Structured query statement processing method and device, electronic equipment and storage medium

By performing permission verification after generating structured query statements, the problem of permission rules interfering with intent understanding in existing technologies is solved. This enables the generation of accurate and secure query statements in fields with strict data security requirements, reducing the risk of data leakage.

CN122173523APending Publication Date: 2026-06-09BEIJING KINGSOFT CLOUD NETWORK TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING KINGSOFT CLOUD NETWORK TECH CO LTD
Filing Date
2026-03-05
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

In fields with stringent data security requirements, existing technologies, by embedding data security policies into prompts in large language models, increase the complexity of permission rules, interfere with the model's understanding of user intent, and rely on unreliable model self-discipline, thus posing a risk of data leakage.

Method used

After generating the initial structured query statement, permission verification is performed based on pre-configured permission rules, including table, column, and row permission verification. If the verification passes, the query statement is executed, and error information is returned to update or report the error, ensuring that the query is performed within the security boundary.

Benefits of technology

It achieves a balance between accuracy and security in data generation, reduces the risk of data leakage, and provides a basic framework for secure implementation in sensitive enterprise scenarios.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122173523A_ABST
    Figure CN122173523A_ABST
Patent Text Reader

Abstract

The present disclosure relates to a structured query statement processing method and device, electronic equipment and storage medium. By responding to a natural language question input by a user, an initial structured query statement is generated, the initial structured query statement is checked for permission based on a preconfigured permission rule, a permission check result is obtained, and in the case that the permission check result is a check pass, the initial structured query statement is executed and a processing result is returned. Compared with the prior art, the embodiments of the present disclosure solve the problem of interference of permission rules with intent understanding in the traditional scheme by generating an initial structured query statement first and then checking for permission, realize the unification of accuracy and safety and reliability, provide a basic framework for the safe landing of natural language to structured query statement technology in enterprise sensitive scenarios, and reduce the risk of data leakage.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to the field of computer technology, and in particular to a method, apparatus, electronic device, and storage medium for processing structured query statements. Background Technology

[0002] In applications based on Natural Language to Structured Query (NL2SQL), users describe their query intent in natural language, and a large language model automatically generates the corresponding structured query statement (SQL). This technology greatly simplifies database query operations and improves the ease of use of data analysis. However, in fields with strict data security requirements (such as healthcare and finance), it is necessary to ensure that the generated structured query statement only accesses data within the user's authorized scope to prevent information leakage.

[0003] Currently, the mainstream solution is to embed data security policies as text into the prompts of a large language model, using these prompts to constrain SQL generation. However, this approach has significant drawbacks: First, complex permission rules can drastically increase the length and complexity of the prompts, interfering with the model's understanding of the user's original intent and thus reducing the accuracy of generated queries. Second, relying solely on the self-discipline of the large language model to implement permission control is unreliable; the model may generate queries that bypass security policies, posing a risk of data leakage. Summary of the Invention

[0004] To address the aforementioned technical problems, this disclosure provides a method, apparatus, electronic device, and storage medium for processing structured query statements.

[0005] In a first aspect, embodiments of this disclosure provide a method for processing structured query statements, the method comprising: In response to a natural language question input by the user, an initial structured query statement is generated; The initial structured query statement is validated based on pre-configured permission rules to obtain the permission validation result; If the permission verification result is successful, the initial structured query statement is executed and the processing result is returned.

[0006] In some embodiments, the permission verification of the initial structured query statement based on pre-configured permission rules to obtain the permission verification result includes: The initial structured query statement is parsed into a syntax tree, and the data table to be accessed and the fields of the data table to be accessed are traversed from the syntax tree. Based on the pre-configured permission rules, permission verification is performed on the data table and its fields to obtain the permission verification result.

[0007] In some embodiments, the permission verification includes table permission verification, column permission verification, and row permission verification; The permission verification of the data table and its fields includes: Perform table permission verification on the data table to obtain the table permission verification result; If the table permission check passes, then perform column permission check on the data table fields to obtain the column permission check results; If the column permission check passes, then the row permission check is performed on the data table and the data table fields to obtain the row permission check result.

[0008] In some embodiments, performing table permission verification on the data table to obtain the table permission verification result includes: Verify whether the user has access permissions to the data table; If the user does not have access to the data table, a table permission error message is generated, which indicates that access to the data table is missing.

[0009] In some embodiments, performing column permission verification on the data table fields to obtain column permission verification results includes: Verify whether the user has column permissions to access the fields in the data table; If the user has column permissions to access the data table field and the data table field is configured with a de-identification function, then the initial structured query statement is modified based on the de-identification function to obtain the target structured query statement; If the user does not have column permissions to access the data table field, a column permission error message is generated, which indicates that the user lacks column permissions for the data table field.

[0010] In some embodiments, performing row permission verification on the data table and its fields to obtain the row permission verification result includes: Identify whether the data table is associated with row permission rules; If the data table is associated with the row permission rule, then check whether the data table fields contain the filter field corresponding to the row permission rule; If the data table does not contain the filter field, a row permission error message is generated, which indicates that the filter field is missing.

[0011] In some embodiments, the method further includes: If the permission verification result is that the verification fails, the permission error information in the permission verification result will be fed back to the large language model. The large language model updates the initial structured query statement based on the permission error information and returns to the step of performing permission verification, or reports an error to the user based on the permission error information.

[0012] Secondly, embodiments of this disclosure provide a structured query statement processing apparatus, the apparatus comprising: The generation module is used to generate an initial structured query statement in response to a natural language question input by the user; The verification module is used to perform permission verification on the initial structured query statement based on pre-configured permission rules and obtain the permission verification result. The processing module is used to execute the initial structured query statement and return the processing result if the permission verification result is successful.

[0013] Thirdly, embodiments of this disclosure provide an electronic device, including: Memory; Processor; and Computer programs; The computer program is stored in memory and configured to be executed by a processor to implement the method as described in the first aspect.

[0014] Fourthly, embodiments of this disclosure provide a computer-readable storage medium having a computer program stored thereon, the computer program being executed by a processor to implement the method as described in the first aspect.

[0015] Fifthly, embodiments of this disclosure also provide a computer program product comprising a computer program or instructions that, when executed by a processor, implement the method as described in the first aspect.

[0016] The structured query processing method, apparatus, electronic device, and storage medium provided in this disclosure generate an initial structured query statement in response to a user's input of a natural language question. Based on pre-configured permission rules, the initial structured query statement undergoes permission verification to obtain a permission verification result. If the permission verification result is successful, the initial structured query statement is executed and a processing result is returned. Compared to existing technologies, this disclosure solves the problem of permission rules interfering with intent understanding in traditional solutions by first generating an initial structured query statement and then performing permission verification. It achieves a balance between generation accuracy and security reliability, providing a basic framework for the secure implementation of natural language to structured query statement technology in sensitive enterprise scenarios and reducing the risk of data leakage. Attached Figure Description

[0017] The accompanying drawings, which are incorporated in and form a part of this specification, illustrate embodiments consistent with this disclosure and, together with the description, serve to explain the principles of this disclosure.

[0018] To more clearly illustrate the technical solutions in the embodiments of this disclosure or the prior art, the accompanying drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0019] Figure 1 A flowchart of a structured query statement processing method provided in this embodiment of the disclosure; Figure 2 A flowchart of a structured query statement processing method provided in another embodiment of this disclosure; Figure 3 A flowchart of a structured query statement processing method provided in another embodiment of this disclosure; Figure 4 This is a schematic diagram of the structure of the structured query statement processing apparatus provided in the embodiments of this disclosure; Figure 5 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this disclosure. Detailed Implementation

[0020] To better understand the above-mentioned objectives, features, and advantages of this disclosure, the solutions disclosed herein will be further described below. It should be noted that, unless otherwise specified, the embodiments and features described herein can be combined with each other.

[0021] Numerous specific details are set forth in the following description in order to provide a full understanding of this disclosure, but this disclosure may also be implemented in other ways different from those described herein; obviously, the embodiments in the specification are only some, and not all, of the embodiments of this disclosure.

[0022] In applications based on Natural Language to Structured Query (NL2SQL), users describe their query intent in natural language, and a large language model automatically generates the corresponding structured query statement (SQL). This technology greatly simplifies database query operations and improves the ease of use of data analysis. However, in fields with strict data security requirements (such as healthcare and finance), it is necessary to ensure that the generated structured query statement only accesses data within the user's authorized scope to prevent information leakage.

[0023] Currently, the mainstream solution is to embed data security policies as text into the prompts of a large language model, using these prompts to constrain SQL generation. However, this approach has significant drawbacks: First, complex permission rules can drastically increase the length and complexity of the prompts, interfering with the model's understanding of the user's original intent and thus reducing the accuracy of generated queries. Second, relying solely on the self-discipline of the large language model to implement permission control is unreliable; the model may generate queries that bypass security policies, posing a risk of data leakage.

[0024] To address this issue, this disclosure provides a method for processing structured query statements, which will be described below with reference to specific embodiments.

[0025] Figure 1 This is a flowchart illustrating a structured query processing method provided in this embodiment. The method is executed by an electronic device, which can be a portable mobile device such as a smartphone, tablet, laptop, in-vehicle navigation device, or smart sports equipment; or a fixed device such as a personal computer, smart home appliance, or server. The server can be a single server, a server cluster, a distributed cluster, or a centralized cluster. This method can be applied to scenarios involving the processing of structured query statements.

[0026] It is understood that the structured query processing method provided in this disclosure can also be applied in other scenarios.

[0027] The following is about Figure 1 The method for processing structured query statements shown is introduced below. This method can be applied to electronic devices, and the specific steps included in the method are as follows: S101. In response to the natural language question input by the user, generate an initial structured query statement.

[0028] In this step, the user inputs a natural language question, such as "Query all expense reimbursement details for Zhang San in the sales department last quarter." The electronic device can respond to the user's input and generate an initial structured query statement. This step precisely maps semantics such as "Zhang San," "sales department," and "last quarter" to database fields and values.

[0029] In some embodiments, generating an initial structured query statement in response to a natural language question input by a user includes: receiving a natural language question input by a user; and generating the initial structured query statement based on the natural language question using a large language model.

[0030] Specifically, the electronic device can receive a natural language question input by the user, and further generate the initial structured query statement based on the natural language question using a large language model.

[0031] S102. Perform permission verification on the initial structured query statement based on the pre-configured permission rules to obtain the permission verification result.

[0032] In this step, corresponding permission rules are pre-configured for each user. For example, the administrator creates user roles and configures permission rules for each user role. The electronic device can perform permission verification on the initial structured query statement based on the pre-configured permission rules to obtain the permission verification result. The permission verification result can include verification passed or verification failed.

[0033] S103. If the permission verification result is successful, execute the initial structured query statement and return the processing result.

[0034] In this step, if the permission verification result is successful, the electronic device executes the initial structured query statement and returns the processing result. Specifically, the initial SQL is sent to the database for execution, and the processing result is returned, for example, a detailed list of Zhang San's approved expense reimbursements is returned to the user. The entire process ensures that the query results comply with the security policy of "viewing only approved records" without the user's awareness.

[0035] This disclosure, in response to a user's input of a natural language question, generates an initial structured query statement. Based on pre-configured permission rules, it performs permission verification on the initial structured query statement, obtaining a permission verification result. If the permission verification result is successful, the initial structured query statement is executed, and the processing result is returned. Compared to existing technologies, this disclosure, by first generating an initial structured query statement and then performing permission verification, solves the problem of permission rules interfering with intent understanding in traditional solutions. It achieves a balance between generation accuracy and security reliability, providing a basic framework for the secure implementation of natural language to structured query statement technology in sensitive enterprise scenarios and reducing the risk of data leakage.

[0036] Figure 2 Here is a flowchart of a structured query processing method provided in another embodiment of this disclosure, such as... Figure 2 As shown, the method includes the following steps: S201. In response to the natural language question input by the user, generate an initial structured query statement.

[0037] Specifically, the implementation process and principle of S201 and S101 are the same, and will not be repeated here.

[0038] S202. Parse the initial structured query statement into a syntax tree, and traverse the syntax tree to find the data table to be accessed and the fields of the data table to be accessed.

[0039] In this step, after generating the initial structured query statement, the electronic device parses the initial structured query statement into a syntax tree, and traverses the syntax tree to retrieve the data table to be accessed and the data table fields to be accessed. For example, the data table to be accessed is Zhang San's expense report, and the data table fields to be accessed include the time period of the previous quarter, the expense item, and the expense amount.

[0040] S203. Based on the pre-configured permission rules, perform permission verification on the data table and the data table fields to obtain the permission verification result.

[0041] In this step, the electronic device performs permission verification on the data table and its fields based on the pre-configured permission rules, and obtains the permission verification result. Optionally, the permission verification includes table permission verification, column permission verification, and row permission verification.

[0042] This embodiment parses the SQL into a syntax tree and traverses all objects to be accessed. Syntax tree parsing provides a precise and unambiguous understanding of the SQL statement structure, and can completely extract the data tables, fields, and other objects intended to be accessed. This provides a reliable basis for subsequent accurate comparison with permission rules, ensuring the comprehensiveness and completeness of permission verification, and avoiding verification blind spots caused by the complexity of SQL syntax.

[0043] In some embodiments, S203 performs permission verification on the data table and the data table fields, which may include, but is not limited to, S2031, S2032, and S2033: S2031. Perform table permission verification on the data table to obtain the table permission verification result.

[0044] In this step, the data table is first subjected to table permission verification to obtain the table permission verification result. Specifically, it queries whether the current user role has permissions to the data table. If so, the table permission verification passes. Optionally, table permissions include SELECT, UPDATE, INSERT, DELETE, etc., without limitation.

[0045] S2032. If the table permission check passes, then perform column permission check on the data table fields to obtain the column permission check result.

[0046] In this step, if the table permission verification passes, the electronic device will further perform column permission verification on the data table fields to obtain the column permission verification result. Specifically, it verifies whether the current user has the permission to use the data table fields. If so, the column permission verification passes. Optionally, column permissions include SELECT, UPDATE, INSERT, etc., without limitation. In some embodiments, certain columns of the business logic need to be de-identified before being displayed. In this case, a de-identification function needs to be set in the de-identification conversion function (mask_func) field of the column permission rule.

[0047] S2033. If the column permission verification passes, then perform row permission verification on the data table and the data table fields to obtain the row permission verification result.

[0048] In this step, if the column permission verification passes, the electronic device will perform row permission verification on the data table and its fields, obtaining the row permission verification result. Row permissions are defined by binding a row filter to a relevant role for the target data table, restricting the access scope of users with that role. For example, when authorizing a doctor to access the "Outpatient Registration Table," a department filter "dept_id={deptId}" needs to be bound, which can be read from the user's login information. Row filters are configured in the filter field of the row permission rule.

[0049] This embodiment specifies the order and logical dependencies of three-level permission verification: table, column, and row. This hierarchical and progressive verification order conforms to the natural logic of data access, and the subsequent process can be terminated immediately if any level of verification fails, realizing a fast failure mechanism. This effectively reduces unnecessary computational overhead and improves the overall processing efficiency and response speed of the system.

[0050] S204. If the permission verification result is successful, execute the initial structured query statement and return the processing result.

[0051] Specifically, the implementation process and principle of S204 and S103 are the same, and will not be repeated here.

[0052] S205. If the permission verification result is that the verification fails, the permission error information in the permission verification result is fed back to the large language model.

[0053] In this step, if the permission verification result is determined to be a failure, the electronic device will send the permission error information in the permission verification result back to the large language model.

[0054] S206. Update the initial structured query statement based on the permission error information using the large language model and return to the step of performing permission verification, or report an error to the user based on the permission error information.

[0055] Furthermore, the electronic device will update the initial structured query statement based on the permission error information through the large language model and return to the step of performing permission verification. The updated structured query statement will be subject to permission verification and subsequent steps will be executed. If the structured query statement cannot be updated or the updated structured query statement does not meet the permissions, an error will be reported to the user based on the permission error information.

[0056] In some embodiments, for row permission verification error messages, the language model can be prompted to add a row permission filter to the current SQL and rewrite the SQL; for column permission verification error messages, if the column lacks permission, the language model can be prompted to change the table or field to meet the requirements; if there are no other solutions, the column without permission will be deleted and a prompt will be returned to the user; for table permission verification error messages, including access to related data tables without permission or data tables without permission, the language model can be prompted to change the table or field to meet the requirements; if there are no other solutions, an error will be returned to the user.

[0057] This embodiment of the disclosure generates an initial structured query statement in response to a user's input of a natural language question. The initial structured query statement is parsed into a syntax tree, and the data table and its fields to be accessed are traversed from the syntax tree. Further, based on the pre-configured permission rules, permission checks are performed on the data table and its fields to obtain a permission check result. If the permission check result is successful, the initial structured query statement is executed and the processing result is returned. If the permission check result is unsuccessful, the permission error information in the permission check result is fed back to the large language model. The large language model updates the initial structured query statement based on the permission error information and returns to the permission check step, or reports an error to the user based on the permission error information. Through this method, this embodiment of the disclosure introduces an intelligent closed-loop correction mechanism based on error feedback. When permission check fails, it does not simply reject the request, but instead feeds back specific, structured, and actionable error information to the large language model, guiding it to correct the error. This enables the system to optimize within security boundaries. This allows the large language model to attempt to rewrite SQL based on error messages to meet permission requirements, or to generate user-friendly prompts when those requirements cannot be met. This greatly enhances the system's flexibility, intelligence, and user experience.

[0058] Figure 3 Here is a flowchart of a structured query processing method provided in another embodiment of this disclosure, such as... Figure 3As shown, the method includes the following steps: S301. Parse the initial structured query statement into a syntax tree, and traverse the syntax tree to find the data table to be accessed and the fields of the data table to be accessed.

[0059] Specifically, the implementation process and principle of S301 and S202 are the same, and will not be repeated here.

[0060] S302. Verify whether the user has access permissions to the data table.

[0061] This step essentially involves verifying table permissions. The electronic device queries the permission rules to confirm whether the current user role has the necessary access permissions to the data table to be accessed. If the user does not have the necessary access permissions, step S303 is executed.

[0062] S303. If the user does not have access to the data table, a table permission error message is generated, which indicates that access to the data table is missing.

[0063] If the current user role does not have access to the data table, the table permission check fails. In this case, the electronic device generates a table permission error message indicating the lack of access to the data table. In some embodiments, if the current user role has access to the data table, column permission checks are performed.

[0064] This embodiment first verifies whether the user has basic operation permissions for the target data table. This can intercept the most coarse-grained illegal access attempts at the earliest stage, providing basic security for the entire permission verification process and avoiding the waste of resources for subsequent finer-grained verification.

[0065] S304. Verify whether the user has column permissions to access the fields of the data table.

[0066] This step essentially involves column permission verification. The electronic device queries the permission rules to confirm whether the current user role has the necessary column permissions to access the data table fields. If the user has the necessary column permissions, proceed to step S305; otherwise, proceed to step S306.

[0067] S305. If the user has column permissions to access the data table fields and the data table fields are configured with de-identification functions, then the initial structured query statement is modified based on the de-identification functions to obtain the target structured query statement.

[0068] In this step, if the current user role has column access permissions to the data table fields and the data table fields are configured with masking functions, then the initial structured query statement is modified based on the masking functions to obtain the target structured query statement, and row permission verification is performed based on the target structured query statement. In some embodiments, if the current user role has column access permissions to the data table fields and the data table fields are not configured with masking functions, then it is not necessary to modify the initial structured query statement; row permission verification is performed based on the initial structured query statement.

[0069] S306. If the user does not have column permissions to access the data table field, a column permission error message is generated, which indicates that the user lacks column permissions to the data table field.

[0070] In this step, if the current user role does not have column permissions to access the data table field, it means that the column permission verification fails. At this time, the electronic device will generate column permission error information, which is used to indicate the missing column permissions for the data table field.

[0071] In this embodiment, when a field is configured with a data masking function, the SQL can be automatically and accurately rewritten, replacing the original content of sensitive fields with the masked result. This process is transparent to users and the model, seamlessly embedding data masking capabilities without changing the business query logic. This achieves field-level dynamic data security protection, a significant advancement that traditional prompt word methods struggle to implement stably and accurately.

[0072] S307. Identify whether the data table is associated with row permission rules.

[0073] This step essentially involves row permission verification, where the electronic device identifies whether the data table is associated with row permission rules.

[0074] S308. If the data table is associated with the row permission rule, then verify whether the data table fields contain the filter field corresponding to the row permission rule.

[0075] In this step, if the data table is associated with the row permission rule, it will be verified whether the data table fields contain the filter field corresponding to the row permission rule.

[0076] S309. If the data table does not contain the filter field, a row permission error message is generated, which indicates that the filter field is missing.

[0077] Furthermore, if the data table does not contain the filter field, the row permission check will fail. In this case, the electronic device will generate a row permission error message, which indicates that the filter field is missing.

[0078] This embodiment ensures that the data range of each query is strictly limited to the authorized scope by comparing a preset filter with the data table to be accessed and the data table fields. This enables the system to support complex multi-tenant and multi-department data isolation scenarios, achieving fine-grained access control at the record level.

[0079] S310. If the permission verification result is successful, execute the initial structured query statement and return the processing result.

[0080] Specifically, the implementation process and principle of S310 and S103 are the same, and will not be repeated here.

[0081] This embodiment of the disclosure parses the initial structured query statement into a syntax tree, traverses the syntax tree to retrieve the data table to be accessed and the data table fields to be accessed, and verifies whether the user has access permissions to the data table. If the user does not have access permissions to the data table, a table permission error message is generated to indicate that access permissions to the data table are missing. Further, it verifies whether the user has column permissions to access the data table fields. If the user has column permissions to access the data table fields and the data table fields are configured with de-identification functions, the initial structured query statement is modified based on the de-identification functions to obtain the target structured query statement. If the user does not have column permissions to access the data table fields, a column permission error message is generated to indicate that column permissions to the data table fields are missing. Next, it identifies whether the data table is associated with row permission rules. If the data table is associated with row permission rules, it verifies whether the data table fields contain filter fields corresponding to the row permission rules. If the data table fields do not contain the filter fields, a row permission error message is generated to indicate that the filter fields are missing. Then, if the permission verification result is successful, the initial structured query statement is executed and the processing result is returned. Compared with the prior art, this embodiment of the disclosure first verifies whether the user has basic operation permissions to the target data table, which can intercept the coarsest-grained illegal access attempts at the earliest stage, providing basic security for the entire permission verification process and avoiding the waste of resources for subsequent finer-grained verification. When the field is configured with a desensitization function, the SQL can be automatically and accurately rewritten, replacing the original content of sensitive fields with the desensitized result, ensuring that the data range of each query is strictly limited to within the authorized range, and reducing the risk of data leakage.

[0082] The solutions in the various embodiments of this disclosure can be used individually or in combination without conflict. For example, in S305, if the user has column permissions to access the data table fields and the data table fields are configured with de-identification functions, the initial structured query statement is modified based on the de-identification functions to obtain the target structured query statement. This can be combined with S2033, if the column permission verification passes, the data table and the data table fields are then subjected to row permission verification to obtain the row permission verification result. No specific limitation is made here.

[0083] Figure 4 This is a schematic diagram of the structure of the structured query statement processing apparatus provided in this embodiment. The structured query statement processing apparatus can be an electronic device as described in the above embodiment, or it can be a component or assembly within that electronic device. The structured query statement processing apparatus provided in this embodiment can execute the processing flow provided in the structured query statement processing method embodiment, such as... Figure 4 As shown, the structured query statement processing device 50 includes: a generation module 51, a verification module 52, and a processing module 53; wherein, the generation module 51 is used to generate an initial structured query statement in response to a natural language question input by the user; the verification module 52 is used to perform permission verification on the initial structured query statement based on pre-configured permission rules to obtain a permission verification result; the processing module 53 is used to execute the initial structured query statement and return a processing result if the permission verification result is successful.

[0084] Optionally, when the verification module 52 performs permission verification on the initial structured query statement based on pre-configured permission rules and obtains the permission verification result, it is specifically used to: parse the initial structured query statement into a syntax tree, traverse the syntax tree to extract the data table to be accessed and the data table fields to be accessed; and perform permission verification on the data table and the data table fields based on the pre-configured permission rules to obtain the permission verification result.

[0085] Optionally, the permission verification includes table permission verification, column permission verification, and row permission verification; When the verification module 52 performs permission verification on the data table and the data table fields, it is specifically used to: perform table permission verification on the data table to obtain a table permission verification result; if the table permission verification passes, then perform column permission verification on the data table fields to obtain a column permission verification result; if the column permission verification passes, then perform row permission verification on the data table and the data table fields to obtain a row permission verification result.

[0086] Optionally, when the verification module 52 performs table permission verification on the data table and obtains the table permission verification result, it is specifically used to: verify whether the user has access permission to the data table; if the user does not have access permission to the data table, it generates table permission error information, which is used to indicate the lack of access permission to the data table.

[0087] Optionally, when the verification module 52 performs column permission verification on the data table fields and obtains the column permission verification result, it is specifically used to: verify whether the user has column permission to access the data table fields; if the user has column permission to access the data table fields and the data table fields are configured with a de-identification function, then modify the initial structured query statement based on the de-identification function to obtain the target structured query statement; if the user does not have column permission to access the data table fields, then generate column permission error information, which is used to indicate the lack of column permission for the data table fields.

[0088] Optionally, when the verification module 52 performs row permission verification on the data table and the data table fields and obtains the row permission verification result, it is specifically used to: identify whether the data table is associated with a row permission rule; if the data table is associated with the row permission rule, then verify whether the data table fields contain a filter field corresponding to the row permission rule; If the data table does not contain the filter field, a row permission error message is generated, which indicates that the filter field is missing.

[0089] Optionally, the device 50 further includes: a feedback module 54; the feedback module 54 is used to, if the permission verification result is that the verification fails, feed back the permission error information in the permission verification result to the large language model; update the initial structured query statement based on the permission error information and return to the step of performing permission verification through the large language model, or report an error to the user based on the permission error information.

[0090] Figure 4 The structured query statement processing device of the illustrated embodiment can be used to execute the technical solution of the above method embodiment. Its implementation principle and technical effect are similar, and will not be described again here.

[0091] Figure 5 This is a schematic diagram of the structure of an electronic device according to an embodiment of this disclosure. See below for details. Figure 5 It shows a schematic diagram of a structure suitable for implementing the electronic device 600 in the embodiments of this disclosure. Figure 5 The electronic device shown is merely an example and should not be construed as limiting the functionality and scope of the embodiments disclosed herein.

[0092] like Figure 5 As shown, electronic device 600 may include a processing device (e.g., a central processing unit, a graphics processing unit, etc.) 601, which can perform various appropriate actions and processes according to a program stored in read-only memory (ROM) 602 or a program loaded from storage device 608 into random access memory (RAM) 603 to implement the structured query statement processing method as described in the embodiments of this disclosure. The RAM 603 also stores various programs and data required for the operation of electronic device 600. The processing device 601, ROM 602, and RAM 603 are interconnected via bus 604. An input / output (I / O) interface 605 is also connected to bus 604.

[0093] Typically, the following devices can be connected to I / O interface 605: input devices 606 including, for example, touchscreens, touchpads, keyboards, mice, cameras, microphones, accelerometers, gyroscopes, etc.; output devices 607 including, for example, liquid crystal displays (LCDs), speakers, vibrators, etc.; storage devices 608 including, for example, magnetic tapes, hard disks, etc.; and communication devices 609. Communication device 609 allows electronic device 600 to communicate wirelessly or wiredly with other devices to exchange data. Although Figure 5 An electronic device 600 with various devices is shown; however, it should be understood that it is not required to implement or possess all of the devices shown. More or fewer devices may be implemented or possessed alternatively.

[0094] In particular, according to embodiments of this disclosure, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments of this disclosure include a computer program product comprising a computer program carried on a non-transitory computer-readable medium, the computer program containing program code for performing the methods shown in the flowcharts, thereby implementing the structured query processing method described above. In such embodiments, the computer program can be downloaded and installed from a network via communication device 609, or installed from storage device 608, or installed from ROM 602. When the computer program is executed by processing device 601, it performs the functions defined above in the methods of embodiments of this disclosure.

[0095] It should be noted that the computer-readable medium described in this disclosure can be a computer-readable signal medium or a computer-readable storage medium, or any combination thereof. A computer-readable storage medium can be, for example,—but not limited to—an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of a computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof. In this disclosure, a computer-readable storage medium can be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In this disclosure, a computer-readable signal medium can include a data signal propagated in baseband or as part of a carrier wave, carrying computer-readable program code. Such propagated data signals can take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. A computer-readable signal medium can be any computer-readable medium other than a computer-readable storage medium, which can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device. The program code contained on the computer-readable medium can be transmitted using any suitable medium, including but not limited to: wires, optical fibers, RF (radio frequency), etc., or any suitable combination thereof.

[0096] In some implementations, clients and servers can communicate using any currently known or future-developed network protocol such as HTTP (Hypertext Transfer Protocol) and can interconnect with digital data communication (e.g., communication networks) of any form or medium. Examples of communication networks include local area networks (“LANs”), wide area networks (“WANs”), the Internet (e.g., the Internet of Things), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future-developed networks.

[0097] The aforementioned computer-readable medium may be included in the aforementioned electronic device; or it may exist independently and not assembled into the electronic device.

[0098] The aforementioned computer-readable medium carries one or more programs that, when executed by the electronic device, cause the electronic device to: In response to a natural language question input by the user, an initial structured query statement is generated; The initial structured query statement is validated based on pre-configured permission rules to obtain the permission validation result; If the permission verification result is successful, the initial structured query statement is executed and the processing result is returned.

[0099] Optionally, when one or more of the above-described procedures are executed by the electronic device, the electronic device may also execute other steps of the above embodiments.

[0100] Computer program code for performing the operations of this disclosure can be written in one or more programming languages ​​or a combination thereof, including but not limited to object-oriented programming languages ​​such as Java, Smalltalk, and C++, as well as conventional procedural programming languages ​​such as the "C" language or similar programming languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network—including a local area network (LAN) or a wide area network (WAN)—or can be connected to an external computer (e.g., via the Internet using an Internet service provider).

[0101] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this disclosure. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.

[0102] The units described in the embodiments of this disclosure can be implemented in software or hardware. The names of the units are not, in some cases, intended to limit the specific unit.

[0103] The functions described above in this document can be performed at least in part by one or more hardware logic components. For example, exemplary types of hardware logic components that can be used, without limitation, include: field-programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), application-specific standard products (ASSPs), system-on-a-chip (SoCs), complex programmable logic devices (CPLDs), and so on.

[0104] In the context of this disclosure, a machine-readable medium can be a tangible medium that may contain or store a program for use by or in conjunction with an instruction execution system, apparatus, or device. A machine-readable medium can be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium can be, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination of the foregoing. More specific examples of machine-readable storage media include electrical connections based on one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.

[0105] The above description is merely a preferred embodiment of this disclosure and an explanation of the technical principles employed. Those skilled in the art should understand that the scope of this disclosure is not limited to technical solutions formed by specific combinations of the above-described technical features, but should also cover other technical solutions formed by arbitrary combinations of the above-described technical features or their equivalents without departing from the above-described concept. For example, technical solutions formed by substituting the above features with (but not limited to) technical features disclosed in this disclosure that have similar functions.

[0106] Furthermore, while the operations are described in a specific order, this should not be construed as requiring these operations to be performed in the specific order shown or in a sequential order. In certain environments, multitasking and parallel processing may be advantageous. Similarly, while several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of this disclosure. Certain features described in the context of individual embodiments may also be implemented in combination in a single embodiment. Conversely, various features described in the context of a single embodiment may also be implemented individually or in any suitable sub-combination in multiple embodiments.

[0107] Although the subject matter has been described using language specific to structural features and / or methodological logic, it should be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or actions described above. Rather, the specific features and actions described above are merely illustrative examples of implementing the claims.

Claims

1. A method for processing structured query statements, characterized in that, The method includes: In response to a natural language question input by the user, an initial structured query statement is generated; The initial structured query statement is validated based on pre-configured permission rules to obtain the permission validation result; If the permission verification result is successful, the initial structured query statement is executed and the processing result is returned.

2. The method according to claim 1, characterized in that, The permission verification of the initial structured query statement based on the pre-configured permission rules, and the resulting permission verification result, include: The initial structured query statement is parsed into a syntax tree, and the data table to be accessed and the fields of the data table to be accessed are traversed from the syntax tree. Based on the pre-configured permission rules, permission verification is performed on the data table and its fields to obtain the permission verification result.

3. The method according to claim 2, characterized in that, The permission verification includes table permission verification, column permission verification, and row permission verification. The permission verification of the data table and its fields includes: Perform table permission verification on the data table to obtain the table permission verification result; If the table permission check passes, then perform column permission check on the data table fields to obtain the column permission check results; If the column permission check passes, then the row permission check is performed on the data table and the data table fields to obtain the row permission check result.

4. The method according to claim 3, characterized in that, The step of performing table permission verification on the data table to obtain the table permission verification result includes: Verify whether the user has access permissions to the data table; If the user does not have access to the data table, a table permission error message is generated, which indicates that access to the data table is missing.

5. The method according to claim 3, characterized in that, The step of performing column permission verification on the data table fields to obtain the column permission verification result includes: Verify whether the user has column permissions to access the fields in the data table; If the user has column permissions to access the data table field and the data table field is configured with a de-identification function, then the initial structured query statement is modified based on the de-identification function to obtain the target structured query statement; If the user does not have column permissions to access the data table field, a column permission error message is generated, which indicates that the user lacks column permissions for the data table field.

6. The method according to claim 3, characterized in that, The step of performing row permission verification on the data table and its fields to obtain the row permission verification result includes: Identify whether the data table is associated with row permission rules; If the data table is associated with the row permission rule, then check whether the data table fields contain the filter field corresponding to the row permission rule; If the data table does not contain the filter field, a row permission error message is generated, which indicates that the filter field is missing.

7. The method according to claim 1, characterized in that, The method further includes: If the permission verification result is that the verification fails, the permission error information in the permission verification result will be fed back to the large language model. The large language model updates the initial structured query statement based on the permission error information and returns to the step of performing permission verification, or reports an error to the user based on the permission error information.

8. A structured query statement processing device, characterized in that, include: The generation module is used to generate an initial structured query statement in response to a natural language question input by the user; The verification module is used to perform permission verification on the initial structured query statement based on pre-configured permission rules and obtain the permission verification result. The processing module is used to execute the initial structured query statement and return the processing result if the permission verification result is successful.

9. An electronic device, characterized in that, include: Memory; processor; as well as Computer programs; The computer program is stored in the memory and configured to be executed by the processor to implement the method as described in any one of claims 1-7.

10. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the method as described in any one of claims 1-7.