Data permission processing method, device and equipment

A technology of data rights and processing methods, applied in the computer field, can solve the problems of high system intrusion, strong coupling between rule logic and business code, and high cost of rights modification, and achieve the effect of solving strong coupling

Active Publication Date: 2020-07-10
杭州指令集智能科技有限公司 +1
View PDF11 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] This manual provides a data authority processing method, device and equipment, which are used to solve the problems in the prior art that the rule logic of data authority is strongly coupled with business code, highly intrusive to the system, and the cost of later authority modification is high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data permission processing method, device and equipment
  • Data permission processing method, device and equipment
  • Data permission processing method, device and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0053] Based on the above application scenario architecture, figure 2 Schematic flowchart of the data rights processing method provided by the embodiment of this specification Figure 1 , figure 2 methods in figure 1 The proxy layer in the implementation, such as figure 2 As shown, the method includes the following steps:

[0054] Step S102, determining the role identifier corresponding to the user who generates the original SQL statement through the business program.

[0055] Among them, the role identifier is used to represent the role category to which the user belongs. For example, in an enterprise, the role category can be divided based on the user's rank, for example, it can be divided into roles such as: employee, middle-level leader, senior leader, boss, etc. Each role corresponds to a unique Role ID. The role identifier corresponding to the user can be set in advance through user role mapping at the business layer.

[0056] When the user initiates a data acce...

Embodiment 2

[0068] This embodiment is on the basis of embodiment one, to figure 2 The data permission processing method shown in the figure is expanded and supplemented.

[0069] exist figure 2 In the method shown, the role rule base may include a role permission table and a permission rule table, the role permission table is used to identify the corresponding relationship between the role identifier and the data permission rule, and the permission rule table is used to store the rule content of the data permission rule;

[0070] Correspondingly, as image 3 As shown, the step S104 may include:

[0071] S104-2. Determine a data permission rule corresponding to the role identifier from the role permission table.

[0072] In the role permission table, each role identifier can correspond to at least one data permission rule, and only the corresponding relationship between the role identifier and the data permission rule is recorded in the role permission table. Since only this correspo...

Embodiment 3

[0101] corresponding to the above Figure 2 to Figure 7 The described data rights processing method is based on the same technical concept, and the embodiment of this specification also provides a data rights processing device. Figure 8 A schematic diagram of the module composition of the data rights processing device provided by the embodiment of this specification, the device is used to execute Figure 2 to Figure 7 Describe the data rights processing method, such as Figure 8 As shown, the device includes:

[0102] The role determination module 201 determines the corresponding role identification of the user who generates the original SQL statement through the business program;

[0103] The authority matching module 202, according to the role identifier, matches the data authority rule corresponding to the role identifier from the preset role rule library, and the role rule library includes a plurality of role identifiers and corresponding data authority rules;

[0104]...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a data permission processing method, device and equipment, and the method comprises the steps: determining a role identification corresponding to a user generating an original SQL statement through a business program; according to the role identifier, matching a data permission rule corresponding to the role identifier from a preset role rule base, whereinthe role rule base comprises a plurality of role identifiers and corresponding data permission rules; identifying the operation type of the original SQL statement, and adapting the operation permission of the role identifier under the operation type according to the data authority rule corresponding to the role identifier; if adaptation succeeds, selecting an permission filter corresponding to theoperation type, and performing permission filtering on the original SQL statement according to the data authority rule corresponding to the role identifier, so the problems of high rule logic and service code coupling of the data permission, high invasiveness to the system and high later permission change cost in the prior art are solved.

Description

technical field [0001] This document relates to the field of computers, in particular to a data rights processing method, device and equipment. Background technique [0002] Data authentication: Refers to verifying whether a user has the right to access system data. [0003] Traditional data authentication is mostly implemented through hard-coding by developers, that is, the rule logic of data permissions is coupled with business codes. This method will result in a strong coupling between the rule logic and the business code, and at the same time, it will be highly intrusive to the system, and the cost of later permission changes will be high. Contents of the invention [0004] This specification provides a data permission processing method, device and equipment to solve the problems in the prior art that the rule logic of data permission is strongly coupled with business code, highly intrusive to the system, and the cost of later permission modification is high. [0005...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/31
CPCG06F21/31G06F2221/2141Y02D10/00
Inventor 钱陈胜宋杨
Owner 杭州指令集智能科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap