further includes: acquiring a search request of a user, wherein the search request comprises search keywords;
the generating a query statement containing the authority filter condition data further comprises:
and generating a query statement containing the authority filtering condition data and the search keyword.
Optionally, the executing the query statement to obtain a document in the associated documents of the search engine, which conforms to the query statement, further includes:
matching the authority filtering condition data contained in the query statement with authority filtering condition data stored in an access control field pre-created in a document associated with the search engine;
matching the search keywords contained in the query sentence with the full document text associated with the search engine;
and screening out the document matched with the authority filtering condition data and the search keyword contained in the query statement as the document matched with the authority filtering condition data contained in the query statement.
A third aspect of the present application provides a search engine processing apparatus, the apparatus comprising:
the acquisition module is used for acquiring user authority information of each document associated with the search engine, wherein the user authority information corresponds to the user information and is used for representing whether a user has authority to access the document;
the authority filtering condition data acquisition module is used for processing the user authority information acquired by the acquisition module according to a preset rule to acquire authority filtering condition data;
the writing module is used for storing the authority filtering condition data acquired by the authority filtering condition data acquisition module to an access control field area which is created in advance in a corresponding document;
the writing module writes the authority filtering condition data of the access control field area for matching the query statement, and the search engine executes the query statement to search the document conforming to the query statement.
A fourth aspect of the present application provides a search engine, comprising:
the information acquisition module is used for acquiring corresponding user authority information based on the received user information;
the data acquisition module is used for acquiring corresponding authority filtering condition data based on the user authority information corresponding to the user information acquired by the information acquisition module;
the generating module is used for generating query statements containing the authority filtering condition data acquired by the data acquiring module;
and the query module is used for executing the query sentence generated by the generation module and acquiring the document which accords with the query sentence in the associated documents of the search engine.
A fifth aspect of the present application provides an electronic device, comprising:
a processor; and
a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method as described above.
A sixth aspect of the present application provides a computer-readable storage medium having stored thereon executable code, which, when executed by a processor of an electronic device, causes the processor to perform the method as described above.
The technical scheme provided by the application can comprise the following beneficial effects:
according to the technical scheme, the user authority information is processed according to a preset rule, and authority filtering condition data corresponding to the user authority information is obtained; the authority filtering condition data is written into the document and stored together with the document, so that the user authority information can be stored in each document related to the search engine, and the data search in a specific range of the search engine is realized, thereby enabling the search engine to be used for data retrieval in a system with higher requirements on the authority.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The foregoing and other objects, features and advantages of the application will be apparent from the following more particular descriptions of exemplary embodiments of the application as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts throughout the exemplary embodiments of the application.
FIG. 1 is a schematic flow chart diagram illustrating a search engine processing method according to an embodiment of the present application;
FIG. 2 is another schematic flow chart diagram illustrating a search engine processing method according to an embodiment of the present application;
FIG. 3 is a schematic flow chart diagram illustrating a search method according to an embodiment of the present application;
FIG. 4 is another schematic flow chart diagram illustrating a search method according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a search engine according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a search engine according to another embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device shown in an embodiment of the present application.
Detailed Description
Embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While embodiments of the present application are illustrated in the accompanying drawings, it should be understood that the present application may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms "first," "second," "third," etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "a plurality" means two or more unless specifically limited otherwise.
In the related search engine technology, since the authority information corresponding to each piece of data is not stored in the data, when a certain user initiates a search, it cannot be determined which data the user has the search authority, and thus the searchable range of the user cannot be controlled. In some systems where rights are more demanding, such search engines that cannot search based on rights cannot be used.
In view of the foregoing problems, embodiments of the present application provide a search engine processing method, which can store user authority information in each document associated with a search engine, and implement data search within a specific range of the search engine, so that in a system with a high requirement for authority, data retrieval can be performed using the search engine.
The technical solutions of the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of a search engine processing method according to an embodiment of the present application.
Referring to fig. 1, a search engine processing method includes:
in step S101, user authority information of each document associated with the search engine is obtained, where the user authority information corresponds to the user information and is used to represent whether the user has authority to access the document.
In one embodiment, the associated data in the search engine is treated as "documents", one piece of data corresponding to one document. The document pre-creates an Access Control field that includes an ACL (Access Control Lists) rights field that includes an allowed field, and/or a prohibited field. One or more pieces of user authority information may be set for each document, the user authority information of the document corresponding to the user information, and the representation user forbids or permits to search the document.
In step S102, the user authority information is processed according to a preset rule to obtain authority filtering condition data.
In one embodiment, according to the user authority information of the document, processing is performed according to a preset rule, user information corresponding to the user authority information is obtained, and the user information and/or the user authority information is converted into authority filtering condition data.
In step S103, the authority filter condition data is stored to the access control field area created in advance in the corresponding document.
In one embodiment, the rights filter condition data is written in the prohibited field or the permitted field of the ACL rights field created in advance in the corresponding document, and the rights filter condition data is stored in the search engine together with the document. When a search engine searches for documents, the authority filter criteria data is used to match a query statement, and the search engine executes the query statement to search for documents that match the query statement.
In the embodiment of the application, the user authority information is processed according to a preset rule to obtain authority filtering condition data corresponding to the user authority information; the authority filtering condition data is written into the document and stored together with the document, so that the user authority information can be stored in each document related to the search engine, and the data search in a specific range of the search engine is realized, thereby enabling the search engine to be used for data retrieval in a system with higher requirements on the authority.
Fig. 2 is another schematic flow chart of a search engine processing method according to an embodiment of the present application. Fig. 2 depicts the inventive arrangement in more detail with respect to fig. 1.
Referring to fig. 2, a search engine processing method includes:
in step S201, user right information of each document associated with the search engine is obtained, where the user right information corresponds to the user information and is used to represent whether the user has a right to access the document.
In one embodiment, the associated data in the search engine is treated as "documents", one piece of data corresponding to one document. Each document is stored in JSON (JavaScript Object notification), which is a lightweight data exchange format, and access control fields including an ACL right field and a content field are created in advance in the document. One or more user authority information can be set for each document, the user authority information corresponds to the user information, and the functions comprise permission and prohibition, namely the user authority information represents that the user prohibits or permits searching the document. The merging rule of the plurality of pieces of user authority information is prohibition priority, that is, after the plurality of pieces of authority information are merged, as long as one is prohibition, the prohibition is given.
In one embodiment, the user information includes user personal information, which may include an Identity Document (ID), and/or user attribute information, which may include an organization ID, which may include a department ID, a company ID, and the like.
When a search engine searches for documents, it may perform a full-text search for the documents by querying the content fields of the documents. A document containing a content field may be represented as:
Figure BDA0003435004550000071
in step S202, when the user authority information is one piece of authority feature data or a union of a plurality of pieces of authority feature data, authority filtering condition data is generated based on the or relationship of each piece of authority feature data.
In one embodiment, the scope of persons specified by the user rights information includes individuals, and/or organizations. The authority feature data of the user authority information can be a personal ID or an organization ID of a user, when the user authority information comprises one authority feature data or a union of a plurality of authority feature data, the user authority information is simple user authority information, for the simple user authority information, each authority feature data in the user authority information is obtained based on the OR relation, and each authority feature data is used as authority filtering condition data.
In a particular embodiment, the organization is a particular department. The person range specified by the user authority information includes an individual, and/or a department. When the authority feature data corresponding to the user authority information is a personal ID, a department ID or a union of the personal ID and the department ID, the user authority information is simple user authority information, the union of the personal ID and the department ID refers to personnel and individual personnel of a department, the individual personnel can be the personnel of the department or not, and the user authority information containing the union of the personal ID and the department ID indicates that the personnel or the individual personnel of the department allow or prohibit searching for documents. For example, a document has three simple rights, rights 1: a (a denotes the personal ID of the person a) allows searching, authority 2: y (Y denotes a department ID of the department Y) forbids searching, authority 3: the union of a and X (X denotes the department ID of department X) allows searching, and authority 3 denotes that both the person of department X and the individual person a allow searching, i.e. authority 3 denotes that the person of department X or the individual person a allows searching. The authority feature data of the authority 1 is the personal ID of the person A, the authority feature data of the authority 2 is the department ID of the department Y, the authority feature data of the authority 3 is the personal ID of the person A and the department ID of the department X, the personal ID of the authority 1, the department ID of the authority 2, the personal ID of the authority 3 and the department ID are obtained based on the OR relationship, the personal ID of the person A is the authority filtering condition data of the authority 1, the department ID of the department Y is the authority filtering condition data of the authority 2, and the personal ID of the person A and the department ID of the department X are the authority filtering condition data of the authority 3.
In step S203, when the user authority information is a set of mixed logics of a plurality of pieces of authority feature data, a character string for characterizing the mixed logic relationship between each piece of authority feature data is generated.
In an embodiment, when the user permission information includes an intersection of a plurality of pieces of permission feature data, the user permission information is complex user permission information. For a piece of complex user authority information, converting the piece of complex user authority information into a character string of the piece of user authority information according to a set conversion rule.
In a specific embodiment, when the authority feature data corresponding to the user authority information is an intersection of a personal ID and a department ID, the user authority information is complex user authority information, the intersection of the personal ID and the department ID refers to a personal person of a department, and the person is a person of the department. For example, a document has a complex user rights information rights 4, rights 4: the intersection of A and X allows searching, i.e. authority 4 indicates that person A in department X allows searching. For the complex piece of User authority information 'search allowed by Intersection of A and X', according to a set conversion rule, converting 'search allowed by Intersection of A and X' into a corresponding character string (for example: User _ A _ Dept _ X _ interaction _ Allow).
In step S204, the character string is converted into a preset identification code according to a preset algorithm, and the preset identification code is used as the authority filtering condition data.
In one embodiment, the predetermined identification code may be a hash code. According to a character string of complex user authority information, calculating a hash code (for example: AAAAAAAA) corresponding to the character string according to a preset algorithm, namely obtaining the hash code of the complex user authority information, and taking the hash code as authority filtering condition data of the user authority information.
In step S205, the preset identification code and the user right information corresponding to the preset identification code are stored in a service database associated with the search engine.
In an embodiment, an index datum including a piece of user authority information and a hash code corresponding to the piece of user authority information may be generated according to the piece of user authority information and the hash code corresponding to the piece of user authority information, where the index datum indicates "a piece of complex user authority information and a hash code corresponding to the piece of user authority information"; and storing the index data in a business database associated with a search engine. For example, a piece of complex user authority information is "search allowed by intersection of a and X", a hash code of the piece of user authority information is "AAAAAAAA", an index data containing "search allowed by intersection of a and X, AAAAAAAA" is generated, and the index data is stored in a service database associated with a search engine.
It should be noted that the plurality of index data may be in the form of a list, and the service database associated with the search engine may be stored in a storage module inside or outside the search engine.
In step S206, the authority filter condition data is stored to the access control field area created in advance in the corresponding document.
In one embodiment, ACL rights fields include fields that are allowed or disallowed by those individuals, fields that are allowed or disallowed by those organizations, and fields that are allowed or disallowed by those individuals and organizations in a mixed logical collection. For user authority information containing one piece of authority characteristic data or a union of a plurality of pieces of authority characteristic data, authority filtering condition data (personal ID and organization ID) corresponding to the user authority information is written into a corresponding personal permission field, a personal prohibition field, an organization permission field and/or an organization prohibition field. For the user authority information of the set of the mixed logic containing a plurality of pieces of authority characteristic data, namely for the user authority information containing the intersection of a plurality of pieces of authority characteristic data, authority filtering condition data (hash code) corresponding to the user authority information is written into corresponding persons and persons who organize to mix the logic set to allow or prohibit the fields.
In a specific embodiment, taking the authority 1, the authority 2, the authority 3 of step S202 and the authority 4 of step S203 as examples, the authority filtering condition data of the authority 1 is the personal ID of the person a, the authority filtering condition data of the authority 2 is the department ID of the department Y, the authority filtering condition data of the authority 3 is the personal ID of the person a and the department ID of the department X, and the authority filtering condition data of the authority 4 is the hash code "AAAAAAAA". The personal ID of the authority filtering condition data personal A of the authority 1 is written into a personal permission field, the department ID of the authority filtering condition data department Y of the authority 2 is written into a department prohibition field, the personal ID of the authority filtering condition data personal A of the authority 3 and the department ID of the department X are respectively written into the personal permission field and the department permission field, and the personal ID of the authority filtering condition data personal A of the authority 1 and the personal ID of the authority filtering condition data personal A of the authority 3 are repeated for the same document and can be written only once.
Writing the right filtering condition data of rights 1 to rights 4 into the corresponding field area of the ACL right field of the document, wherein the document containing the content field and the ACL right field can be expressed as:
Figure BDA0003435004550000101
"userAllows" represents a personal permission field, UserA represents a personal ID of the person a, "userdennys" represents a personal prohibition field, UserB represents a personal ID of the person B, "deparatmentasallows" represents a department permission field, DeptX represents a department ID of the department X, "deparatdenses" represents a department prohibition field, DeptY represents a department ID of the department Y, "complexacllloys" represents an intersection permission field of the person and the department, "complexAclDenys" represents an intersection prohibition field of the person and the department, and "BBBBBBBB" represents a hash code corresponding to another piece of complicated user authority information "intersection prohibited search of the person and the department".
In one embodiment, if a document associated with a search engine does not have user rights information, the default value of the document's rights to the user may be prohibited, i.e., permission is not explicitly specified, then the search is prohibited; the default value of the authority of the data to the user may also be allowed, i.e. the search is allowed without explicitly specifying the prohibition.
In the embodiment of the application, the user authority information is processed according to a preset rule to obtain authority filtering condition data corresponding to the user authority information; the authority filtering condition data is solidified into the document and stored together with the document, so that the user authority information can be stored in each document related to the search engine, and the data search in a specific range of the search engine is realized, thereby enabling the search engine to be used for data retrieval in a system with higher requirements on the authority.
Further, in the embodiment of the application, when the user authority information contains one or a union of a plurality of authority characteristic data, the authority characteristic data of the user authority information is taken as authority filtering condition data and is directly written into the corresponding authority field of the document, when the user authority information contains a union of a plurality of authority characteristic data, the user authority information is converted into a preset identification code, and the preset identification code is taken as the authority filtering condition data of the user authority information and is written into the corresponding authority field of the document; the method for solidifying the authority filtering condition data into the document is simple and convenient, and is easy for solidifying and modifying the user authority information and convenient for managing the user authority information.
The application also provides a search method of the search engine acquired based on the embodiment of the application function implementation method. Fig. 3 is a flowchart illustrating a search method according to an embodiment of the present application.
Referring to fig. 3, a search method includes:
in step S301, corresponding user authority information is acquired based on the received user information.
In step S302, the corresponding authority filtering condition data is acquired based on the user authority information corresponding to the user information.
In step S303, a query statement including authority filtering condition data is generated.
In step S304, a query statement is executed, and a document matching the query statement in the associated documents of the search engine is obtained.
In the embodiment of the application, the authority filtering condition data corresponding to the user authority information is solidified in the associated document of the search engine, and the document which the user has the authority to search can be obtained according to the query statement containing the authority filtering condition data, so that the data search in the specific range of the search engine is realized, and the search engine can be used for data retrieval in a system with higher requirements on the authority.
Fig. 4 is another schematic flow chart of a search method according to an embodiment of the present application.
Referring to fig. 4, a search method includes:
in step S401, user information of a user is received.
In one embodiment, the search engine may obtain user information of the user according to an input when the user logs in the search engine, where the user information of the user includes user personal information and/or user attribute information. The user personal information may include a personal ID, the user attribute information may include an organization ID, and the organization ID may include a department ID, a company ID, and the like.
In step S402, a data expression is generated based on the or relationship of one or more pieces of authority feature data corresponding to the user information, and the data expression is used as authority filtering condition data.
In one embodiment, the authority characteristic data corresponding to the user information includes a personal ID and/or an organization ID. And if the user authority information corresponding to the user information is not matched in the service database, generating a data expression by using one or more pieces of authority characteristic data corresponding to the user information based on the OR relationship, and using the data expression as authority filtering condition data. For example, if the user is a person a in a department X, the user information of the user includes a person ID and an organization ID, and based on the or relationship, the person ID and the organization ID of the user information of the user are processed to generate a data expression as the person ID or the organization ID, and the authority filtering condition data is the person ID and the organization ID.
In step S403, a query statement including the authority filtering condition data is generated.
In an embodiment, when the authority filtering condition data is a personal ID and an organization ID, a query statement including the personal ID and the organization ID may be generated according to the personal ID and the organization ID of the user. The query statement includes either (or) a conditional query statement and (and) a conditional query statement, or (or) a conditional query statement includes a personal allowed clause (in userAllows), an organization allowed clause (in deparatestsallows), and (and) a conditional query statement includes a personal prohibited clause (in userdensys), an organization prohibited clause (in deparattsdenys), and the query statement including the personal ID and the organization ID may be expressed as:
Figure BDA0003435004550000121
currentUser represents the person ID and currentDept represents the organization ID.
In step S404, according to the user information of the user, it is determined whether the service database associated with the search engine has user right information matching the user information of the user; if yes, go to step S405; if not, step S407 is performed.
In an embodiment, the service database stores index data including user permission information and a corresponding default identification code in advance. And searching the user authority information matched with the user information in a service database associated with the search engine according to the user information of the user. Matching all index data in the service database with the user information of the user one by one according to the user information of the user, and judging whether the service database has index data matched with the user information of the user, namely judging whether the service database has user authority information matched with the user information of the user; if the user authority information corresponding to the user information is matched in the service database, executing step S405; if the user authority information corresponding to the user information is not matched in the service database, step S407 is performed.
In step S405, the preset identification code corresponding to the matched user authority information is used as the authority filtering condition data.
In one embodiment, if the user authority information corresponding to the user information is matched in the service database, the index data corresponding to the user information is matched in the service database; and obtaining a hash code in the index data according to the index data, wherein the hash code in the index data is a preset identification code corresponding to the user authority information, and taking the corresponding preset identification code as authority filtering condition data.
In step S406, a preset identification code is written into the query statement according to the user authority information matching the user information.
In one embodiment, the obtained hash code is added to the query statement according to the user authority information matched with the user information, and an intersection allowed clause (in complexAclAllows) of the personal ID and the organization ID or an intersection prohibited clause (in complexacldins) of the personal ID and the organization ID is added to the query statement. According to the matched user authority information in the index data, if the user authority information represents that the search is allowed, the hash code corresponding to the matched user authority information is added to an intersection allowed clause (in complexAlclAllows) of the individual and the department of the query statement as the authority filtering condition data, and if the user authority information represents that the search is forbidden, the hash code corresponding to the matched user authority information is added to an intersection forbidden clause (in complexAlclDenys) of the individual and the department of the query statement as the authority filtering condition data.
For example, the personal information of the user is a, the department information is X, according to the user information (department ID and personal ID) of the user, all index data in the service database are matched with the user information of the user one by one, the index data matched with the user information of the user is screened out, and the index data comprises the user authority information matched with the user information and the hash code corresponding to the user authority information. According to user information (department ID and personal ID) of a user, obtaining user authority information with authority characteristic data as intersection of the department ID of a department X and the personal ID of a person A, wherein the user authority information represents permission search, a hash code of the user authority information is AAAAAAAA, the hash code is AAAAAAAAAA, a permission clause (in complexAllos) of intersection of the personal ID and an organization ID of an inquiry statement is written into the hash code, and the inquiry statement after the hash code is written into is as follows:
Figure BDA0003435004550000141
in step S407, a query statement is executed, and a document matching the query statement in the associated documents of the search engine is acquired.
In an embodiment, the documents associated with the search engine may be searched according to the query statement containing the personal ID and the organization ID in S403, and in the search, the authority filtering condition data in the query statement is matched with the authority filtering condition data in the document ACL authority field, so as to filter out the documents meeting the query statement, that is, all the documents permitted to be queried by the user are searched out.
In an embodiment, documents in the search engine may be searched according to the query statement written with the hash code in S406, and during the search, the authority filtering condition data in the query statement is matched with the authority filtering condition data in the document ACL authority field, so as to screen out documents that meet the query statement, that is, all documents that the user allows to query are searched out.
In some embodiments, the method further includes, before generating the query statement containing the authority filtering condition data, acquiring a search request of a user, where the search request includes a search keyword; generating a query sentence containing authority filtering condition data and a search keyword; matching the authority filtering condition data contained in the query statement with the authority filtering conditions stored in the access control field pre-established in the document associated with the search engine; matching search keywords contained in the query sentence with the full document text associated with the search engine; and screening out documents matched with the authority filtering condition data and the search keywords contained in the query statement as documents matched with the authority filtering condition data contained in the query statement, and screening out all documents which are matched with the search request and are inquired by the user with the right.
In the embodiment of the application, the authority filtering condition data corresponding to the user authority information is solidified in the associated document of the search engine, the query statement containing the authority filtering condition data is obtained according to the user information, the query statement is executed, the document which the user has the authority to search can be obtained, and the data search in the specific range of the search engine is realized, so that the search engine can be used for data retrieval in a system with higher requirements on the authority.
Further, in the embodiment of the application, according to the user information, a data expression is generated based on an or relation of one or more pieces of authority feature data corresponding to the user information, the data expression is used as authority filtering condition data to generate an inquiry statement containing the authority feature data, according to the user information, the user authority information corresponding to the user information can be obtained, a hash code corresponding to the user authority information is written into the inquiry statement, the expression of the inquiry statement is facilitated, the logic complexity of the inquiry statement is avoided, the inquiry statement is executed, all documents which the user has authority to inquire can be retrieved at one time, and the searching efficiency can be improved.
Corresponding to the embodiment of the application function implementation method, the application also provides a search engine processing device, a search engine, electronic equipment and corresponding embodiments.
Fig. 5 is a schematic structural diagram of a search engine according to an embodiment of the present application.
Referring to fig. 5, a search engine includes an obtaining module 501, an authority filter condition data obtaining module 502, and a writing module 503.
An obtaining module 501, configured to obtain user right information of each document associated with the search engine, where the user right information corresponds to the user information and is used to represent whether the user has a right to access the document.
The authority filtering condition data obtaining module 502 is configured to process the user authority information obtained by the obtaining module 501 according to a preset rule, so as to obtain authority filtering condition data.
A writing module 503, configured to store the authority filtering condition data obtained by the authority filtering condition data obtaining module 502 in an access control field area pre-created in a corresponding document.
The writing module 503 writes the authority filtering condition data in the access control field area for matching the query statement, and the search engine executes the query statement to search for a document conforming to the query statement.
In an implementation, the permission filter condition data obtaining module 502 is further configured to, when the user permission information obtained by the obtaining module 501 is one permission feature data or a union of multiple permission feature data, generate permission filter condition data based on a relationship of or for each permission feature data.
In one implementation, the authority filtering condition data obtaining module 502 is further configured to generate a character string for representing a mixed logic relationship between each piece of authority feature data, that is, a character string for representing the user authority information, when the user authority information obtained by the obtaining module 501 is a set of mixed logics of a plurality of pieces of authority feature data; and converting the character string into a preset identification code according to a preset algorithm, and taking the preset identification code as authority filtering condition data.
The writing module 503 is further configured to store the preset identification code obtained by the permission filtering condition data obtaining module 502 and the user permission information corresponding to the preset identification code in a service database associated with the search engine.
In the embodiment of the application, the user authority information is processed according to a preset rule to obtain authority filtering condition data corresponding to the user authority information; the authority filtering condition data is solidified into the document and stored together with the document, so that the user authority information can be stored in each document related to the search engine, and the data search in a specific range of the search engine is realized, thereby enabling the search engine to be used for data retrieval in a system with higher requirements on the authority.
Fig. 6 is a schematic structural diagram of a search engine according to another embodiment of the present application.
Referring to fig. 6, a search engine includes an information obtaining module 601, a data obtaining module 602, a generating module 603, and a query module 604.
An information obtaining module 601, configured to obtain corresponding user permission information based on the received user information.
A data obtaining module 602, configured to obtain corresponding authority filtering condition data based on the user authority information corresponding to the user information obtained by the information obtaining module 601.
The generating module 603 is configured to generate a query statement including the authority filter condition data acquired by the data acquiring module 602.
The query module 604 is configured to execute the query statement generated by the generation module 603, and obtain a document that meets the query statement in the associated documents of the search engine.
In an embodiment, the information obtaining module 601 is further configured to obtain user information of a user, and search, based on the user information, a service database associated with a search engine for user authority information matched with the user information, where the service database stores the user authority information and a preset identification code corresponding to the user authority information in advance.
In an embodiment, the data obtaining module 602 is further configured to, if the information obtaining module 601 matches the user right information corresponding to the user information in the service database, use a preset identification code corresponding to the matched user right information as the right filtering condition data. The generating module 603 is further configured to write the preset identification code obtained by the data obtaining module 602 into the query statement according to the user permission information matched with the user information.
In an embodiment, if the information obtaining module 601 does not match the user authority information corresponding to the user information in the service database, a data expression is generated based on an or relationship of one or more pieces of authority feature data corresponding to the user information, and the data expression is used as the authority filtering condition data.
In an embodiment, the information obtaining module 601 is further configured to obtain a search request of a user, where the search request includes a search keyword.
The generating module 603 is further configured to generate a query statement including the permission filter condition data acquired by the data acquiring module 602 and the search keyword acquired by the information acquiring module 601.
The query module 604 is further configured to match authority filtering condition data included in the query statement generated by the generation module 603 with authority filtering conditions stored in access control fields created in advance in documents associated with the search engine; matching search keywords contained in the query sentence with the full document text associated with the search engine; and screening out the document matched with the authority filtering condition data and the search keyword contained in the query statement as the document matched with the authority filtering condition data contained in the query statement.
In the embodiment of the application, the authority filtering condition data corresponding to the user authority information is solidified in the associated document of the search engine, the query statement containing the authority filtering condition data is obtained according to the user information, the query statement is executed, the document which the user has the authority to search can be obtained, and the data search in the specific range of the search engine is realized, so that the search engine can be used for data retrieval in a system with higher requirements on the authority.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 7 is a schematic structural diagram of an electronic device shown in an embodiment of the present application.
Referring to fig. 7, an electronic device 700 includes a memory 701 and a processor 702.
The Processor 702 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 701 may include various types of storage units, such as system memory, Read Only Memory (ROM), and permanent storage. The ROM may store, among other things, static data or instructions for the processor 702 or other modules of the computer. The persistent storage device may be a read-write storage device. The persistent storage may be a non-volatile storage device that does not lose stored instructions and data even after the computer is powered off. In some embodiments, the persistent storage device employs a mass storage device (e.g., magnetic or optical disk, flash memory) as the persistent storage device. In other embodiments, the permanent storage may be a removable storage device (e.g., floppy disk, optical drive). The system memory may be a read-write memory device or a volatile read-write memory device, such as a dynamic random access memory. The system memory may store instructions and data that some or all of the processors require at runtime. In addition, memory 701 may include any combination of computer-readable storage media, including various types of semiconductor memory chips (e.g., DRAM, SRAM, SDRAM, flash memory, programmable read-only memory), magnetic and/or optical disks, among others. In some embodiments, memory 701 may include a removable storage device that is readable and/or writable, such as a Compact Disc (CD), digital versatile disc read only (e.g., DVD-ROM, dual layer DVD-ROM), Blu-ray disc read only, ultra-dense disc, flash memory card (e.g., SD card, min SD card, Micro-SD card, etc.), magnetic floppy disk, or the like. Computer-readable storage media do not contain carrier waves or transitory electronic signals transmitted by wireless or wired means.
The memory 701 has stored thereon executable code which, when processed by the processor 702, may cause the processor 702 to perform some or all of the methods described above.
Furthermore, the method according to the present application may also be implemented as a computer program or computer program product comprising computer program code instructions for performing some or all of the steps of the above-described method of the present application.
Alternatively, the present application may also be embodied as a computer-readable storage medium (or non-transitory machine-readable storage medium or machine-readable storage medium) having executable code (or a computer program or computer instruction code) stored thereon, which, when executed by a processor of an electronic device (or server, etc.), causes the processor to perform part or all of the various steps of the above-described method according to the present application.
Having described embodiments of the present application, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (13)

1. A search engine processing method, comprising:
acquiring user authority information of each document associated with a search engine, wherein the user authority information corresponds to the user information and is used for representing whether a user has authority to access the document;
processing the user authority information according to a preset rule to obtain authority filtering condition data;
storing the authority filtering condition data to an access control field area which is created in advance in a corresponding document;
wherein the permission filter condition data is used for matching a query statement, and the search engine executes the query statement to search for a document conforming to the query statement.
2. The method according to claim 1, wherein when the user permission information is a piece of permission feature data or a union of a plurality of pieces of permission feature data, the processing the user permission information according to a preset rule to obtain permission filter condition data includes:
and generating authority filtering condition data based on the or relation of each authority characteristic data.
3. The method according to claim 1, wherein when the user permission information is a set of mixed logic of a plurality of pieces of permission feature data, the processing the user permission information according to a preset rule to obtain permission filter condition data includes:
generating a character string for representing the mixed logic relation among the authority characteristic data;
and converting the character string into a preset identification code according to a preset algorithm, and taking the preset identification code as the authority filtering condition data.
4. The method of claim 3, further comprising:
and storing the preset identification code and the user authority information corresponding to the preset identification code to a service database associated with the search engine.
5. The method of claim 1, wherein the user information comprises at least one of: user personal information, user attribute information.
6. A method for searching a search engine obtained based on the method of any one of claims 1 to 5, comprising:
acquiring corresponding user authority information based on the received user information;
acquiring corresponding authority filtering condition data based on the user authority information corresponding to the user information;
generating a query statement containing the authority filtering condition data;
and executing the query statement to acquire the document which accords with the query statement in the associated documents of the search engine.
7. The method of claim 6,
the acquiring of the corresponding user authority information based on the received user information includes: searching user authority information matched with the user information in a service database associated with the search engine based on the user information, wherein the user authority information and a corresponding preset identification code are stored in the service database in advance;
the acquiring of the corresponding authority filtering condition data based on the user authority information corresponding to the user information includes:
if the user authority information corresponding to the user information is matched in the service database, taking a preset identification code corresponding to the matched user authority information as authority filtering condition data;
and if the user authority information corresponding to the user information is not matched in the service database, generating a data expression based on the OR relationship of one or more pieces of authority characteristic data corresponding to the user information, and taking the data expression as authority filtering condition data.
8. The method of claim 6, wherein before generating the query statement containing the permission filter condition data, the method further comprises: acquiring a search request of a user, wherein the search request comprises search keywords;
the generating of the query statement containing the authority filtering condition data further comprises:
and generating a query statement containing the authority filtering condition data and the search keyword.
9. The method of claim 8, wherein the executing the query statement to obtain documents matching the query statement from the documents associated with the search engine further comprises:
matching the authority filtering condition data contained in the query statement with authority filtering condition data stored in an access control field pre-created in a document associated with the search engine;
matching the search keywords contained in the query sentence with the full document text associated with the search engine;
and screening out the document matched with the authority filtering condition data and the search keyword contained in the query statement as the document matched with the authority filtering condition data contained in the query statement.
10. A search engine, comprising:
the acquisition module is used for acquiring user authority information of each document associated with the search engine, wherein the user authority information corresponds to the user information and is used for representing whether a user has authority to access the document;
the authority filtering condition data acquisition module is used for processing the user authority information acquired by the acquisition module according to a preset rule to acquire authority filtering condition data;
the writing module is used for storing the authority filtering condition data acquired by the authority filtering condition data acquisition module to an access control field area which is created in advance in a corresponding document;
the writing module writes the authority filtering condition data of the access control field area for matching the query statement, and the search engine executes the query statement to search the document conforming to the query statement.
11. A search engine, comprising:
the information acquisition module is used for acquiring corresponding user authority information based on the received user information;
the data acquisition module is used for acquiring corresponding authority filtering condition data based on the user authority information corresponding to the user information acquired by the information acquisition module;
the generating module is used for generating a query statement containing the authority filtering condition data acquired by the data acquiring module;
and the query module is used for executing the query sentence generated by the generation module and acquiring the document which accords with the query sentence in the associated documents of the search engine.
12. An electronic device, comprising:
a processor; and
a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method of any one of claims 1-9.
13. A computer-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the method of any one of claims 1-9.
CN202111609804.8A 2021-12-27 2021-12-27 Search engine processing method, search method and related device Pending CN114491618A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111609804.8A CN114491618A (en) 2021-12-27 2021-12-27 Search engine processing method, search method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111609804.8A CN114491618A (en) 2021-12-27 2021-12-27 Search engine processing method, search method and related device

Publications (1)

Publication Number Publication Date
CN114491618A true CN114491618A (en) 2022-05-13

Family

ID=81495717

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111609804.8A Pending CN114491618A (en) 2021-12-27 2021-12-27 Search engine processing method, search method and related device

Country Status (1)

Country Link
CN (1) CN114491618A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116701615A (en) * 2023-08-08 2023-09-05 建信金融科技有限责任公司 Service document online management method and device, electronic equipment and readable storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116701615A (en) * 2023-08-08 2023-09-05 建信金融科技有限责任公司 Service document online management method and device, electronic equipment and readable storage medium
CN116701615B (en) * 2023-08-08 2023-11-03 建信金融科技有限责任公司 Service document online management method and device, electronic equipment and readable storage medium

Similar Documents

Publication Publication Date Title
US10454932B2 (en) Search engine with privacy protection
US9230083B2 (en) Securing application information in system-wide search engines
US9965641B2 (en) Policy-based data-centric access control in a sorted, distributed key-value data store
US11853334B2 (en) Systems and methods for generating and using aggregated search indices and non-aggregated value storage
KR101120814B1 (en) Systems and methods that optimize row level database security
US8285082B2 (en) Automatic identification of digital content related to a block of text, such as a blog entry
US8589392B2 (en) Indexing and searching dynamically changing search corpora
US20060248039A1 (en) Sharing of full text index entries across application boundaries
US7991767B2 (en) Method for providing a shared search index in a peer to peer network
US20160292304A1 (en) Knowledge representation on action graph database
US20130332478A1 (en) Querying and integrating structured and instructured data
US20070226695A1 (en) Crawler based auditing framework
US8904551B2 (en) Control of access to files
EP3561636A1 (en) Record level data security
WO2020131462A1 (en) Blockchain-based content management system, method, apparatus, and electronic device
US11886431B2 (en) Real-time analytical queries of a document store
EP3762834A1 (en) System and method for searching based on text blocks and associated search operators
US9165079B1 (en) Access controls in a search index
CN114491618A (en) Search engine processing method, search method and related device
JP2003108440A (en) Data disclosing method, data disclosing program, and data disclosing device
CN112997172A (en) Computationally efficient tag determination for data assets
EP2958306A1 (en) Aggregation of separate domain data
Pingos et al. DLMetaChain: an IoT data lake architecture based on the blockchain
US11675924B2 (en) Content aggregation system for intelligent searching of indexed content based on extracted security identifiers
CN111159214B (en) API access method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination