CN118296622A

CN118296622A - Database account management method, equipment, medium and product

Info

Publication number: CN118296622A
Application number: CN202410394215.XA
Authority: CN
Inventors: 张长河
Original assignee: Beijing Weida Information Technology Co ltd
Current assignee: Beijing Weida Information Technology Co ltd
Filing date: 2024-04-02
Publication date: 2024-07-05

Abstract

The application relates to the technical field of database management, in particular to a database account management method, equipment, medium and product, wherein the method comprises the following steps: when a new account number instruction is detected, account number configuration information is generated based on user information and authority demand information, and is stored in an account number database, and the account number configuration information is generated and stored in an automatic mode, so that the efficiency and accuracy of account number creation and authority distribution are improved, and unauthorized access and potential safety risks are reduced. In order to ensure the security of the database and the integrity of data, account auditing is carried out based on each target account and the corresponding operation log, an auditing result is determined, and potential security risks are found and processed in time through the operation log of each target account in the auditing account database, so that the probability of data leakage and abuse is reduced. When the auditing result is that the off-office account is abnormal, the abnormal off-office account is forbidden, and the account forbidden is helpful for guaranteeing the data security.

Description

Database account management method, equipment, medium and product

Technical Field

The present application relates to the field of database management, and in particular, to a method, an apparatus, a medium, and a product for managing a database account.

Background

With the continuous deep information construction of enterprises, databases are used as core components for information storage and processing and bear more and more business data and sensitive information. The database account number is used as an entrance for accessing and controlling the database, and the security and compliance of the database account number are directly related to the information security and service stable operation of enterprises.

However, as enterprise scale continues to expand and business becomes more complex, database and application system associations become increasingly complex, and account rights management becomes more difficult. The operation and maintenance personnel need to spend a great deal of time and effort to comb and configure account rights, and rights management confusion and omission easily occur along with personnel replacement.

Therefore, how to provide an efficient and safe database account management method is a problem to be solved by those skilled in the art.

Disclosure of Invention

The application aims to provide a database account management method, equipment, medium and product, which are used for solving at least one technical problem.

The above object of the present application is achieved by the following technical solutions:

In a first aspect, the present application provides a database account management method, which adopts the following technical scheme:

A database account management method, comprising:

When a new account number adding instruction is detected, user information and authority demand information are acquired, account number configuration information is generated based on the user information and the authority demand information, and the account number configuration information is stored in an account number database to complete the creation and the authority distribution of a new account number;

Acquiring operation logs of target accounts in the account database, and performing account auditing based on each target account and the corresponding operation log to determine an auditing result, wherein the target account is any piece of account information in the account database;

and when the audit result is abnormal, disabling the abnormal off-office personnel account, wherein the account disabling is helpful for guaranteeing the data security.

By adopting the technical scheme, when the newly added account instruction is detected, the account configuration information is generated based on the user information and the authority demand information, and is stored in the account database, and the account configuration information is generated and stored in an automatic mode, so that the efficiency and accuracy of account creation and authority distribution are greatly improved, and the unauthorized access and potential safety risks are reduced. In order to ensure the security of the database and the integrity of data, account auditing is carried out based on each target account and the corresponding operation log, an auditing result is determined, and potential security risks can be found and processed in time through the operation log of each target account in the auditing account database, so that the probability of data leakage and abuse is reduced. When the auditing result is that the off-office account is abnormal, the abnormal off-office account is forbidden, and the account forbidden is helpful for guaranteeing the data security.

The present application may be further configured in a preferred example to: the generating account configuration information based on the user information and the authority requirement information includes:

Performing information verification based on the user information and the authority requirement information, and performing role matching based on the user information and the authority requirement information after the information verification is passed, so as to determine a target role;

and selecting a template based on the target role, and determining a target account template, wherein the target account template comprises: the general attribute and default authority corresponding to the target role are set;

and carrying out account configuration based on the target account template, the user information and the authority requirement information, and generating account configuration information.

The present application may be further configured in a preferred example to: the account configuration is performed based on the target account template, the user information and the authority requirement information, and account configuration information is generated, including:

acquiring a naming specification, and naming an account based on the naming specification and the user information to obtain an account name;

Performing access control based on the target role to obtain access control information, and associating the access control information with the target role based on the permission demand information to obtain account permission configuration information;

and integrating the target account template, the account name and the account authority configuration information to obtain account configuration information.

The present application may be further configured in a preferred example to: performing account auditing based on each target account and the corresponding operation log, and determining an auditing result, wherein the method comprises the following steps:

Acquiring off-staff information, performing off-staff account audit based on the off-staff information and each target account in the account database, and determining a first audit result;

performing abnormal behavior audit based on the operation log corresponding to each target account, and determining a second audit result;

And integrating the first audit result and the second audit result to determine an audit result.

The present application may be further configured in a preferred example to: and after the audit result is determined by integrating the first audit result and the second audit result, the method further comprises the steps of:

When the second audit result is that the behaviors are abnormal, acquiring abnormal behavior information corresponding to an abnormal behavior account, classifying the behaviors based on the abnormal behavior information, and determining the abnormal behavior type;

and selecting a target safety measure based on the abnormal behavior type, and operating the abnormal behavior account according to the target safety measure to ensure account safety.

The present application may be further configured in a preferred example to: when the audit result is abnormal, disabling the abnormal off-office personnel account further comprises:

Performing data backup based on the off-office personnel account to obtain backup data;

and acquiring the forbidden duration corresponding to the off-office personnel account, and when the forbidden duration reaches a clearing period, clearing all data under the off-office personnel account to release the space of the account database.

In a second aspect, the present application provides an electronic device, which adopts the following technical scheme:

At least one processor;

a memory;

At least one application program, wherein the at least one application program is stored in the memory and configured to be executed by the at least one processor, the at least one application program configured to: and executing the database account management method.

In a third aspect, the present application provides a computer readable storage medium, which adopts the following technical scheme:

A computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the database account management method described above.

In a fourth aspect, the present application provides a computer program product, which adopts the following technical scheme:

A computer program product comprising a computer program which when executed by a processor implements the database account management method described above.

In summary, the present application includes at least one of the following beneficial technical effects:

When a new account number instruction is detected, account number configuration information is generated based on user information and authority demand information, and is stored in an account number database, and the account number configuration information is generated and stored in an automatic mode, so that the efficiency and accuracy of account number creation and authority distribution are greatly improved, and unauthorized access and potential safety risks are reduced. In order to ensure the security of the database and the integrity of data, account auditing is carried out based on each target account and the corresponding operation log, an auditing result is determined, and potential security risks can be found and processed in time through the operation log of each target account in the auditing account database, so that the probability of data leakage and abuse is reduced. When the auditing result is that the off-office account is abnormal, the abnormal off-office account is forbidden, and the account forbidden is helpful for guaranteeing the data security.

In order to ensure the accuracy of account configuration information, information verification is performed based on user information and authority demand information, and when the information verification is passed, role matching is performed based on the user information and the authority demand information, so that a target role is determined. And then, selecting a template based on the target role, determining a target account template, and performing account configuration based on the target account template, the user information and the permission requirement information to generate account configuration information. By means of automatic role matching and template selection processes, time and effort required by manually configuring the account are greatly reduced, the creation speed of a new account is increased, and the overall working efficiency is improved.

Drawings

FIG. 1 is a flowchart of a database account management method according to an embodiment of the present application;

fig. 2 is a schematic structural diagram of a database account management device according to an embodiment of the present application;

fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the application.

Detailed Description

The application is described in further detail below in connection with fig. 1 to 3.

The present embodiment is merely illustrative of the present application and is not intended to limit the present application, and those skilled in the art, after having read the present specification, may make modifications to the present embodiment without creative contribution as necessary, but are protected by patent laws within the scope of the present application.

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In this context, unless otherwise specified, the term "/" generally indicates that the associated object is an "or" relationship.

Embodiments of the application are described in further detail below with reference to the drawings.

The embodiment of the application provides a database account management method which is executed by electronic equipment, wherein the electronic equipment can be a server or terminal equipment, and the server can be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server for providing cloud computing service. The terminal device may be a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like, but is not limited thereto, and the terminal device and the server may be directly or indirectly connected through a wired or wireless communication manner, as shown in fig. 1, the method includes steps S101, S102, and S103, where:

Step S101: when a new account number adding instruction is detected, user information and authority demand information are acquired, account number configuration information is generated based on the user information and the authority demand information, and the account number configuration information is stored in an account number database to complete creation and authority distribution of a new account number.

For the embodiment of the application, along with the continuous expansion of enterprise scale and the complexity of business, the demand of a newly added account is often existed, and when a database manager has the demand of the newly added account, an instruction of the newly added account is triggered, so that user information and authority demand information are acquired. The user information is detailed information related to the user specified in the newly added account instruction, including but not limited to: user name, department, job position, contact phone, email, etc.; rights requirement information refers to the description and requirements of the operating rights required by the account number, including but not limited to: data access rights (e.g., read, write, modify, delete data in a particular data table or view), execution operating rights (e.g., create, modify, or delete database objects (e.g., tables, views, indexes, etc.), system level rights (e.g., backup database, restore database, manage user account), time constraints (e.g., rights may only be valid for a particular period of time), etc. And then, generating account configuration information based on the user information and the authority demand information, storing the account configuration information in an account database, and generating and storing the account configuration information in an automatic mode, so that the efficiency and accuracy of account creation and authority distribution are greatly improved, the clear authority boundaries of each account are ensured, and the unauthorized access and potential security risks are reduced. The generation modes of the account configuration information are various, the embodiment of the application is not limited any more, in one realizable mode, information verification is carried out based on the user information and the authority requirement information, and after the information verification is passed, role matching is carried out based on the user information and the authority requirement information, so as to determine a target role; and selecting a template based on the target role, and determining a target account template, wherein the target account template comprises: the general attribute and default authority corresponding to the target role are set; and carrying out account configuration based on the target account template, the user information and the permission requirement information, and generating account configuration information.

Step S102: obtaining operation logs of target accounts in an account database, performing account auditing based on each target account and the corresponding operation log, and determining an auditing result, wherein the target accounts are any piece of account information in the account database.

For the embodiment of the application, in order to ensure the security of the database and the integrity of the data, the potential security risk can be found and processed in time by auditing the operation log of each target account in the account database, so that the probability of data leakage and abuse is reduced. The account database stores a plurality of accounts, and for any one target account in the account database, an operation log corresponding to the target account is obtained, wherein the operation log records all operation behaviors of the account, including but not limited to: information such as login time, operation content, execution result and the like. Further, account auditing is performed based on each target account and the corresponding operation log, and an auditing result is determined, wherein the dimensions of the account auditing include, but are not limited to: analyzing the behavior mode of the target account, detecting abnormal operation, comparing whether the actual operation accords with a preset authority rule or not, and generating an audit result, wherein the audit result is determined by the audit dimension and related conditions of the account. The account auditing method is various, the embodiment of the application is not limited any more, in one realizable method, the information of the off-staff is obtained, the off-staff account auditing is carried out based on the information of the off-staff and each target account in the account database, and the first auditing result is determined; performing abnormal behavior audit based on the operation log corresponding to each target account, and determining a second audit result; and integrating the first audit result and the second audit result to determine the audit result.

Step S103: and when the auditing result is that the off-office account is abnormal, disabling the abnormal off-office account, wherein the account disabling is beneficial to guaranteeing the data security.

For the embodiment of the application, when the auditing result is abnormal, the characterization off-staff possibly still keeps the access right, can access the sensitive data, and has the risk of leakage or abuse of the data, so that the abnormal off-staff account is forbidden to ensure the data safety. For the disabling operation, a corresponding flag bit is generally set in the account database, so that the off-office personnel account cannot be used for logging in or performing any operation. Meanwhile, in the process of disabling the account, information such as time of disabling operation, executives and the like can be recorded, so that subsequent audit and operation are facilitated.

It can be seen that, in the embodiment of the application, when the newly added account instruction is detected, the account configuration information is generated based on the user information and the authority demand information, and is stored in the account database, and the account configuration information is generated and stored in an automatic mode, so that the efficiency and accuracy of account creation and authority distribution are greatly improved, and the unauthorized access and potential security risks are reduced. In order to ensure the security of the database and the integrity of data, account auditing is carried out based on each target account and the corresponding operation log, an auditing result is determined, and potential security risks can be found and processed in time through the operation log of each target account in the auditing account database, so that the probability of data leakage and abuse is reduced. When the auditing result is that the off-office account is abnormal, the abnormal off-office account is forbidden, and the account forbidden is helpful for guaranteeing the data security.

Further, in order to increase the creation speed of the new account and improve the overall working efficiency, in the embodiment of the present application, the generating account configuration information based on the user information and the permission requirement information includes:

Performing information verification based on the user information and the authority demand information, and performing role matching based on the user information and the authority demand information after the information verification is passed, so as to determine a target role;

And carrying out account configuration based on the target account template, the user information and the permission requirement information, and generating account configuration information.

For the embodiment of the application, in order to ensure the accuracy of account configuration information, firstly, information verification is performed on user information and authority requirement information to ensure the accuracy and the integrity of the information, and the information verification process comprises, but is not limited to: checking whether the user name is unique, whether the contact way is valid, whether the department exists, whether the permission requirement accords with the security policy, and the like. And when the information verification fails, an information error instruction is returned, so that a database manager can change the error information in time. And when the information passes the verification, performing role matching based on the user information and the authority demand information, determining a target role, and comprehensively considering factors such as a department to which the user belongs, a post level, required authorities and the like in the role matching process so that the authority demand information is included in all authorities corresponding to the target role. Meanwhile, account templates corresponding to different roles are pre-stored in the electronic device, so that template selection is performed based on the target roles, a target account template corresponding to the target roles is determined, and the target account template is a pre-configured account basic setting, and the method comprises the following steps: the general attribute and default authority setting can accelerate the account creation process and maintain consistency. Furthermore, the electronic device sets corresponding attributes, such as an account name, an initial password policy and the like, for the new account based on the general attributes and the user information in the target account template, and configures specific rights for the new account by combining the rights requirement information and default rights setting in the target template so as to complete the generation process of the account configuration information. After that, the account configuration information is stored in an account database, the persistence and the security of the information are ensured, and a new account is activated so that the new account can be used for logging in and executing corresponding operations. By means of automatic role matching and template selection processes, time and effort required by manually configuring the account are greatly reduced, the creation speed of a new account is increased, and the overall working efficiency is improved. Because the role and account templates are definable, new role and account templates are adjusted or added according to actual requirements, and the method can adapt to continuously changing business requirements and security policies.

It can be seen that, in the embodiment of the present application, in order to ensure accuracy of account configuration information, information verification is performed based on user information and authority requirement information, and when the information verification is passed, role matching is performed based on the user information and the authority requirement information, so as to determine a target role. And then, selecting a template based on the target role, determining a target account template, and performing account configuration based on the target account template, the user information and the permission requirement information to generate account configuration information. By means of automatic role matching and template selection processes, time and effort required by manually configuring the account are greatly reduced, the creation speed of a new account is increased, and the overall working efficiency is improved.

Further, in order to improve efficiency and accuracy of account creation and ensure security and compliance of an account, in the embodiment of the present application, account configuration is performed based on a target account template, user information and rights requirement information, and account configuration information is generated, including:

acquiring a naming specification, and naming an account based on the naming specification and user information to obtain an account name;

and integrating the target account template, the account name and the account authority configuration information to obtain the account configuration information.

For the embodiment of the application, the naming rule of the account name is prestored in the electronic device, wherein the naming rule generally comprises: format requirements for account names, length restrictions, special character usage rules, etc. And then, carrying out account naming based on the naming rule and the user information, namely generating an account name according to the information such as the name, the department, the position and the like of the user in the user information and the requirements of the naming rule, wherein the specific content of the naming rule is not limited any more, and the user can set the account name according to the requirements. For example, naming specifications require that account names be composed of initials of user names and abbreviations of departments, and account names conforming to the specifications are spliced out according to the information. According to roles, responsibilities and security requirements of a user, the electronic device configures access control settings for an account, including: setting login IP address limit of the account number, and only allowing login from a specific IP address or IP address range; setting a time period limit, wherein the designated account can only execute login and access operations in a specific time period; of course, access restrictions based on geographic location, device type, or other conditions may also be configured. Thus, access control is performed based on the target role, resulting in access control information, including but not limited to: access time limit, access address limit, etc. And further, associating the account authority configuration information based on the authority requirement information, the access control information and the target role, wherein the account authority configuration information is used for representing the authority range, the access limit and other conditions of the account. And finally, integrating the target account template, the account name and the account authority configuration information to obtain the account configuration information. According to the predefined naming standards and role settings, account names meeting the requirements are automatically generated, accurate authority configuration is carried out according to the authority requirements of users, the efficiency and accuracy of account creation are greatly improved, and meanwhile the safety and compliance of the account are ensured.

It can be seen that, in the embodiment of the present application, account naming is performed based on naming standards and user information to obtain account names, then access control is performed based on target roles to obtain access control information, and association is performed based on rights requirement information, access control information and target roles to obtain account rights configuration information. And finally, integrating the target account template, the account name and the account authority configuration information to obtain the account configuration information. According to the predefined naming standards and role settings, account names meeting the requirements are automatically generated, accurate authority configuration is carried out according to the authority requirements of users, the efficiency and accuracy of account creation are greatly improved, and meanwhile the safety and compliance of the account are ensured.

Further, in order to improve management efficiency of database accounts, in the embodiment of the present application, account auditing is performed based on each target account and a corresponding operation log, and an auditing result is determined, including:

acquiring off-staff information, auditing off-staff accounts based on the off-staff information and each target account in an account database, and determining a first audit result;

and integrating the first audit result and the second audit result to determine the audit result.

With the adoption of the method and the device, along with the mobilization of staff, if the account number of the staff away from the staff is not processed in time, security risks can be brought, and even data leakage can be caused. Therefore, in the process of carrying out account audit on each target account in the account database, whether the target account is an off-staff or not is judged, so that the off-staff account can be disabled in time, and potential safety events are avoided. Meanwhile, operation behavior audit is conducted on the incumbent target account, so that the account with problems can be timely processed, and management efficiency of the database account is improved.

Specifically, the personnel information is obtained through a personnel management system, wherein the personnel information includes but is not limited to: employee name, employee ID, date of departure, department of ownership, etc., and then, based on the information of the person who leaves the employee, comparing with each target account in the account database, searching whether there is an account related to the person who leaves the employee, wherein matching employee name or other unique identifier may be involved in the comparison process. When the account database is detected to have the account of the off-job personnel, determining that the first audit result is abnormal; otherwise, determining that the first audit result is that the account number is normal. At the same time, the electronic device may periodically or in real time obtain an operation log for each target account, where the operation log records all operation behaviors of the account, including but not limited to: information such as login time, operation content, execution result and the like. Further, abnormal behavior audit is conducted based on the operation log corresponding to each target account, and a second audit result is determined, wherein the second audit result comprises: abnormal behavior and normal behavior. The realization process for abnormal behavior audit comprises the following steps: the obtained operation logs are subjected to deep analysis, including behavior pattern recognition, anomaly detection and the like, whether the target account has behaviors such as unauthorized access and illegal operation or not is judged by comparing actual operation with preset permission rules, and a large number of operation logs can be automatically analyzed and mined by utilizing machine learning or data mining technology, so that the efficiency and accuracy of abnormal behavior audit are improved. Finally, the first audit result and the second audit result are combined, and the audit result is determined, namely, the finally determined audit result is the sum of the first audit result and the second audit result.

It can be seen that, in the embodiment of the present application, the off-office account audit is performed based on the off-office personnel information and each target account in the account database, so as to determine a first audit result, and at the same time, the abnormal behavior audit is performed based on the operation log corresponding to each target account, so as to determine a second audit result. And finally, integrating the first audit result and the second audit result to determine the audit result. By means of account auditing, the management efficiency of the database accounts can be improved.

Further, in order to improve efficiency and accuracy of database security management, in the embodiment of the present application, after the first audit result and the second audit result are synthesized and the audit result is determined, the method further includes:

when the second audit result is that the behaviors are abnormal, abnormal behavior information corresponding to the abnormal behavior account is obtained, behavior classification is carried out based on the abnormal behavior information, and the abnormal behavior type is determined;

For the embodiment of the application, when the second audit result is abnormal behavior, the abnormal behavior account exists in the account database, and the abnormal behavior account may have risks of illegal access, abuse or attack, so that the risk type and source can be accurately identified by acquiring and classifying the abnormal behavior information, thereby timely taking measures to prevent potential damage, and improving the efficiency and accuracy of database security management.

Specifically, an abnormal behavior log corresponding to the abnormal behavior account is obtained, and the abnormal behavior log is deeply analyzed to identify abnormal behavior information, such as frequent login failure, abnormal operation time, abnormal data access, and the like. Then, performing behavior classification based on the abnormal behavior information, determining the abnormal behavior type, namely, inputting the abnormal behavior information into a behavior classification model for automatic classification, wherein the determined abnormal behavior type comprises but is not limited to: unauthorized access, risk of data leakage, malicious operations, etc., wherein the behavioral classification model is built from historical data and expert experience. Further, selecting a corresponding target security measure based on the abnormal behavior type, and operating the abnormal behavior account according to the target security measure to ensure account security, wherein the target security measure comprises but is not limited to: account number freezing, secondary verification, operation restriction, data isolation, etc.

It can be seen that, in the embodiment of the present application, when the second audit result is that the behavior is abnormal, the behavior classification is performed based on the abnormal behavior information, and the abnormal behavior type is determined. And then, selecting a target safety measure based on the abnormal behavior type, and operating the abnormal behavior account according to the target safety measure to ensure the account safety. The risk type and the source are accurately identified, so that measures are taken in time to prevent potential damage, and the efficiency and the accuracy of database security management are improved.

Further, in order to reduce the data storage cost and improve the operation efficiency, in the embodiment of the present application, when the audit result is that the off-office account is abnormal, after disabling the abnormal off-office account, the method further includes:

carrying out data backup based on the account number of the off-staff to obtain backup data;

And acquiring the forbidden duration corresponding to the off-staff account, and when the forbidden duration reaches the clearing period, clearing all data under the off-staff account to release the space of the account database.

For the embodiment of the application, the disabling of the off-staff account can prevent unauthorized access, however, in general, some important data exists under the off-staff account, and if the data under the off-staff account is not protected, the important data is lost. Meanwhile, after the forbidden account number reaches a certain period, the storage space can be released by clearing the account number content, the system resource is optimized, the data storage cost is reduced, and the operation efficiency is improved.

Specifically, after the account is disabled, in order to ensure that the data in the off-staff account is not lost and can be used for subsequent analysis or audit, the data under the off-staff account needs to be backed up. For data backup, only relevant data under the account number of the off-staff is selected to reduce the size of the backup file and the time required for backup, and the backup file is stored in a safe and reliable place after the backup is completed so as to be quickly restored when needed in the future. And then, acquiring the forbidden duration corresponding to the off-staff account, and when the forbidden duration reaches a clearing period, clearing all data under the off-staff account, wherein the data under the clearing account can release a database space and reduce potential safety risks, the clear period is stored in the electronic equipment in advance, and a user can set the forbidden duration according to the needs. Meanwhile, if the requirement of restarting the off-staff account is met later, the data can be restored to the new account according to the previous backup data, the integrity and consistency of the data are noted in the data restoration process, and the restored data are ensured to be consistent with the original data.

Therefore, in the embodiment of the application, the data backup is performed based on the off-staff account to obtain backup data, then the forbidden time length corresponding to the off-staff account is obtained, and when the forbidden time length reaches the clearing period, all the data under the off-staff account are cleared to release the space of the account database, thereby being beneficial to reducing the data storage cost and improving the operation efficiency.

The above embodiment describes a database account management method from the aspect of a method flow, and the following embodiment describes a database account management device from the aspect of a virtual module or a virtual unit, specifically the following embodiment.

An embodiment of the present application provides a database account management device, as shown in fig. 2, where the database account management device specifically may include:

The account configuration module 210 is configured to obtain user information and rights requirement information when a new account instruction is detected, generate account configuration information based on the user information and the rights requirement information, and store the account configuration information in an account database to complete creation and rights allocation of a new account;

The account auditing module 220 is configured to obtain an operation log of a target account in the account database, perform account auditing based on each target account and a corresponding operation log, and determine an auditing result, where the target account is any piece of account information in the account database;

And an off-office account disabling module 230, configured to disable an abnormal off-office personnel account when the audit result is that the off-office account is abnormal, where the account disabling is helpful for guaranteeing data security.

For the embodiment of the application, when the newly added account instruction is detected, the account configuration information is generated based on the user information and the authority demand information, and is stored in the account database, and the account configuration information is generated and stored in an automatic mode, so that the efficiency and accuracy of account creation and authority distribution are greatly improved, and the unauthorized access and potential security risks are reduced. In order to ensure the security of the database and the integrity of data, account auditing is carried out based on each target account and the corresponding operation log, an auditing result is determined, and potential security risks can be found and processed in time through the operation log of each target account in the auditing account database, so that the probability of data leakage and abuse is reduced. When the auditing result is that the off-office account is abnormal, the abnormal off-office account is forbidden, and the account forbidden is helpful for guaranteeing the data security.

In one possible implementation manner of the embodiment of the present application, when the account configuration module 210 generates the account configuration information based on the user information and the permission requirement information, the account configuration module is configured to:

In one possible implementation manner of the embodiment of the present application, when performing account configuration based on the target account template, the user information and the permission requirement information, the account configuration module 210 is configured to:

In one possible implementation manner of the embodiment of the present application, when performing account audit based on each target account and the corresponding operation log, the account audit module 220 is configured to:

In one possible implementation manner of the embodiment of the present application, the database account management device further includes:

The behavior anomaly detection module is used for acquiring the abnormal behavior information corresponding to the abnormal behavior account when the second audit result is that the behavior is abnormal, classifying the behaviors based on the abnormal behavior information and determining the abnormal behavior type;

The backup clearing module is used for carrying out data backup based on the account number of the off-office personnel to obtain backup data;

It can be clearly understood by those skilled in the art that, for convenience and brevity of description, a specific working process of the database account management device described above may refer to a corresponding process in the foregoing method embodiment, which is not described herein again.

In an embodiment of the present application, as shown in fig. 3, an electronic device 300 shown in fig. 3 includes: a processor 301 and a memory 303. Wherein the processor 301 is coupled to the memory 303, such as via a bus 302. Optionally, the electronic device 300 may also include a transceiver 304. It should be noted that, in practical applications, the transceiver 304 is not limited to one, and the structure of the electronic device 300 is not limited to the embodiment of the present application.

The Processor 301 may be a CPU (Central Processing Unit ), general purpose Processor, DSP (DIGITAL SIGNAL Processor, data signal Processor), ASIC (Application SPECIFIC INTEGRATED Circuit), FPGA (Field Programmable GATE ARRAY ) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules and circuits described in connection with this disclosure. Processor 301 may also be a combination that implements computing functionality, e.g., comprising one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc.

Bus 302 may include a path to transfer information between the components. Bus 302 may be a PCI (PERIPHERAL COMPONENT INTERCONNECT, peripheral component interconnect standard) bus or an EISA (Extended Industry Standard Architecture ) bus, or the like. Bus 302 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 3, but not only one bus or type of bus.

The Memory 303 may be, but is not limited to, a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory ) or other type of dynamic storage device that can store information and instructions, an EEPROM (ELECTRICALLY ERASABLE PROGRAMMABLE READ ONLY MEMORY ), a CD-ROM (Compact Disc Read Only Memory, compact disc Read Only Memory) or other optical disk storage, optical disk storage (including compact discs, laser discs, optical discs, digital versatile discs, blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.

The memory 303 is used for storing application program codes for executing the inventive arrangements and is controlled to be executed by the processor 301. The processor 301 is configured to execute the application code stored in the memory 303 to implement what is shown in the foregoing method embodiments.

Among them, electronic devices include, but are not limited to: mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and stationary terminals such as digital TVs, desktop computers, and the like. But may also be a server or the like. The electronic device shown in fig. 3 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the application.

Embodiments of the present application provide a computer-readable storage medium having a computer program stored thereon, which when run on a computer, causes the computer to perform the corresponding method embodiments described above.

Embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements a method as in any of the embodiments described above. Compared with the related art, in the embodiment of the application, when the newly added account instruction is detected, the account configuration information is generated based on the user information and the authority demand information, and is stored in the account database, and the account configuration information is generated and stored in an automatic mode, so that the efficiency and accuracy of account creation and authority distribution are greatly improved, and the unauthorized access and potential security risks are reduced. In order to ensure the security of the database and the integrity of data, account auditing is carried out based on each target account and the corresponding operation log, an auditing result is determined, and potential security risks can be found and processed in time through the operation log of each target account in the auditing account database, so that the probability of data leakage and abuse is reduced. When the auditing result is that the off-office account is abnormal, the abnormal off-office account is forbidden, and the account forbidden is helpful for guaranteeing the data security.

It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.

The foregoing is only a partial embodiment of the present application, and it should be noted that it will be apparent to those skilled in the art that modifications and adaptations can be made without departing from the principles of the present application, and such modifications and adaptations should and are intended to be comprehended within the scope of the present application.

Claims

1. A database account management method, comprising:

2. The method for managing a database account according to claim 1, wherein the generating account configuration information based on the user information and the rights requirement information includes:

3. The method for managing database accounts according to claim 2, wherein the performing account configuration based on the target account template, the user information and the rights requirement information, generating account configuration information, includes:

4. The method for managing database accounts according to claim 1, wherein the step of performing account auditing based on each target account and the corresponding operation log to determine an auditing result includes:

5. The method for managing database accounts according to claim 4, wherein the integrating the first audit result and the second audit result, after determining an audit result, further comprises:

6. The method for managing database accounts according to claim 1, wherein when the audit result is that the off-office account is abnormal, after disabling the abnormal off-office account, further comprising:

7. An electronic device, comprising:

At least one processor;

a memory;

At least one application program, wherein the at least one application program is stored in the memory and configured to be executed by the at least one processor, the at least one application program configured to: a database account management method according to any one of claims 1 to 6.

8. A computer-readable storage medium, having stored thereon a computer program which, when executed in a computer, causes the computer to perform the database account management method of any of claims 1 to 6.

9. A computer program product comprising a computer program for execution by a processor of the database account management method of any one of claims 1 to 6.