CN115730284A - Method, device, equipment and storage medium for controlling authority of report data - Google Patents
Method, device, equipment and storage medium for controlling authority of report data Download PDFInfo
- Publication number
- CN115730284A CN115730284A CN202211518422.9A CN202211518422A CN115730284A CN 115730284 A CN115730284 A CN 115730284A CN 202211518422 A CN202211518422 A CN 202211518422A CN 115730284 A CN115730284 A CN 115730284A
- Authority
- CN
- China
- Prior art keywords
- report
- index
- data
- current user
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000004590 computer program Methods 0.000 claims description 17
- 239000002131 composite material Substances 0.000 claims description 13
- 238000004891 communication Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000035945 sensitivity Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013075 data extraction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device, equipment and a storage medium for controlling the authority of report data. The method comprises the following steps: acquiring a supervision report and a corresponding report type, and acquiring each report index corresponding to the supervision report according to the report type; acquiring a safety classification level corresponding to each report index, and acquiring a target index according to the safety classification level corresponding to each report index and the post information corresponding to the current user; acquiring product information corresponding to each data record, and acquiring a target data record according to the post information and the product information corresponding to each data record; and extracting report data from the supervision report according to the target index and the target data record so as to generate a display report. According to the technical scheme, data access control is performed from two dimensions of the report indexes and the data records, report data authority control of the data item level is achieved, the control accuracy of the sensitive data viewing range is improved, and the data leakage risk is reduced.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method, an apparatus, a device, and a storage medium for controlling authority of report data.
Background
In the trust field, a trust company needs to report data to various supervision departments, and the data range covers all internal management and operation business sensitive data of the company and comprises data of finance, protocols, customers, products, assets and the like. For data security, the knowledge range of sensitive data needs to be minimized, so that authority control needs to be performed on report data.
At present, in the existing authority control method of report data, a company generally divides business authorities for different post personnel through an authority configuration table, and a report authority control system allocates system roles for different personnel according to the authority configuration table, wherein the system roles are associated with report data access authorities. When a person accesses the report system, the report system acquires the system role of the person and correspondingly displays the report which the person has the right to access. However, the supervision report generally takes the whole company as a statistical object, so the data range is wide, in the prior art, the report system controls the access and viewing authority of personnel according to the table level, inevitably expands the knowledge range of sensitive data, and cannot finely control the data authority.
Disclosure of Invention
The invention provides a method, a device, equipment and a storage medium for controlling the authority of report data, which can realize the authority control of the report data at a data item level, improve the control accuracy of the viewing range of sensitive data and reduce the risk of data leakage.
According to one aspect of the invention, a method for controlling authority of report data is provided, which comprises the following steps:
acquiring a supervision report and a report type corresponding to the supervision report, and acquiring at least one report index corresponding to the supervision report according to the report type;
acquiring a security classification level corresponding to each report index, and acquiring a target index of the current user with access authority according to the security classification level corresponding to each report index and the post information corresponding to the current user;
acquiring product information corresponding to each data record in the supervision report, and acquiring a target data record of the current user with access authority according to the post information corresponding to the current user and the product information corresponding to each data record;
and extracting report data of which the current user has access authority from the supervision report according to the target index and the target data record so as to generate a display report.
According to another aspect of the present invention, there is provided an authority control apparatus for reporting data, comprising:
the report index acquisition module is used for acquiring a monitored report and a report type corresponding to the monitored report, and acquiring at least one report index corresponding to the monitored report according to the report type;
the target index acquisition module is used for acquiring the security classification level corresponding to each report index and acquiring a target index of the current user with access authority according to the security classification level corresponding to each report index and the post information corresponding to the current user;
a target data record obtaining module, configured to obtain product information corresponding to each data record in the supervision report, and obtain a target data record that the current user has access right according to the post information corresponding to the current user and the product information corresponding to each data record;
and the display report generation module is used for extracting the report data of which the current user has the access right from the supervision report according to the target index and the target data record so as to generate a display report.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor, and the computer program is executed by the at least one processor, so that the at least one processor can execute the authority control method of report data according to any embodiment of the present invention.
According to another aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions for enabling a processor to implement a method for controlling authority of report data according to any embodiment of the present invention when the computer instructions are executed.
According to the technical scheme of the embodiment of the invention, the supervision report and the corresponding report type are obtained, and each report index corresponding to the supervision report is obtained according to the report type; acquiring a safety classification level corresponding to each report index, and acquiring a target index according to the safety classification level corresponding to each report index and the post information corresponding to the current user; acquiring product information corresponding to each data record, and acquiring a target data record according to the post information and the product information corresponding to each data record; according to the target index and the target data record, report data are extracted from the supervision report to generate a display report, data access control is performed from two dimensions of the report index and the data record, the data authority control of the report at the data item level is achieved, the control accuracy of the viewing range of sensitive data is improved, and the data leakage risk is reduced.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1A is a flowchart of an authority control method for report data according to an embodiment of the present invention;
FIG. 1B is a flowchart of another method for controlling authority of report data according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for controlling authority of report data according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of an authority control apparatus for report data according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device implementing the method for controlling authority of report data according to the embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," "object," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1A is a flowchart of a method for controlling authority of report data according to an embodiment of the present invention, where the embodiment is applicable to a case of controlling data access authority of a supervised report, the method may be executed by an authority control device of report data, the authority control device of report data may be implemented in a hardware and/or software form, and the authority control device of report data may be configured in an electronic device, and typically, the electronic device may be a computer device or a server. As shown in fig. 1A, the method includes:
s110, a supervision report and a report type corresponding to the supervision report are obtained, and at least one report index corresponding to the supervision report is obtained according to the report type.
In this embodiment, the report system may retrieve, according to a report query instruction of a current user, a supervised report corresponding to the report query instruction from the database, where types of the supervised report may include a list, a detail table, a summary table, and the like. Then, a plurality of report indexes can be extracted from the supervised report according to the report type corresponding to the supervised report, for example, for the list and the detail table, each column title can be directly extracted to be used as the report index. The report index may be a column title of each column of the supervised report, for example, a name, a gender, a department to which the report belongs, a product number, and the like.
In a specific example, report samples of the managed report may be obtained first, and then report indexes are extracted from the report samples. The report form sample may be in a form definition format, and may include a row header, a column header, a cell format, and the like.
S120, obtaining the security classification level corresponding to each report form index, and obtaining the target index of the current user with the access right according to the security classification level corresponding to each report form index and the post information corresponding to the current user.
The safety classification level can be a safety level preset for different report indexes, and can be used for representing the sensitivity of different report indexes. Typically, the higher the security classification level, the higher the sensitivity of the reporting metrics. In this embodiment, after each report index of the current supervised report is obtained, the security classification level matched with each report index corresponding to the supervised report may be obtained based on the preset security classification levels corresponding to different report indexes.
In one specific example, corresponding privilege information, such as the highest security classification level accessible, may be preset for different enterprise posts. Therefore, the position information corresponding to the current user can be obtained according to the login information (such as a login account number) of the current user, and the highest security classification level corresponding to the current user can be obtained based on the preset position authority information. Further, the highest security classification level corresponding to the current user and the security classification levels corresponding to the report indexes can be matched and compared, and if the security classification level corresponding to one report index is less than or equal to the highest security classification level, the report index can be determined as a target index. Therefore, one or more target indexes corresponding to the current report indexes can be obtained.
It should be noted that the report index is the title of each column of the supervised report, and thus, by determining the target index, the report data of each column in the supervised report, which the current user has access right, can be determined, and the data of each column displayed to the current user can also be determined.
S130, acquiring product information corresponding to each data record in the supervision report, and acquiring a target data record of the current user with access authority according to the post information corresponding to the current user and the product information corresponding to each data record.
The data record may be a data line in the supervised report, and may include data content corresponding to each report index.
In a specific example, when the supervision report is a trusted report, each data record (a line of data) corresponds to a trusted product, and each trusted product has a home department or a trusted manager. In this embodiment, data items related to the product information in each data record, for example, a product number, a product name, and the like, may be obtained, so as to determine the product information corresponding to each data record.
And then, determining the enterprise department corresponding to each data record according to the product information corresponding to each data record. If the current user is determined to belong to the enterprise department corresponding to a certain data record according to the post information corresponding to the current user, the data record can be determined as a target data record. Therefore, each target data record corresponding to the current user, namely each data line of which the current user has access authority, can be obtained.
Optionally, accessible product information may also be preset in the post right information; therefore, the post authority information corresponding to the current user can be obtained based on the post information corresponding to the current user and the pre-set post authority information of different posts, and therefore the product information accessible to the current user can be determined. Then, product information accessible to the current user may be matched and compared with product information corresponding to each data record to obtain a target data record to which the current user has access rights.
S140, according to the target index and the target data record, extracting report data of which the current user has access authority from the monitored report so as to generate a display report.
In a specific example, for each target data record, data content corresponding to each target index may be extracted, and each target index is used as a column title, so as to finally generate a presentation report displayed to the current user. Or, in all the data contents of the supervision report, only the data contents corresponding to each target index in each target data record are reserved, and other data contents are set to be blank or preset characters, so as to generate a display report.
According to the technical scheme of the embodiment of the invention, the supervision report and the corresponding report type are obtained, and each report index corresponding to the supervision report is obtained according to the report type; acquiring a safety classification level corresponding to each report index, and acquiring a target index according to the safety classification level corresponding to each report index and the post information corresponding to the current user; acquiring product information corresponding to each data record, and acquiring a target data record according to the post information and the product information corresponding to each data record; according to the target index and the target data record, report data are extracted from the supervision report to generate a display report, and data access control is performed from two dimensions of the report index and the data record, so that the report data authority control of the data item level is realized, the control accuracy of the sensitive data viewing range is improved, and the data leakage risk is reduced.
In an optional implementation manner of this embodiment, the obtaining, according to the report type, at least one report index corresponding to the supervised report may include:
if the report type is a list report or a detailed report, extracting each data item from the supervision report to be used as each report index;
if the report type is a summary report, extracting each basic index from the supervised report, and acquiring each composite index corresponding to the supervised report according to each basic index;
acquiring each derived index corresponding to the supervision report according to each basic index, each composite index and a preset statistical dimension;
and acquiring each report index according to each basic index, each composite index and each derived index.
In a specific example, if the report type corresponding to the supervised report is a list report or a detailed report, each data item (column header) may be directly used as the report index corresponding to the supervised report. If the report type corresponding to the supervision report is a summary report, each basic index, namely a concept set which expresses the atomic quantitative attribute of the business entity and is not separable, can be determined firstly; then, a composite index can be determined according to the basic index, namely a calculation index formed by a certain four arithmetic rules on the basic index; finally, the basic indexes and the composite indexes can be screened based on preset statistical dimensions to obtain all the derived indexes, and the set of the basic indexes, the composite indexes and the derived indexes can be used as all report indexes corresponding to the supervision report.
The preset statistical dimension may be a preset statistical condition, for example, a statistical time, a statistical range, and the like.
In another optional implementation manner of this embodiment, the obtaining the security classification level corresponding to each report indicator may include:
and acquiring the safety classification grade corresponding to each report index according to each report index corresponding to the supervision report and the corresponding relation between the preset report index and the safety classification grade.
The preset corresponding relationship between the report indicator and the security classification level may be in the form of a list, for example, a data item security classification level list. In a specific example, each report indicator may be sequentially matched with the data item security classification level list to obtain a security classification level corresponding to each report indicator.
In another optional implementation manner of this embodiment, the obtaining, according to the security classification level corresponding to each report indicator and the post information corresponding to the current user, a target indicator that the current user has access right may include:
acquiring a safety classification grade corresponding to the current user according to the post information corresponding to the current user and a corresponding relation between the pre-set post information and the safety classification grade;
and acquiring a target index of the current user with access authority according to the security classification grade corresponding to the current user and the security classification grade corresponding to each report index.
In a specific example, the corresponding relationship between the post information and the security classification level may be preset through a post authority configuration table. Therefore, the security classification level corresponding to the current user, namely the highest security classification level of the report index which can be accessed by the current user, can be obtained according to the post information and the post authority configuration table corresponding to the current user.
Then, the security classification level corresponding to the current user and the security classification level corresponding to each report index can be matched and compared, and if the security classification level corresponding to one report index is detected to be smaller than or equal to the security classification level corresponding to the current user, the detected report index can be determined as the target index.
In another optional implementation manner of this embodiment, obtaining, according to the post information corresponding to the current user and the product information corresponding to each data record, a target data record to which the current user has access right may include:
acquiring enterprise departments corresponding to the data records according to the product information corresponding to the data records and the preset corresponding relationship between the product information and the enterprise departments;
and according to the post information corresponding to the current user, if the current user is determined to be affiliated to the enterprise department corresponding to the current data record, taking the current data record as a target data record of which the current user has access authority.
In this embodiment, the correspondence between the product information and the enterprise departments may be preset according to the enterprise departments to which different products belong. Therefore, after the product information corresponding to each data record is acquired, the enterprise department corresponding to each data record can be acquired based on the preset corresponding relation between the product information and the enterprise departments. And then, whether the enterprise department corresponding to each data record is the enterprise department to which the current user belongs can be sequentially judged. If the current user is detected to be affiliated to the enterprise department corresponding to the current data record, the current data record can be determined as the target data record.
In a specific implementation manner of this embodiment, a flow of the authority control method of report data may be as shown in fig. 1B. Firstly, respectively acquiring report form samples and report data corresponding to a supervision report; then, according to the report type, index splitting is carried out on the report sample to obtain an index list consisting of all report indexes, and matching detection is carried out on the index list and a data item safety classification grading list (comprising the corresponding relation between the report indexes and the safety classification grades) to obtain the safety classification grade corresponding to each report index; further, based on the personnel position authority information, the security classification level corresponding to the current user is obtained, and the security classification level corresponding to the current user is matched and detected with the security classification level corresponding to each report form index, so that a target report form index with access authority of the current user is obtained, and the data item (corresponding column level) can be displayed.
Meanwhile, for report data, based on the product information corresponding to each data record and the product access authority matched with the corresponding post of the current user, the matched data record is detected to obtain the target data record with the access authority of the current user, and the data record (corresponding to a row level) can be displayed.
And finally, combining the displayable data items with the displayable data records to obtain all contents which can be displayed to the current user in the supervision report, thereby generating the display report.
Example two
Fig. 2 is a flowchart of an authority control method for report data according to a second embodiment of the present invention, where this embodiment is a further refinement of the foregoing technical solution, and the technical solution in this embodiment may be combined with one or more of the foregoing embodiments. As shown in fig. 2, the method includes:
s210, a supervision report and a report type corresponding to the supervision report are obtained, and at least one report index corresponding to the supervision report is obtained according to the report type.
S220, obtaining the security classification level corresponding to each report index, and obtaining a target index of the current user with access authority according to the security classification level corresponding to each report index and the post information corresponding to the current user.
S230, acquiring product information corresponding to each data record in the supervision report, and acquiring a target data record of the current user with access authority according to the post information corresponding to the current user and the product information corresponding to each data record.
S240, determining a target cell according to the target index and the target data record, and extracting report data corresponding to the target cell from the supervision report.
In this embodiment, the column number corresponding to the target index and the row number corresponding to the target data record may be obtained, and the cells corresponding to the column number and the row number may be determined to serve as the target cells, and meanwhile, the report data corresponding to the target cells may be obtained.
And S250, generating a display report according to the target index, the target data record and the report data corresponding to the target cell.
Specifically, the target index may be used as a column title, the line title recorded in the target data is used as a line title, and the report data corresponding to the target cell is used as data content to redraw and generate the display report. Or, the report data of all other cells except the target cell can be replaced by preset contents directly in the supervision report to obtain the display report.
According to the technical scheme of the embodiment of the invention, after a target index and a target data record of a current user with access authority are obtained, a target cell is determined according to the target index and the target data record, report data corresponding to the target cell is extracted from a supervision report, and then a display report is generated according to the target index, the target data record and the report data corresponding to the target cell; data access control is carried out from two dimensions of report indexes and data records, so that the report data authority control of the data item level is realized, the control accuracy of the sensitive data viewing range is improved, and the data leakage risk is reduced.
In an optional implementation manner of this embodiment, generating a display report according to the target index, the target data record, and the report data corresponding to the target cell may include:
and replacing the report data corresponding to other cells in the supervision report with preset contents, and taking the supervision report after data replacement as a display report.
Wherein the other cells may be cells other than the target cell. The preset content can be blank content, special characters and the like. In a specific example, the supervised report data may be presented to the current user by replacing the content of the report data that the current user does not have access right.
The advantage of above-mentioned setting lies in, the user can carry out the self-defining of report form data show form according to actual need, can promote the show flexibility of report form data.
EXAMPLE III
Fig. 3 is a schematic structural diagram of an authority control device for report data according to a third embodiment of the present invention. As shown in fig. 3, the apparatus may include: a report index obtaining module 310, a target index obtaining module 320, a target data record obtaining module 330 and a display report generating module 340; wherein,
the report index obtaining module 310 is configured to obtain a supervised report and a report type corresponding to the supervised report, and obtain at least one report index corresponding to the supervised report according to the report type;
a target index obtaining module 320, configured to obtain a security classification level corresponding to each report index, and obtain a target index that a current user has access right according to the security classification level corresponding to each report index and post information corresponding to the current user;
a target data record obtaining module 330, configured to obtain product information corresponding to each data record in the supervision report, and obtain a target data record that the current user has access right according to the post information corresponding to the current user and the product information corresponding to each data record;
and the display report generation module 340 is configured to extract, according to the target index and the target data record, report data that the current user has access right from the supervised report, so as to generate a display report.
According to the technical scheme of the embodiment of the invention, the monitoring report and the corresponding report type are obtained, and each report index corresponding to the monitoring report is obtained according to the report type; acquiring a safety classification level corresponding to each report index, and acquiring a target index according to the safety classification level corresponding to each report index and the post information corresponding to the current user; acquiring product information corresponding to each data record, and acquiring a target data record according to the post information and the product information corresponding to each data record; according to the target index and the target data record, report data are extracted from the supervision report to generate a display report, and data access control is performed from two dimensions of the report index and the data record, so that the report data authority control of the data item level is realized, the control accuracy of the sensitive data viewing range is improved, and the data leakage risk is reduced.
Optionally, the report indicator obtaining module 310 includes:
a first report index obtaining unit, configured to extract, if the report type is a list report or a detail report, each data item from the supervised report to serve as each report index;
a composite index obtaining unit, configured to extract each basic index from the supervised report if the report type is a summarized report, and obtain each composite index corresponding to the supervised report according to each basic index;
the derived index acquisition unit is used for acquiring each derived index corresponding to the supervision report according to each basic index, each composite index and a preset statistical dimension;
and the second report index acquisition unit is used for acquiring each report index according to each basic index, each composite index and each derivative index.
Optionally, the target index obtaining module 320 is specifically configured to obtain, according to each report index corresponding to the supervised report and a preset corresponding relationship between a report index and a safety classification level, a safety classification level corresponding to each report index.
Optionally, the target index obtaining module 320 includes:
a security classification grade obtaining unit, configured to obtain a security classification grade corresponding to the current user according to the post information corresponding to the current user and a correspondence between the preset post information and the security classification grade;
and the target index acquisition unit is used for acquiring the target index of the current user with the access right according to the security classification grade corresponding to the current user and the security classification grade corresponding to each report index.
Optionally, the target data record obtaining module 330 includes:
an enterprise department acquisition unit, configured to acquire an enterprise department corresponding to each data record according to product information corresponding to each data record and a preset correspondence between the product information and the enterprise department;
and the target data record acquisition unit is used for taking the current data record as the target data record of which the current user has the access right if the current user is determined to be affiliated to the enterprise department corresponding to the current data record according to the post information corresponding to the current user.
Optionally, the display report generating module 340 includes:
the report data extraction unit is used for determining a target cell according to the target index and the target data record and extracting report data corresponding to the target cell from the supervision report;
and the display report generation unit is used for generating a display report according to the target index, the target data record and the report data corresponding to the target cell.
Optionally, the display report generating unit is specifically configured to replace report data corresponding to each of the other cells in the supervision report with preset content, and use the supervision report after data replacement as the display report.
The authority control device for the report data provided by the embodiment of the invention can execute the authority control method for the report data provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
It should be noted that, in the technical solution of the present embodiment, the acquisition, storage, application, and the like of the personal information of the related user all conform to the regulations of the relevant laws and regulations, and do not violate the good custom of the public order.
Example four
FIG. 4 illustrates a schematic diagram of an electronic device 40 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 40 includes at least one processor 41, and a memory communicatively connected to the at least one processor 41, such as a Read Only Memory (ROM) 42, a Random Access Memory (RAM) 43, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 41 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 42 or the computer program loaded from a storage unit 48 into the Random Access Memory (RAM) 43. In the RAM 43, various programs and data necessary for the operation of the electronic apparatus 40 can also be stored. The processor 41, the ROM 42, and the RAM 43 are connected to each other via a bus 44. An input/output (I/O) interface 45 is also connected to bus 44.
A number of components in the electronic device 40 are connected to the I/O interface 45, including: an input unit 46 such as a keyboard, a mouse, etc.; an output unit 47 such as various types of displays, speakers, and the like; a storage unit 48 such as a magnetic disk, optical disk, or the like; and a communication unit 49 such as a network card, modem, wireless communication transceiver, etc. The communication unit 49 allows the electronic device 40 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
In some embodiments, the method of controlling the authority of the report data may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 48. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 40 via the ROM 42 and/or the communication unit 49. When the computer program is loaded into the RAM 43 and executed by the processor 41, one or more steps of the above-described method of controlling authority of report data may be performed. Alternatively, in other embodiments, processor 41 may be configured in any other suitable manner (e.g., by way of firmware) to perform the entitlement control method of report data.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Computer programs for implementing the methods of the present invention can be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for controlling authority of report data is characterized by comprising the following steps:
acquiring a monitored report and a report type corresponding to the monitored report, and acquiring at least one report index corresponding to the monitored report according to the report type;
acquiring a security classification level corresponding to each report index, and acquiring a target index of the current user with access authority according to the security classification level corresponding to each report index and the post information corresponding to the current user;
acquiring product information corresponding to each data record in the supervision report, and acquiring a target data record of the current user with access authority according to the post information corresponding to the current user and the product information corresponding to each data record;
and extracting report data of which the current user has access authority from the supervision report according to the target index and the target data record so as to generate a display report.
2. The method according to claim 1, wherein obtaining at least one report indicator corresponding to the supervised report according to the report type comprises:
if the report type is a list report or a detailed report, extracting each data item from the supervision report to be used as each report index;
if the report type is a summary report, extracting each basic index from the supervised report, and acquiring each composite index corresponding to the supervised report according to each basic index;
acquiring each derived index corresponding to the supervision report according to each basic index, each composite index and a preset statistical dimension;
and acquiring each report index according to each basic index, each composite index and each derived index.
3. The method according to claim 1, wherein obtaining the security classification level corresponding to each report indicator comprises:
and acquiring the safety classification grade corresponding to each report index according to each report index corresponding to the monitored report and the corresponding relation between the preset report index and the safety classification grade.
4. The method according to claim 1, wherein obtaining the target index of the current user having the access right according to the security classification level corresponding to each report index and the post information corresponding to the current user comprises:
acquiring a safety classification level corresponding to the current user according to the post information corresponding to the current user and a preset corresponding relation between the post information and the safety classification level;
and acquiring a target index of the current user with access authority according to the security classification grade corresponding to the current user and the security classification grade corresponding to each report index.
5. The method of claim 1, wherein obtaining the target data record to which the current user has access rights according to the post information corresponding to the current user and the product information corresponding to each data record comprises:
acquiring enterprise departments corresponding to the data records according to the product information corresponding to the data records and the preset corresponding relationship between the product information and the enterprise departments;
and according to the post information corresponding to the current user, if the current user is determined to belong to an enterprise department corresponding to the current data record, taking the current data record as a target data record of which the current user has access authority.
6. The method of claim 1, wherein extracting report data that the current user has access right from the supervised report according to the target index and the target data record to generate a presentation report comprises:
determining a target cell according to the target index and the target data record, and extracting report data corresponding to the target cell from the supervised report;
and generating a display report according to the target index, the target data record and the report data corresponding to the target cell.
7. The method of claim 6, wherein generating a presentation report according to the target index, the target data record, and the report data corresponding to the target cell comprises:
and replacing the report data corresponding to other cells in the supervision report with preset content, and taking the supervision report after data replacement as a display report.
8. An authority control device for report data, comprising:
the report index acquisition module is used for acquiring a supervision report and a report type corresponding to the supervision report, and acquiring at least one report index corresponding to the supervision report according to the report type;
the target index acquisition module is used for acquiring the security classification level corresponding to each report index and acquiring a target index of the current user with access authority according to the security classification level corresponding to each report index and the post information corresponding to the current user;
a target data record obtaining module, configured to obtain product information corresponding to each data record in the supervision report, and obtain a target data record to which the current user has access authority according to the post information corresponding to the current user and the product information corresponding to each data record;
and the display report generation module is used for extracting the report data of which the current user has the access right from the supervision report according to the target index and the target data record so as to generate a display report.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the method of controlling authority of reporting data as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium storing computer instructions for causing a processor to implement the method for controlling authority of report data according to any one of claims 1 to 7 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211518422.9A CN115730284A (en) | 2022-11-29 | 2022-11-29 | Method, device, equipment and storage medium for controlling authority of report data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211518422.9A CN115730284A (en) | 2022-11-29 | 2022-11-29 | Method, device, equipment and storage medium for controlling authority of report data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115730284A true CN115730284A (en) | 2023-03-03 |
Family
ID=85299369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211518422.9A Pending CN115730284A (en) | 2022-11-29 | 2022-11-29 | Method, device, equipment and storage medium for controlling authority of report data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115730284A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116108024A (en) * | 2023-04-14 | 2023-05-12 | 深圳市安信达存储技术有限公司 | Data storage method and data storage system |
-
2022
- 2022-11-29 CN CN202211518422.9A patent/CN115730284A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116108024A (en) * | 2023-04-14 | 2023-05-12 | 深圳市安信达存储技术有限公司 | Data storage method and data storage system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111401777B (en) | Enterprise risk assessment method, enterprise risk assessment device, terminal equipment and storage medium | |
| CN110955801B (en) | Knowledge graph analysis method and system for cognos report indexes | |
| CN114580916A (en) | Enterprise risk assessment method and device, electronic equipment and storage medium | |
| CN115204733A (en) | Data auditing method and device, electronic equipment and storage medium | |
| CN115730284A (en) | Method, device, equipment and storage medium for controlling authority of report data | |
| CN115509797A (en) | Method, device, equipment and medium for determining fault category | |
| CN115249043A (en) | Data analysis method and device, electronic equipment and storage medium | |
| CN115422028A (en) | Credibility evaluation method and device for label portrait system, electronic equipment and medium | |
| CN115545481A (en) | Risk level determination method and device, electronic equipment and storage medium | |
| CN112950359B (en) | User identification method and device | |
| CN115048352B (en) | Log field extraction method, device, equipment and storage medium | |
| CN115774648A (en) | Abnormity positioning method, device, equipment and storage medium | |
| CN115794744A (en) | Log display method, device, equipment and storage medium | |
| CN115827994A (en) | Data processing method, device, equipment and storage medium | |
| CN115906135A (en) | Tracing method and device for target data leakage path, electronic equipment and storage medium | |
| CN112346938B (en) | Operation auditing method and device, server and computer readable storage medium | |
| CN114661562A (en) | Data warning method, device, equipment and medium | |
| CN114490406A (en) | Test coverage item management method, device, equipment and medium | |
| CN111026981A (en) | Visual display method, device and equipment for hot topics | |
| CN112800294B (en) | Data display chart processing method, device, equipment and medium | |
| CN115017875B (en) | Enterprise information processing method, device, system, equipment and medium | |
| CN116627695B (en) | Alarm event root cause recommendation method, device, equipment and storage medium | |
| CN116467198A (en) | Method, device, electronic equipment and storage medium for determining performance actual measurement necessity | |
| CN115617983A (en) | Text-based defect analysis method and device, electronic equipment and storage medium | |
| CN114693305A (en) | Transaction fraud detection method, device, equipment, medium and product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |