Query processing method and system, electronic device and storage medium

CN122309550APending Publication Date: 2026-06-30ALIBABA CLOUD COMPUTING CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
ALIBABA CLOUD COMPUTING CO LTD
Filing Date
2024-12-31
Publication Date
2026-06-30

Smart Images

  • Figure CN122309550A_ABST
    Figure CN122309550A_ABST
Patent Text Reader

Abstract

This application discloses a query processing method, system, electronic device, and storage medium, relating to the field of computer technology. The method includes: obtaining an initial query request from a target application; using a software development kit (SDK) to obtain data permission configuration information corresponding to the initial query request from a target storage area; rewriting the initial query request based on the data permission configuration information to generate a target query request; and accessing the target storage area using the target query request to obtain the target query result corresponding to the target query request from a data object. This application solves the technical problems of cumbersome data permission configuration and low query efficiency in related technologies when processing application query requests.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of computer technology, and more specifically, to a query processing method, system, electronic device, and storage medium. Background Technology

[0002] In multi-user application systems, implementing fine-grained account data access control is crucial for protecting data security and user privacy. Implementing account data access control in an existing application system requires significant modifications to the source code, which can easily introduce new bugs, impacting system stability and performance. While related technologies can also implement data access control based on Application Programming Interfaces (APIs), in existing application systems, the sheer number and inconsistent naming of APIs necessitate detailed analysis and naming convention adjustments to adapt them to the access control mechanism. This process is not only extremely labor-intensive and costly but also highly intrusive, hindering rapid deployment and adaptation to rapidly changing service requirements. Therefore, these technologies suffer from cumbersome data access configuration and low query efficiency when handling application query requests.

[0003] There is currently no effective solution to the above problems. Summary of the Invention

[0004] This application provides a query processing method, system, electronic device, and storage medium to at least solve the technical problems of cumbersome data permission configuration and low query efficiency in the related art when processing application query requests.

[0005] According to one aspect of the embodiments of this application, a query processing method is provided, comprising: obtaining an initial query request of a target application; invoking a software development kit to obtain data permission configuration information corresponding to the initial query request from a target storage area, wherein the data permission configuration information is used to determine the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area; rewriting the initial query request according to the data permission configuration information to generate a target query request, wherein the target query request includes a multi-condition query statement obtained by rewriting according to the data permission configuration information; and accessing the target storage area using the target query request to obtain the target query result corresponding to the target query request from the data objects.

[0006] According to another aspect of the embodiments of this application, a query processing method is also provided, comprising: obtaining an initial user behavior data query request from a network query application; invoking a software development kit to obtain user behavior data permission configuration information corresponding to the initial user behavior data query request from a target storage area, wherein the user behavior data permission configuration information is used to determine the user behavior data objects that the user account corresponding to the initial user behavior data query request is allowed to access in the target storage area; rewriting the initial user behavior data query request according to the user behavior data permission configuration information to generate a target user behavior data query request, wherein the target user behavior data query request includes a multi-condition query statement obtained by rewriting according to the user behavior data permission configuration information; and accessing the target storage area using the target user behavior data query request to obtain the user behavior data query result corresponding to the target user behavior data query request from the user behavior data objects.

[0007] According to another aspect of the embodiments of this application, a query processing method is also provided, including: obtaining an initial query request of a target application through a first application programming interface; and returning a query processing response through a second application programming interface, wherein the response data carried in the query processing response includes: a target query result, the target query result being obtained according to any one of the query processing methods in the embodiments of this application.

[0008] According to another aspect of the embodiments of this application, a query processing method is also provided, including: generating an initial query request for a target application in response to a query instruction applied to an operation interface; and displaying a target query result on the operation interface in response to a processing instruction applied to the operation interface, wherein the target query result is obtained according to any one of the query processing methods in the embodiments of this application.

[0009] According to another aspect of the embodiments of this application, a query processing system is also provided, comprising: a client for sending an initial query request of a target application; a server connected to the client for invoking a software development kit to obtain data permission configuration information corresponding to the initial query request from a target storage area, rewriting the initial query request according to the data permission configuration information to generate a target query request, and using the target query request to access the target storage area to obtain a target query result corresponding to the target query request from data objects, wherein the data permission configuration information is used to determine the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area, and the target query request includes a multi-condition query statement obtained by rewriting according to the data permission configuration information; the client is also used to output the target query result.

[0010] According to another aspect of the embodiments of this application, an electronic device is also provided, including: a memory storing an executable program; and a processor connected to the memory via a bus for running the program, wherein the program executes the methods in various embodiments of this application when it runs.

[0011] According to another aspect of the embodiments of this application, a computer-readable storage medium is also provided, the computer-readable storage medium including a stored executable program, wherein, when the executable program is running, it controls the device where the computer-readable storage medium is located to perform the methods of various embodiments of this application.

[0012] According to another aspect of the embodiments of this application, a computer program product is also provided, including a computer program that, when executed by a processor, implements the methods of various embodiments of this application.

[0013] According to another aspect of the embodiments of this application, a computer program product is also provided, including a non-volatile computer-readable storage medium storing a computer program, which, when executed by a processor, implements the methods in various embodiments of this application.

[0014] According to another aspect of the embodiments of this application, a computer program is also provided, which, when executed by a processor, implements the methods of the various embodiments of this application.

[0015] In this embodiment, by obtaining the initial query request of the target application, and then calling the software development kit (SDK) to retrieve the data permission configuration information corresponding to the initial query request from the target storage area, the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area are determined. Subsequently, the initial query request is rewritten based on the data permission configuration information to generate a target query request. Finally, the target query request is used to access the target storage area and retrieve the target query results corresponding to the target query request from the data objects. This enables permission control over user accounts' access to data objects in the target storage area, ensuring that users can only access their authorized data objects, thereby protecting data security and privacy. Simultaneously, by rewriting the initial query request using the data permission configuration information to generate the target query request, which includes a multi-condition query statement obtained by rewriting based on the data permission configuration information, the query scope in the target storage area can be more precisely limited according to the multi-condition query statement, allowing for faster retrieval of the query results corresponding to the target query request, further improving data accessibility and query efficiency. Furthermore, by dynamically adding conditions based on data permission configuration information in the initial query request, customized data queries and personalized access can be effectively realized. At the same time, by using the software development kit to centrally manage permission configuration, the complexity of data permission configuration is significantly reduced. This also enables customized data queries and personalized access, effectively reducing the complexity of data permission configuration and thus solving the technical problems of cumbersome data permission configuration and low query efficiency in related technologies when processing application query requests.

[0016] It is worth noting that the general description above and the detailed description that follow are merely for illustrative purposes and do not constitute a limitation on this application. Attached Figure Description

[0017] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings:

[0018] Figure 1 This is a hardware structure block diagram of a computer terminal (or mobile device) for implementing a query processing method according to an embodiment of this application;

[0019] Figure 2 This is a schematic diagram illustrating an application scenario of a query processing method according to an embodiment of this application;

[0020] Figure 3 This is a flowchart of a query processing method according to an embodiment of this application;

[0021] Figure 4This is a schematic diagram of the architecture of a query processing system according to an embodiment of this application;

[0022] Figure 5 This is a flowchart of another query processing method according to an embodiment of this application;

[0023] Figure 6 This is a flowchart of another query processing method according to an embodiment of this application;

[0024] Figure 7 This is a flowchart of another query processing method according to an embodiment of this application;

[0025] Figure 8 This is a structural block diagram of a query processing apparatus according to an embodiment of this application;

[0026] Figure 9 This is a structural block diagram of another query processing apparatus according to an embodiment of this application;

[0027] Figure 10 This is a structural block diagram of another query processing apparatus according to an embodiment of this application;

[0028] Figure 11 This is a structural block diagram of another query processing apparatus according to an embodiment of this application;

[0029] Figure 12 This is a structural block diagram of a computer terminal according to an embodiment of this application. Detailed Implementation

[0030] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative effort should fall within the scope of protection of the present application.

[0031] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0032] According to an embodiment of this application, a method embodiment of a query processing method is also provided. It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions. Furthermore, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in a different order than that shown here.

[0033] The method embodiment provided in Embodiment 1 of this application can be executed on a mobile terminal, computer terminal, or similar computing device. Figure 1 A hardware structure block diagram of a computer terminal (or mobile device) for implementing a query processing method is shown. Figure 1 As shown, the computer terminal 10 (or mobile device) may include one or more processors 102 (shown as 102a, 102b, ..., 102n in the figure) 102 (processor 102 may include, but is not limited to, a microprocessor (MCU) or a programmable gate array (FPGA)), a memory 104 for storing data, and a transmission device 106 for communication functions. In addition, it may also include: a display, an input / output interface (I / O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of a BUS bus), a network interface, a power supply, and / or a camera. Those skilled in the art will understand that... Figure 1 The structure shown is for illustrative purposes only and does not limit the structure of the aforementioned electronic device. For example, computer terminal 10 may also include... Figure 1 The more or fewer components shown, or having the same Figure 1 The different configurations shown.

[0034] It should be noted that the aforementioned one or more processors 102 and / or other data processing circuits are generally referred to herein as "data processing circuits". These data processing circuits may be embodied, in whole or in part, in software, hardware, firmware, or any other combination thereof. Furthermore, the data processing circuits may be a single, independent processing module, or may be integrated, in whole or in part, into any other element within the computer terminal 10 (or mobile device). As involved in the embodiments of this application, the data processing circuits serve as a processor control mechanism (e.g., selection of a variable resistor termination path connected to an interface).

[0035] The memory 104 can be used to store software programs and modules of application software, such as the program instructions / data storage device corresponding to the query processing method in this embodiment. The processor 102 executes various functional applications and data processing by running the software programs and modules stored in the memory 104, thereby realizing the above-mentioned query processing method. The memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include memory remotely located relative to the processor 102, and these remote memories can be connected to the computer terminal 10 via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

[0036] The transmission device 106 is used to receive or send data via a network. Specific examples of the network described above may include a wireless network provided by the communication provider of the computer terminal 10. In one example, the transmission device 106 includes a Network Interface Controller (NIC), which can connect to other network devices via a base station to communicate with the Internet. In another example, the transmission device 106 may be a Radio Frequency (RF) module, used for wireless communication with the Internet.

[0037] The display can be, for example, a touchscreen liquid crystal display (LCD), which allows the user to interact with the user interface of the computer terminal 10 (or mobile device).

[0038] Figure 1 The hardware structure block diagram shown can serve not only as an exemplary block diagram of the aforementioned computer terminal 10 (or mobile device), but also as an exemplary block diagram of the aforementioned server. In one optional embodiment, Figure 2 The use of the above is illustrated in a block diagram. Figure 1The computer terminal 10 (or mobile device) shown is one embodiment, serving as a receiving end. For example... Figure 2 As shown, computer terminal 10 (or mobile device) can be connected to one or more servers, such as security servers, resource servers, game servers, etc., via a data network connection or electronic connection. In an optional embodiment, the computer terminal 10 (or mobile device) can be any mobile computing device. The data network connection can be a local area network (LAN) connection, a wide area network (WAN) connection, an Internet connection, or other types of data network connection. Computer terminal 10 (or mobile device) can perform network services to connect to a network service performed by a server (e.g., a security server) or a group of servers 20. The network server is a network-based user service, such as social networks, cloud resources, email, online payments, or other online applications.

[0039] Under the aforementioned operating environment, this application provides the following: Figure 3 The query processing method shown. Figure 3 This is a flowchart of a query processing method according to an embodiment of this application, the method including the following steps:

[0040] Step S31: Obtain the initial query request from the target application;

[0041] Step S32: Call the software development kit to obtain the data permission configuration information corresponding to the initial query request from the target storage area. The data permission configuration information is used to determine the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area.

[0042] Step S33: Rewrite the initial query request according to the data permission configuration information to generate a target query request, wherein the target query request includes a multi-condition query statement obtained by rewriting according to the data permission configuration information.

[0043] Step S34: Access the target storage area using the target query request and obtain the target query result corresponding to the target query request from the data object.

[0044] The target application mentioned above can be any application system that requires permission checks and data access in the data access control process. For example, the target application can be an application already deployed in a production environment, running and processing user data, especially an existing application system, i.e., a software system that has been running for a long time and has accumulated a large amount of data and business logic. In a multi-user environment, the target application can be, but is not limited to, a website, a mobile application, or any system that involves user data operations.

[0045] The initial query request described above can contain a single-condition query statement written in Structured Query Language (SQL). During the interaction between the target application and the database, when a user attempts to access or manipulate data, the target application generates a raw SQL query statement or data access request. The initial query request may contain the table names and fields from which the user wishes to obtain data, but it does not yet contain any additional conditions for data access control. The initial query request is a direct expression of the user's intent. Based on the initial query request, it can be rewritten according to the user's data access permissions to limit or adjust the scope of data access.

[0046] After obtaining the initial query request, the Software Development Kit (SDK) is invoked to retrieve the data permission configuration information corresponding to the initial query request from the target storage area. The SDK is a collection of development tools provided to software developers, including library files, API documentation, sample code, compiler tools, debugging tools, and development guides. It aims to help developers quickly and efficiently develop and integrate specific functions or services into applications. The SDK can be used to implement data access control, encapsulating the logic and functionality of access control. This allows target applications to control access permissions to database tables through simple calls and configurations without requiring in-depth modifications to the source code, thus reducing code invasiveness and simplifying the implementation process of access management.

[0047] The process of retrieving data permission configuration information from the target storage area by calling the software development kit can be accomplished in a variety of different ways, depending on the design of the software development kit, the storage method of the data permission configuration information, and the system architecture.

[0048] For example, specific annotations can be added to the query methods or classes of the target application. These annotations can contain information such as account (identification, ID) and access type. The software development kit (SDK) can read these specific annotations through reflection to obtain the context information of the initial query request, and then request the corresponding data permission configuration information from the target storage area.

[0049] For example, the logic for obtaining data permission configuration information is predefined in the target application's configuration file. The software development kit reads the configuration file before initialization or each query, parses out the permission information, and obtains the specific data permission configuration information through API calls or by directly querying the permission configuration table.

[0050] For example, data permission configuration information can be stored in environment variables or system properties. The software development kit reads the environment variables or system properties at runtime, retrieves the data permission configuration information, and performs corresponding queries and rewrites. This is more suitable for scenarios where permission information is relatively stable or changes frequently but requires rapid updates.

[0051] The data permission configuration information described above can be a predefined set of rules that specify in detail which data objects different user accounts can access. These data objects can be, but are not limited to, records in database tables, files in the file system, and objects in cloud storage. The data permission configuration information can be stored in a specific table or configuration file in the target storage area so that the SDK can quickly retrieve and apply it as needed.

[0052] Based on data permission configuration information, permission conditions can be added or modified in the initial query request to ensure that the final target query results only contain data that the user has the right to access. The query request after being modified with permission conditions becomes the target query request. The target query request contains the user's original query intent and the restrictions added based on the data permission configuration information, ensuring the compliance and security of data access.

[0053] After receiving the target query request, such as accessing the target storage area, the engine retrieves the corresponding query results from the data objects. The target storage area can be a database, where the target query request is parsed and executed. The database engine then filters the data records that meet the query conditions from the data objects based on the query conditions in the target query request.

[0054] Based on steps S31 to S34 above, by obtaining the initial query request of the target application, and then calling the software development kit (SDK) to retrieve the data permission configuration information corresponding to the initial query request from the target storage area, the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area are determined. Subsequently, the initial query request is rewritten according to the data permission configuration information to generate the target query request. Finally, the target query request is used to access the target storage area and retrieve the target query results corresponding to the target query request from the data objects. This enables access control of user accounts' access to data objects in the target storage area, ensuring that users can only access their authorized data objects, thereby protecting data security and privacy. Simultaneously, by rewriting the initial query request using the data permission configuration information to generate the target query request, which includes a multi-condition query statement obtained by rewriting based on the data permission configuration information, the query scope in the target storage area can be more precisely limited according to the multi-condition query statement, allowing for faster retrieval of the query results corresponding to the target query request, further improving data accessibility and query efficiency. Furthermore, by dynamically adding conditions based on data permission configuration information in the initial query request, customized data queries and personalized access can be effectively realized. At the same time, by using the software development kit to centrally manage permission configuration, the complexity of data permission configuration is significantly reduced. This also enables customized data queries and personalized access, effectively reducing the complexity of data permission configuration and thus solving the technical problems of cumbersome data permission configuration and low query efficiency in related technologies when processing application query requests.

[0055] The query processing method in the embodiments of this application will be further described below.

[0056] In an optional embodiment, the query processing method of this application further includes:

[0057] Configure the preset storage structure to be used in the target storage area; populate the data permission configuration information in the preset storage structure.

[0058] The specific forms of the aforementioned preset storage structure can be, but are not limited to, database tables, key-value stores, directory service files, and in-memory data files. Specifically, database tables can store access permission relationships between users and data objects. Database tables can be highly integrated with database operations, facilitating easy querying and maintenance of data permission configuration information. Key-value stores allow for fast access to permission configuration information; the keys may contain user IDs and data object identifiers, while the values ​​store related data permission configuration information. This is particularly suitable for high-concurrency scenarios, providing low-latency permission verification. Using directory service files to store data permission configuration information provides a hierarchical way to organize and store data, suitable for permission management in large enterprise environments. For scenarios requiring high performance, data permission configuration information can be stored in the application's in-memory data files, such as using hash tables or trees, thereby significantly improving access speed.

[0059] It should be noted that the selection of the preset storage structure should be determined according to the specific application scenario and requirements. Considering factors such as data access speed, security, ease of maintenance and overall system architecture, this application uses a database table as an example for illustration, but does not constitute a specific limitation on the preset storage structure.

[0060] During the process of configuring the preset storage structure to be used in the target storage area, multiple data items in the preset storage structure can be configured and populated.

[0061] Based on the above optional embodiments, by configuring a preset storage structure to be used in the target storage area, and then filling the preset storage structure with data permission configuration information, efficient, secure and flexible data access permission control can be achieved, improving the system's security, privacy protection capabilities and management efficiency, while reducing development and maintenance costs.

[0062] In one optional embodiment, the preset storage structure includes: multiple storage data items, each of the multiple storage data items includes: multiple storage fields, the multiple storage fields include at least: a first storage field, a second storage field and a third storage field, wherein the first storage field is used to record the data item identifier of the multiple storage data items, the second storage field is used to record the user account identifier corresponding to each of the multiple storage data items, and the third storage field is used to record the data type of the data object corresponding to each of the multiple storage data items.

[0063] Taking a database table as an example with a preset storage structure, the database table includes multiple stored data items, each containing multiple stored fields. Using the first stored field as a unique identifier for each stored data item simplifies the retrieval process of data permission configuration information. For instance, when it is necessary to verify a user's access permissions to a specific data type, the relevant data permission configuration information can be quickly located by querying the first stored field corresponding to the user's account identifier and data type.

[0064] In one optional embodiment, the target storage area is a database, the preset storage structure is a database table, and the data permission configuration information is the table information configured in the database table for data permission control.

[0065] The data types of the aforementioned data objects include, but are not limited to, images, videos, documents, and audio. By recording the user account identifier in the second storage field and the data type of the data object in the third storage field, fine-grained access control based on users and data types can be achieved. This allows for setting different access permissions for different users and different data types, providing more secure data isolation and more flexible permission allocation.

[0066] Table 1 is an example of a preset storage structure according to an embodiment of this application. As shown in Table 1, the database table includes four stored data items, each of which includes multiple storage fields. These multiple storage fields include at least a first storage field, a second storage field, and a third storage field. The first storage field records the data item identifiers of the multiple stored data items, such as data item 1, data item 2, data item 3, and data item 4. The second storage field records the user account identifiers corresponding to the multiple stored data items, such as user 1001, user 1002, user 1003, and user 1004. The third storage field records the data type of the data object corresponding to the multiple stored data items, such as data item 1 being an image, data item 2 being an image, data item 3 being an image, and data item 4 being a video. Furthermore, the database table may also include the generation time and modification time of each stored data item.

[0067] Table 1 Preset Storage Structure

[0068]

[0069] Based on the above optional embodiments, by setting multiple stored data items in a preset storage structure, each data item has multiple storage fields, including at least a first storage field for recording the data item identifier, a second storage field for recording the user account identifier, and a third storage field for recording the data type. This helps to achieve efficient, fine-grained, and low-intrusion data access control, enhance data security and compliance, simplify maintenance, support flexible access control policies, and improve system performance and user experience.

[0070] In an optional embodiment, step S32, invoking the software development kit to obtain the data permission configuration information corresponding to the initial query request from the target storage area includes:

[0071] Step S321: Parse the query identifier from the initial query request, wherein the query identifier includes at least one of the following: the user account identifier corresponding to the initial query request, and the data item identifier corresponding to the initial query request;

[0072] Step S322: Call the software development kit to obtain the data permission configuration information corresponding to the query identifier from the target storage area.

[0073] The user account identifier corresponding to the initial query request can be a user ID, account number, or any information that can uniquely identify a user account. When the initial query request arrives at the system, the user account identifier can be extracted from it as the basis for authorization verification. The data item identifier corresponding to the initial query request can be used to determine the specific data targeted by the initial query request. By parsing the initial query request, the system can obtain the data item identifier, thereby quickly determining the specific data range and type of the initial query request.

[0074] After resolving the query identifier, a request is sent to the target storage area by invoking a pre-integrated software development kit (SDK) to obtain data permission configuration information related to the query identifier. The target storage area typically contains a pre-defined storage structure for storing the configuration details of data permissions.

[0075] Based on the above optional embodiments, by parsing the query identifier from the initial query request and then calling the software development kit to obtain the data permission configuration information corresponding to the query identifier from the target storage area, fine-grained data permission control is effectively realized, while improving the system's security, efficiency, and ease of maintenance.

[0076] In an optional embodiment, the query processing method of this application further includes:

[0077] By adding code comments, the initial access method of the target application to the target storage area is switched to the target access method. The initial access method is used to determine that the target application directly accesses the target storage area, while the target access method is used to determine that the target application accesses the target storage area through the software development kit.

[0078] Switching the application's access mode by adding code comments, from the initial access method of directly accessing the target storage area to the target access method of accessing through the software development kit, is a low-intrusion integration strategy that can achieve access control over the database with minimal modifications to existing code.

[0079] For example, the first step is to locate the code snippets in the target application that directly access the target storage area. These snippets can perform functions such as SQL queries, reading and writing records, and updating status. Further, specific code comments are added next to the located database access code to serve as markers for the SDK to identify and modify the access logic. These comments can contain instructions to call the SDK or information indicating that access at that point requires permission control. Next, the corresponding permission control SDK needs to be integrated into the target application. At runtime, the SDK scans the target application's code, identifies the newly added special code comments, and determines whether to intercept and modify the database access logic based on the comment content. If the SDK identifies the comment, it will take over the database access process, thereby implementing the target access method.

[0080] Once the SDK identifies and takes over the database access code, it can rewrite or wrap the original database access logic, allowing the target application to access the database indirectly through the SDK. The SDK can also add necessary permission verification steps before query execution, such as reading permission configuration information and modifying SQL statements to add permission-related conditions, thereby achieving data permission control.

[0081] Based on the above optional embodiments, by adding code comments, the initial access method of the target application to the target storage area can be switched to the target access method. This can achieve secure control over access to the target storage area while maintaining the flexibility and ease of development and maintenance of the target application.

[0082] In an optional embodiment, step S33, rewriting the initial query request based on data permission configuration information to generate the target query request includes:

[0083] Step S331: Obtain the initial structured query statement corresponding to the initial query request. The initial structured query statement is a single-condition query statement. The initial structured query statement includes: a first keyword, which is used to specify user-defined conditions, and user-defined conditions are used to determine the data type of the data object.

[0084] Step S332: Add a second keyword, a third keyword, and data permission conditions to the initial structured query statement based on the data permission configuration information to obtain the target structured query statement. The target structured query statement is a multi-condition query statement. The second keyword is used to combine user-defined conditions and data permission conditions. The third keyword is used to specify the value corresponding to the data permission conditions. The data permission conditions are used to determine the access permissions corresponding to the data types.

[0085] Step S333: Generate a target query request based on the target structured query statement.

[0086] Specifically, the initial structured query statement corresponding to the initial query request is obtained. The initial structured query statement can be a single-condition query statement, which contains user-defined query conditions. For example, if a user wants to query data objects of a specific type (such as images or videos), the specific type is the user-defined condition, which can be specified using the first keyword, such as by using the WHERE clause in the SQL language.

[0087] After obtaining the initial structured query statement, it can be modified based on the data permission configuration information obtained from the software development kit (SDK) to add permission-related query conditions. The second keyword mentioned above is used to combine user-defined conditions and data permission conditions. For example, the logical operator AND indicates that both conditions must be met, while the logical operator OR indicates that either condition must be met. The third keyword mentioned above is used to specify the values ​​corresponding to the data permission conditions. For example, using the keyword IN or the equals sign as the third keyword is used to match specific values ​​under the permission conditions.

[0088] The equals sign expresses equality. In SQL queries, the equals sign is used to specify that the value of a field must exactly match a given value. For example, to query all data with account ID 1001, you can use the conditional expression `where account_id = 1001`, meaning only records where the account ID field value is 1001 will be selected.

[0089] The keyword IN is a list matching operator used to specify that the value of a field must be in a given list. Using the IN keyword, you can check if a field matches any of multiple values ​​at once. For example, if you need to query data with account IDs of 1001 or 1002, you can use `where account_id IN(1001,1002)`, meaning that any record whose account ID field value is either 1001 or 1002 will be selected.

[0090] The data permission conditions described above are query criteria built upon data permission configuration information, used to determine whether a user has permission to access specific data types or data items. By combining data permission conditions with user-defined conditions, it can be ensured that the target query results only include data that the user is authorized to access, thereby effectively limiting the scope of data access and enhancing data security and privacy protection.

[0091] Continuing with Table 1 as an example, user 1001 wants to query image data. The initial SQL query is: `select * from material where type = 'IMAGE'`. To achieve data isolation—that is, restricting each account to access only data within its own permission scope—while also allowing data sharing between specific accounts (for example, allowing user 1001 to access some of user 1002's data), by integrating a specific SDK and configuring relevant permission rules within the SDK, the initial SQL query can be dynamically rewritten to meet the query requirements.

[0092] When user 1001 initiates an initial query request, the SDK automatically modifies the original SQL statement before querying the database. The modified SQL statement adds a permission check for the user account identifier, ensuring that the target query results only contain data that user 1001 has access to. Simultaneously, to allow user 1001 to access user 1002's data, the SDK adds a shared condition for the user account identifier in the WHERE clause, setting the user account identifier value to both 1001 and 1002. The modified SQL query statement is as follows: SELECT * FROM material where type='IMAGE'AND account_id IN(1001,1002). This allows user 1001 to not only query image materials within their own permission scope but also additionally gain access to image materials related to user 1002. This SQL rewriting strategy effectively achieves data isolation and data sharing between specific accounts, enhancing the security and flexibility of data access while maintaining the simplicity and low invasiveness of the system application. Complex access control logic can be implemented without significant modifications to existing code.

[0093] Based on the above optional embodiments, by obtaining the initial structured query statement corresponding to the initial query request, and then adding the second keyword, the third keyword, and data permission conditions to the initial structured query statement according to the data permission configuration information, the target structured query statement is obtained. Finally, the target query request is generated based on the target structured query statement. This enables flexible access control of data, ensures the compliance of data access for each account, and supports data sharing under specific conditions, thus meeting the dual needs of business for data security and flexibility of use.

[0094] In one optional embodiment, the data permission conditions include one of the following: data permission conditions for data isolation between different user accounts; data permission conditions for data sharing between different user accounts; and data permission conditions for sharing at least one stored data item in a preset storage structure configured within the target storage area.

[0095] Data isolation between different user accounts ensures that each user can only access data belonging to their own account and cannot access data from other user accounts. Data isolation is one of the most fundamental and important principles of data access control. By adding specific conditions to the query statement, such as account_id = user ID, the scope of data access can be restricted, thereby protecting the privacy and security of user data.

[0096] Data sharing permissions between different user accounts allow one user account to access data from one or more other user accounts. This is typically used in applications requiring cross-account data sharing, such as a collaboration platform where project members need to access files or data uploaded by other members. Data sharing permissions can be implemented by adding `account_id IN shared_account_id` to the query statement, ensuring that users can access data from specific shared accounts while maintaining isolation from data in other non-shared accounts.

[0097] In some cases, data access control is not only based on user accounts but also on the attributes of the data items themselves. For example, a data item can be marked as "public" or "shared," meaning that any user with the corresponding permissions can access it without needing direct access rights to the account to which the data item belongs. Data access conditions that allow at least one stored data item in a preset storage structure configured within the target storage area to share data can be achieved by checking the preset attributes of the data item (such as its sharing status) and adding them as query conditions to the SQL statement, for example, WHERE share_status=3', meaning sharing the data in data item 3.

[0098] Based on the above optional embodiments, by employing different types of data permission conditions, data isolation and data sharing can be flexibly implemented according to different service needs and security policies, ensuring that data access meets service requirements without violating security and privacy regulations. By dynamically adding data permission conditions to query statements, fine-grained data access control can be achieved, improving data security and management efficiency.

[0099] Figure 4 This is a schematic diagram of the architecture of a query processing system according to an embodiment of this application, such as... Figure 4As shown, a preset storage structure to be used is configured within the target storage area, and then data permission configuration information is populated into the preset storage structure. Further, the initial query request of the target application is obtained, and then the software development kit (SDK) is invoked to retrieve the data permission configuration information corresponding to the initial query request from the target storage area, in order to determine the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area. Subsequently, the initial query request is rewritten based on the data permission configuration information to generate a target query request. Finally, the target query request is used to access the target storage area, and the target query results corresponding to the target query request are retrieved from the data objects. This allows for access control of user accounts to data objects in the target storage area, ensuring that users can only access the data objects they are authorized to access, thereby protecting data security and privacy.

[0100] Figure 5 This is a flowchart of another query processing method according to an embodiment of this application, such as... Figure 5 As shown, the method includes the following steps:

[0101] Step S51: Obtain the initial user behavior data query request from the network query application;

[0102] Step S52: Call the software development kit to obtain the user behavior data permission configuration information corresponding to the initial user behavior data query request from the target storage area. The user behavior data permission configuration information is used to determine the user behavior data objects that the user account corresponding to the initial user behavior data query request is allowed to access in the target storage area.

[0103] Step S53: Rewrite the initial user behavior data query request based on the user behavior data permission configuration information to generate a target user behavior data query request. The target user behavior data query request includes a multi-condition query statement obtained by rewriting based on the user behavior data permission configuration information.

[0104] Step S54: Access the target storage area using the target user behavior data query request, and obtain the user behavior data query result corresponding to the target user behavior data query request from the user behavior data object.

[0105] The aforementioned web query applications are software applications that can initiate queries to databases or data storage systems via a network. Specifically, web query applications can be web applications, mobile applications, backend server scripts, etc. Their main function is to send initial query requests to the data storage area based on user input or system requirements, retrieve the required data, and process or display it. Web query applications typically need to interact with servers and databases to achieve data reading, analysis, and visualization.

[0106] The aforementioned user behavior data query request may contain a single-condition query statement written in SQL. During the interaction between the web query application and the database, when a user attempts to access or manipulate data, the web query application generates a raw SQL query statement or data access request. The initial user behavior data query request may contain the table name and fields for which the user wishes to obtain data, but it does not yet contain any additional conditions for data access control. The initial user behavior data query request is a direct expression of the user's intent. Based on the initial user behavior data query request, it is rewritten according to the user's data access permissions to limit or adjust the scope of data access.

[0107] The aforementioned user behavior data objects may include, but are not limited to, records in database tables, files in file systems, and objects in cloud storage.

[0108] Based on steps S51 to S54 above, by obtaining the initial user behavior data query request from the network query application, and then calling the software development kit to obtain the user behavior data permission configuration information corresponding to the initial user behavior data query request from the target storage area, the user behavior data objects that the user account corresponding to the initial user behavior data query request is allowed to access in the target storage area are determined. Subsequently, the initial user behavior data query request is rewritten according to the user behavior data permission configuration information to generate the target user behavior data query request. Finally, the target user behavior data query request is used to access the target storage area and obtain the user behavior data query results corresponding to the target user behavior data query request from the user behavior data objects. This can realize the permission control of user accounts to access data objects in the target storage area, ensuring that users can only access the data objects they are authorized to access, thereby protecting data security and privacy. Simultaneously, the initial user behavior data query request is rewritten using data permission configuration information to generate a target user behavior data query request. This target user behavior data query request includes a multi-condition query statement rewritten based on the user behavior data permission configuration information. This allows for more precise limitation of the query scope within the target storage area, enabling faster retrieval of query results and further improving data accessibility and query efficiency. Furthermore, by dynamically adding conditions to the initial user behavior data query request based on user behavior data permission configuration information, customized data queries and personalized access can be effectively achieved. Moreover, the centralized management of permission configuration using a software development kit significantly reduces the complexity of data permission configuration, further resolving the technical problems of cumbersome data permission configuration and low query efficiency in processing application query requests in related technologies.

[0109] It should be noted that for parts not described in detail here, please refer to the relevant descriptions in the above embodiments, which will not be repeated here.

[0110] In an optional embodiment, the query processing method in this application further includes: adjusting the recommended content and / or recommendation strategy based on the query results of user behavior data.

[0111] Specifically, after obtaining the user behavior data query results, key user behavior features can be extracted from these results. These features include, but are not limited to, user preferences for different types of content, time patterns of user activity, and the time users spend on websites or applications. Based on the extracted user behavior features, the recommendation algorithm model is updated. Machine learning techniques, such as collaborative filtering, content-based recommendation, or deep learning methods, can be used to learn the correlation between user behavior and recommended content.

[0112] The recommendation strategy is adjusted based on the updated recommendation model. For example, if a user shows a high interest in technology news, the system will increase the recommendation weight of technology news; if a user frequently browses sports content at night, the recommendation strategy may provide more sports-related recommendations at night. Using the adjusted recommendation strategy, a personalized recommendation list can be generated for each user, containing the most relevant and attractive content or products predicted based on user behavior characteristics.

[0113] Based on the above optional embodiments, by adjusting the recommended content and / or recommendation strategy according to the query results of user behavior data, the web query application can not only control permissions based on user behavior data to ensure data security, but also use this data to optimize the recommended content and strategy, providing more personalized and accurate services, thereby improving user experience and the attractiveness of the application.

[0114] Figure 6 This is a flowchart of another query processing method according to an embodiment of this application, such as... Figure 6 As shown, the method includes the following steps:

[0115] Step S61: Obtain the initial query request of the target application through the first application programming interface;

[0116] Step S62: Return a query processing response through the second application programming interface. The response data carried in the query processing response includes: the target query result, which is obtained according to the query processing method of any one of the embodiments of this application.

[0117] Based on steps S61 to S62 above, the initial query request of the target application is obtained through the first application programming interface (API), and then a query processing response is returned through the second API. The response data carried in the query processing response includes the target query result, which can be obtained by accessing the target storage area using the target query request. The target query request is obtained by rewriting the initial query request based on data permission configuration information. This enables access control of user accounts to data objects in the target storage area, ensuring that users can only access data objects they are authorized to access, thereby protecting data security and privacy. Simultaneously, the initial query request is rewritten using data permission configuration information to generate the target query request. The target query request includes a multi-condition query statement rewritten based on the data permission configuration information. This allows for more precise limitation of the query scope in the target storage area according to the multi-condition query statement, enabling faster acquisition of the query result corresponding to the target query request, further improving data accessibility and query efficiency. Furthermore, by dynamically adding conditions based on data permission configuration information in the initial query request, customized data queries and personalized access can be effectively realized. At the same time, by using the software development kit to centrally manage permission configuration, the complexity of data permission configuration is significantly reduced. This also enables customized data queries and personalized access, effectively reducing the complexity of data permission configuration and thus solving the technical problems of cumbersome data permission configuration and low query efficiency in related technologies when processing application query requests.

[0118] Figure 7 This is a flowchart of another query processing method according to an embodiment of this application, such as... Figure 7 As shown, the method includes the following steps:

[0119] Step S71: In response to the query command applied to the operation interface, generate the initial query request of the target application;

[0120] Step S72: In response to the processing instruction applied to the operation interface, the target query result is displayed on the operation interface, wherein the target query result is obtained according to the query processing method of any one of the embodiments of this application.

[0121] Based on steps S71 to S72 above, in response to the query command applied to the operation interface, an initial query request for the target application is generated. Then, in response to the processing command applied to the operation interface, the target query result is displayed on the operation interface. The target query result can be obtained by accessing the target storage area using the target query request. The target query request is obtained by rewriting the initial query request based on data permission configuration information. This enables access control of user accounts to data objects in the target storage area, ensuring that users can only access data objects they are authorized to access, thereby protecting data security and privacy. Simultaneously, the target query request is generated by rewriting the initial query request using data permission configuration information. The target query request includes a multi-condition query statement rewritten based on the data permission configuration information. This allows for more precise limitation of the query scope in the target storage area according to the multi-condition query statement, enabling faster acquisition of the query results corresponding to the target query request, further improving data accessibility and query efficiency. Furthermore, by dynamically adding conditions based on data permission configuration information in the initial query request, customized data queries and personalized access can be effectively realized. At the same time, by using the software development kit to centrally manage permission configuration, the complexity of data permission configuration is significantly reduced. This also enables customized data queries and personalized access, effectively reducing the complexity of data permission configuration and thus solving the technical problems of cumbersome data permission configuration and low query efficiency in related technologies when processing application query requests.

[0122] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, data stored, data displayed, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties. Furthermore, the collection, use and processing of the relevant data must comply with the relevant laws, regulations and standards of the relevant countries and regions, and corresponding operation portals are provided for users to choose to authorize or refuse.

[0123] It should be noted that, for the sake of simplicity, the foregoing method embodiments are all described as a series of actions. However, those skilled in the art should understand that this application is not limited to the described order of actions, as some steps may be performed in other orders or simultaneously according to this application. Furthermore, those skilled in the art should also understand that the embodiments described in the specification are preferred embodiments, and the actions and modules involved are not necessarily essential to this application.

[0124] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods according to the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms, and of course, they can also be implemented by hardware. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk), and includes several instructions to cause a terminal device (which may be a mobile phone, computer, server, or network device, etc.) to execute the methods described in the various embodiments of this application.

[0125] According to an embodiment of this application, a query processing apparatus for implementing the above-described query processing method is also provided. Figure 8 This is a structural block diagram of a query processing apparatus according to an embodiment of this application, such as... Figure 8 As shown, the device includes:

[0126] The first acquisition module 801 is used to acquire the initial query request of the target application;

[0127] The second acquisition module 802 is used to call the software development kit to obtain the data permission configuration information corresponding to the initial query request from the target storage area. The data permission configuration information is used to determine the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area.

[0128] The generation module 803 is used to rewrite the initial query request based on the data permission configuration information to generate a target query request, wherein the target query request includes a multi-condition query statement obtained by rewriting based on the data permission configuration information.

[0129] Processing module 804 is used to access the target storage area using the target query request and obtain the target query result corresponding to the target query request from the data object.

[0130] Optionally, the query processing device further includes: a configuration module for configuring a preset storage structure to be used in the target storage area; and a filling module for filling data permission configuration information into the preset storage structure.

[0131] Optionally, the preset storage structure includes: multiple storage data items, each of which includes: multiple storage fields, and the multiple storage fields include at least: a first storage field, a second storage field, and a third storage field, wherein the first storage field is used to record the data item identifier of the multiple storage data items, the second storage field is used to record the user account identifier corresponding to each of the multiple storage data items, and the third storage field is used to record the data type of the data object corresponding to each of the multiple storage data items.

[0132] Optionally, the second acquisition module 802 is further configured to: parse a query identifier from the initial query request, wherein the query identifier includes at least one of the following: a user account identifier corresponding to the initial query request, a data item identifier corresponding to the initial query request; and call a software development kit to obtain data permission configuration information corresponding to the query identifier from the target storage area.

[0133] Optionally, the query processing device further includes: a switching module, used to switch the initial access mode of the target application to the target storage area to the target access mode by adding code comments, wherein the initial access mode is used to determine that the target application directly accesses the target storage area, and the target access mode is used to determine that the target application accesses the target storage area through a software development kit.

[0134] Optionally, the generation module 803 is further configured to: obtain the initial structured query statement corresponding to the initial query request, wherein the initial structured query statement is a single-condition query statement, and the initial structured query statement includes: a first keyword, which is used to specify user-defined conditions, and user-defined conditions are used to determine the data type of the data object; add a second keyword, a third keyword, and data permission conditions to the initial structured query statement according to the data permission configuration information to obtain the target structured query statement, wherein the target structured query statement is a multi-condition query statement, the second keyword is used to combine user-defined conditions and data permission conditions, the third keyword is used to specify the value corresponding to the data permission conditions, and data permission conditions are used to determine the access permissions corresponding to the data type; and generate a target query request based on the target structured query statement.

[0135] Optionally, the data permission conditions include one of the following: data permission conditions for data isolation between different user accounts; data permission conditions for data sharing between different user accounts; and data permission conditions for sharing at least one stored data item in a preset storage structure configured within the target storage area.

[0136] Optionally, the target storage area is a database, the preset storage structure is a database table, and the data permission configuration information is the table information configured in the database table for data permission control.

[0137] It should be noted that the first acquisition module 801, the second acquisition module 802, the generation module 803, and the processing module 804 mentioned above correspond to steps S31 to S34 in the embodiments. The four modules and their corresponding steps implement the same instances and application scenarios, but are not limited to the content disclosed in the above embodiments. It should be noted that the above modules or units can be hardware or software components stored in memory and processed by one or more processors. The above modules can also be part of a device and run in the computer terminal provided in the embodiments.

[0138] Figure 9 This is a structural block diagram of another query processing apparatus according to an embodiment of this application, such as... Figure 9 As shown, the device includes:

[0139] The first acquisition module 901 is used to acquire the initial user behavior data query request of the network query application;

[0140] The second acquisition module 902 is used to call the software development kit to obtain the user behavior data permission configuration information corresponding to the initial user behavior data query request from the target storage area. The user behavior data permission configuration information is used to determine the user behavior data object that the user account corresponding to the initial user behavior data query request is allowed to access in the target storage area.

[0141] The generation module 903 is used to rewrite the initial user behavior data query request based on the user behavior data permission configuration information to generate a target user behavior data query request. The target user behavior data query request includes a multi-condition query statement obtained by rewriting based on the user behavior data permission configuration information.

[0142] Processing module 904 is used to access the target storage area using the target user behavior data query request and obtain the user behavior data query result corresponding to the target user behavior data query request from the user behavior data object.

[0143] Optionally, the query processing device further includes an adjustment module 905, used to adjust the recommended content and / or recommendation strategy based on the query results of user behavior data.

[0144] It should be noted that the first acquisition module 901, the second acquisition module 902, the generation module 903, and the processing module 904 mentioned above correspond to steps S51 to S54 in the embodiments. The four modules and their corresponding steps implement the same instances and application scenarios, but are not limited to the content disclosed in the above embodiments. It should be noted that the above modules or units can be hardware or software components stored in memory and processed by one or more processors. The above modules can also be part of a device and run in the computer terminal provided in the embodiments.

[0145] Figure 10 This is a structural block diagram of another query processing apparatus according to an embodiment of this application, such as... Figure 10 As shown, the device includes:

[0146] The acquisition module 1001 is used to acquire the initial query request of the target application through the first application programming interface;

[0147] The return module 1002 is used to return a query processing response through a second application programming interface, wherein the response data carried in the query processing response includes: the target query result, which is obtained according to any one of the query processing methods in the embodiments of this application.

[0148] It should be noted that the acquisition module 1001 and return module 1002 mentioned above correspond to steps S61 to S62 in the embodiments. The two modules and the corresponding steps implement the same instances and application scenarios, but are not limited to the content disclosed in the above embodiments. It should be noted that the above modules or units can be hardware components or software components stored in memory and processed by one or more processors. The above modules can also be part of the device and run in the computer terminal provided in the embodiments.

[0149] Figure 11 This is a structural block diagram of another query processing apparatus according to an embodiment of this application, such as... Figure 11 As shown, the device includes:

[0150] The generation module 1101 is used to generate the initial query request of the target application in response to the query command applied to the operation interface.

[0151] Display module 1102 is used to respond to processing instructions applied to the operation interface and display the target query results on the operation interface, wherein the target query results are obtained according to the query processing method of any one of the embodiments of this application.

[0152] It should be noted that the above-mentioned generation module 1101 and display module 1102 correspond to steps S71 to S72 in the embodiments. The two modules and the corresponding steps implement the same instances and application scenarios, but are not limited to the content disclosed in the above embodiments. It should be noted that the above-mentioned modules or units may be hardware components or software components stored in memory and processed by one or more processors. The above-mentioned modules may also be part of the device and run in the computer terminal provided in the embodiments.

[0153] Embodiments of this application may provide a query processing system, including:

[0154] The client is used to send the initial query request of the target application; the server connects to the client and is used to call the software development kit to obtain the data permission configuration information corresponding to the initial query request from the target storage area, rewrite the initial query request according to the data permission configuration information to generate the target query request, and use the target query request to access the target storage area to obtain the target query result corresponding to the target query request from the data objects. The data permission configuration information is used to determine the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area. The target query request includes a multi-condition query statement obtained by rewriting according to the data permission configuration information; the client is also used to output the target query result.

[0155] Embodiments of this application may provide a computer terminal, which may be any computer terminal device in a group of computer terminals. Optionally, in this embodiment, the aforementioned computer terminal may also be replaced by a mobile terminal or other terminal device.

[0156] Optionally, in this embodiment, the computer terminal may be located in at least one of a plurality of network devices in a computer network.

[0157] Optionally, Figure 12 This is a structural block diagram of a computer terminal according to an embodiment of this application. Figure 12 As shown, the computer terminal may include: one or more (only one is shown in the figure) processors 122, memory 124, memory controller, and peripheral interfaces, wherein the peripheral interfaces are connected to a radio frequency module, an audio module, and a display.

[0158] The memory can be used to store software programs and modules, such as the program instructions / modules corresponding to the query processing method and apparatus in this application embodiment. The processor executes various functional applications and data processing by running the software programs and modules stored in the memory, thereby implementing the aforementioned query processing method. The memory may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory may further include memory remotely located relative to the processor, and these remote memories can be connected to the terminal via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

[0159] The processor can invoke information and applications stored in memory via a transmission device to perform the following steps: obtaining an initial query request from the target application; invoking a software development kit to obtain data permission configuration information corresponding to the initial query request from the target storage area, wherein the data permission configuration information is used to determine the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area; rewriting the initial query request based on the data permission configuration information to generate a target query request, wherein the target query request includes a multi-condition query statement obtained by rewriting based on the data permission configuration information; and accessing the target storage area using the target query request to obtain the target query result corresponding to the target query request from the data objects.

[0160] Optionally, the processor may also execute program code that performs the following steps: configuring a preset storage structure to be used in the target storage area; and filling the preset storage structure with data permission configuration information.

[0161] Optionally, the preset storage structure includes: multiple storage data items, each of which includes: multiple storage fields, and the multiple storage fields include at least: a first storage field, a second storage field, and a third storage field, wherein the first storage field is used to record the data item identifier of the multiple storage data items, the second storage field is used to record the user account identifier corresponding to each of the multiple storage data items, and the third storage field is used to record the data type of the data object corresponding to each of the multiple storage data items.

[0162] Optionally, the processor may also execute program code that performs the following steps: parsing a query identifier from an initial query request, wherein the query identifier includes at least one of the following: a user account identifier corresponding to the initial query request, and a data item identifier corresponding to the initial query request; and calling a software development kit to obtain data permission configuration information corresponding to the query identifier from the target storage area.

[0163] Optionally, the processor may also execute program code that performs the following steps: by adding code comments, the initial access mode of the target application to the target storage area is switched to the target access mode, wherein the initial access mode is used to determine that the target application directly accesses the target storage area, and the target access mode is used to determine that the target application accesses the target storage area through a software development kit.

[0164] Optionally, the processor may also execute program code that performs the following steps: obtaining an initial structured query statement corresponding to the initial query request, wherein the initial structured query statement is a single-condition query statement, and the initial structured query statement includes: a first keyword, which is used to specify user-defined conditions, and user-defined conditions are used to determine the data type of the data object; adding a second keyword, a third keyword, and data permission conditions to the initial structured query statement according to data permission configuration information to obtain a target structured query statement, wherein the target structured query statement is a multi-condition query statement, the second keyword is used to combine user-defined conditions and data permission conditions, the third keyword is used to specify the value corresponding to the data permission conditions, and data permission conditions are used to determine the access permissions corresponding to the data type; and generating a target query request based on the target structured query statement.

[0165] Optionally, the data permission conditions include one of the following: data permission conditions for data isolation between different user accounts; data permission conditions for data sharing between different user accounts; and data permission conditions for sharing at least one stored data item in a preset storage structure configured within the target storage area.

[0166] Optionally, the target storage area is a database, the preset storage structure is a database table, and the data permission configuration information is the table information configured in the database table for data permission control.

[0167] Optionally, the processor may also execute program code that performs the following steps: obtaining an initial user behavior data query request from a network query application; invoking a software development kit to obtain user behavior data permission configuration information corresponding to the initial user behavior data query request from a target storage area, wherein the user behavior data permission configuration information is used to determine the user behavior data objects that the user account corresponding to the initial user behavior data query request is allowed to access in the target storage area; rewriting the initial user behavior data query request based on the user behavior data permission configuration information to generate a target user behavior data query request, wherein the target user behavior data query request includes a multi-condition query statement obtained by rewriting based on the user behavior data permission configuration information; and accessing the target storage area using the target user behavior data query request to obtain the user behavior data query result corresponding to the target user behavior data query request from the user behavior data objects.

[0168] Optionally, the processor may also execute program code that performs the following steps: adjusting recommended content and / or recommendation strategies based on user behavior data query results.

[0169] Optionally, the processor may also execute program code that performs the following steps: obtaining an initial query request from the target application through a first application programming interface; and returning a query processing response through a second application programming interface, wherein the response data carried in the query processing response includes: the target query result, which is obtained according to any one of the query processing methods in the embodiments of this application.

[0170] Optionally, the processor may also execute program code that performs the following steps: in response to a query instruction applied to the operation interface, generates an initial query request for the target application; in response to a processing instruction applied to the operation interface, displays the target query result on the operation interface, wherein the target query result is obtained according to any one of the query processing methods in the embodiments of this application.

[0171] By employing the embodiments of this application, an initial query request from the target application is obtained. Then, a software development kit (SDK) is invoked to retrieve the data permission configuration information corresponding to the initial query request from the target storage area. This determines the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area. Subsequently, the initial query request is rewritten based on the data permission configuration information to generate a target query request. Finally, the target query request is used to access the target storage area and retrieve the target query results corresponding to the target query request from the data objects. This enables access control of user accounts' access to data objects in the target storage area, ensuring that users can only access their authorized data objects, thereby protecting data security and privacy. Furthermore, by rewriting the initial query request using the data permission configuration information to generate the target query request, which includes a multi-condition query statement derived from the data permission configuration information, the query scope in the target storage area can be more precisely limited according to the multi-condition query statement, allowing for faster retrieval of the query results corresponding to the target query request, further improving data accessibility and query efficiency. Furthermore, by dynamically adding conditions based on data permission configuration information in the initial query request, customized data queries and personalized access can be effectively realized. At the same time, by using the software development kit to centrally manage permission configuration, the complexity of data permission configuration is significantly reduced. This also enables customized data queries and personalized access, effectively reducing the complexity of data permission configuration and thus solving the technical problems of cumbersome data permission configuration and low query efficiency in related technologies when processing application query requests.

[0172] Those skilled in the art will understand that Figure 12 The structure shown is for illustrative purposes only. The computer terminal can also be a smartphone (such as an Android phone, an iOS phone, etc.), a tablet computer, a PDA, or a mobile Internet device (MID). Figure 12 This does not limit the structure of the aforementioned electronic devices. For example, a computer terminal may also include components that are more... Figure 12 The more or fewer components shown (such as network interfaces, display devices, etc.), or having the same Figure 12 The different configurations shown.

[0173] Those skilled in the art will understand that all or part of the steps in the various methods of the above embodiments can be implemented by a program instructing the hardware related to the terminal device. The program can be stored in a computer-readable storage medium, which may include: flash drive, read-only memory (ROM), random access memory (RAM), disk or optical disk, etc.

[0174] Embodiments of this application also provide a computer-readable storage medium. Optionally, in this embodiment, the storage medium can be used to store the program code executed by the query processing method provided in Embodiment 1.

[0175] Optionally, in this embodiment, the storage medium may be located in any computer terminal in a group of computer terminals in a computer network, or in any mobile terminal in a group of mobile terminals.

[0176] Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: obtaining an initial query request from the target application; calling a software development kit to obtain data permission configuration information corresponding to the initial query request from the target storage area, wherein the data permission configuration information is used to determine the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area; rewriting the initial query request according to the data permission configuration information to generate a target query request, wherein the target query request includes a multi-condition query statement obtained by rewriting according to the data permission configuration information; and accessing the target storage area using the target query request to obtain the target query result corresponding to the target query request from the data objects.

[0177] Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: configuring a preset storage structure to be used in the target storage area; and filling the preset storage structure with data permission configuration information.

[0178] Optionally, the preset storage structure includes: multiple storage data items, each of which includes: multiple storage fields, and the multiple storage fields include at least: a first storage field, a second storage field, and a third storage field, wherein the first storage field is used to record the data item identifier of the multiple storage data items, the second storage field is used to record the user account identifier corresponding to each of the multiple storage data items, and the third storage field is used to record the data type of the data object corresponding to each of the multiple storage data items.

[0179] Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: parsing a query identifier from an initial query request, wherein the query identifier includes at least one of the following: a user account identifier corresponding to the initial query request, and a data item identifier corresponding to the initial query request; and calling a software development kit to obtain data permission configuration information corresponding to the query identifier from a target storage area.

[0180] Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: by adding code comments, the initial access mode of the target application to the target storage area is switched to the target access mode, wherein the initial access mode is used to determine that the target application directly accesses the target storage area, and the target access mode is used to determine that the target application accesses the target storage area through a software development kit.

[0181] Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: obtaining an initial structured query statement corresponding to an initial query request, wherein the initial structured query statement is a single-condition query statement, and the initial structured query statement includes: a first keyword, which is used to specify user-defined conditions, and the user-defined conditions are used to determine the data type of the data object; adding a second keyword, a third keyword, and data permission conditions to the initial structured query statement according to data permission configuration information to obtain a target structured query statement, wherein the target structured query statement is a multi-condition query statement, the second keyword is used to combine user-defined conditions and data permission conditions, the third keyword is used to specify the value corresponding to the data permission conditions, and the data permission conditions are used to determine the access permissions corresponding to the data type; generating a target query request based on the target structured query statement.

[0182] Optionally, the data permission conditions include one of the following: data permission conditions for data isolation between different user accounts; data permission conditions for data sharing between different user accounts; and data permission conditions for sharing at least one stored data item in a preset storage structure configured within the target storage area.

[0183] Optionally, the target storage area is a database, the preset storage structure is a database table, and the data permission configuration information is the table information configured in the database table for data permission control.

[0184] Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: obtaining an initial user behavior data query request from a network query application; calling a software development kit to obtain user behavior data permission configuration information corresponding to the initial user behavior data query request from a target storage area, wherein the user behavior data permission configuration information is used to determine the user behavior data objects that the user account corresponding to the initial user behavior data query request is allowed to access in the target storage area; rewriting the initial user behavior data query request according to the user behavior data permission configuration information to generate a target user behavior data query request, wherein the target user behavior data query request includes a multi-condition query statement obtained by rewriting according to the user behavior data permission configuration information; and accessing the target storage area using the target user behavior data query request to obtain the user behavior data query result corresponding to the target user behavior data query request from the user behavior data objects.

[0185] Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: adjusting recommended content and / or recommendation strategies based on user behavior data query results.

[0186] Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: obtaining an initial query request of the target application through a first application programming interface; returning a query processing response through a second application programming interface, wherein the response data carried in the query processing response includes: the target query result, which is obtained according to any one of the query processing methods in the embodiments of this application.

[0187] Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: generating an initial query request for the target application in response to a query instruction applied to the operation interface; displaying the target query result on the operation interface in response to a processing instruction applied to the operation interface, wherein the target query result is obtained according to any of the query processing methods in the embodiments of this application.

[0188] Embodiments of this application also provide a computer program product. Optionally, in this embodiment, the computer program product may include a computer program that, when executed by a processor, implements the methods provided in the embodiments described above.

[0189] Embodiments of this application also provide a computer program product. Optionally, the computer program product may include a non-volatile computer-readable storage medium, which can be used to store a computer program that, when executed by a processor, implements the method provided in the above embodiments.

[0190] Embodiments of this application also provide a computer program. Optionally, in this embodiment, when the computer program is executed by a processor, it implements the method provided in the above embodiments.

[0191] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0192] In the above embodiments of this application, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.

[0193] In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are merely illustrative; for example, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the displayed or discussed mutual coupling, direct coupling, or communication connection may be through some interfaces; the indirect coupling or communication connection between units or modules may be electrical or other forms.

[0194] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0195] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0196] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as a USB flash drive, read-only memory (ROM), random access memory (RAM), portable hard drive, magnetic disk, or optical disk.

[0197] The above description is only a preferred embodiment of this application. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the principle of this application, and these improvements and modifications should also be considered within the scope of protection of this application.

Claims

1. A query processing method, characterized in that, include: Obtain the initial query request from the target application; The software development kit is invoked to obtain the data permission configuration information corresponding to the initial query request from the target storage area, wherein the data permission configuration information is used to determine the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area; The initial query request is rewritten based on the data permission configuration information to generate a target query request, wherein the target query request includes a multi-condition query statement obtained by rewriting based on the data permission configuration information; The target storage area is accessed using the target query request, and the target query result corresponding to the target query request is obtained from the data object.

2. The query processing method according to claim 1, characterized in that, The query processing method further includes: Configure a preset storage structure to be used within the target storage area; The data permission configuration information is populated into the preset storage structure.

3. The query processing method according to claim 2, characterized in that, The preset storage structure includes: multiple storage data items, each of which includes: multiple storage fields, the multiple storage fields including at least: a first storage field, a second storage field, and a third storage field, wherein the first storage field is used to record the data item identifier of the multiple storage data items, the second storage field is used to record the user account identifier corresponding to each of the multiple storage data items, and the third storage field is used to record the data type of the data object corresponding to each of the multiple storage data items.

4. The query processing method according to claim 3, characterized in that, Invoking the software development kit to retrieve the data permission configuration information corresponding to the initial query request from the target storage area includes: The query identifier is parsed from the initial query request, wherein the query identifier includes at least one of the following: the user account identifier corresponding to the initial query request, and the data item identifier corresponding to the initial query request; The software development kit is invoked to retrieve the data permission configuration information corresponding to the query identifier from the target storage area.

5. The query processing method according to any one of claims 1-4, characterized in that, The query processing method further includes: By adding code comments, the initial access method of the target application to the target storage area is switched to the target access method. The initial access method is used to determine that the target application directly accesses the target storage area, and the target access method is used to determine that the target application accesses the target storage area through the software development kit.

6. The query processing method according to any one of claims 1-4, characterized in that, The initial query request is rewritten based on the data permission configuration information to generate the target query request, including: Obtain the initial structured query statement corresponding to the initial query request, wherein the initial structured query statement is a single-condition query statement, and the initial structured query statement includes: a first keyword, the first keyword being used to specify user-defined conditions, and the user-defined conditions being used to determine the data type of the data object; Based on the data permission configuration information, a second keyword, a third keyword, and data permission conditions are added to the initial structured query statement to obtain a target structured query statement. The target structured query statement is a multi-condition query statement. The second keyword is used to combine the user-defined conditions with the data permission conditions. The third keyword is used to specify the value corresponding to the data permission conditions. The data permission conditions are used to determine the access permissions corresponding to the data type. The target query request is generated based on the target structured query statement.

7. The query processing method according to claim 6, characterized in that, The data permission conditions include one of the following: Data permission conditions for data isolation between different user accounts; Data permission conditions for data sharing between different user accounts; The target storage area contains a preset storage structure in which at least one storage data item shares data permission conditions.

8. The query processing method according to any one of claims 2-4, characterized in that, The target storage area is a database, the preset storage structure is a database table, and the data permission configuration information is table information configured in the database table for data permission control.

9. A query processing method, characterized in that, include: Obtain the initial user behavior data query request from the web query application; The software development kit is invoked to obtain the user behavior data permission configuration information corresponding to the initial user behavior data query request from the target storage area. The user behavior data permission configuration information is used to determine the user behavior data objects that the user account corresponding to the initial user behavior data query request is allowed to access in the target storage area. The initial user behavior data query request is rewritten based on the user behavior data permission configuration information to generate a target user behavior data query request, wherein the target user behavior data query request includes a multi-condition query statement obtained by rewriting based on the user behavior data permission configuration information. The target storage area is accessed using the target user behavior data query request, and the user behavior data query result corresponding to the target user behavior data query request is obtained from the user behavior data object.

10. The query processing method according to claim 9, characterized in that, The query processing method further includes: Adjust recommended content and / or recommendation strategies based on the results of the user behavior data query.

11. A query processing method, characterized in that, include: The initial query request of the target application is obtained through the first application programming interface; The query processing response is returned through the second application programming interface, wherein the response data carried in the query processing response includes: the target query result, which is obtained according to the query processing method of any one of claims 1 to 8.

12. A query processing method, characterized in that, include: Responding to query commands applied to the user interface, it generates an initial query request for the target application; In response to a processing instruction applied to the operation interface, the target query result is displayed on the operation interface, wherein the target query result is obtained according to the query processing method of any one of claims 1 to 8.

13. A query processing system, characterized in that, include: The client is used to send the initial query request to the target application; The server, connected to the client, is configured to invoke a software development kit to obtain data permission configuration information corresponding to the initial query request from the target storage area, rewrite the initial query request based on the data permission configuration information to generate a target query request, and use the target query request to access the target storage area to obtain the target query result corresponding to the target query request from the data objects. The data permission configuration information is used to determine the data objects that the user account corresponding to the initial query request is allowed to access in the target storage area. The target query request includes a multi-condition query statement obtained by rewriting based on the data permission configuration information. The client is also used to output the target query result.

14. An electronic device, characterized in that, include: Memory, which stores executable programs; A processor for running the program, wherein the program, when running, executes the query processing method according to any one of claims 1 to 12.

15. A computer-readable storage medium, characterized in that, The computer-readable storage medium includes a stored executable program, wherein, when the executable program is executed, it controls the device on which the computer-readable storage medium resides to perform the query processing method according to any one of claims 1 to 12.

16. A computer program product, characterized in that, It includes a computer program that, when executed by a processor, implements the query processing method according to any one of claims 1 to 12.