CN117389684A - SaaS multi-tenant data isolation method and system - Google Patents
SaaS multi-tenant data isolation method and system Download PDFInfo
- Publication number
- CN117389684A CN117389684A CN202311330551.XA CN202311330551A CN117389684A CN 117389684 A CN117389684 A CN 117389684A CN 202311330551 A CN202311330551 A CN 202311330551A CN 117389684 A CN117389684 A CN 117389684A
- Authority
- CN
- China
- Prior art keywords
- data
- tenant
- database
- isolation
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 54
- 238000000034 method Methods 0.000 claims abstract description 22
- 238000012423 maintenance Methods 0.000 claims abstract description 7
- 238000012216 screening Methods 0.000 claims abstract description 5
- 230000006870 function Effects 0.000 claims description 27
- 238000007726 management method Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 14
- 238000012550 audit Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 6
- 238000001914 filtration Methods 0.000 claims description 6
- 238000011084 recovery Methods 0.000 claims description 6
- 238000000638 solvent extraction Methods 0.000 claims description 6
- 230000002159 abnormal effect Effects 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000008859 change Effects 0.000 claims description 3
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 claims description 3
- 230000010076 replication Effects 0.000 claims description 3
- 238000011161 development Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 7
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
- G06F16/252—Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a SaaS multi-tenant data isolation method and system, comprising the following steps: creating a database cluster, configuring a dynamic storage volume, setting tenant identification rules, creating a data source in a software service, acquiring a data operation request, screening the database by using the identification rules, and completing data source switching. The invention has the advantages that: and switching database connection by utilizing the tenant identification in the data operation request by acquiring the data operation request sent by the current tenant. The method has the advantages that complete isolation is achieved in the aspect of data isolation, meanwhile, the kubernetes container management platform is utilized to improve the development efficiency of SaaS products, and meanwhile, the operation and maintenance cost is reduced.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and a system for multi-tenant data isolation based on tenant attributes.
Background
SaaS is Software-as-a-Service (Software is a short name), which is a mode of providing Software through Internet, vendors uniformly deploy application Software on own servers, and tenants lease on demand. Under the conventional situation, a single-tenant architecture manufacturer needs to deploy a plurality of software services and respective databases for different tenants, so that the operation and maintenance cost is increased, and meanwhile, quick delivery and use cannot be realized.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a SaaS multi-tenant data isolation method and system. And switching database connection by utilizing the tenant identification in the data operation request by acquiring the data operation request sent by the current tenant. The method has the advantages that complete isolation is achieved in the aspect of data isolation, meanwhile, the kubernetes container management platform is utilized to improve the development efficiency of SaaS products, and meanwhile, the operation and maintenance cost is reduced.
In order to achieve the above object, the present invention adopts the following technical scheme:
a SaaS multi-tenant data isolation method comprises the following steps:
1) Creating a database cluster: the database cluster was created using StatefulSet of Kubernetes. StatefulSet ensures that each tenant's database has unique names and IP addresses to ensure isolation and reliability of the database.
2) Configuring a dynamic storage volume: data is stored in an external storage system using a dynamic storage volume function of Kubernetes to improve scalability and usability of a database.
3) Setting tenant identification rules: tenant identification rules are defined for associating tenants with their databases. This may be defined based on a domain name, account login name, or other unique identifier.
4) Creating a data source in a software service: when the software service is started, data sources of all tenants are created. The data source should contain information such as database name, IP address, port number, etc. of the tenant.
5) Acquiring a data operation request: the software service obtains a data manipulation request from the client. The data operation request may be to query, update or delete data, and also need to obtain relevant information such as client type, identifier, request path, user attribute, etc.
6) Screening a database using identification rules: the databases are screened using tenant identification rules to ensure that only tenants can access their own databases. And routing the request to a corresponding database according to the tenant identification in the request.
7) And (3) completing data source switching: and switching the data source to the corresponding database according to the data operation request. Ensure that data operation requests are sent to the correct database for data read, write or delete operations.
Further, the SaaS multi-tenant data isolation method further includes data encryption: protecting security of data using encryption techniques, including: symmetric encryption, asymmetric encryption, and hash functions.
Further, the SaaS multi-tenant data isolation method further comprises database audit: database auditing is implemented to track access to the database in order to identify abnormal activity and prevent data leakage.
Further, the SaaS multi-tenant data isolation method further includes data backup: data backup is performed periodically to prevent data loss or corruption. Including physical backup, mirroring, and replication techniques to achieve data backup.
The invention discloses a SaaS multi-tenant data isolation system, which can be used for implementing the SaaS multi-tenant data isolation method, and specifically comprises the following steps:
the tenant management module comprises the following functions:
user registration and authentication: and allowing the user to register and authenticate and acquiring the authority for accessing the tenant system.
Tenant creation and configuration: allowing an administrator to create and configure tenants includes setting the tenant's name, identifier, access rights.
Tenant rights management: allowing administrators to allocate and manage tenant rights, limiting their scope of access and operating systems.
Tenant data isolation: ensuring that each tenant's data is isolated in the system, only accessible and operable by itself.
The database management module comprises the following functions:
database cluster management: a plurality of database clusters are created and managed, each cluster for storing data of one or more tenants.
Database allocation and maintenance: each tenant is distributed to an independent database, so that isolation and reliability of data are ensured.
Database backup and recovery: the database is backed up periodically and a recovery mechanism is provided to prevent data loss or corruption.
A data isolation and access control module comprising the following functions:
data partitioning and isolation: data of each tenant is stored in a separate database using a multi-tenant data partitioning technique, ensuring isolation between the data.
Access control and rights management: an access right is set for each tenant, and the data range which can be accessed and operated is limited.
Data encryption and security: encryption techniques are used to secure data, which is encrypted during data transmission and storage.
The data operation and query module comprises the following functions:
data query and filtering: the tenant is allowed to perform data query and filtering operations, and data is obtained and manipulated according to its rights and access level.
Data update and deletion: and allowing the tenant to update and delete the owned data, and ensuring the integrity and consistency of the data.
Data operation log and audit: all data manipulation and query logs are recorded to audit and track the access and change history of the data.
A system monitoring and reporting module comprising the following functions:
and (3) monitoring system performance: the performance and the resource use condition of the system are monitored, and the stability and the reliability of the system are ensured.
Error and exception handling: errors and abnormal conditions occurring in the system are captured and processed, and the usability and stability of the system are ensured.
High availability and failover: a high availability architecture is implemented to ensure continuity and reliability of the system, and to operate properly even in the event of hardware failure or network disruption.
Reporting and analysis: various reports and analyses are generated and provided, including tenant usage, system performance, and data access statistics.
The invention also discloses a computer device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the SaaS multi-tenant data isolation method when executing the program.
The invention also discloses a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the SaaS multi-tenant data isolation method described above.
Compared with the prior art, the invention has the advantages that:
the data of each tenant is completely separated, and the higher data security is improved. And the database instance is deployed by utilizing the container arrangement technology, so that the operation and maintenance cost is greatly reduced, and the data management and backup are convenient. The user-defined dynamic data source can complete automatic switching through the user tenant identification, no additional processing is needed in the service software development process, and the application research and development and iteration efficiency is improved.
Drawings
Fig. 1 is a SaaS multi-tenant data isolation flow diagram of an embodiment of the present invention.
Detailed Description
The invention will be described in further detail below with reference to the accompanying drawings and by way of examples in order to make the objects, technical solutions and advantages of the invention more apparent.
As shown in fig. 1, the invention provides a SaaS multi-tenant data isolation method, which comprises the following steps:
1) Creating a database;
the use of StatefulSet by Kubernetes may simplify database installation work. StatefulSet is a special type of Kubernetes deployment that ensures that each tenant's database has a unique name and IP address. This helps to ensure isolation and reliability of the database.
2) Configuring a dynamic storage volume;
dynamic storage volumes are a type of Kubernetes function that allows data to be stored in an external storage system. This helps to improve the scalability and usability of the database.
3) Setting tenant identification rules;
tenant identification rules are a method for associating tenants with their databases. The tenant identification rules may be based on domain name, account login name, or other unique identifier.
4) Creating a data source in a software service;
the software service should create a data source for all tenants at startup. The data source should contain the tenant's database name, IP address, and port number.
5) Acquiring a data operation request;
the software service should obtain the data manipulation request from the client. The data operation request may be to query, update or delete data, and at the same time, need to obtain the associated information such as the client type, the identifier, the request path, the user attribute, etc.
6) Screening a database through an identification rule;
the software service should use tenant identification rules to screen the database. This helps to ensure that only tenants can access their own databases.
7) Switching of data sources is completed;
the software service should complete the switching of the data sources according to the data operation request. This helps ensure that data operation requests are sent to the correct database.
The following are some additional considerations:
data encryption
Data encryption may be used to protect data from unauthorized access. Data encryption may be achieved using various techniques, such as symmetric encryption, asymmetric encryption, and hash functions.
Database auditing
Database auditing may be used to track access to a database. Database auditing can be used to identify unusual activity and prevent data leakage.
Data backup
Data backup may be used to protect data from loss or corruption. Data backup may be accomplished using a variety of techniques, such as physical backup, mirroring, and replication.
By using the method and the technology, the data security in the SaaS environment can be ensured and the data leakage can be prevented.
In still another embodiment of the present invention, a SaaS multi-tenant data isolation system is provided, where the system can be used to implement the foregoing SaaS multi-tenant data isolation method, and specifically includes:
the tenant management module comprises the following functions:
user registration and authentication: and allowing the user to register and authenticate and acquiring the authority for accessing the tenant system.
Tenant creation and configuration: allowing an administrator to create and configure tenants includes setting the tenant's name, identifier, access rights, etc.
Tenant rights management: allowing administrators to allocate and manage tenant rights, limiting their scope of access and operating systems.
Tenant data isolation: ensuring that each tenant's data is isolated in the system, only accessible and operable by itself.
The database management module comprises the following functions:
database cluster management: a plurality of database clusters are created and managed, each cluster for storing data of one or more tenants.
Database allocation and maintenance: each tenant is distributed to an independent database, so that isolation and reliability of data are ensured.
Database backup and recovery: the database is backed up periodically and a recovery mechanism is provided to prevent data loss or corruption.
A data isolation and access control module comprising the following functions:
data partitioning and isolation: data of each tenant is stored in a separate database using a multi-tenant data partitioning technique, ensuring isolation between the data.
Access control and rights management: an access right is set for each tenant, and the data range which can be accessed and operated is limited.
Data encryption and security: encryption techniques are used to secure data, which is encrypted during data transmission and storage.
The data operation and query module comprises the following functions:
data query and filtering: the tenant is allowed to perform data query and filtering operations, and data is obtained and manipulated according to its rights and access level.
Data update and deletion: and allowing the tenant to update and delete the owned data, and ensuring the integrity and consistency of the data.
Data operation log and audit: all data manipulation and query logs are recorded to audit and track the access and change history of the data.
A system monitoring and reporting module comprising the following functions:
and (3) monitoring system performance: the performance and the resource use condition of the system are monitored, and the stability and the reliability of the system are ensured.
Error and exception handling: errors and abnormal conditions occurring in the system are captured and processed, and the usability and stability of the system are ensured.
High availability and failover: a high availability architecture is implemented to ensure continuity and reliability of the system, and to operate properly even in the event of hardware failure or network disruption.
A reporting and analysis module comprising the following functions: various reports and analyses are generated and provided, including tenant usage, system performance, and data access statistics.
The functional modules work together to ensure that the SaaS multi-tenant data isolation system can safely and reliably store, access and operate data of different tenants.
In yet another embodiment of the present invention, a terminal device is provided, the terminal device including a processor and a memory, the memory for storing a computer program, the computer program including program instructions, the processor for executing the program instructions stored by the computer storage medium. The processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf Programmable gate arrays (FPGAs) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., which are the computational core and control core of the terminal adapted to implement one or more instructions, in particular adapted to load and execute one or more instructions to implement a corresponding method flow or a corresponding function; the processor provided by the embodiment of the invention can be used for the operation of the SaaS multi-tenant data isolation method.
In a further embodiment of the present invention, the present invention also provides a storage medium, in particular, a computer readable storage medium (Memory), which is a Memory device in a terminal device, for storing programs and data. It will be appreciated that the computer readable storage medium herein may include both a built-in storage medium in the terminal device and an extended storage medium supported by the terminal device. The computer-readable storage medium provides a storage space storing an operating system of the terminal. Also stored in the memory space are one or more instructions, which may be one or more computer programs (including program code), adapted to be loaded and executed by the processor. The computer readable storage medium herein may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory.
One or more instructions stored in a computer-readable storage medium may be loaded and executed by a processor to implement the respective steps of the SaaS multi-tenant data isolation method in the above embodiments; one or more instructions in the computer-readable storage medium are loaded by the processor and perform the SaaS multi-tenant data isolation method.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Those of ordinary skill in the art will appreciate that the embodiments described herein are intended to aid the reader in understanding the practice of the invention and that the scope of the invention is not limited to such specific statements and embodiments. Those of ordinary skill in the art can make various other specific modifications and combinations from the teachings of the present disclosure without departing from the spirit thereof, and such modifications and combinations remain within the scope of the present disclosure.
Claims (7)
1. A SaaS multi-tenant data isolation method is characterized in that: the method comprises the following steps:
1) Creating a database cluster: creating a database cluster using StatefulSet of Kubernetes;
StatefulSet ensures that the database of each tenant has unique name and IP address to ensure isolation and reliability of the database;
2) Configuring a dynamic storage volume: data is stored in an external storage system by using a dynamic storage volume function of Kubernetes so as to improve the expandability and usability of a database;
3) Setting tenant identification rules: defining tenant identification rules for associating tenants with their databases; this may be defined based on domain name, account login name, or other unique identifier;
4) Creating a data source in a software service: when a software service is started, creating data sources of all tenants; the data source comprises the database name, IP address and port number information of the tenant;
5) Acquiring a data operation request: the software service obtains a data operation request from a client; the data manipulation request includes querying, updating or deleting data, while the need to obtain includes: client type, identity, request path and user attributes;
6) Screening a database using identification rules: screening the databases using tenant identification rules to ensure that only tenants can access their own databases; routing the request to a corresponding database according to the tenant identification in the request;
7) And (3) completing data source switching: switching the data source to a corresponding database according to the data operation request; ensure that data operation requests are sent to the correct database for data read, write or delete operations.
2. The SaaS multi-tenant data isolation method of claim 1, wherein: the SaaS multi-tenant data isolation method further comprises the steps of data encryption: protecting security of data using encryption techniques, including: symmetric encryption, asymmetric encryption, and hash functions.
3. The SaaS multi-tenant data isolation method of claim 1, wherein: the SaaS multi-tenant data isolation method further comprises database audit: database auditing is implemented to track access to the database in order to identify abnormal activity and prevent data leakage.
4. The SaaS multi-tenant data isolation method of claim 1, wherein: the SaaS multi-tenant data isolation method further comprises data backup: data backup is carried out regularly to prevent data loss or damage; including physical backup, mirroring, and replication techniques to achieve data backup.
5. The SaaS multi-tenant data isolation system is characterized in that: the system can be used for implementing the SaaS multi-tenant data isolation method according to one of claims 1 to 4, in particular comprising:
the tenant management module comprises the following functions:
user registration and authentication: allowing a user to register and authenticate and acquiring authority for accessing the tenant system;
tenant creation and configuration: allowing an administrator to create and configure tenants, including setting names, identifiers and access rights of the tenants;
tenant rights management: allowing an administrator to allocate and manage the rights of the tenant, and limiting the scope of access and an operating system thereof;
tenant data isolation: ensuring that the data of each tenant is isolated in the system and can be accessed and operated only by the tenant itself;
the database management module comprises the following functions:
database cluster management: creating and managing a plurality of database clusters, each cluster for storing data of one or more tenants;
database allocation and maintenance: each tenant is distributed to an independent database, so that the isolation and reliability of data are ensured;
database backup and recovery: periodically backing up the database and providing a recovery mechanism to prevent data loss or corruption;
a data isolation and access control module comprising the following functions:
data partitioning and isolation: storing the data of each tenant in a separate database by using a multi-tenant data partitioning technology, so as to ensure isolation between the data;
access control and rights management: setting access rights for each tenant, and limiting the data range which can be accessed and operated by the tenant;
data encryption and security: the encryption technology is used for protecting the safety of data, and encryption is carried out in the data transmission and storage process;
the data operation and query module comprises the following functions:
data query and filtering: allowing the tenant to execute data query and filtering operation, and acquiring and operating data according to the authority and the access level;
data update and deletion: allowing tenants to update and delete owned data, and ensuring the integrity and consistency of the data;
data operation log and audit: recording all data operation and query logs so as to audit and track access and change histories of the data;
a system monitoring and reporting module comprising the following functions:
and (3) monitoring system performance: monitoring the performance and the resource use condition of the system, and ensuring the stability and the reliability of the system;
error and exception handling: capturing and processing errors and abnormal conditions occurring in the system, and ensuring the usability and stability of the system;
high availability and failover: implementing a high availability architecture, ensuring continuity and reliability of the system, and enabling normal operation even in the event of hardware failure or network disruption;
reporting and analysis: various reports and analyses are generated and provided, including tenant usage, system performance, and data access statistics.
6. A computer device, characterized by: comprising a memory, a processor and a computer program stored on the memory and executable on the processor, said processor implementing the SaaS multi-tenant data isolation method of one of claims 1 to 4 when said program is executed.
7. A computer-readable storage medium, characterized by: a computer program stored thereon, which when executed by a processor implements the SaaS multi-tenant data isolation method of one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311330551.XA CN117389684A (en) | 2023-10-13 | 2023-10-13 | SaaS multi-tenant data isolation method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311330551.XA CN117389684A (en) | 2023-10-13 | 2023-10-13 | SaaS multi-tenant data isolation method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117389684A true CN117389684A (en) | 2024-01-12 |
Family
ID=89471454
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311330551.XA Pending CN117389684A (en) | 2023-10-13 | 2023-10-13 | SaaS multi-tenant data isolation method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117389684A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117692871A (en) * | 2024-01-31 | 2024-03-12 | 江西掌中无限网络科技股份有限公司 | System and method for pushing 5G message by multi-tenant access multi-protocol |
| CN118484796A (en) * | 2024-07-15 | 2024-08-13 | 宁波安得智联科技有限公司 | Tenant authority management method, system, equipment and medium of SaaS platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108737325A (en) * | 2017-04-13 | 2018-11-02 | 华为技术有限公司 | A kind of multi-tenant data partition method, apparatus and system |
| CN110163002A (en) * | 2019-05-29 | 2019-08-23 | 上海有谱网络科技有限公司 | A kind of method of SaaS software tenant data isolation |
| CN112100262A (en) * | 2020-09-16 | 2020-12-18 | 南京智数云信息科技有限公司 | Method and system for quickly building and dynamically expanding multi-tenant software as a service (SaaS) platform |
| CN115878361A (en) * | 2022-12-29 | 2023-03-31 | 山石网科通信技术股份有限公司 | Node management method and device for database cluster and electronic equipment |
-
2023
- 2023-10-13 CN CN202311330551.XA patent/CN117389684A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108737325A (en) * | 2017-04-13 | 2018-11-02 | 华为技术有限公司 | A kind of multi-tenant data partition method, apparatus and system |
| CN110163002A (en) * | 2019-05-29 | 2019-08-23 | 上海有谱网络科技有限公司 | A kind of method of SaaS software tenant data isolation |
| CN112100262A (en) * | 2020-09-16 | 2020-12-18 | 南京智数云信息科技有限公司 | Method and system for quickly building and dynamically expanding multi-tenant software as a service (SaaS) platform |
| CN115878361A (en) * | 2022-12-29 | 2023-03-31 | 山石网科通信技术股份有限公司 | Node management method and device for database cluster and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| "《Kubernetes微服务实战[M]》", 30 June 2020, 机械工业出版社, pages: 168 - 169 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117692871A (en) * | 2024-01-31 | 2024-03-12 | 江西掌中无限网络科技股份有限公司 | System and method for pushing 5G message by multi-tenant access multi-protocol |
| CN118484796A (en) * | 2024-07-15 | 2024-08-13 | 宁波安得智联科技有限公司 | Tenant authority management method, system, equipment and medium of SaaS platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11573867B2 (en) | Smart dynamic restore for Kubernetes based applications | |
| US10489357B2 (en) | Systems and methods for automating management of distributed databases | |
| US11954220B2 (en) | Data protection for container storage | |
| CN109542611B (en) | Database-as-a-service system, database scheduling method, device and storage medium | |
| CN117389684A (en) | SaaS multi-tenant data isolation method and system | |
| US10146636B1 (en) | Disaster recovery rehearsals | |
| US10158579B2 (en) | Resource silos at network-accessible services | |
| US8863278B2 (en) | Grid security intrusion detection configuration mechanism | |
| US10372555B1 (en) | Reversion operations for data store components | |
| US11328064B2 (en) | Automatic ransomware detection with an on-demand file system lock down and automatic repair function | |
| US10341298B1 (en) | Security rules for application firewalls | |
| US10536538B2 (en) | Secure data erasure verification in hyperscale computing systems | |
| US11146560B1 (en) | Distributed governance of computing resources | |
| US11829271B2 (en) | Tuning data protection policy after failures | |
| US10862887B2 (en) | Multiple domain authentication using data management and storage node | |
| CN110659259A (en) | Database migration method, server and computer storage medium | |
| US11693963B2 (en) | Automatic ransomware detection with an on-demand file system lock down and automatic repair function | |
| US20090319635A1 (en) | Centrally managed inventory and entitlement data | |
| US11057264B1 (en) | Discovery and configuration of disaster recovery information | |
| JP2019517063A (en) | Storage cluster | |
| US20230401337A1 (en) | Two person rule enforcement for backup and recovery systems | |
| CN115080309A (en) | Data backup system, method, storage medium, and electronic device | |
| US11262932B2 (en) | Host-aware discovery and backup configuration for storage assets within a data protection environment | |
| WO2022157782A1 (en) | Published file system and method | |
| TWM597904U (en) | Servo host configuration setting management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |