A data processing method and device, electronic equipment, and storage medium
By monitoring data in real time and isolating it in stages within the cloud platform, the problem of inflexible data isolation in multi-tenant cloud platforms is solved, enabling more flexible data storage and access control to adapt to application expansion needs.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- AGRICULTURAL BANK OF CHINA
- Filing Date
- 2023-02-22
- Publication Date
- 2026-07-07
Smart Images

Figure CN116167082B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of software service technology, and in particular to a data processing method and apparatus, electronic device, and storage medium. Background Technology
[0002] Software as a Service (SaaS) is a technology that delivers software services over the internet, deploying multiple application software applications on a SaaS cloud platform. Tenants can subscribe to the required application software from the cloud platform based on their actual needs, and then use the subscribed software services through the cloud platform.
[0003] Since all tenants share the same application suite, it's necessary to separate the data used by tenants through the cloud platform from the application itself. Furthermore, data between different tenants needs to be isolated to ensure that multiple tenants can use applications on the cloud platform without interfering with each other. Currently, tenant data isolation primarily occurs during tenant creation. A specific data isolation policy is generated for each tenant based on the applications deployed on the cloud platform and stored in the cloud platform's database to ensure data isolation across deployed applications. Therefore, when a tenant generates arbitrary data through the cloud platform, this data isolation policy can be used to store the generated data in the cloud platform's database.
[0004] However, the existing approach only considers the relationship between the cloud platform and the tenant when isolating data, and achieves data isolation between different tenants. Furthermore, the data isolation strategy is based on the application settings when the tenant is created. When adding a new application, the corresponding requirement information needs to be adjusted. Therefore, the existing approach is not flexible enough and is not convenient for application expansion. Summary of the Invention
[0005] In view of the shortcomings of the prior art, this application provides a data processing method and apparatus, electronic device and storage medium to solve the problems that the prior art is not flexible enough and is not convenient for application expansion.
[0006] To achieve the above objectives, this application provides the following technical solution:
[0007] The first aspect of this application provides a data processing method, including:
[0008] Real-time monitoring of data generated by target tenants through the cloud platform;
[0009] When data generated by the target tenant through the cloud platform is detected, which is cloud platform data generated by the cloud platform itself when the target tenant is using the cloud platform, the cloud platform data isolation strategy corresponding to the target tenant is determined from the cloud platform's database.
[0010] According to the cloud platform data isolation policy corresponding to the target tenant, the currently generated cloud platform data is stored in the cloud platform's database;
[0011] When data generated by the target tenant through the cloud platform is detected, and the application data generated by the application is when the target tenant is using any application in the cloud platform, the application data generated by the application is stored in the database of the current application according to the application data isolation strategy of the current application; wherein, the current application refers to the application that currently generates the application data.
[0012] Optionally, in the above data processing method, storing the currently generated application data in the database of the current application according to the application data isolation strategy of the current application includes:
[0013] The application data isolation strategy corresponding to the target tenant is determined from the application data isolation strategies of the current application stored in the database of the current application.
[0014] According to the application data isolation strategy corresponding to the target tenant, the currently generated application data is stored in the database of the current application.
[0015] Optionally, in the above data processing method, storing the currently generated application data in the database of the current application according to the application data isolation strategy corresponding to the target tenant includes:
[0016] The currently generated application data is stored in the database corresponding to the target tenant in each database of the current application.
[0017] Optionally, in the above data processing method, storing the currently generated application data in the database of the current application according to the application data isolation strategy corresponding to the target tenant includes:
[0018] The currently generated application data is stored in the data table corresponding to the target tenant in the database of the current application.
[0019] Optionally, in the above data processing method, storing the currently generated application data in the database of the current application according to the application data isolation strategy corresponding to the target tenant includes:
[0020] The currently generated application data is stored in the target data table of the current application's database.
[0021] Optionally, the above data processing method further includes:
[0022] Receive the target tenant's current target data access request;
[0023] If the current target data is cloud platform data stored in the database of the cloud platform, then the cloud platform permission information of the target tenant is extracted from the database of the cloud platform.
[0024] Based on the cloud platform permission information of the target tenant, determine whether the target tenant has permission to access the target data;
[0025] If the current target data is stored in the application data in the database of any of the applications in the cloud platform, then the cloud platform permission information of the target tenant is extracted from the database of the cloud platform, and the application permission information of the target tenant is extracted from the database of the application.
[0026] Based on the cloud platform permission information and application permission information of the target tenant, determine whether the target tenant has permission to access the target data;
[0027] If it is determined that the target tenant has permission to access the target data, then the target data is returned to the target tenant.
[0028] A second aspect of this application provides a data processing apparatus, comprising:
[0029] The monitoring unit is used to monitor the data generated by the target tenant through the cloud platform in real time;
[0030] The first determining unit is used to determine the cloud platform data isolation strategy corresponding to the target tenant from the cloud platform's database when it detects data generated by the target tenant through the cloud platform, which is cloud platform data generated by the cloud platform itself when the target tenant uses the cloud platform.
[0031] The cloud platform isolation unit is used to store the currently generated cloud platform data into the cloud platform's database according to the cloud platform data isolation strategy corresponding to the target tenant.
[0032] The application isolation unit is used to detect data generated by the target tenant through the cloud platform, which is application data generated by the application when the target tenant uses any application in the cloud platform, and to store the currently generated application data in the database of the current application according to the application data isolation strategy of the current application; wherein, the current application refers to the application that currently generates the application data.
[0033] Optionally, in the above-described data processing apparatus, the application isolation unit includes:
[0034] The second determining unit is used to determine the application data isolation strategy corresponding to the target tenant from the application data isolation strategies of the current application stored in the database of the current application.
[0035] An application storage unit is used to store the currently generated application data in the database of the current application according to the application data isolation strategy corresponding to the target tenant.
[0036] Optionally, in the above-described data processing apparatus, the application storage unit includes:
[0037] The first application storage subunit stores the currently generated application data in the database corresponding to the target tenant in each database of the current application.
[0038] Optionally, in the above-described data processing apparatus, the application storage unit includes:
[0039] The second application storage subunit stores the currently generated application data in the data table corresponding to the target tenant in the database of the current application.
[0040] Optionally, in the above-described data processing apparatus, the application storage unit includes:
[0041] The third application storage subunit stores the currently generated application data in the target data table of the current application's database.
[0042] Optionally, the above-mentioned data processing apparatus further includes:
[0043] A receiving unit is configured to receive the current target data access request from the target tenant;
[0044] The first extraction unit is used to extract the cloud platform permission information of the target tenant from the cloud platform's database when the current target data is cloud platform data stored in the database of the cloud platform.
[0045] The first judgment unit is used to determine whether the target tenant has the permission to access the target data based on the cloud platform permission information of the target tenant.
[0046] The second extraction unit is used to extract the cloud platform permission information of the target tenant from the cloud platform database and the application permission information of the target tenant from the application database when the current target data is stored in the application data of any one of the applications in the cloud platform.
[0047] The second judgment unit is used to determine whether the target tenant has the permission to access the target data based on the cloud platform permission information and the application permission information of the target tenant.
[0048] The feedback unit is used to feed back the target data to the target tenant when it is determined that the target tenant has the permission to access the target data.
[0049] A third aspect of this application provides an electronic device, comprising:
[0050] Memory and processor;
[0051] The memory is used to store programs;
[0052] The processor is used to execute the program, which, when executed, is specifically used to implement the data processing method as described in any of the above.
[0053] A fourth aspect of this application provides a computer storage medium for storing a computer program, which, when executed, implements the data processing method as described in any of the preceding claims.
[0054] This application provides a data processing method that monitors data generated by a target tenant through a cloud platform in real time. When data generated by a target tenant through the cloud platform is detected as cloud platform data generated by the cloud platform itself while the target tenant is using the cloud platform, the method determines the cloud platform data isolation policy corresponding to the target tenant from the cloud platform's database and stores the currently generated cloud platform data in the cloud platform's database according to the target tenant's corresponding cloud platform data isolation policy. When data generated by a target tenant through the cloud platform is detected as application data generated by any application within the cloud platform, the method stores the currently generated application data in the current application's database according to the current application's application data isolation policy. Here, "current application" refers to the application that is currently generating the application data. By isolating cloud platform data through the cloud platform and isolating application data through each application, two-stage data isolation is achieved. This considers not only the relationship between the platform and the tenant but also the relationship between the platform and applications, making data isolation more flexible. Furthermore, because the data isolation is divided into two stages, with each application responsible for its own data isolation, policy configuration is no longer based on existing deployments of individual applications, making application expansion easier. Attached Figure Description
[0055] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only embodiments of this application. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.
[0056] Figure 1 A flowchart illustrating a data processing method provided in an embodiment of this application;
[0057] Figure 2 A logical diagram illustrating data isolation provided in an embodiment of this application;
[0058] Figure 3 A flowchart illustrating a method for storing currently generated application data into the database of the current application, as provided in an embodiment of this application;
[0059] Figure 4 A schematic diagram illustrating example data physical isolation provided for an embodiment of this application;
[0060] Figure 5 A flowchart illustrating a data access control method provided in an embodiment of this application;
[0061] Figure 6 This is a schematic diagram of the architecture of a data processing device provided in an embodiment of this application;
[0062] Figure 7 This is a schematic diagram of the architecture of an electronic device provided in an embodiment of this application. Detailed Implementation
[0063] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0064] In this application, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.
[0065] This application provides a data processing method, such as... Figure 1 As shown, the specific steps include:
[0066] S101. Real-time monitoring of data generated by target tenants through the cloud platform.
[0067] The target tenant refers to any single tenant.
[0068] It should be noted that, in this embodiment, the data generated by the cloud platform mainly includes cloud platform data generated by the cloud platform itself and application data generated by the application when the tenant uses the application on the cloud platform. Specifically, cloud platform data refers to data generated by the cloud platform about the tenant, such as basic information like the tenant's login information, platform permission information, relationships between tenants, and information about the application services the tenant subscribed to. Application data, on the other hand, refers to data generated by the application during user usage, such as the user's login information and application permission information.
[0069] Therefore, alternatively, real-time monitoring of data generated by the target tenant through the cloud platform can be achieved by the cloud platform detecting cloud platform data generated on the cloud platform, or by each application monitoring the application data generated on its own platform.
[0070] S102. Whether the data generated by the target tenant through the cloud platform is cloud platform data.
[0071] It should be noted that, in this embodiment, a two-stage data isolation is employed. The cloud platform performs the first stage of data isolation, which isolates only the cloud platform data generated by the cloud platform itself when the tenant uses the cloud platform. The various applications on the cloud platform perform the second stage of data isolation, which isolates the data of the tenant wiping sweat within the application, and the data isolation of each application does not affect each other.
[0072] Therefore, when it is detected that the data generated by the target tenant through the cloud platform is cloud platform data, that is, when it is detected that the data generated by the target tenant through the cloud platform is cloud platform data generated by the cloud platform itself when the target tenant uses the cloud platform, then step S103 is executed. Optionally, more specifically, step S103 can be executed when the cloud platform detects that it itself generates cloud platform data.
[0073] Since the monitored data includes both cloud platform data and application data, the data generated by the target tenant through the cloud platform is not actually cloud platform data. This indicates that the data generated by the target tenant through the cloud platform is application data, meaning that the data generated by the target tenant through the cloud platform is application data generated when the target tenant uses any application within the cloud platform. In this case, step S105 is executed. Optionally, more specifically, step S105 is executed when any application detects that it is generating its own application data.
[0074] S103. Determine the cloud platform data isolation strategy corresponding to the target tenant from the cloud platform's database.
[0075] Specifically, based on the target tenant's identification information or login information, such as the tenant's name or account, the cloud platform data isolation policy corresponding to the target tenant is found.
[0076] It should be noted that when a new tenant is created on the cloud platform, the corresponding relationship between the target tenants needs to be created, which generates cloud platform data for the target tenant. At this time, the cloud platform performs initial data isolation on the cloud platform data generated by the target tenant based on the relationship between the tenants. Furthermore, when new cloud platform data is generated or the cloud platform data is changed in the future, corresponding data isolation will also be performed.
[0077] Specifically, in the implementation of this application, different data isolation strategies are adopted for different tenants. Therefore, it is necessary to determine the cloud platform data isolation strategy corresponding to the target tenant from the cloud platform database in order to further execute step S103.
[0078] It should also be noted that, since the cloud platform only isolates the cloud platform data it generates in this embodiment, it does not need to consider the applications deployed on the cloud platform. Therefore, it is no longer necessary to configure the cloud platform data isolation strategy corresponding to the target tenant based on the applications deployed on the cloud platform in order to meet the data isolation requirements of each application.
[0079] S104. According to the cloud platform data isolation policy corresponding to the target tenant, store the currently generated cloud platform data in the cloud platform database.
[0080] It should be noted that regarding the storage of tenant's cloud platform data, such as... Figure 2As shown, at the logical level, the cloud platform data of each tenant needs to be stored in isolation.
[0081] Optionally, since each tenant's cloud platform data is typically relatively small, at the physical level, the cloud platform data of all tenants is usually stored in the same cloud platform database, i.e., a shared cloud platform database. Furthermore, the cloud platform data of each tenant can be stored in different data tables, or it can be stored in the same data table.
[0082] Of course, each tenant's cloud platform data can also be stored in a different cloud platform database, or other strategies can be adopted.
[0083] S105. According to the application data isolation strategy of the current application, store the currently generated application data in the database of the current application.
[0084] Here, "current application" refers to the application that is currently generating application data.
[0085] Optionally, the application data isolation strategy is configured based on the cloud platform's data isolation strategy to achieve data isolation while meeting the cloud platform's rules. Furthermore, different application data isolation strategies are configured based on the different business functional requirements of each application. Therefore, in this embodiment, when adding a new application, its corresponding application data isolation strategy can be directly configured based on the application's functional needs, building upon the cloud platform's data isolation strategy, making application expansion on the cloud platform more convenient.
[0086] Optionally, in another embodiment of this application, one specific implementation of step S105 is as follows: Figure 3 As shown, it specifically includes:
[0087] S301. Determine the application data isolation strategy corresponding to the target tenant from the application data isolation strategies of the current application stored in the database of the current application.
[0088] It should be noted that in this embodiment, not only are different application data isolation strategies configured for different applications, but also different application data isolation strategies are configured for different tenants in the same application. Therefore, when it is necessary to isolate the application data of the target tenant, it is necessary to determine the application data isolation strategy corresponding to the target tenant from the application data isolation strategies of the current application stored in the database of the current application.
[0089] S302. According to the application data isolation strategy corresponding to the target tenant, store the currently generated application data in the database of the current application.
[0090] Optionally, in another embodiment of this application, a specific implementation of step S302 includes:
[0091] The currently generated application data is stored in the database corresponding to the target tenant in each database of the current application.
[0092] In this embodiment of the application, each target tenant has a corresponding application database, thereby achieving data isolation by storing the application data of different tenants in different databases.
[0093] Optionally, in another embodiment of this application, another specific implementation of step S302 specifically includes:
[0094] The currently generated application data is stored in the data table corresponding to the target tenant in the database of the current application.
[0095] In this embodiment, each tenant shares a database, but different tenants correspond to different data tables. Data isolation is achieved by storing the application data of different tenants in different data tables.
[0096] Optionally, in another embodiment of this application, step S302 may be further described as follows:
[0097] The currently generated application data is stored in the latest generated data table in the current application's database.
[0098] In this embodiment of the application, the application data of each tenant shares a data table, and then the ownership of the application data of different tenants is realized through data model or program design, thereby realizing the isolation of multi-tenant shared data.
[0099] It should be noted that, in the embodiments of this application, not only can the cloud platform and the application store data in different ways, but different applications can also use different physical methods for data isolation, for example, such as Figure 4 The examples shown illustrate how cloud platform databases employ a shared database table approach to implement multi-tenant data isolation strategies. This means all tenants' data on the cloud platform is stored in the same table within the database. Application 1 uses an independent database multi-tenant data isolation strategy, where each tenant uses its own independent database. Application 2 uses a shared database but independent tables, meaning each tenant uses a separate database table within the same database. Application 3 uses a shared table multi-tenant data isolation strategy, where all tenants' application data is stored in a single database table.
[0100] It should also be noted that the databases between the cloud platform and applications, or between different applications, can be different databases or they can share the same database. That is, there can be overlap between the databases of the cloud platform and applications, or between different applications.
[0101] Based on the isolated storage of cloud platform data and application data in two stages, access to the data can also be controlled in two stages accordingly. Optionally, such as Figure 5 As shown in the embodiment of this application, a data access control method includes:
[0102] S501, Receive the access request for the current target data of the target tenant.
[0103] The access request must include at least the identification information of the current target data.
[0104] S502. Determine whether the current target data is cloud platform data stored in the database of the cloud platform.
[0105] If it is determined that the current target data is cloud platform data stored in the database of the cloud platform, then step S503 is executed. If it is determined that the current target data is not cloud platform data stored in the database of the cloud platform, that is, if it is determined that the current target data is application data stored in the database of any application in the cloud platform, then step S505 is executed.
[0106] S503. Extract the target tenant's cloud platform permission information from the cloud platform's database.
[0107] S504. Based on the target tenant's cloud platform permission information, determine whether the target tenant has permission to access the target data.
[0108] Since the data to be accessed is cloud platform data stored in the cloud platform, it is only necessary to determine whether the target tenant has the permission to access the target data based on the cloud platform permission information.
[0109] If it is determined that the target tenant has permission to access the target data, then step S507 is executed.
[0110] S505. Extract the target tenant's cloud platform permission information from the cloud platform's database, and extract the target tenant's application permission information from the application's database.
[0111] S506. Based on the target tenant's cloud platform permission information and application permission information, determine whether the target tenant has permission to access the target data.
[0112] Since the data to be accessed is application data stored in the application, it needs to go through the cloud platform and the application. Therefore, based on the cloud platform's permission information, it is necessary to determine whether the target tenant has the permission to access the target data.
[0113] If it is determined that the target tenant has permission to access the target data, then step S507 is executed.
[0114] S507. Feed back the target data to the target tenant.
[0115] This application provides a data processing method that monitors data generated by a target tenant through a cloud platform in real time. When data generated by a target tenant through the cloud platform is detected, specifically cloud platform data generated by the cloud platform itself while the target tenant is using the cloud platform, the cloud platform data isolation policy corresponding to the target tenant is determined from the cloud platform's database. The generated cloud platform data is then stored in the cloud platform's database according to this policy. When data generated by a target tenant through the cloud platform is detected, specifically application data generated by any application within the cloud platform, the generated application data is stored in the current application's database according to the current application's application data isolation policy. Here, "current application" refers to the application currently generating the application data. By isolating cloud platform data through the cloud platform and isolating application data through each application, two-stage data isolation is achieved. This considers not only the relationship between the platform and the tenant but also the relationship between the platform and applications, making data isolation more flexible. Furthermore, because data isolation is divided into two stages, with each application responsible for its own data isolation, policy configuration is no longer based on existing applications, facilitating application expansion.
[0116] Another embodiment of this application provides a data processing apparatus, such as... Figure 6 As shown, it includes the following units:
[0117] Monitoring unit 601 is used to monitor data generated by the target tenant through the cloud platform in real time.
[0118] The first determining unit 602 is used to determine the cloud platform data isolation strategy corresponding to the target tenant from the cloud platform's database when it detects data generated by the target tenant through the cloud platform, which is cloud platform data generated by the cloud platform itself when the target tenant uses the cloud platform.
[0119] The cloud platform isolation unit 603 is used to store the currently generated cloud platform data in the cloud platform database according to the cloud platform data isolation strategy corresponding to the target tenant.
[0120] Application isolation unit 604 is used to detect data generated by a target tenant through the cloud platform. When the target tenant uses any application in the cloud platform, the application data generated by the application is stored in the database of the current application according to the application data isolation strategy of the current application.
[0121] Here, "current application" refers to the application that is currently generating application data.
[0122] Optionally, in another embodiment of the data processing apparatus provided in this application, an isolation unit is applied, including:
[0123] The second determining unit is used to determine the application data isolation strategy corresponding to the target tenant from the application data isolation strategies of the current application stored in the database of the current application.
[0124] The application storage unit is used to store the currently generated application data in the database of the current application according to the application data isolation strategy corresponding to the target tenant.
[0125] Optionally, in another embodiment of the data processing apparatus provided in this application, a storage unit is used, including:
[0126] The first application storage subunit stores the currently generated application data into the database corresponding to the target tenant in each database of the current application.
[0127] Optionally, in another embodiment of the data processing apparatus provided in this application, a storage unit is used, including:
[0128] The second application storage subunit stores the currently generated application data into the data table corresponding to the target tenant in the current application's database.
[0129] Optionally, in another embodiment of the data processing apparatus provided in this application, a storage unit is used, including:
[0130] The third application storage subunit stores the currently generated application data into the target data table in the current application's database.
[0131] Optionally, in another embodiment of the data processing apparatus provided in this application, the apparatus further includes:
[0132] The receiving unit is used to receive access requests for the current target data from the target tenant.
[0133] The first extraction unit is used to extract the target tenant's cloud platform permission information from the cloud platform's database when the current target data is cloud platform data stored in the cloud platform's database.
[0134] The first judgment unit is used to determine whether the target tenant has the permission to access the target data based on the target tenant's cloud platform permission information.
[0135] The second extraction unit is used to extract the target tenant's cloud platform permission information from the cloud platform's database and the target tenant's application permission information from the application's database when the current target data is stored in the application data of any application in the cloud platform.
[0136] The second judgment unit is used to determine whether the target tenant has the permission to access the target data based on the target tenant's cloud platform permission information and the target tenant's application permission information.
[0137] The feedback unit is used to return the target data to the target tenant when it is determined that the target tenant has the permission to access the target data.
[0138] It should be noted that the specific working process of each unit provided in the above embodiments of this application can be referred to the specific implementation of the corresponding steps in the above method embodiments, and will not be repeated here.
[0139] Another embodiment of this application provides an electronic device, such as... Figure 7 As shown, it includes:
[0140] Memory 701 and processor 702.
[0141] The memory 701 is used to store the program.
[0142] The processor 702 is used to execute the program stored in the memory 701. When the program is executed, it is specifically used to implement the data processing method provided in any of the above embodiments.
[0143] Another embodiment of this application provides a computer storage medium for storing a computer program, which, when executed, implements the data processing method provided in any of the above embodiments.
[0144] Computer storage media, including both permanent and non-permanent, removable and non-removable media, can store information using any method or technology. Information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.
[0145] Those skilled in the art will further recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both. To clearly illustrate the interchangeability of hardware and software, the components and steps of the various examples have been generally described in terms of functionality in the foregoing description. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
[0146] The above description of the disclosed embodiments enables those skilled in the art to make or use this application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of this application. Therefore, this application is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims
1. A data processing method, characterized in that, include: Real-time monitoring of data generated by target tenants through the cloud platform; When data generated by the target tenant through the cloud platform is detected, which is cloud platform data generated by the cloud platform itself when the target tenant is using the cloud platform, the cloud platform data isolation strategy corresponding to the target tenant is determined from the cloud platform's database. According to the cloud platform data isolation policy corresponding to the target tenant, the currently generated cloud platform data is stored in the cloud platform's database; When data generated by the target tenant through the cloud platform is detected, and it is found that the target tenant is using any application on the cloud platform, the application data generated by that application is stored in the database of the current application according to the application data isolation strategy of the current application; wherein, the current application refers to the application that is currently generating the application data. The step of storing the currently generated application data in the database of the current application according to the application data isolation strategy of the current application includes: The application data isolation strategy corresponding to the target tenant is determined from the application data isolation strategies of the current application stored in the database of the current application. According to the application data isolation strategy corresponding to the target tenant, the currently generated application data is stored in the database of the current application.
2. The method according to claim 1, characterized in that, The step of storing the currently generated application data in the database of the current application according to the application data isolation strategy corresponding to the target tenant includes: The currently generated application data is stored in the database corresponding to the target tenant in each database of the current application.
3. The method according to claim 1, characterized in that, The step of storing the currently generated application data in the database of the current application according to the application data isolation strategy corresponding to the target tenant includes: The currently generated application data is stored in the data table corresponding to the target tenant in the database of the current application.
4. The method according to claim 1, characterized in that, The step of storing the currently generated application data in the database of the current application according to the application data isolation strategy corresponding to the target tenant includes: The currently generated application data is stored in the target data table of the current application's database.
5. The method according to claim 1, characterized in that, Also includes: Receive the target tenant's current target data access request; If the current target data is cloud platform data stored in the database of the cloud platform, then the cloud platform permission information of the target tenant is extracted from the database of the cloud platform. Based on the cloud platform permission information of the target tenant, determine whether the target tenant has permission to access the target data; If the current target data is stored in the application data in the database of any of the applications in the cloud platform, then the cloud platform permission information of the target tenant is extracted from the database of the cloud platform, and the application permission information of the target tenant is extracted from the database of the application. Based on the cloud platform permission information and application permission information of the target tenant, determine whether the target tenant has permission to access the target data; If it is determined that the target tenant has permission to access the target data, then the target data is returned to the target tenant.
6. A data processing apparatus, characterized in that, include: The monitoring unit is used to monitor the data generated by the target tenant through the cloud platform in real time; The first determining unit is used to determine the cloud platform data isolation strategy corresponding to the target tenant from the cloud platform's database when it detects data generated by the target tenant through the cloud platform, which is cloud platform data generated by the cloud platform itself when the target tenant uses the cloud platform. The cloud platform isolation unit is used to store the currently generated cloud platform data into the cloud platform's database according to the cloud platform data isolation strategy corresponding to the target tenant. The application isolation unit is used to detect data generated by the target tenant through the cloud platform, specifically application data generated by any application on the cloud platform when the target tenant is using such an application. The unit then stores the currently generated application data in the database of the current application, according to the application data isolation strategy of that application. The current application refers to the application currently generating the application data. The application isolation unit includes: The second determining unit is used to determine the application data isolation strategy corresponding to the target tenant from the application data isolation strategies of the current application stored in the database of the current application. An application storage unit is used to store the currently generated application data in the database of the current application according to the application data isolation strategy corresponding to the target tenant.
7. An electronic device, characterized in that, include: Memory and processor; The memory is used to store programs; The processor is used to execute the program, which, when executed, is specifically used to implement the data processing method as described in any one of claims 1 to 5.
8. A computer storage medium, characterized in that, Used to store a computer program, which, when executed, is used to implement the data processing method as described in any one of claims 1 to 5.