CN116167082A - Data processing method and device, electronic equipment and storage medium - Google Patents

Data processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116167082A
CN116167082A CN202310150711.6A CN202310150711A CN116167082A CN 116167082 A CN116167082 A CN 116167082A CN 202310150711 A CN202310150711 A CN 202310150711A CN 116167082 A CN116167082 A CN 116167082A
Authority
CN
China
Prior art keywords
application
data
cloud platform
database
target tenant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310150711.6A
Other languages
Chinese (zh)
Inventor
马欣
冯嘉晨
王晶
崔润东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202310150711.6A priority Critical patent/CN116167082A/en
Publication of CN116167082A publication Critical patent/CN116167082A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application discloses a data processing method and device, electronic equipment and storage medium, wherein the method comprises the following steps: monitoring data generated by a target tenant through a cloud platform in real time; when the data generated by the target tenant through the cloud platform is monitored, and the cloud platform data generated by the cloud platform is used by the target tenant, determining a cloud platform data isolation strategy corresponding to the target tenant from a database of the cloud platform; according to a cloud platform data isolation strategy corresponding to the target tenant, storing currently generated cloud platform data into a database of a cloud platform; when the data generated by the target tenant through the cloud platform is monitored, the application data generated by the application is used for any application of the target tenant in the cloud platform, and the currently generated application data is stored in a database of the current application according to an application data isolation strategy of the current application; wherein the current application refers to an application that currently generates application data.

Description

Data processing method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of software services, and in particular, to a data processing method and apparatus, an electronic device, and a storage medium.
Background
The software as a service (SoftwareasaService, saaS) technology is a technology for providing a software service through a network, which deploys a plurality of application software on a SaaS cloud platform together. The tenant can subscribe required application software to the cloud platform through the network according to actual requirements, so as to use the subscribed software service through the cloud platform.
Because each tenant can share the same set of application, data of application used by the tenant through the cloud platform is required to be separated from application programs, and data among different tenants also need to be isolated from each other, so that the application in the cloud platform can be used by multiple tenants together without mutual influence. Currently, when a tenant is created, a specific data isolation policy is generated for the tenant based on an application deployed in the current cloud platform, and the data isolation policy is stored in a database of the cloud platform, so that data isolation of each deployed application can be met. So, later, when the tenant generates any data through the cloud platform, the generated data can be stored in a database of the cloud platform based on the data isolation policy.
However, in the existing mode, only the relationship between the cloud platform and the tenants is considered during data isolation, data isolation among different tenants is realized, the data isolation strategy is set based on the application of the tenants during creation, and when the application is newly added, corresponding adjustment of demand information is needed, so that the existing mode is not flexible enough, and the application expansion is inconvenient.
Disclosure of Invention
Based on the shortcomings of the prior art, the application provides a data processing method and device, electronic equipment and a storage medium, so as to solve the problems that the prior art is not flexible enough and is inconvenient to apply expansion.
In order to achieve the above object, the present application provides the following technical solutions:
the first aspect of the present application provides a data processing method, including:
monitoring data generated by a target tenant through a cloud platform in real time;
when the cloud platform data generated by the cloud platform is used by the target tenant, determining a cloud platform data isolation strategy corresponding to the target tenant from a database of the cloud platform;
according to a cloud platform data isolation strategy corresponding to the target tenant, storing the currently generated cloud platform data into a database of the cloud platform;
when the data generated by the target tenant through the cloud platform is monitored, if the data generated by the application is application data generated by any one of the cloud platforms for the target tenant, the application data generated by the application is stored into a database of the current application according to an application data isolation strategy of the current application; wherein the current application refers to the application that is currently generating the application data.
Optionally, in the above data processing method, the storing the application data generated currently in the database of the current application according to the application data isolation policy of the current application includes:
determining an application data isolation policy corresponding to the target tenant from all application data isolation policies of the current application stored in the database of the current application;
and storing the currently generated application data into the database of the current application according to the application data isolation strategy corresponding to the target tenant.
Optionally, in the above data processing method, the storing the currently generated application data in the database of the current application according to the application data isolation policy corresponding to the target tenant includes:
and storing the currently generated application data into a database corresponding to the target tenant in each database of the current application.
Optionally, in the above data processing method, the storing the currently generated application data in the database of the current application according to the application data isolation policy corresponding to the target tenant includes:
and storing the currently generated application data into a data table corresponding to the target tenant in the database of the current application.
Optionally, in the above data processing method, the storing the currently generated application data in the database of the current application according to the application data isolation policy corresponding to the target tenant includes:
and storing the currently generated application data into a target data table in a database of the current application.
Optionally, in the above data processing method, further includes:
receiving an access request of current target data of the target tenant;
if the current target data is the cloud platform data stored in the database of the cloud platform, extracting cloud platform permission information of the target tenant from the database of the cloud platform;
judging whether the target tenant has the authority for accessing the target data or not according to the cloud platform authority information of the target tenant;
if the current target data is stored in the application data in any one of the application databases in the cloud platform, extracting cloud platform authority information of the target tenant from the database of the cloud platform and extracting application authority information of the target tenant from the database of the application;
judging whether the target tenant has the right to access the target data or not according to the cloud platform right information of the target tenant and the application right information of the target tenant;
and if the target tenant has the right to access the target data, feeding back the target data to the target tenant.
A second aspect of the present application provides a data processing apparatus comprising:
the monitoring unit is used for monitoring data generated by the target tenant through the cloud platform in real time;
the cloud platform data isolation strategy is used for determining a cloud platform data isolation strategy corresponding to the target tenant from a database of the cloud platform when the cloud platform is used by the target tenant, wherein the cloud platform data is generated by the cloud platform;
the cloud platform isolation unit is used for storing the currently generated cloud platform data into a database of the cloud platform according to a cloud platform data isolation strategy corresponding to the target tenant;
the application isolation unit is used for storing the application data generated by the application into a database of the current application according to an application data isolation strategy of the current application when the data generated by the target tenant through the cloud platform is monitored and any one of the applications in the cloud platform is used for the target tenant; wherein the current application refers to the application that is currently generating the application data.
Optionally, in the above data processing apparatus, the application isolation unit includes:
the second determining unit is used for determining an application data isolation policy corresponding to the target tenant from all application data isolation policies of the current application stored in the database of the current application;
and the application storage unit is used for storing the currently generated application data into the database of the current application according to the application data isolation strategy corresponding to the target tenant.
Optionally, in the above data processing apparatus, the application storage unit includes:
and the first application storage subunit stores the currently generated application data into a database corresponding to the target tenant in each database of the current application.
Optionally, in the above data processing apparatus, the application storage unit includes:
and the second application storage subunit stores the currently generated application data into a data table corresponding to the target tenant in the database of the current application.
Optionally, in the above data processing apparatus, the application storage unit includes:
and the third application storage subunit stores the currently generated application data into a target data table in the database of the current application.
Optionally, in the above data processing apparatus, further comprising:
the receiving unit is used for receiving an access request of the current target data of the target tenant;
the first extraction unit is used for extracting cloud platform permission information of the target tenant from the database of the cloud platform when the current target data is the cloud platform data stored in the database of the cloud platform;
the first judging unit is used for judging whether the target tenant has the authority for accessing the target data according to the cloud platform authority information of the target tenant;
a second extracting unit, configured to extract cloud platform rights information of the target tenant from a database of the cloud platform and extract application rights information of the target tenant from the database of the application when the current target data is stored in the application data in any one of the databases of the applications in the cloud platform;
the second judging unit is used for judging whether the target tenant has the right for accessing the target data according to the cloud platform right information of the target tenant and the application right information of the target tenant;
and the feedback unit is used for feeding back the target data to the target tenant when the target tenant is judged to have the right to access the target data.
A third aspect of the present application provides an electronic device, comprising:
a memory and a processor;
wherein the memory is used for storing programs;
the processor is configured to execute the program, and when the program is executed, the program is specifically configured to implement the data processing method according to any one of the foregoing claims.
A fourth aspect of the present application provides a computer storage medium storing a computer program for implementing a data processing method as claimed in any one of the preceding claims when executed.
The application provides a data processing method, which monitors data generated by a target tenant through a cloud platform in real time; when the data generated by the target tenant through the cloud platform is monitored, and the cloud platform data generated by the cloud platform is used by the target tenant, determining a cloud platform data isolation strategy corresponding to the target tenant from a database of the cloud platform, and storing the currently generated cloud platform data into the database of the cloud platform according to the cloud platform data isolation strategy corresponding to the target tenant. When the data generated by the target tenant through the cloud platform is monitored, and the data is the application data generated by the application when the target tenant uses any one of the cloud platform, the currently generated application data is stored in a database of the current application according to an application data isolation strategy of the current application. Wherein the current application refers to an application that currently generates application data. Through the isolation of the cloud platform to the cloud platform data and the isolation of application data of each application, the two stages of data isolation are realized, the relationship between the platform and the tenant is considered, and the relationship between the platform and the application is considered, so that the data isolation is more flexible. And because the data isolation is divided into two stages, each application is responsible for the respective data isolation, the strategy configuration is not performed based on each application of the existing deployment, and the application expansion is facilitated.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings may be obtained according to the provided drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flowchart of a data processing method according to an embodiment of the present application;
FIG. 2 is a logic diagram of data isolation according to an embodiment of the present disclosure;
FIG. 3 is a flowchart of a method for storing currently generated application data in a database of a current application according to an embodiment of the present application;
FIG. 4 is a schematic diagram of one example physical isolation of data provided by embodiments of the present application;
fig. 5 is a flowchart of a data access control method according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a data processing apparatus according to an embodiment of the present disclosure;
fig. 7 is a schematic architecture diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
In this application, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The embodiment of the application provides a data processing method, as shown in fig. 1, specifically including the following steps:
s101, monitoring data generated by a target tenant through a cloud platform in real time.
Wherein, the target tenant refers to any tenant.
It should be noted that, in the embodiment of the present application, the data generated by detecting the cloud platform mainly includes cloud platform data generated by the cloud platform itself and application data generated by the application when the tenant uses the application on the cloud platform through the cloud platform. That is, the cloud platform data refers to data about tenants generated by the cloud platform, for example, log-in information of the tenants on the cloud platform, platform authority information, inter-tenant relationship, application service information of the tenant subscription cloud platform, and other basic information. The application data refers to data generated by the application in the application using process of the user, such as login information of the user on the application, application authority information and the like.
So optionally, the data generated by the real-time monitoring target tenant through the cloud platform may be cloud platform data generated on the cloud platform by the cloud platform detection, and each application monitors application data generated on the cloud platform.
S102, whether the data generated by the monitored target tenant through the cloud platform is cloud platform data or not.
It should be noted that, in the embodiment of the present application, two stages of data isolation are adopted, and the cloud platform performs the first stage of data isolation, where only when the cloud platform is used by the tenant, the cloud platform data generated by the cloud platform itself is isolated. Each application on the cloud platform executes a second stage of data isolation, wherein the data isolation of the tenant in the application is isolated, and the data isolation of each application is not affected.
Therefore, when it is monitored that the data generated by the target tenant through the cloud platform is cloud platform data, that is, when it is monitored that the data generated by the target tenant through the cloud platform is cloud platform data generated by the cloud platform when the target tenant is using the cloud platform, step S103 is executed. Alternatively, step S103 may be performed more specifically when the cloud platform monitors that the cloud platform itself generates the cloud platform data.
Because the monitored data includes cloud platform data and application data, the monitored data generated by the target tenant through the cloud platform is not cloud platform data, which means that the monitored data generated by the target tenant through the cloud platform is application data, that is, the monitored data generated by the target tenant through the cloud platform is application data generated by the application when the monitored data is any one of the cloud platforms is used by the target tenant, and step S105 is executed at this time. Alternatively, step S105 may be executed more specifically when any one of the applications monitors that it generates application data itself.
S103, determining a cloud platform data isolation strategy corresponding to the target tenant from a database of the cloud platform.
Specifically, according to identification information or login information and the like based on the target tenant, such as a tenant name or account and the like, a cloud platform data isolation policy corresponding to the target tenant is searched.
When new tenants are created, the cloud platform correspondingly needs to create relationships among the target tenants, namely cloud platform data is generated for the target tenants, at the moment, the cloud platform performs first data isolation on the cloud platform data generated by the target tenants on the cloud platform according to the relationships among the tenants, and when new cloud platform data is generated or the cloud platform data is changed subsequently, corresponding data isolation is performed.
Specifically, in the implementation of the present application, the data isolation policies adopted for different tenants are different, so that the cloud platform data isolation policy corresponding to the target tenant needs to be determined from the database of the cloud platform, so as to further execute step S103.
It should be further noted that, in the embodiment of the present application, the cloud platform only performs data isolation on the cloud platform data generated by itself, so that an application deployed on the cloud platform does not need to be considered, and therefore, a cloud platform data isolation policy corresponding to the target tenant does not need to be configured based on the application deployed on the cloud platform, so as to meet the data isolation requirement of each application.
S104, according to a cloud platform data isolation strategy corresponding to the target tenant, storing the currently generated cloud platform data into a database of the cloud platform.
It should be noted that, for storing cloud platform data of a tenant, as shown in fig. 2, on a logic level, the cloud platform data of each tenant needs to be stored in an isolated manner.
Alternatively, since the cloud platform data of each tenant is generally relatively small, the cloud platform data of each tenant is generally present in the database of the same cloud platform, i.e., the shared cloud platform database, on a physical level. In addition, cloud platform data of each tenant may be stored in different data tables, or may be stored in the same data table.
Of course, the cloud platform data of each tenant may be stored in databases of different cloud platforms, or other policies may be adopted.
S105, storing the currently generated application data into a database of the current application according to the application data isolation strategy of the current application.
Wherein the current application refers to an application that currently generates application data.
Optionally, the application data isolation policy is configured based on the cloud platform data isolation policy, so as to realize data isolation under the rule of meeting the cloud platform. And configuring corresponding application data isolation strategies based on different service function requirements of each application. Therefore, in the embodiment of the application, when the application is newly added, the corresponding application data isolation strategy can be directly configured on the basis of the cloud platform data isolation strategy based on the application function requirement, so that the application on the cloud platform can be more conveniently expanded.
Alternatively, in another embodiment of the present application, a specific implementation manner of step S105, as shown in fig. 3, specifically includes:
s301, determining an application data isolation policy corresponding to a target tenant from all application data isolation policies of the current application stored in a database of the current application.
It should be noted that, in the embodiment of the present application, not only the corresponding application data isolation policy is configured for different applications, but also different application data isolation policies are configured for different tenants in the same application, so when the application data of the target tenant needs to be isolated, the application data isolation policy corresponding to the target tenant needs to be determined from each application data isolation policy of the current application stored in the database of the current application.
S302, storing the currently generated application data into a database of the current application according to an application data isolation strategy corresponding to the target tenant.
Optionally, in another embodiment of the present application, a specific implementation manner of step S302 specifically includes:
and storing the currently generated application data into a database corresponding to the target tenant in each database of the current application.
In the embodiment of the application, each target tenant has a corresponding application database, so that data isolation is realized by storing application data of different tenants in different databases.
Optionally, in another embodiment of the present application, another specific implementation of step S302 specifically includes:
and storing the currently generated application data into a data table corresponding to the target tenant in the database of the current application.
In the embodiment of the application, each tenant shares a database, but different tenants correspond to different data tables, and data isolation is achieved by storing application data of different tenants in different data tables.
Optionally, in another embodiment of the present application, a further specific implementation of step S302 specifically includes:
and storing the currently generated application data into a data table which is newly generated in a database of the current application.
In the embodiment of the application, the application data of each tenant shares one data table, and then attribution of the application data of different tenants is realized through a data model or programming, so that multi-tenant sharing data isolation is realized.
It should be noted that, in the embodiment of the present application, not only the cloud platform and the application may store data in different manners, but also different applications may perform data isolation in different physical manners, for example, as shown in an example of fig. 4, the cloud platform database adopts a manner of sharing a database table, so as to implement a multi-tenant data isolation policy, that is, data of all tenants on the cloud platform share the same data table stored in the database. The application 1 adopts a multi-tenant data isolation strategy of independent databases, namely each tenant adopts an independent database. The application 2 employs a multi-tenant data isolation policy in which each tenant shares a database, but uses an independent data table, i.e., each tenant shares the same database, but each tenant uses an independent database table. The application 3 adopts a multi-tenant data isolation strategy of sharing a data table, namely, application data of each tenant is commonly stored in one database table.
It should be noted that, for the database between the cloud platform and the application, or the database between different applications, the databases may be different databases, or the same database may be commonly used. I.e. there may be an overlap of databases between the cloud platform and the application, or between different applications.
Based on the two-stage isolated storage of cloud platform data and application data, access to the data accordingly may also form two-stage azimuth control. Optionally, as shown in fig. 5, a data access control method provided in an embodiment of the present application includes:
s501, receiving an access request of current target data of a target tenant.
The access request at least comprises identification information of current target data.
S502, judging whether the current target data is cloud platform data stored in a database of the cloud platform.
If it is determined that the current target data is the cloud platform data stored in the database of the cloud platform, step S503 is executed. If it is determined that the current target data is not the cloud platform data stored in the database of the cloud platform, that is, if it is determined that the current target data is the application data stored in the database of any one of the applications in the cloud platform, step S505 is executed.
S503, extracting cloud platform authority information of the target tenant from a database of the cloud platform.
S504, judging whether the target tenant has the right to access the target data according to the cloud platform right information of the target tenant.
Because the cloud platform data stored in the cloud platform is to be accessed, whether the target tenant has the right to access the target data can be determined only according to the cloud platform right information.
If it is determined that the target tenant has the right to access the target data, step S507 is executed.
S505, extracting cloud platform authority information of the target tenant from a database of the cloud platform, and extracting application authority information of the target tenant from the database of the application.
S506, judging whether the target tenant has the right for accessing the target data according to the cloud platform right information of the target tenant and the application right information of the target tenant.
Since the application data stored in the application is to be accessed, the cloud platform and the application need to be passed through, and therefore, whether the target tenant has the right to access the target data needs to be determined according to the rights information of the cloud platform.
If it is determined that the target tenant has the right to access the target data, step S507 is executed.
S507, feeding the target data back to the target tenant.
The embodiment of the application provides a data processing method, which monitors data generated by a target tenant through a cloud platform in real time. When the data generated by the target tenant through the cloud platform is monitored, and the cloud platform data generated by the cloud platform is used by the target tenant, determining a cloud platform data isolation strategy corresponding to the target tenant from a database of the cloud platform, and storing the currently generated cloud platform data into the database of the cloud platform according to the cloud platform data isolation strategy corresponding to the target tenant. When the data generated by the target tenant through the cloud platform is monitored, and the data is the application data generated by the application when the target tenant uses any one of the cloud platform, the currently generated application data is stored in a database of the current application according to an application data isolation strategy of the current application. Wherein the current application refers to an application that currently generates application data. Through the isolation of the cloud platform to the cloud platform data and the isolation of application data of each application, the two stages of data isolation are realized, the relationship between the platform and the tenant is considered, and the relationship between the platform and the application is considered, so that the data isolation is more flexible. And because the data isolation is divided into two stages, each application is responsible for the respective data isolation, the strategy configuration is not performed based on each application of the existing deployment, and the application expansion is facilitated.
Another embodiment of the present application provides a data processing apparatus, as shown in fig. 6, including the following units:
the monitoring unit 601 is configured to monitor data generated by a target tenant through the cloud platform in real time.
The first determining unit 602 is configured to determine, when monitoring data generated by the target tenant through the cloud platform, cloud platform data generated by the cloud platform for the target tenant when the cloud platform is used by the target tenant, a cloud platform data isolation policy corresponding to the target tenant from a database of the cloud platform.
The cloud platform isolation unit 603 is configured to store currently generated cloud platform data into a database of the cloud platform according to a cloud platform data isolation policy corresponding to the target tenant.
The application isolation unit 604 is configured to, when it is detected that the data generated by the target tenant through the cloud platform is any one application of the cloud platform, apply the generated application data, and store the currently generated application data to a database of the current application according to an application data isolation policy of the current application.
Wherein the current application refers to an application that currently generates application data.
Optionally, in the data processing apparatus provided in another embodiment of the present application, an application isolation unit includes:
the second determining unit is used for determining the application data isolation policy corresponding to the target tenant from all application data isolation policies of the current application stored in the database of the current application.
And the application storage unit is used for storing the currently generated application data into a database of the current application according to the application data isolation strategy corresponding to the target tenant.
Optionally, in the data processing apparatus provided in another embodiment of the present application, the application storage unit includes:
and the first application storage subunit is used for storing the currently generated application data into the databases corresponding to the target tenants in the databases of the current application.
Optionally, in the data processing apparatus provided in another embodiment of the present application, the application storage unit includes:
and the second application storage subunit stores the currently generated application data into a data table corresponding to the target tenant in the database of the current application.
Optionally, in the data processing apparatus provided in another embodiment of the present application, the application storage unit includes:
and the third application storage subunit stores the currently generated application data into a target data table in a database of the current application.
Optionally, in the data processing apparatus provided in another embodiment of the present application, the method further includes:
and the receiving unit is used for receiving the access request of the current target data of the target tenant.
The first extraction unit is used for extracting cloud platform permission information of the target tenant from the database of the cloud platform when the current target data is the cloud platform data stored in the database of the cloud platform.
The first judging unit is used for judging whether the target tenant has the right of accessing the target data according to the cloud platform right information of the target tenant.
The second extraction unit is used for extracting cloud platform authority information of the target tenant from the database of the cloud platform and extracting application authority information of the target tenant from the database of the application when the current target data is stored in the application data of any one of the application databases of the cloud platform.
The second judging unit is used for judging whether the target tenant has the right for accessing the target data according to the cloud platform right information of the target tenant and the application right information of the target tenant.
And the feedback unit is used for feeding back the target data to the target tenant when the target tenant is judged to have the right of accessing the target data.
It should be noted that, for the specific working process of each unit provided in the foregoing embodiment of the present application, reference may be correspondingly made to specific implementation manners of corresponding steps in the foregoing method embodiment, which is not repeated herein.
Another embodiment of the present application provides an electronic device, as shown in fig. 7, including:
a memory 701 and a processor 702.
Wherein the memory 701 is used for storing a program.
The processor 702 is configured to execute a program stored in the memory 701, and the program is specifically configured to implement the data processing method provided in any one of the embodiments described above when executed.
Another embodiment of the present application provides a computer storage medium storing a computer program for implementing a data processing method according to any one of the above embodiments when the computer program is executed.
Computer storage media, including both non-transitory and non-transitory, removable and non-removable media, may be implemented in any method or technology for storage of information. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, read only compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by the computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method of data processing, comprising:
monitoring data generated by a target tenant through a cloud platform in real time;
when the cloud platform data generated by the cloud platform is used by the target tenant, determining a cloud platform data isolation strategy corresponding to the target tenant from a database of the cloud platform;
according to a cloud platform data isolation strategy corresponding to the target tenant, storing the currently generated cloud platform data into a database of the cloud platform;
when the data generated by the target tenant through the cloud platform is monitored, if the data generated by the application is application data generated by any one of the cloud platforms for the target tenant, the application data generated by the application is stored into a database of the current application according to an application data isolation strategy of the current application; wherein the current application refers to the application that is currently generating the application data.
2. The method of claim 1, wherein storing the currently generated application data into the database of the current application in accordance with the application data isolation policy of the current application comprises:
determining an application data isolation policy corresponding to the target tenant from all application data isolation policies of the current application stored in the database of the current application;
and storing the currently generated application data into the database of the current application according to the application data isolation strategy corresponding to the target tenant.
3. The method of claim 2, wherein storing the currently generated application data in the database of the current application according to the application data isolation policy corresponding to the target tenant comprises:
and storing the currently generated application data into a database corresponding to the target tenant in each database of the current application.
4. The method of claim 2, wherein storing the currently generated application data in the database of the current application according to the application data isolation policy corresponding to the target tenant comprises:
and storing the currently generated application data into a data table corresponding to the target tenant in the database of the current application.
5. The method of claim 2, wherein storing the currently generated application data in the database of the current application according to the application data isolation policy corresponding to the target tenant comprises:
and storing the currently generated application data into a target data table in a database of the current application.
6. The method as recited in claim 1, further comprising:
receiving an access request of current target data of the target tenant;
if the current target data is the cloud platform data stored in the database of the cloud platform, extracting cloud platform permission information of the target tenant from the database of the cloud platform;
judging whether the target tenant has the authority for accessing the target data or not according to the cloud platform authority information of the target tenant;
if the current target data is stored in the application data in any one of the application databases in the cloud platform, extracting cloud platform authority information of the target tenant from the database of the cloud platform and extracting application authority information of the target tenant from the database of the application;
judging whether the target tenant has the right to access the target data or not according to the cloud platform right information of the target tenant and the application right information of the target tenant;
and if the target tenant has the right to access the target data, feeding back the target data to the target tenant.
7. A data processing apparatus, comprising:
the monitoring unit is used for monitoring data generated by the target tenant through the cloud platform in real time;
the cloud platform data isolation strategy is used for determining a cloud platform data isolation strategy corresponding to the target tenant from a database of the cloud platform when the cloud platform is used by the target tenant, wherein the cloud platform data is generated by the cloud platform;
the cloud platform isolation unit is used for storing the currently generated cloud platform data into a database of the cloud platform according to a cloud platform data isolation strategy corresponding to the target tenant;
the application isolation unit is used for storing the application data generated by the application into a database of the current application according to an application data isolation strategy of the current application when the data generated by the target tenant through the cloud platform is monitored and any one of the applications in the cloud platform is used for the target tenant; wherein the current application refers to the application that is currently generating the application data.
8. The apparatus of claim 7, wherein the application isolation unit comprises:
the second determining unit is used for determining an application data isolation policy corresponding to the target tenant from all application data isolation policies of the current application stored in the database of the current application;
and the application storage unit is used for storing the currently generated application data into the database of the current application according to the application data isolation strategy corresponding to the target tenant.
9. An electronic device, comprising:
a memory and a processor;
wherein the memory is used for storing programs;
the processor is configured to execute the program, in particular to implement the data processing method according to any of claims 1 to 6 when the program is executed.
10. A computer storage medium storing a computer program which, when executed, is adapted to carry out the data processing method according to any one of claims 1 to 6.
CN202310150711.6A 2023-02-22 2023-02-22 Data processing method and device, electronic equipment and storage medium Pending CN116167082A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310150711.6A CN116167082A (en) 2023-02-22 2023-02-22 Data processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310150711.6A CN116167082A (en) 2023-02-22 2023-02-22 Data processing method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116167082A true CN116167082A (en) 2023-05-26

Family

ID=86417959

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310150711.6A Pending CN116167082A (en) 2023-02-22 2023-02-22 Data processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116167082A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116633691A (en) * 2023-07-24 2023-08-22 四川航天天盛科技有限公司 Cloud platform system based on SaaS and data storage method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116633691A (en) * 2023-07-24 2023-08-22 四川航天天盛科技有限公司 Cloud platform system based on SaaS and data storage method thereof
CN116633691B (en) * 2023-07-24 2023-10-27 四川航天天盛科技有限公司 Cloud platform system based on SaaS and data storage method thereof

Similar Documents

Publication Publication Date Title
CN108427886B (en) Method, system, device and readable medium for setting access authority of application program
US10439937B2 (en) Service addressing in distributed environment
WO2019120326A3 (en) Managing sensitive data elements in a blockchain network
CN106886434B (en) Distributed application installation method and device
CN105991694B (en) A kind of method and apparatus realizing Distributed Services and calling
TWI694700B (en) Data processing method and device, user terminal
CN105100715B (en) A kind of monitoring device video switching method and device
JP2019518258A (en) Time-based adjustable load balancing
JP2020107347A (en) Methods and apparatuses for storing file path and accessing local file
CN110380985B (en) Traffic control method, device, equipment and storage medium based on transaction link
CN116167082A (en) Data processing method and device, electronic equipment and storage medium
CN110912972A (en) Service processing method, system, electronic equipment and readable storage medium
CN107786976A (en) Method and apparatus without screen smart machine and its automatic connection wireless network
TW202008762A (en) Data processing method and device, client, and server
CN113703996B (en) Access control method, equipment and medium based on user and YANG model grouping
US12079201B2 (en) Blockchain-based data storage method, related device and storage medium
CN115378823B (en) Public cloud drop planning method and device, electronic equipment and storage medium
US11436254B2 (en) KVM, and folder one-key mounting method, device, apparatus and medium applied in KVM
CN111832862A (en) Block chain-based process management method and system
CN105763508B (en) Data access method and application server
CN106506609B (en) method and system for pushing and acquiring state information of target object
US9519597B2 (en) Communication apparatus and method based on shared memory
CN114296357B (en) Processing method and device of functional data, electronic equipment and storage medium
CN111049671A (en) System integration method and device
CN107404397B (en) Method and equipment for determining user service state information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination