WO2021051569A1 - Procédé et appareil d'isolation de données, dispositif informatique et support de stockage - Google Patents

Procédé et appareil d'isolation de données, dispositif informatique et support de stockage Download PDF

Info

Publication number
WO2021051569A1
WO2021051569A1 PCT/CN2019/117739 CN2019117739W WO2021051569A1 WO 2021051569 A1 WO2021051569 A1 WO 2021051569A1 CN 2019117739 W CN2019117739 W CN 2019117739W WO 2021051569 A1 WO2021051569 A1 WO 2021051569A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
data
database
data source
sub
Prior art date
Application number
PCT/CN2019/117739
Other languages
English (en)
Chinese (zh)
Inventor
姜伟
杨圣祥
肖雁飞
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021051569A1 publication Critical patent/WO2021051569A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor

Definitions

  • This application relates to the field of artificial intelligence technology, in particular to the field of traffic road congestion prediction technology, and in particular to a data isolation method, device, computer equipment and storage medium.
  • the method of database sub-database is generally based on the system, and the data volume and access volume of different services are stored in separate databases.
  • the inventor realized that the existing implementation at least has the following problem: With the interconnection of various systems in the company, single sign-on and unified authorization are the main ways to access the database, and this It also brings the risk of associated leakage. When data is put together, when a security risk occurs in one system, it may cause other systems to follow security risks.
  • the purpose of the embodiments of this application is to propose a data isolation method, device, computer equipment, and storage medium.
  • a user group corresponds to a data sub-database, and each data sub-database is assigned a corresponding data source .
  • the user information in the same user group is stored in the data source.
  • the user information of the user is matched with the information in the user table to obtain the corresponding data source, and data access is performed from the corresponding data sub-database through the data source , Thereby preventing leakage and improving data access security.
  • an embodiment of the present application provides a data isolation method, which adopts the following technical solutions:
  • a data isolation method includes the following steps:
  • the data source manager When receiving a user access request, allocates a data source corresponding to the user group where the user is located according to the user information in the request so that the user can connect to the corresponding data sub-database for data access.
  • an embodiment of the present application also provides a data isolation device, which adopts the following technical solutions:
  • the database division module is used to divide the database into multiple data sub-databases according to user groups, and one data sub-database corresponds to one user group;
  • a data source allocation module configured to allocate data sources to the data sub-databases, wherein one of the data sources corresponds to one of the data sub-databases;
  • a data source management module used to establish a data source manager, the data source manager maps the user group and the data source;
  • the allocation module is configured to, when a user access request is received, the data source manager allocates a data source corresponding to the user group where the user is located according to the user information in the request so that the user can connect to the corresponding Data sub-database for data access.
  • the embodiments of the present application also provide a computer device, which adopts the following technical solutions:
  • a computer device includes a memory and a processor, wherein computer readable instructions are stored in the memory, and the processor implements the steps of the data isolation method described above when the computer readable instructions are executed by the processor.
  • the embodiments of the present application also provide a computer non-volatile readable storage medium, which adopts the following technical solutions:
  • a computer non-volatile readable storage medium stores computer readable instructions, the computer readable instructions are executed by a processor to realize the above-mentioned data isolation method A step of.
  • the embodiment of the application provides a data isolation method, device, computer equipment, and storage medium.
  • the method includes the following steps: the embodiment of the application divides the database for different user groups, and one user group corresponds to one data sub-database. Configure the data source for each data sub-database, and set the data source manager to allocate the corresponding data source to the user to connect to the corresponding data sub-database.
  • the data source manager stores its user information for the corresponding data sub-database, and associates the user group and all users with the data source.
  • the user accesses the database, it can only be accessed through its corresponding data source.
  • Corresponding data sub-database single access to the database, thereby improving data security.
  • Figure 1 is an exemplary system architecture diagram to which the present application can be applied;
  • Fig. 2 is a flowchart of an embodiment of the data isolation method according to the present application.
  • Fig. 3 is a schematic structural diagram of an embodiment of a data isolation device according to the present application.
  • Fig. 4 is a schematic structural diagram of an embodiment of a computer device according to the present application.
  • the system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105.
  • the network 104 is used to provide a medium for communication links between the terminal devices 101, 102, 103 and the server 105.
  • the network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, and so on.
  • the user can use the terminal devices 101, 102, 103 to interact with the server 105 through the network 104 to receive or send messages, etc., to operate services and applications in data isolation.
  • Various communication client applications such as web browser applications, shopping applications, search applications, instant messaging tools, email clients, and social platform software, may be installed on the terminal devices 101, 102, and 103.
  • the terminal devices 101, 102, 103 may be various electronic devices with a display screen and supporting web browsing, including but not limited to user equipment, network equipment, or a device formed by integrating user equipment and network equipment through a network.
  • the user equipment includes, but is not limited to, any mobile electronic product that can interact with a user through a touch panel, such as a smart phone, a tablet computer, etc., and the mobile electronic product can use any operating system, such as an android operating system. , IOS operating system, etc.
  • the network device includes an electronic device that can automatically perform numerical calculation and information processing in accordance with pre-set or stored instructions. Its hardware includes, but is not limited to, a microprocessor, an application specific integrated circuit (ASIC), and a programmable gate.
  • ASIC application specific integrated circuit
  • the network device includes, but is not limited to, a computer, a network host, a single network server, a set of multiple network servers, or a cloud composed of multiple servers; here, the cloud is composed of a large number of computers or network servers based on Cloud Computing (Cloud Computing) Among them, cloud computing is a type of distributed computing, a virtual supercomputer composed of a group of loosely coupled computer sets.
  • the network includes, but is not limited to, the Internet, a wide area network, a metropolitan area network, a local area network, a VPN network, and a wireless ad-hoc network (Ad Hoc network).
  • Ad Hoc network wireless ad-hoc network
  • the server 105 may be a server, or a server cluster composed of several servers, or a cloud computing service center. It may also be a server that provides various services, such as a background server that provides support for the pages displayed on the terminal devices 101, 102, and 103.
  • the data isolation method provided in the embodiments of the present application is generally executed by a terminal device, and correspondingly, the data isolation device is generally set in the terminal device.
  • terminal devices, networks, and servers in FIG. 1 are merely illustrative. According to implementation needs, there can be any number of terminal devices, networks, and servers.
  • the data isolation method includes the following steps:
  • Step 201 Divide the database into multiple data sub-databases according to user groups, and one data sub-database corresponds to one user group.
  • the electronic device on which the data isolation method runs can divide the database into multiple data sub-databases according to user groups through a wired connection or a wireless connection.
  • the above-mentioned wireless connection methods can include, but are not limited to, 3G/4G connection, WiFi connection, Bluetooth connection, WiMAX connection, Zigbee connection, UWB (ultra wideband) connection, and other wireless connection methods currently known or developed in the future .
  • the database is divided into multiple data sub-databases according to user groups, that is, the database is horizontally divided into multiple sub-databases, and the data is distributed to different DB (DataBase, database) servers.
  • DB DataBase, database
  • a company includes subsidiaries A, B, C..., etc., and each subsidiary sets up a sub-database to store data volume and access. All users of each subsidiary are a user group, and a user belongs to a certain user group. When data is read, data is obtained according to the data sub-database corresponding to the user group where the user is located.
  • the storage space of the data sub-database is allocated or expanded according to the amount of users of the user group.
  • the setting is made according to the number of users of the user group.
  • the amount of users in the user group increases, it is determined whether the storage space of the data sub-database meets the user amount of the current user group, and when it is not satisfied, the storage space of the data sub-database is expanded.
  • the data sub-database when the data sub-database cannot be expanded or the data sub-database is expanded to the limit and the storage space is still insufficient, the data sub-database is used as the main database , Add another data sub-database as the slave, and the two data sub-databases are associated to synchronize the data.
  • the MySQL master-slave replication is used to realize database synchronization, and the read and write operations of the data sub-database are separated.
  • the master data sub-database provides write-only operations, and the slave data sub-database provides only Read operation, from the data sub-database to synchronize data from the main data sub-database.
  • Step 202 Assign data sources to the data sub-databases, where one data source corresponds to one data sub-database.
  • the data source refers to a database or a database server used by a database application, and is a device or original media that provides certain required data. All information for establishing a database connection is stored in the data source. In this embodiment, the correct data source name is provided to find the corresponding database connection. In other words, the data source defines how the user obtains data from the database, including, for example, the path to the actual database (not including the real data) and the record to which database and how to connect.
  • the data source may be deployed in the server or the client. In the embodiment of the present application, the data source is deployed in the server.
  • one data sub-database corresponds to multiple data sources
  • one data source can only correspond to one data sub-database
  • the data sub-database establishes a connection with the user through any one of the corresponding data sources.
  • step 203 a data source manager is established, and the data source manager maps user groups and data sources.
  • the data source manager is used to manage the data source, and maps the user group and all users, the data source, and the data sub-database. According to the mapping relationship, a data source corresponding to the user is allocated to connect to the data sub-database corresponding to the user group where the user is located.
  • mapping table maps the correspondence between the user group and all users, the data source, and the data sub-database.
  • the mapping table is as shown in Table 1.
  • the mapping table includes user groups and their user information, data sources, and data sub-databases. Based on the mapping table, you can quickly find out The mapping relationship between the user group and all users and the data source, as well as the data source and the data sub-database, so that the data source manager allocates the corresponding data source.
  • Step 204 When a user access request is received, the data source manager allocates a data source corresponding to the user group where the user is located according to the user information in the request, so that the user can connect to the corresponding data sub-database for data access.
  • the data source manager when receiving a user's access request, according to the mapping table, allocates a corresponding data source to the user to connect it to the corresponding data sub-database.
  • the data source manager allocates the data source, according to the user information carried in the access request, the user group corresponding to the user is searched from the mapping table, and the data source manager is based on The user group is allocated a corresponding data source, so that the user is connected to the data sub-database corresponding to the data source.
  • the access request includes the user account and login password of the requesting user.
  • the data source manager traverses the mapping table to verify whether the user account and login password of the requesting user exist In the mapping table; if it exists, the verification is passed, the user group where the requesting user is located is searched, and the data source is allocated according to the mapping relationship between the user group and the data source to connect to the corresponding data sub-database.
  • the user information includes user accounts and user passwords of all users in the user group, and when the mapping table is traversed to verify whether the user accounts and user passwords of the requesting user exist in the mapping table, First, verify whether the account of the requesting user matches any user account in the mapping table, and when it matches one of the user accounts, continue to verify whether the login password of the requesting user matches the user password corresponding to the user account Match, if it matches, the verification is passed, the user group where the requesting user is located is searched, a corresponding data source is allocated to establish a connection with the data sub-database, and a session is created for data access.
  • the process of matching the user information and the process of user verification are the same, and the password is verified after the user account is successfully matched, so as to save resources.
  • the query process of the data source in this embodiment is the login verification process. After the user information is successfully matched, the data source manager can directly allocate the corresponding data source to establish a connection with the data sub-database. Create a reply. This embodiment can save resources and improve access efficiency.
  • the data source manager allocates a data source, it allocates a data source in an idle state.
  • the data source is used to connect a user to the data sub-database, a busy flag is set for the data source, and the busy green flag is revoked after the user disconnects from the data sub-database.
  • the data source manager in this embodiment maps the user accounts and user passwords of users in the user group to all data sources corresponding to them.
  • the mapping table in Table 1 stores the mapping relationships of all the data sources, the data sub-databases, the user groups and all user information.
  • the user information of the requesting user is verified through the data source manager to query the data source corresponding to the user.
  • the data source can only be connected to a single data sub-database, thereby reducing The risk of data leakage from associated accounts.
  • the matching is successful, and a data source corresponding to the user is acquired as a connection tool to enable the user to communicate with the user.
  • the data sub-database connection corresponding to the data source.
  • user A is a user of user group A
  • the access request sent by user A includes his own user information, user account and login password
  • the data source manager can obtain the user corresponding to it from the mapping table.
  • the data source A101 in the idle state can be matched to the data sub-database corresponding to the user group A according to the corresponding user group A.
  • the session refers to the communication process between the user and the interactive system or server, such as the process from entering the account password and entering the operating system to exiting the operating system, the process of obtaining data from the database, and so on.
  • the session associates different requests sent by the user, and should always exist when established.
  • the container should not release the session resource until the user disconnects the session or the user's idle time exceeds a certain time limit.
  • the user may send a lot of requests to the server, and the user's request information can be stored in the session.
  • the session is provided with a session ID, and when both the account and password of the requesting user are verified, a session ID will be returned to the user end, and the session ID is used to identify different users.
  • a session ID When accessing the database, first check whether there is a session ID, if it does not exist, create one (after the first visit, or after a long period of inactivity, visit again); if it exists, load the corresponding session variable, the session variable stores the current Session ID The information accessed by the user.
  • the data source is provided with a label as an identification.
  • the server When the user logs in to the system for the first access, if the user is authenticated and establishes a session with the corresponding data sub-database, the server will obtain and record the label of the data source. When the user requests the information in the database again, it will directly pass this The label obtains the data source and improves the access speed.
  • the data source manager determines whether the access request carries an identification tag; if so, extracts the identification tag of the access request, and obtains the data source through the identification tag. Connect to the corresponding data sub-database for data access.
  • mapping needs to be updated immediately User information in the table.
  • the embodiment of the application divides the database for different user groups, one user group corresponds to a data sub-database, and each data sub-database is configured with a data source, and a data source manager is set to allocate corresponding data sources to users and corresponding data. Sub-library connection.
  • the data source manager stores its user information for the corresponding data sub-database, and associates the user group and all users with the data source.
  • the user accesses the database, it can only be accessed through its corresponding data source.
  • Corresponding data sub-database single access to the database, thereby improving data security.
  • this application provides an embodiment of a data isolation device device.
  • the device embodiment corresponds to the method embodiment shown in FIG. It can be applied to various electronic devices.
  • the data isolation device 300 in this embodiment includes: a database dividing module 301, a data source allocation module 302, a data source management module 303, and an allocation module 304. among them:
  • the database division module 301 is used to divide the database into multiple data sub-databases according to user groups, and one data sub-database corresponds to one user group;
  • the data source allocation module 302 is configured to allocate data sources to the data sub-databases, where one data source corresponds to one data sub-database;
  • the data source management module 303 is configured to establish a data source manager, and the data source manager maps the user group and the data source;
  • the allocation module 304 is configured to, when a user access request is received, the data source manager allocates a data source corresponding to the user group where the user is located according to the user information in the request so that the user can connect to the corresponding The data sub-database for data access.
  • the database is divided into multiple data sub-databases according to user groups by the database dividing module 301, and one data sub-database corresponds to one user group to isolate data of different user groups.
  • the data source allocation module 302 allocates data sources to the data sub-database.
  • the data source is a channel connecting users in the user group and the corresponding data sub-database, and one of the data sources corresponds to one data sub-database. , Allow users to have a single access to the database, and further ensure data security.
  • the data source management module 303 establishes a data source manager, and the data source manager maps the user group and the data source.
  • the data source manager allocates a piece of the data source corresponding to the user group where the user is located according to the user information in the request, so that the user is connected to the corresponding data distribution.
  • the library performs data access.
  • the embodiment of the application divides the database for different user groups, one user group corresponds to a data sub-database, and each data sub-database is configured with a data source, and a data source manager is set to allocate corresponding data sources to users and corresponding data. Sub-library connection.
  • the data source manager stores its user information for the corresponding data sub-database, and associates the user group and all users with the data source.
  • the user accesses the database, it can only be accessed through its corresponding data source.
  • Corresponding data sub-database single access to the database, thereby improving data security. In addition, through a single access method, there is no need to poll all data sub-databases, and the data access efficiency is high.
  • the database dividing module 301 is specifically configured to divide the database into multiple data sub-databases according to user groups, that is, horizontally divide the database into multiple sub-databases, and distribute the data to different DBs.
  • the storage space of the data sub-database is allocated or expanded according to the amount of users of the user group.
  • the setting is made according to the number of users of the user group.
  • one of the data sub-databases corresponds to multiple data sources, and one data source can only correspond to one data sub-database, and the data sub-databases use any one of the corresponding data sources. Establish a connection with the user.
  • the data source management module 303 is specifically used to manage data sources, which maps the user group and all users, the data source, and the data sub-database. According to the mapping relationship, a data source corresponding to the user is allocated to connect to the data sub-database corresponding to the user group where the user is located. Further, in this embodiment, when the data source manager is established and the user groups and data sources are mapped, all data sources corresponding to the data sub-database and the user groups corresponding to the data sub-database are first obtained. All user information; based on the user group, user information, and the data source, a mapping table is established. Wherein, the mapping table maps the correspondence between the user group and all users, the data source, and the data sub-database.
  • the allocation module 304 When the allocation module 304 receives the user's access request, according to the mapping table, the data source manager allocates a corresponding data source to the user to connect it to the corresponding data sub-database. Further, when the data source manager allocates the data source, according to the user information carried in the access request, the user group corresponding to the user is searched from the mapping table, and the data source manager is based on The user group is allocated a corresponding data source, so that the user is connected to the data sub-database corresponding to the data source. Specifically, the access request includes the user account and login password of the requesting user.
  • the data source manager Upon receiving the user access request, the data source manager traverses the mapping table to verify whether the user account and login password of the requesting user exist In the mapping table; if it exists, the verification is passed, the user group where the requesting user is located is searched, and the data source is allocated according to the mapping relationship between the user group and the data source to connect to the corresponding data sub-database. data access.
  • the user information includes user accounts and user passwords of all users in the user group, and when the mapping table is traversed to verify whether the user accounts and user passwords of the requesting user exist in the mapping table, First, verify whether the account of the requesting user matches any user account in the mapping table, and when it matches one of the user accounts, continue to verify whether the login password of the requesting user matches the user password corresponding to the user account Match, if it matches, the verification is passed, the user group where the requesting user is located is searched, a corresponding data source is allocated to establish a connection with the data sub-database, and a session is created for data access.
  • the data source management module 303 includes:
  • the information acquisition unit is used to acquire all data sources corresponding to the data sub-database and all user information in the user group corresponding to the data sub-database;
  • the mapping unit is used to establish a mapping table based on user groups, user information and data sources.
  • the allocation module 304 includes:
  • the verification unit is used to traverse the mapping table and verify whether the user account and login password of the requesting user exist in the mapping table;
  • connection unit is used for passing the verification if it exists, finding the user group where the requesting user is located, and assigning a data source according to the mapping relationship between the user group and the data source to connect to the corresponding data sub-database for data access.
  • FIG. 4 is a block diagram of the basic structure of the computer device in this embodiment.
  • the computer device 4 includes a memory 41, a processor 42, and a network interface 43 that are connected to each other in communication through a system bus. It should be pointed out that the figure only shows the computer device 4 with components 41-43, but it should be understood that it is not required to implement all the shown components, and more or fewer components may be implemented instead. Among them, those skilled in the art can understand that the computer device here is a device that can automatically perform numerical calculation and/or information processing in accordance with pre-set or stored instructions.
  • Its hardware includes, but is not limited to, a microprocessor, a dedicated Integrated Circuit (Application Specific Integrated Circuit, ASIC), Programmable Gate Array (Field-Programmable Gate Array, FPGA), Digital Processor (Digital Signal Processor, DSP), embedded equipment, etc.
  • ASIC Application Specific Integrated Circuit
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • DSP Digital Processor
  • the computer device may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server.
  • the computer device can interact with the user through a keyboard, a mouse, a remote control, a touch panel, or a voice control device.
  • the memory 41 includes at least one type of non-volatile readable storage medium, and the non-volatile readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), Random access memory (RAM), static random access memory (SRAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disk, optical disk Wait.
  • the memory 41 may be an internal storage unit of the computer device 4, such as a hard disk or memory of the computer device 4.
  • the memory 41 may also be an external storage device of the computer device 4, for example, a plug-in hard disk equipped on the computer device 4, a smart memory card (Smart Media Card, SMC), and a secure digital (Secure Digital, SD) card, flash card (Flash Card), etc.
  • the memory 41 may also include both the internal storage unit of the computer device 4 and its external storage device.
  • the memory 41 is generally used to store an operating system and various application software installed in the computer device 4, such as computer-readable instructions for a data isolation method.
  • the memory 41 can also be used to temporarily store various types of data that have been output or will be output.
  • the processor 42 may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor, or other data processing chips in some embodiments.
  • the processor 42 is generally used to control the overall operation of the computer device 4.
  • the processor 42 is configured to execute computer-readable instructions stored in the memory 41 or process data, for example, computer-readable instructions for executing the data isolation method.
  • the network interface 43 may include a wireless network interface or a wired network interface, and the network interface 43 is generally used to establish a communication connection between the computer device 4 and other electronic devices.
  • This application also provides another implementation manner, that is, to provide a computer non-volatile readable storage medium, the computer non-volatile readable storage medium stores data isolation computer readable instructions, and the data isolation computer
  • the readable instructions may be executed by at least one processor, so that the at least one processor executes the steps of the data isolation method described above.
  • the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to enable a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method described in each embodiment of the present application.
  • a terminal device which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

L'invention concerne un procédé et un appareil d'isolation de données, un dispositif informatique et un support de stockage. Au moyen de la division d'une base de données pour différents groupes d'utilisateurs, un groupe d'utilisateurs correspond à une sous-base de données et chaque sous-base de données est configurée avec des sources de données. Un gestionnaire de sources de données est prévu de manière à attribuer une source de données correspondante à un utilisateur pour se connecter à une sous-base de données correspondante. Le gestionnaire de sources de données stocke des informations d'utilisateur associées pour des sous-bases de données correspondantes, et associe et met en correspondance les groupes d'utilisateurs et tous les utilisateurs associés avec les sources de données. Lorsqu'un utilisateur accède à la base de données, la sous-base de données correspondante peut uniquement être accessible au moyen de sources de données correspondant à celle-ci, et des données sont isolées par un accès unique à la base de données, ce qui permet d'améliorer et d'assurer la sécurité des données. De plus, au moyen d'un accès unique, il n'est pas nécessaire d'interroger toutes les sous-bases de données, et l'efficacité d'accès aux données est élevée.
PCT/CN2019/117739 2019-09-18 2019-11-13 Procédé et appareil d'isolation de données, dispositif informatique et support de stockage WO2021051569A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910882021.3A CN110851853B (zh) 2019-09-18 2019-09-18 一种数据隔离方法、装置、计算机设备及存储介质
CN201910882021.3 2019-09-18

Publications (1)

Publication Number Publication Date
WO2021051569A1 true WO2021051569A1 (fr) 2021-03-25

Family

ID=69594940

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/117739 WO2021051569A1 (fr) 2019-09-18 2019-11-13 Procédé et appareil d'isolation de données, dispositif informatique et support de stockage

Country Status (2)

Country Link
CN (1) CN110851853B (fr)
WO (1) WO2021051569A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111597156B (zh) * 2020-05-13 2023-05-23 中国民航信息网络股份有限公司 民航数据处理方法、装置、电子设备及存储介质
WO2023015482A1 (fr) * 2021-08-11 2023-02-16 Nokia Shanghai Bell Co., Ltd. Isolement de données de gestion

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103488644A (zh) * 2012-06-12 2014-01-01 联想(北京)有限公司 进行数据存储的方法及数据库系统
CN105045897A (zh) * 2015-07-31 2015-11-11 华为软件技术有限公司 支持数据库扩容的业务处理系统及方法
CN106302640A (zh) * 2016-07-27 2017-01-04 乐视控股(北京)有限公司 数据请求处理方法及装置
CN107682397A (zh) * 2017-08-28 2018-02-09 平安科技(深圳)有限公司 客户资源获取方法、装置、终端设备及存储介质
CN108520004A (zh) * 2018-03-12 2018-09-11 舟谱数据技术南京有限公司 基于方法参数切面多租户数据源切换系统
CN109388631A (zh) * 2018-10-11 2019-02-26 山东浪潮通软信息科技有限公司 一种多租户的数据库分库实现方法
CN109669946A (zh) * 2018-12-14 2019-04-23 中南设计集团(武汉)工程技术研究院有限公司 一种基于海量用户的复杂权限体系数据隔离系统及方法

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9081837B2 (en) * 2010-10-28 2015-07-14 Microsoft Technology Licensing, Llc Scoped database connections
CN102999607A (zh) * 2012-11-21 2013-03-27 深圳市捷顺科技实业股份有限公司 一种数据存储方法、数据访问方法以及相关装置
CN107203575B (zh) * 2016-03-18 2021-02-26 北京京东尚科信息技术有限公司 一种用于隔离多租户数据的系统、设备和方法
US10601804B2 (en) * 2017-12-11 2020-03-24 International Business Machines Corporation Provide access to data storage services in a network environment
CN109117659A (zh) * 2018-08-29 2019-01-01 广东恒电信息科技股份有限公司 一种多租户模式下的大数据安全隔离管理系统

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103488644A (zh) * 2012-06-12 2014-01-01 联想(北京)有限公司 进行数据存储的方法及数据库系统
CN105045897A (zh) * 2015-07-31 2015-11-11 华为软件技术有限公司 支持数据库扩容的业务处理系统及方法
CN106302640A (zh) * 2016-07-27 2017-01-04 乐视控股(北京)有限公司 数据请求处理方法及装置
CN107682397A (zh) * 2017-08-28 2018-02-09 平安科技(深圳)有限公司 客户资源获取方法、装置、终端设备及存储介质
CN108520004A (zh) * 2018-03-12 2018-09-11 舟谱数据技术南京有限公司 基于方法参数切面多租户数据源切换系统
CN109388631A (zh) * 2018-10-11 2019-02-26 山东浪潮通软信息科技有限公司 一种多租户的数据库分库实现方法
CN109669946A (zh) * 2018-12-14 2019-04-23 中南设计集团(武汉)工程技术研究院有限公司 一种基于海量用户的复杂权限体系数据隔离系统及方法

Also Published As

Publication number Publication date
CN110851853B (zh) 2024-07-09
CN110851853A (zh) 2020-02-28

Similar Documents

Publication Publication Date Title
CN111698228B (zh) 系统访问权限授予方法、装置、服务器及存储介质
WO2021197432A1 (fr) Procédé et appareil de routage de grappes de base de données
CN107920138B (zh) 一种用户统一标识生成方法、装置及系统
WO2017107414A1 (fr) Procédé et dispositif d'opération de fichier
US10673835B2 (en) Implementing single sign-on in a transaction processing system
US11586646B2 (en) Transforming data structures and data objects for migrating data between databases having different schemas
CN112702402A (zh) 基于区块链技术实现政务信息资源共享和交换的系统、方法、装置、处理器及其存储介质
WO2017161956A1 (fr) Système d'expansion de base de données, équipement et procédé d'expansion de base de données
US9654582B2 (en) Enhanced shared memory based communication driver for improved performance and scalability
WO2023193687A1 (fr) Procédé et appareil d'accès à une mémoire partagée, dispositif, et support de stockage
CN106933891A (zh) 访问分布式数据库的方法和分布式数据服务的装置
CN104866976A (zh) 面向多租户的管理信息系统
WO2021051569A1 (fr) Procédé et appareil d'isolation de données, dispositif informatique et support de stockage
US11750376B2 (en) Threshold scheme enabled symmetric key member deletion
WO2022011946A1 (fr) Procédé de prédiction de données, appareil, dispositif informatique et support de stockage
US20230208659A1 (en) Blockchain apparatus and method for mobile edge computing
CN115564438B (zh) 基于区块链的数字资源处理方法、装置、设备及存储介质
CN111291045A (zh) 服务隔离数据传输方法、装置、计算机设备及存储介质
WO2021232860A1 (fr) Procédé, appareil et système de communication
CN108062277B (zh) 一种电子凭据数据访问方法、装置及系统
CN110347654B (zh) 一种上线集群特性的方法和装置
CN116319027A (zh) 鉴权请求的生成方法、装置、电子设备及可读存储介质
CN115438333A (zh) 一种权限分配的方法和装置
WO2019052328A1 (fr) Procédé d'authentification pour compte anonyme, et serveur
CN114266072A (zh) 一种权限分配控制方法、装置、电子设备及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19945757

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19945757

Country of ref document: EP

Kind code of ref document: A1