CN114760134A - Multi-tenant isolation method and related device - Google Patents
Multi-tenant isolation method and related device Download PDFInfo
- Publication number
- CN114760134A CN114760134A CN202210403196.3A CN202210403196A CN114760134A CN 114760134 A CN114760134 A CN 114760134A CN 202210403196 A CN202210403196 A CN 202210403196A CN 114760134 A CN114760134 A CN 114760134A
- Authority
- CN
- China
- Prior art keywords
- tenant
- target
- isolation
- account set
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 158
- 238000000034 method Methods 0.000 claims abstract description 39
- 230000008569 process Effects 0.000 claims abstract description 21
- 238000012795 verification Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 11
- 238000011161 development Methods 0.000 abstract description 22
- 238000004891 communication Methods 0.000 abstract description 8
- 230000008878 coupling Effects 0.000 abstract description 8
- 238000010168 coupling process Methods 0.000 abstract description 8
- 238000005859 coupling reaction Methods 0.000 abstract description 8
- 239000002699 waste material Substances 0.000 abstract description 8
- 230000000694 effects Effects 0.000 abstract description 4
- 238000001914 filtration Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2453—Query optimisation
- G06F16/24534—Query rewriting; Transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a multi-tenant isolation method, which is applied to a multi-tenant isolation component and comprises the following steps: determining a target isolation scheme according to the isolation scheme configuration information; in the process of executing the target isolation scheme, after receiving a business data query request of a user, determining a target tenant and a target account set; reading business data from a database according to the ID of the target tenant and the ID of the target account set; and returning the read service data to the user. The method can reduce the communication cost of multi-team collaborative development, avoid resource waste caused by repeated development, reduce the system coupling degree, and realize multi-tenant and multi-account-set multi-level isolation. The application also discloses a multi-tenant isolation device, equipment and a computer readable storage medium, which have the technical effects.
Description
Technical Field
The application relates to the technical field of service data security, in particular to a multi-tenant isolation method; it also relates to a multi-tenant isolation device, an apparatus and a computer-readable storage medium.
Background
The SaaS platform is a platform for operating SaaS software. In the software development process of the SaaS platform, in order to ensure service data isolation between users, a tenant isolation technology needs to be used to ensure service data security between users. At present, the software development process in the SaaS platform in the industry mainly comprises: firstly, a uniform tenant isolation specification is determined, and then the specification is uniformly informed to each software service development team to be developed according to the uniform tenant isolation specification. In the process, each software service development team needs to realize tenant isolation, relevant logic of the tenant isolation is also considered in the service function development, in the multi-team collaborative development process, on one hand, communication cost is increased, on the other hand, resource waste is caused by repeated development, and the coupling is high, so that subsequent expansion is not facilitated.
In view of this, how to reduce the communication cost of multi-team collaborative development, avoid resource waste caused by repeated development, and reduce the system coupling degree has become a technical problem to be solved urgently by those skilled in the art.
Disclosure of Invention
The multi-tenant isolation method can reduce communication cost of multi-team collaborative development, avoid resource waste caused by repeated development, reduce system coupling degree, and realize multi-tenant and multi-account set multi-level isolation. Another object of the present application is to provide a multi-tenant isolation apparatus, a device, and a computer-readable storage medium, all having the above technical effects.
In order to solve the technical problem, the present application provides a multi-tenant isolation method, which is applied to a multi-tenant isolation component, and includes:
determining a target isolation scheme according to the isolation scheme configuration information;
in the process of executing the target isolation scheme, after receiving a business data query request of a user, determining a target tenant and a target account set;
reading business data from a database according to the ID of the target tenant and the ID of the target account set;
and returning the read service data to the user.
Optionally, the reading of the business data from the database according to the ID of the target tenant and the ID of the target account set includes:
constructing a logic query SQL, and adding the ID of the target tenant and the ID of the target account set in the logic query SQL;
and reading business data from the database according to the logic query SQL added with the ID of the target tenant and the ID of the target account set.
Optionally, before determining the target tenant and the target account set, the method further includes:
performing user authentication on the user;
and when the user passes the verification, determining a target tenant and a target account set.
Optionally, before reading the business data from the database according to the ID of the target tenant and the ID of the target account set, the method further includes:
verifying the access authority of the user;
and when the access authority passes the verification, reading business data from a database according to the ID of the target tenant and the ID of the target account set.
Optionally, the target isolation scheme is an isolation scheme of an independent service database architecture, or an isolation scheme of a shared service database and an isolated service data architecture, or an isolation scheme of a shared service database and a shared service data architecture.
Optionally, the method further includes:
when storing the tenant service data, storing tenant information; the tenant information comprises a tenant ID and an account set ID.
In order to solve the above technical problem, the present application further provides a multi-tenant isolation apparatus, including:
the first determining module is used for determining a target isolation scheme according to the isolation scheme configuration information;
the second determination module is used for determining a target tenant and a target account set after receiving a business data query request of a user in the process of executing the target isolation scheme;
the reading module is used for reading business data from a database according to the ID of the target tenant and the ID of the target account set;
and the sending module is used for returning the read service data to the user.
Optionally, the method further includes:
the storage module is used for storing tenant information when storing tenant service data; the tenant information comprises a tenant ID and an account set ID.
In order to solve the above technical problem, the present application further provides a multi-tenant isolation device, including:
a memory for storing a computer program;
a processor for implementing the steps of the multi-tenant isolation method as described in any one of the above when the computer program is executed.
To solve the above technical problem, the present application further provides a computer-readable storage medium, having a computer program stored thereon, where the computer program, when executed by a processor, implements the steps of the multi-tenant isolation method according to any one of the above.
The multi-tenant isolation method provided by the application is applied to a multi-tenant isolation component and comprises the following steps: determining a target isolation scheme according to the isolation scheme configuration information; in the process of executing the target isolation scheme, after receiving a business data query request of a user, determining a target tenant and a target account set; reading business data from a database according to the ID of the target tenant and the ID of the target account set; and returning the read service data to the user.
Therefore, the multi-tenant isolation method provided by the application provides an out-of-box multi-tenant isolation component for realizing multi-tenant isolation, software developers of the SaaS platform do not need to pay attention to tenant isolation in the development process, services do not need to realize specific logic of tenant isolation, and tenant isolation is automatically completed by the multi-tenant isolation component, so that communication cost of multi-team collaborative development can be greatly reduced, resource waste caused by repeated development is avoided, and system coupling degree is reduced. In addition, the multi-tenant isolation method can achieve multi-level isolation of multiple tenants and multiple account sets.
The multi-tenant isolation device, the equipment and the computer readable storage medium provided by the application have the technical effects.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed in the prior art and the embodiments are briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flowchart of a multi-tenant isolation method according to an embodiment of the present application;
fig. 2 is a schematic diagram of a tenant architecture according to an embodiment of the present disclosure;
fig. 3 is a schematic view of a service data saving process provided in an embodiment of the present application;
fig. 4 is a schematic view illustrating a business data query process according to an embodiment of the present application;
figure 5 is a schematic view of a multi-tenant isolation apparatus provided in an embodiment of the present application;
fig. 6 is a schematic diagram of a multi-tenant isolation device according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a multi-tenant isolation method, which can reduce the communication cost of multi-team collaborative development, avoid resource waste caused by repeated development, reduce the system coupling degree, and realize multi-tenant and multi-account set multi-level isolation. Another core of the present application is to provide a multi-tenant isolation apparatus, a device, and a computer-readable storage medium, all having the above technical effects.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flowchart of a multi-tenant isolation method according to an embodiment of the present application, and referring to fig. 1, the method includes:
s101: determining a target isolation scheme according to the isolation scheme configuration information;
the multi-tenant isolation method is implemented by running a multi-tenant isolation component. The essence of the multi-tenant technology architecture is to provide tenant isolation for software and guarantee service data isolation under the same system. In order to ensure isolation, different isolation schemes need to be implemented according to actual conditions. In the embodiment, the multi-tenant isolation component is integrated with multiple isolation schemes, and a user can configure the isolation schemes according to actual conditions and select a required isolation scheme. The multi-tenant isolation component can determine an isolation scheme required by a user, namely a target isolation scheme, according to the isolation scheme configuration information, and then the multi-tenant isolation component adopts the target isolation scheme to perform multi-tenant isolation.
The target isolation scheme is an isolation scheme of an independent service database architecture, or an isolation scheme of a shared service database and an isolated service data architecture, or an isolation scheme of a shared service database and a shared service data architecture.
The independent service database architecture refers to a tenant-service database, and the isolation level of the user service data of the isolation scheme is the highest. The shared service database and isolated service data architecture means that a plurality of tenants or all tenants share the service database, but one tenant has one Schema. The shared service database and the shared service data architecture mean that tenants share the same service database and the same Schema, but the tenant service data are distinguished through tenant fields in a table. The isolation scheme has a high degree of sharing but a low level of isolation.
After the user configures the isolation scheme according to the required isolation scheme, the multi-tenant isolation component determines a target isolation scheme from the three isolation schemes according to the isolation scheme configuration information.
S102: in the process of executing the target isolation scheme, after receiving a business data query request of a user, determining a target tenant and a target account set;
after the target isolation scheme is determined, the multi-tenant isolation component performs multi-tenant isolation by adopting the target isolation scheme. In the process of executing the target isolation scheme, the tenant information is automatically filtered. Specifically, after receiving a business data query request of a user, a target tenant and a target account set are determined. The target tenant refers to the tenant to which the user belongs. The target account set refers to the account set to which the user belongs. The tenant and the account set are in a subordinate relationship.
Each tenant may have a plurality of account sets, and each account set may also have a sub-account set. The business data between the account sets are isolated. And a shared space is constructed on the tenant level, and each account set can share the shared space.
Taking the scenario of a group and a company as an example, there is generally a hierarchical architecture relationship of group-company-subsidiary. The group is a tenant, the company is an account set in the tenant, and the subsidiary company is a subsidiary account set in the account set. The organization structure and the personnel of the whole group can be shared at the tenant level. The account cover can perform user-defined business function isolation.
For example, referring to fig. 2, tenant 1 and tenant 2 both have a top book, two secondary books are below the top book, and two bottom books are below each secondary book. The user belongs to the tenant 1, and the account set belongs to the secondary account set 1 under the tenant 1. Then the target tenant is tenant 1 and the target account set is secondary account set 1.
In some embodiments, the determining the target tenant and the target account set may further include:
performing user authentication on the user; for example, verifying login information of a user, etc.; and when the user passes the verification, determining a target tenant and a target account set. Conversely, if the user authentication is not passed, the next steps are not performed.
S103: reading business data from a database according to the ID of the target tenant and the ID of the target account set;
s104: and returning the read service data to the user.
After the target tenant and the target account set are determined, business data are read from the database according to the ID of the target tenant and the ID of the target account set, and at the moment, only the business data of a user belonging to the target account set under the target account can be read. And after the service data is read, returning the read service data to the user.
For example, when the target tenant is tenant 1 and the target account set is secondary account set 1, the business data is read from the database according to the ID of tenant 1 and the ID of account set 1, and at this time, only the business data of the user belonging to account set 1 under tenant 1 can be read.
In some embodiments, reading business data from a database according to the ID of the target tenant and the ID of the target account set may include;
constructing a logic query SQL, and adding the ID of the target tenant and the ID of the target account set in the logic query SQL;
and reading business data from the database according to the logic query SQL added with the ID of the target tenant and the ID of the target account set.
Specifically, the business logic query service constructs a logic query SQL, and after the logic query SQL is transmitted to the SQL rewriter, the SQL rewriter rewrites the logic query SQL, and adds the ID of the target tenant and the ID of the target account set. And finally, inquiring and reading business data from the database according to the logic inquiry SQL added with the ID of the target tenant and the ID of the target account set.
In some embodiments, before reading the business data from the database according to the ID of the target tenant and the ID of the target account set, the method may further include:
verifying the access authority of the user; and when the access authority passes the verification, reading business data from a database according to the ID of the target tenant and the ID of the target account set. Conversely, if the access authentication is not passed, the next steps are not performed.
In some embodiments, further comprising:
when the tenant service data is saved, the tenant information is saved; the tenant information comprises a tenant ID and an account set ID. Referring to fig. 3, while data is saved through the service function data saving interface, tenant information is automatically saved, and tenant information agent implantation is realized.
As shown in fig. 4, in one embodiment, the multi-tenant isolation includes automatically saving tenant information when business data is saved and automatically filtering tenant information when business data is queried. The flow of automatically filtering tenant information during data query is as follows:
the user initiates a business logic query. And after the central authentication is used for user verification, tenant and account set sensing and access authority verification, business logic inquiry is carried out. The business logic service constructs a logical query SQL. The SQL rewriter rewrites the logic query SQL and adds the tenant ID and account set ID filter conditions into the SQL. And inquiring the service data from the database according to the rewritten logic inquiry SQL, and returning the service data to the user.
In the above embodiment, the premise that the tenant information is automatically stored when the service data is stored and automatically filtered when the service data is queried is that the multi-tenant isolation component starts tenant information filtering interception, if the tenant information filtering interception is closed, the tenant information is not stored when the service data is stored and the blocked tenant information is not filtered when the service data is queried in the operation process of the multiple groups of user components, and then tenant sharing can be realized. Therefore, the multi-tenant isolation component can realize tenant sharing while meeting multi-tenant isolation.
It should be noted that, in the multi-tenant system, there are two modes, local multi-tenant mode and central multi-tenant mode. Wherein, in the local multi-tenant mode: each business system has its own tenant management center, and the tenant information communicated among multiple business systems is not consistent. In the central multi-tenant mode: a plurality of services share one tenant management center, and tenant information communicated among a plurality of service systems is consistent.
In summary, the multi-tenant isolation method provided by the application provides an out-of-box multi-tenant isolation component for realizing multi-tenant isolation, software developers of the SaaS platform do not need to pay attention to tenant isolation in the development process, services do not need to realize specific logic of tenant isolation, and tenant isolation is automatically completed by the multi-tenant isolation component, so that communication cost of multi-team collaborative development can be greatly reduced, resource waste caused by repeated development is avoided, and system coupling degree is reduced. In addition, the multi-tenant isolation method can achieve multi-level isolation of multiple tenants and multiple account sets.
The application also provides a multi-tenant isolation device, and the device described below can be referred to in correspondence with the method described above. Referring to fig. 5, fig. 5 is a schematic view of a multi-tenant isolation apparatus according to an embodiment of the present application, and referring to fig. 5, the apparatus includes:
a first determining module 10, configured to determine a target isolation scheme according to the isolation scheme configuration information;
a second determining module 20, configured to determine a target tenant and a target account set after receiving a service data query request of a user in a process of executing the target isolation scheme;
a reading module 30, configured to read service data from a database according to the ID of the target tenant and the ID of the target account set;
and the sending module 40 is configured to return the read service data to the user.
On the basis of the foregoing embodiment, as a specific implementation manner, the reading module 30 includes:
the construction unit is used for constructing a logic query SQL and adding the ID of the target tenant and the ID of the target account set in the logic query SQL;
and the reading unit is used for reading the business data from the database according to the logic query SQL added with the ID of the target tenant and the ID of the target account set.
On the basis of the above embodiment, as a specific implementation manner, the method further includes:
the user authentication module is used for carrying out user authentication on the user;
when the user verification passes, the second determination module 20 determines the target tenant and the target account set.
On the basis of the above embodiment, as a specific implementation manner, the method further includes:
the authority verification module is used for verifying the access authority of the user;
when the access right verification passes, the reading module 30 reads the business data from the database according to the ID of the target tenant and the ID of the target account set.
On the basis of the above embodiment, as a specific implementation manner, the target isolation scheme is an isolation scheme of an independent service database architecture, or an isolation scheme of a shared service database and an isolated service data architecture, or an isolation scheme of a shared service database and a shared service data architecture.
On the basis of the above embodiment, as a specific implementation manner, the method further includes:
the storage module is used for storing tenant information when storing tenant service data; the tenant information comprises a tenant ID and an account set ID.
The multi-tenant isolation device can achieve multi-tenant isolation, software developers of the SaaS platform do not need to pay attention to tenant isolation in the development process, specific logic of tenant isolation is not needed to be achieved for services, tenant isolation is automatically completed through the multi-tenant isolation device, therefore, communication cost of multi-team collaborative development can be greatly reduced, resource waste caused by repeated development is avoided, and system coupling degree is reduced. In addition, the multi-tenant isolation device can achieve multi-level isolation of multiple tenants and multiple account sets.
The present application further provides a multi-tenant isolation device, which is shown with reference to fig. 6 and includes a memory 1 and a processor 2.
A memory 1 for storing a computer program;
a processor 2 for executing a computer program to implement the steps of:
determining a target isolation scheme according to the isolation scheme configuration information; in the process of executing the target isolation scheme, after receiving a business data query request of a user, determining a target tenant and a target account set; reading business data from a database according to the ID of the target tenant and the ID of the target account set; and returning the read service data to the user.
For the introduction of the device provided in the present application, please refer to the above method embodiment, which is not described herein again.
The present application further provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, performs the steps of:
determining a target isolation scheme according to the isolation scheme configuration information; in the process of executing the target isolation scheme, after receiving a business data query request of a user, determining a target tenant and a target account set; reading business data from a database according to the ID of the target tenant and the ID of the target account set; and returning the read service data to the user.
The computer-readable storage medium may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
For the introduction of the computer-readable storage medium provided in the present application, please refer to the above method embodiments, which are not described herein again.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device, the apparatus and the computer-readable storage medium disclosed by the embodiments correspond to the method disclosed by the embodiments, so that the description is simple, and the relevant points can be referred to the description of the method.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The multi-tenant isolation method, apparatus, device, and computer-readable storage medium provided by the present application are described in detail above. The principles and embodiments of the present application are described herein using specific examples, which are only used to help understand the method and its core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. A multi-tenant isolation method is applied to a multi-tenant isolation component, and comprises the following steps:
determining a target isolation scheme according to the isolation scheme configuration information;
in the process of executing the target isolation scheme, after receiving a business data query request of a user, determining a target tenant and a target account set;
reading business data from a database according to the ID of the target tenant and the ID of the target account set;
and returning the read service data to the user.
2. The multi-tenant isolation method of claim 1, wherein reading business data from a database according to the ID of the target tenant and the ID of the target account set comprises:
constructing a logic query SQL, and adding the ID of the target tenant and the ID of the target account set in the logic query SQL;
and reading business data from the database according to the logic query SQL added with the ID of the target tenant and the ID of the target account set.
3. The multi-tenant isolation method of claim 1, wherein determining a target tenant and a target account set further comprises:
performing user authentication on the user;
and when the user passes the verification, determining a target tenant and a target account set.
4. The multi-tenant isolation method according to claim 1, wherein before reading the business data from the database according to the ID of the target tenant and the ID of the target account set, the method further comprises:
performing access right verification on the user;
and when the access authority passes the verification, reading business data from a database according to the ID of the target tenant and the ID of the target account set.
5. The multi-tenant isolation method according to claim 1, wherein the target isolation plan is an isolation plan of an independent service database architecture, or an isolation plan of a shared service database and an isolated service data architecture, or an isolation plan of a shared service database and a shared service data architecture.
6. The multi-tenant isolation method of claim 1, further comprising:
when the tenant service data is saved, the tenant information is saved; the tenant information comprises a tenant ID and an account set ID.
7. A multi-tenant isolation apparatus, comprising:
the first determining module is used for determining a target isolation scheme according to the configuration information of the isolation scheme;
the second determination module is used for determining a target tenant and a target account set after receiving a business data query request of a user in the process of executing the target isolation scheme;
the reading module is used for reading business data from a database according to the ID of the target tenant and the ID of the target account set;
and the sending module is used for returning the read service data to the user.
8. The multi-tenant isolation device of claim 7, further comprising:
the storage module is used for storing tenant information when storing tenant service data; the tenant information comprises a tenant ID and an account set ID.
9. A multi-tenant isolation device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the multi-tenant isolation method as claimed in any one of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, realizes the steps of the multi-tenant isolation method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210403196.3A CN114760134B (en) | 2022-04-18 | 2022-04-18 | Multi-tenant isolation method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210403196.3A CN114760134B (en) | 2022-04-18 | 2022-04-18 | Multi-tenant isolation method and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114760134A true CN114760134A (en) | 2022-07-15 |
| CN114760134B CN114760134B (en) | 2024-05-28 |
Family
ID=82331530
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210403196.3A Active CN114760134B (en) | 2022-04-18 | 2022-04-18 | Multi-tenant isolation method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114760134B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114969612A (en) * | 2022-07-29 | 2022-08-30 | 深圳市星卡软件技术开发有限公司 | Multi-tenant data isolation method, system and computer equipment |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140330869A1 (en) * | 2013-05-02 | 2014-11-06 | International Business Machines Corporation | Secure isolation of tenant resources in a multi-tenant storage system using a security gateway |
| US10009337B1 (en) * | 2015-06-30 | 2018-06-26 | EMC IP Holding Company LLC | Child tenant revocation in a multiple tenant environment |
| CN110188307A (en) * | 2019-05-31 | 2019-08-30 | 东信和平科技股份有限公司 | A kind of multi-tenant data partition method, server and system |
| CN110263558A (en) * | 2019-06-13 | 2019-09-20 | 泰康保险集团股份有限公司 | Service authority management method, device, electronic equipment and computer-readable medium |
| CN111079131A (en) * | 2019-12-20 | 2020-04-28 | 金卡智能集团股份有限公司 | Method and system for authorization and control of authority of cross-company service |
| CN111582773A (en) * | 2020-06-22 | 2020-08-25 | 南京德睿能源研究院有限公司 | Multi-tenant technology-based micro-grid energy cloud model control method and system |
| CN111865943A (en) * | 2020-07-02 | 2020-10-30 | 北京同创永益科技发展有限公司 | Multi-level tenant authentication method and device based on micro-service |
| CN112559076A (en) * | 2020-12-21 | 2021-03-26 | 支付宝(杭州)信息技术有限公司 | Tenant information processing method, device, system and equipment |
| CN113779625A (en) * | 2021-08-31 | 2021-12-10 | 成都商汤科技有限公司 | Data access method and device, electronic equipment and storage medium |
| CN113986528A (en) * | 2021-09-29 | 2022-01-28 | 济南浪潮数据技术有限公司 | Method, system, equipment and storage medium for multi-tenant space resource management |
-
2022
- 2022-04-18 CN CN202210403196.3A patent/CN114760134B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140330869A1 (en) * | 2013-05-02 | 2014-11-06 | International Business Machines Corporation | Secure isolation of tenant resources in a multi-tenant storage system using a security gateway |
| US10009337B1 (en) * | 2015-06-30 | 2018-06-26 | EMC IP Holding Company LLC | Child tenant revocation in a multiple tenant environment |
| CN110188307A (en) * | 2019-05-31 | 2019-08-30 | 东信和平科技股份有限公司 | A kind of multi-tenant data partition method, server and system |
| CN110263558A (en) * | 2019-06-13 | 2019-09-20 | 泰康保险集团股份有限公司 | Service authority management method, device, electronic equipment and computer-readable medium |
| CN111079131A (en) * | 2019-12-20 | 2020-04-28 | 金卡智能集团股份有限公司 | Method and system for authorization and control of authority of cross-company service |
| CN111582773A (en) * | 2020-06-22 | 2020-08-25 | 南京德睿能源研究院有限公司 | Multi-tenant technology-based micro-grid energy cloud model control method and system |
| CN111865943A (en) * | 2020-07-02 | 2020-10-30 | 北京同创永益科技发展有限公司 | Multi-level tenant authentication method and device based on micro-service |
| CN112559076A (en) * | 2020-12-21 | 2021-03-26 | 支付宝(杭州)信息技术有限公司 | Tenant information processing method, device, system and equipment |
| CN113779625A (en) * | 2021-08-31 | 2021-12-10 | 成都商汤科技有限公司 | Data access method and device, electronic equipment and storage medium |
| CN113986528A (en) * | 2021-09-29 | 2022-01-28 | 济南浪潮数据技术有限公司 | Method, system, equipment and storage medium for multi-tenant space resource management |
Non-Patent Citations (1)
| Title |
|---|
| 何海棠;朱晓辉;陈苏蓉;: "SaaS模式下多租户数据库的研究", 郑州铁路职业技术学院学报, no. 03, 20 September 2012 (2012-09-20) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114969612A (en) * | 2022-07-29 | 2022-08-30 | 深圳市星卡软件技术开发有限公司 | Multi-tenant data isolation method, system and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114760134B (en) | 2024-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109522735B (en) | Data permission verification method and device based on intelligent contract | |
| CN103067406B (en) | Access control system and access control method between public cloud and private cloud | |
| CN103067463B (en) | user root authority centralized management system and management method | |
| CN102985919B (en) | For the system and method for serialized data service | |
| CN108734452B (en) | Internet resource transfer method, account transfer method and device | |
| CN108171595B (en) | Bank core accounting engine system supporting peripheral business system accounting service | |
| CN101873333B (en) | Enterprise data maintenance method, device and system based on banking system | |
| CN103646218A (en) | Device and method for defining data access right and behavior right | |
| CN108537498A (en) | Interorganizational project management method, system, equipment and medium based on block chain | |
| CN108053088A (en) | A kind of Subscriber Management System, method and apparatus | |
| CN110909373A (en) | Access control method, device, system and storage medium | |
| US20130040602A1 (en) | Managing Cellular Phone Calls | |
| CN112950201B (en) | Node management method and related device applied to block chain system | |
| CN114760134A (en) | Multi-tenant isolation method and related device | |
| CN106921708B (en) | Group management method and device | |
| CN1601954B (en) | Moving principals across security boundaries without service interruption | |
| CN101764791B (en) | User identity verification method, equipment and system in business chain | |
| CN117648682A (en) | Authority management method, device, terminal and storage medium | |
| CN102708416A (en) | Method, device and system for ordering business by users | |
| CN115333863B (en) | Internet of things system building method based on dynamic domain name service and related equipment | |
| CN114020797A (en) | Block chain distributed account book and database-based chain uplink and downlink mixed storage method | |
| KR102107454B1 (en) | System for multiplication of financial payment networks, method for financial services using the same and computer program for the same | |
| CN111459976A (en) | Account information query method and device based on database table | |
| CN112036872A (en) | Transaction control method and device | |
| CN111310166A (en) | Authority management method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |