A dialogue operation question answering method and system based on permission semantic analysis and dynamic desensitization backtracking

By generating a semantic graph of questions and parsing user permissions, constructing fragment backtracking keys and a security state machine, the problems of implicit unauthorized access and insecure results in conversational business questions are solved, and the security consistency and traceability are improved.

CN122365545APending Publication Date: 2026-07-10HANGZHOU RUISHA TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HANGZHOU RUISHA TECHNOLOGY CO LTD
Filing Date
2026-06-02
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

Existing conversational business query technologies lack permission semantic parsing, dynamic desensitization and backtracking, and security status control in multi-round queries, resulting in a high risk of implicit unauthorized access and difficulty in ensuring the security, consistency, and traceability of results.

Method used

By generating a question semantic graph, parsing user permission semantics and binding them into permission envelopes, constructing fragment backtracking keys, and utilizing a fragment security state machine to perform recalculation, freezing, downgrading, or denial of display when permissions change, the security state transition of answer fragments is ensured.

Benefits of technology

It improves the security and traceability of multi-round operational queries, reduces the risk of implicit unauthorized access, and enhances the continuity of interaction and query processing efficiency.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122365545A_ABST
    Figure CN122365545A_ABST
Patent Text Reader

Abstract

This invention discloses a conversational business query method and system based on permission semantic parsing and dynamic desensitization backtracking. The method receives multiple rounds of business queries from users; parses user identity, position, organizational level, authorized data domain, field sensitivity level, and display granularity into permission semantic vectors, and aligns them with a query semantic graph to form a permission envelope; generates candidate logical queries based on the query semantic graph, and constructs a fragment backtracking key for each answer fragment, including field source, aggregation function, filter condition hash value, permission version, desensitization rule version, minimum display granularity, and session inheritance tag; when there is follow-up questioning, error correction, drill-down, or permission changes, the fragment backtracking key is compared and the permission residual change is calculated, driving the fragment security state machine to execute valid, pending recalculation, frozen, downgraded, or rejected display. This method can improve the security, traceability, and interactive continuity of business query results.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the fields of conversational data analysis, business intelligence, access control, and dynamic data anonymization. In particular, it relates to a conversational business intelligence method and system based on access control semantic parsing and dynamic anonymization backtracking. Background Technology

[0002] With the development of enterprise digital management systems, business data such as sales, inventory, finance, supply chain, human resources, and customer operations are gradually being centralized in data warehouses, indicator platforms, or business analysis platforms. Traditional business analysis typically relies on fixed reports, data dashboards, or SQL queries written by analysts. Ordinary business personnel need to understand indicator definitions, field meanings, filtering conditions, organizational hierarchies, and query syntax when conducting business data analysis, making it a relatively high-barrier-to-entry process. In recent years, conversational data question-answering technology has been introduced into business analysis scenarios. Users can ask questions in natural language such as "What was the sales volume in East China this month?" or "Which stores experienced the largest year-on-year decline?" The system identifies the user's intent based on the language description, matches business indicators and data table fields, and generates answers or visualizations.

[0003] For example, Chinese patent CN119149716B discloses a method and apparatus for conversational data question answering. It receives questions from users that describe their data needs in language, uses a model to obtain a confidence score of the user's intent relative to the category, retrieves target knowledge items from a knowledge base based on the question and category, generates answers using a language model, and then provides interactive, visual output to the user through a dashboard. This technology improves the understanding of user intent in language descriptions and allows users to receive data feedback in natural language, making it suitable for data question answering scenarios such as enterprise decision-making. However, this type of conversational data question answering solution typically focuses on intent recognition, knowledge item retrieval, and answer generation, with insufficient attention paid to dynamic security controls during multi-round business questioning, such as access boundaries, field sensitivity levels, organizational hierarchies, and drill-down processes. Especially in business queries, users often use follow-up questions such as "continue drilling down to the store", "change the previous result to the same period last month", and "why did a certain customer decline the most" to continue the context of the previous round. If the system only performs permission judgment once during the initial query, it is easy to generate the risk of unauthorized access due to implicit inheritance of session conditions, reduced granularity, or changes in filtering conditions.

[0004] In terms of data security, existing technologies already include dynamic data masking solutions based on SQL rewriting. For example, Chinese patent CN107885876A discloses a dynamic data masking method based on SQL statement rewriting. This method determines whether the current statement is a query, segments the query statement into words and generates structured information, identifies sensitive fields, replaces sensitive strings according to user-defined rules, and finally replaces the query statement with a masked statement, executing it on the database and returning the masked result. The solution also indicates that dynamic protection of sensitive data can be achieved through user access control. This type of dynamic data masking technology can mask, replace, or process sensitive fields using functions during the query execution phase, making it suitable for solving the problem of protecting sensitive fields in a single SQL query. However, business query scenarios are not simple single SQL queries. System output often includes multiple answer fragments, such as indicator cards, ranking tables, trend charts, exception descriptions, and explanatory text. The same answer fragment may originate from multiple fields, multiple aggregate functions, and multiple filtering conditions, and may be affected by the state of the previous session. If we rely solely on SQL rewriting for data masking, it is difficult to determine whether subsequent follow-up questions have changed the permission status of the original answer fragment, and it is also difficult to decide whether the already generated fragment should continue to be displayed, recalculated, frozen, downgraded, or rejected after permission changes.

[0005] Furthermore, existing data lineage technologies can record the source of fields, processing links, and upstream and downstream influence relationships, which is helpful for data governance and result traceability. However, traditional field lineage mainly focuses on the source relationship between data tables, fields, and SQL processing logic, and usually does not simultaneously bind user permission versions, anonymization rule versions, minimum display granularity, and session inheritance status. For conversational business queries, simply knowing which fields a result comes from is not enough to guarantee security, because the same field has different visibility under different users, different organizational levels, different display granularities, or different anonymization rule versions. Especially when user permissions are revoked, anonymization rules are upgraded, the current round of follow-up queries requests more granular data, or the current round of questions omits sensitive filtering conditions from the previous round, the system needs to re-evaluate the generated answer fragments, rather than simply reusing historical results or re-querying the entire round.

[0006] Therefore, existing technologies have at least the following shortcomings: First, conversational query technology focuses on natural language understanding and answer generation, lacking fragment-level security controls that are linked to permission semantics, de-identification rules, and session inheritance risks; Second, dynamic de-identification technology usually uses SQL fields or query results as processing objects, making it difficult to cover permission status changes of answer fragments in multiple rounds of follow-up questions; Third, field lineage technology can record data sources, but fails to unify field sources, filtering conditions, aggregate functions, permission versions, de-identification versions, and display granularity into a backtracking key that can be used for state transitions; Fourth, when permissions change or follow-up questions drill down, existing solutions usually use methods such as re-querying, denying access, or simple masking, lacking a mechanism for fragment security state transitions based on priorities such as denying display, freezing, downgrading, pending recalculation, and effective reuse. Based on the above problems, it is necessary to provide a method that can perform permission semantic parsing, dynamic desensitization and backtracking, and security status control on answer fragments during multiple rounds of business questioning. This enables the system to identify affected fragments and perform local recalculation, freezing, downgrading, or rejection of display when there are follow-up questions, error corrections, drill-downs, or permission changes, thereby reducing the risk of implicit unauthorized access and improving the traceability and security consistency of business questioning results. Summary of the Invention

[0007] The technical objective of this invention is to provide a conversational business inquiry method and system based on permission semantic parsing and dynamic desensitization backtracking. By associating and parsing multi-round business inquiry semantics, user permission semantics, field sensitivity levels, display granularity, desensitization rules, and session inheritance states, a permission envelope and fragment backtracking key for answer fragments are generated. When users ask follow-up questions, correct errors, drill down, or when permissions change, the fragment security state machine is driven by the change in permission residuals to perform recalculation, freezing, downgrading, or rejection of display. This solves the problems in existing conversational inquiry systems where implicit inheritance of context easily leads to unauthorized access, dynamic desensitization lacks fragment-level backtracking, and the reuse of results after permission changes is insecure. This improves the security, traceability, and interactive continuity of business inquiry results.

[0008] To achieve the objectives of this invention, the following technical solution is adopted:

[0009] A conversational business query method based on permission semantic parsing and dynamic desensitization and backtracking, characterized by the following steps:

[0010] S1: Receive multiple rounds of business-related questions from users, combine them with a business metric dictionary, a field thesaurus, and the previous session state to generate a question semantic graph;

[0011] S2: Parse user identity, job title, organizational level, tenant, authorized data domain, field sensitivity level, and displayable granularity into permission semantic vectors, and align them with the indicator nodes, field nodes, dimension nodes, and filter nodes in the question-number semantic graph to form a permission envelope;

[0012] S3: Generate candidate logical queries based on the question number semantic graph, and bind the field source, aggregation function, filter condition hash value, permission semantic vector version number, desensitization rule version number and minimum display granularity of each answer fragment as fragment backtracking key;

[0013] S4: Based on the permission envelope, write row filtering, column replacement, aggregation drill-down restriction and desensitization operators to the candidate logical query, generate answer fragments after execution, and input the answer fragments into the fragment security state machine;

[0014] S5: When the number of queries in the next round is followed up, corrected, drilled down, or the permissions change, compare the fragment backtracking key and calculate the change in permission residual. Drive the fragment security state machine to change state according to the priority of rejecting display, freezing, downgrading, waiting to be recalculated, and valid. Only re-query the fragments to be recalculated. Block the output of the original detailed value for frozen, downgraded, or rejected fragments.

[0015] As a further improvement, in step S1, the question semantic graph is a directed semantic graph, which includes indicator nodes, dimension nodes, field nodes, time nodes, condition nodes, sorting nodes, display nodes, and session inheritance nodes; the edges in the directed semantic graph include indicator-field mapping edges, indicator-dimensional constraint edges, condition filtering edges, time constraint edges, display granularity edges, and session inheritance edges; wherein, the session inheritance edge is used to represent indicators, dimensions, filtering conditions, time ranges, or aggregation granularities that are omitted in the current round of business question statements but inherited from the previous round of session state; and, an inheritance confidence level is set for each session inheritance edge. When the inheritance confidence level Less than the inheritance threshold In this case, instead of directly inheriting the conditions from the previous round, a clarification request is generated; For the first Inheritance confidence of each session inheritance edge. Inherited edge number for the session. A confidence threshold for allowing inheritance of the previous session state.

[0016] As a further improvement, in step S2, the permission semantic vector is represented as follows:

[0017] ;

[0018] In the formula, For users The permission semantic vector; For users who are currently initiating business-related inquiries; For users The set of accessible data domains; For users The set of accessible row-level data ranges; For users The smallest allowed display granularity level; For users The set of sensitivity levels for fields that are allowed to be accessed; For users The permission semantic vector version number; For users The permission context set consists of the tenant, organizational level, and job title; the permission envelope is represented as:

[0019] ;

[0020] In the formula, Request for current business inquiries The permission envelope; This is a request for information regarding current operations; For the request The set of data domains involved; For the request The set of row-level data involved; For the request The level of granularity of display; For the request The set of sensitivity levels of the fields involved; For the request The set of tenants, organizational levels, and job contexts involved; This indicates that the coarser granularity between the requested display granularity and the minimum display granularity authorized by the user is taken as the actual display granularity.

[0021] As a further improvement, in step S3, the minimum display granularity is divided into detail level, customer level, store level, regional level, business unit level, and group level in order from fine to coarse, and coded as follows: When the granularity of the subsequent query request is displayed. Less than the The smallest display granularity of an answer fragment When this occurs, it is determined that the subsequent query request carries a risk of exceeding authority and drilling down; when the granularity of the subsequent query request is displayed... Greater than or equal to the The smallest display granularity of an answer fragment At that time, it allows the generation of answer fragments with corresponding granularity within the scope of the permission envelope; where, For the next round of question number requests, the first... The granularity of display for each answer fragment request. For the first The smallest display granularity level corresponding to each answer fragment The answer segment number;

[0022] And / or, in step S3, the fragment backtracking key is represented as:

[0023] ;

[0024] In the formula, For the first The fragment backtracking key for each answer segment; For the first A unique identifier for each answer segment; For the first The hash value of the filter conditions corresponding to each answer fragment; To generate the first The version number of the permission semantic vector used for each answer fragment; To generate the first The version number of the anonymization rule used for each answer segment; For the first The set of fields corresponding to each answer fragment; For the first The set of aggregate functions corresponding to each answer fragment; For the first The smallest display granularity corresponding to each answer fragment; For the first The set of session inheritance tags corresponding to each answer fragment;

[0025] And / or, in step S3, the filtering condition hash value Generate as follows:

[0026] ;

[0027] In the formula, For hash functions; For the first The set of filtering criteria corresponding to each answer fragment; For the first The time range corresponding to each answer segment; For the first The display granularity corresponding to each answer segment; For the first The sorting, pagination, or window conditions corresponding to each answer segment; This represents the concatenation operation of strings or field sequences.

[0028] As a further improvement, in step S5, after the next round of business query requests arrives, a new candidate fragment backtracking key is constructed. The set of affected fragments is determined according to the following formula. :

[0029] ;

[0030] In the formula, This refers to the set of affected segments that need to enter the segment safety state machine for state determination. The first question corresponding to the next round of operational inquiries Backtrack key for each candidate segment; This is the hash value of the filtering conditions corresponding to the next round of business inquiry requests; This is the version number of the permission semantic vector corresponding to the next round of operational inquiry requests; The version number of the desensitization rule corresponding to the next round of operational inquiry requests; This is the set of fields corresponding to the next round of business inquiry requests; This is the set of aggregate functions corresponding to the next round of business query requests; This sets the granularity of the request display corresponding to the next round of operational inquiry requests. For the set of session inheritance tags corresponding to the next round of business inquiry requests; when Not belonging to At that time, the first Each answer fragment remains valid and the original answer fragment is reused;

[0031] And / or, in S5, current business query request The permission residuals are calculated using the following formula:

[0032] ;

[0033] In the formula, Request for current business inquiries The Middle Permission residuals for individual answer fragments; For the first The number of semantic nodes involved in permission verification for each answer fragment; The semantic node number; For the first The semantic node is the permission level required for the current business query to access; For users to the first The authorization level of each semantic node; For the first Sensitive weights of semantic nodes; For the first Session inheritance risk value for each answer fragment; For the first The unconfirmed risk value of each answer segment; Inherit risk weights for sessions; Risk weights were not explicitly defined; the change in permission residuals between the subsequent round of operational inquiry requests and the previous round of operational inquiry requests is expressed as follows:

[0034] ;

[0035] In the formula, For the first The change in permission residuals corresponding to each answer fragment; The first in the subsequent round of operational inquiry requests Permission residuals for individual answer fragments; In the previous round of operational inquiry requests, the first Permission residuals for each answer fragment.

[0036] As a further improvement, the session inheritance risk value Calculate using the following formula:

[0037] ;

[0038] In the formula, For the first Session inheritance risk value for each answer fragment; For the first The number of semantic nodes in each answer fragment that are inherited from the previous round of conversation and do not appear explicitly in the current round of question statements; For the first The total number of semantic nodes contained in each answer fragment; For the first The average inheritance confidence of all session inheritance edges in the answer fragment; when season The unconfirmed risk value Determined according to the following rules: when the... If an answer fragment contains sensitive fields, detailed granularity, or cross-organizational row-level ranges, and the current round of queries does not explicitly specify the corresponding filter conditions, then... Otherwise, .

[0039] As a further improvement, in step S5, the fragment state of the fragment security state machine is represented as follows:

[0040]

[0041] In the formula, For the first The fragment status of each answer segment; It is in a valid state; The system is in a state where recalculation is pending. It is in a frozen state; It is in a downgraded state; To refuse to display status;

[0042] The segment security state machine performs state transitions according to the following priority: when Greater than the rejection threshold At that time, Set as ;when and At that time, Set as ;when and Not greater than At that time, Set as ;when Belongs to the set of affected fragments And if the conditions for refusing to display, freezing, or downgrading are not met, then Set as ;when Not part of the affected fragment set and At that time, Set as ;in, The residual threshold for triggering the denial of display permissions.

[0043] The second aspect of this invention provides a conversational business inquiry system based on permission semantic parsing and dynamic desensitization backtracking. This system implements the method described above, comprising: a conversation semantic parsing module for receiving multi-turn business inquiry statements from users and generating an inquiry semantic graph; a permission semantic parsing module for parsing user identity, job title, organizational level, tenant, authorized data domain, field sensitivity level, and display granularity into permission semantic vectors, and aligning them with the inquiry semantic graph to form a permission envelope; a query generation module for generating candidate logical queries based on the inquiry semantic graph; and a fragment backtracking key generation module for generating the field source, aggregation function, filter condition hash value, permission semantic vector version number, and desensitization rule version number for each answer fragment. The system is divided into several modules: a minimum display granularity module and a session inheritance tag set binding as the fragment backtracking key; a query rewriting and desensitization module for writing row filtering, column replacement, aggregation drill-down restrictions, and desensitization operators to candidate logical queries, and generating answer fragments; a risk calculation module for calculating the permission residual, permission residual change, session inheritance risk value, and unconfirmed risk value of the answer fragment; and a fragment security state machine module for comparing the fragment backtracking key and calculating the permission residual change when follow-up questions, error correction, drill-down, or permission changes occur in the next round of questions, and converting the answer fragment to the corresponding state according to the priority of rejecting display, freezing, downgrading, pending recalculation, and valid, and performing reuse, recalculation, freezing, downgrading, or rejecting display on answer fragments in different states.

[0044] A third aspect of the present invention provides a computer device including a processor, a graphics processing unit (GPU), and a memory, wherein the memory stores a computer program that, when executed by the processor and the GPU, causes the computer device to perform the method as described.

[0045] A fourth aspect of the present invention provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a computer device, causes the computer device to perform the method as described.

[0046] The beneficial technical effects achieved by this invention are as follows: By splitting the results of business query into answer fragments, and establishing a fragment backtracking key for each answer fragment containing the field source, aggregation function, filter condition hash value, permission semantic vector version number, desensitization rule version number, minimum display granularity, and session inheritance tag, each output result can be mapped to its data source, query conditions, permission status, and desensitization rules. This avoids the problem in traditional conversational query systems where only the entire query or the entire SQL statement is recorded, making it difficult to trace the specific source of the answer. By constructing a permission envelope, the user-accessible data domain, row-level range, field sensitivity level, organizational job context, and display granularity are uniformly mapped to indicator nodes, field nodes, dimension nodes, and filter nodes in the query semantic graph. This allows the system to establish executable permission boundaries before generating candidate logical queries, reducing unauthorized queries entering the data. Risks during the library execution phase are addressed by introducing session inheritance risk values ​​and unconfirmed risk values. Factors such as implicit inheritance of previous session conditions, sensitive fields not explicitly confirmed in the current round, and drill-down across organizational scope or fine granularity are incorporated into the permission residual calculation. This enables the system to identify implicit unauthorized access risks that are not easily detected by traditional field permission rules during multiple rounds of follow-up questions. Through a fragment security state machine, state transitions are performed according to priorities such as denial of display, freezing, downgrading, pending recalculation, and validity. When users follow up, correct errors, drill down, or permissions change, only the affected answer fragments are re-queried and desensitized. Unaffected fragments reuse their original results. For fragments with increased permission residuals or unauthorized granularity, the original detailed values ​​are promptly removed or covered, downgraded to aggregate values ​​or trend information, or directly denied display. This simultaneously improves the security consistency, query processing efficiency, and interaction continuity of multi-round business queries. Attached Figure Description

[0047] Figure 1 This is a schematic diagram of the overall process of the method of the present invention;

[0048] Figure 2 This is a schematic diagram of the system structure of the present invention;

[0049] Figure 3 This is a schematic diagram illustrating the alignment of the question semantic graph and the permission envelope in this invention;

[0050] Figure 4 This is a schematic diagram of the data structure of the fragment backtracking key in this invention;

[0051] Figure 5 This is a schematic diagram of the segment security state machine of the present invention;

[0052] Figure 6 This is a flowchart of the process for identifying affected segments and performing local recalculation in a multi-round questioning scenario according to the present invention.

[0053] Figure 7 This is a schematic diagram illustrating the output control for freezing, downgrading, and rejecting displays according to the present invention;

[0054] Figure 8 This is a schematic diagram of the experimental environment and data flow of the present invention;

[0055] Figure 9 This is a comparison diagram of the technical effects of the embodiments and comparative examples of the present invention. Detailed Implementation

[0056] The technical solutions in the embodiments of the present invention will be clearly and completely described below. Obviously, the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the protection scope of the present invention.

[0057] I. Terminology Explanation

[0058] To facilitate understanding of the present invention, the main terms involved in the specific embodiments are explained as follows.

[0059] Business analysis questions: These are business analysis questions entered by users in natural language, such as "What was the sales revenue in East China this month?", "Continue drilling down to the store level", "Replace the previous result with the same period last month", "Why did customer A experience the largest decline?", etc. These questions can be single-round questions or multi-round follow-up questions that rely on the context of the previous round.

[0060] A query semantic graph (QSGraph) is a directed semantic structure derived from parsing business query statements. Its nodes can include indicator nodes, dimension nodes, field nodes, time nodes, condition nodes, sorting nodes, display nodes, and session inheritance nodes; its edges can include indicator-field mapping edges, indicator-dimensional constraint edges, condition filtering edges, time constraint edges, display granularity edges, and session inheritance edges. The QSGraph is used to transform natural language questions into computable, structured query intents.

[0061] The permission semantic vector is a data structure that uniformly encodes user identity, role, organizational level, tenant, accessible data domain, row-level data range, field sensitivity level, display granularity, and permission version number. This vector is not simply a role identifier, but rather used for node-by-node alignment with indicator nodes, field nodes, dimension nodes, and filter nodes in the permission semantic graph.

[0062] Permission envelope: This refers to the data boundaries that a current business query request is allowed to access and display within the user's permissions. It includes the accessible data domains, row-level range, actual display granularity, sensitivity level of accessible fields, permission version number, and organizational role context. Permission envelopes are used to restrict candidate logical queries before generating queries and answers, preventing unauthorized queries from entering the execution phase.

[0063] Answer fragment: This refers to the smallest security control unit in the business query results output by the system. An answer fragment can be a value in an indicator card, a row in a ranking table, a curve in a trend chart, a numerical conclusion in an anomaly explanation, or a sentence containing data meaning in a text answer. Different answer fragments can have different data sources, aggregation functions, filtering conditions, permission status, and anonymization levels.

[0064] Fragment backtracking key: This refers to a data structure used to identify and trace the generation process of an answer fragment. It includes at least a unique fragment identifier, a filter condition hash value, a permission semantic vector version number, a de-identification rule version number, a set of field sources, a set of aggregation functions, a minimum display granularity, and a set of session inheritance tags. The fragment backtracking key is used both to trace the source of the answer fragment and to determine whether the fragment needs to be recalculated, frozen, downgraded, or rejected during subsequent follow-up questions.

[0065] Session inheritance risk refers to the security risks introduced by indicators, dimensions, filtering conditions, or time ranges that are not explicitly present in the current round of operational queries but are inherited from the previous round of session status. This risk is used to identify implicit privilege escalation that may result from follow-up questions such as "continue," "that one," or "change to last month."

[0066] Fragment security state machine: This refers to a control structure that transitions the state of an answer fragment based on the fragment backtracking key, changes in permission residuals, minimum display granularity, and changes in permission versions. Its states include valid, pending recalculation, frozen, downgraded, and refused display.

[0067] II. System Structure

[0068] like Figure 2As shown, the system of this invention can be deployed in enterprise business analysis platforms, BI data platforms, data middleware, or data warehouse query gateways. The system includes a session semantic parsing module, a permission semantic parsing module, a query generation module, a fragment backtracking key generation module, a query rewriting and de-identification module, a risk calculation module, a fragment security state machine module, a result display module, and an audit storage module.

[0069] The conversational semantic parsing module receives multi-turn business queries from users, performs word segmentation, intent recognition, indicator recognition, dimension recognition, temporal expression normalization, filtering condition extraction, and conversation inheritance judgment on the natural language, and generates a query semantic graph. This module can be implemented based on a combination of rules, dictionaries, entity recognition models, intent classification models, and large language models.

[0070] The permission semantic parsing module reads user permission data from the enterprise unified identity authentication system, RBAC / ABAC permission table, organization tree, tenant isolation table, field sensitivity level configuration table, and indicator permission table, and converts it into permission semantic vectors. The module also aligns these permission semantic vectors with nodes in the permission semantic graph to form a permission envelope.

[0071] The query generation module generates candidate logical queries based on the query semantic graph. These candidate logical queries can be SQL, DSL, indicator platform query language, OLAP query requests, or data service API requests. When generating candidate logical queries, this module does not directly execute the queries; instead, it delegates the query rewriting and de-identification module to perform permission constraints and de-identification operator writing.

[0072] The fragment backtracking key generation module is used to segment candidate answers and generate a fragment backtracking key for each answer fragment. Fragment segmentation can be performed according to output components, field sources, aggregation functions, display granularity, and text conclusion boundaries. For example, a trend chart's "sales revenue curve" and "gross profit margin curve" can be segmented into two answer fragments; different sensitive fields in a ranking table can also be segmented into multiple answer fragments.

[0073] The query rewriting and de-identification module is used to write row filtering, column replacement, aggregation drill-down restrictions, and de-identification operators to candidate logical queries based on permission envelopes. Row filtering is used to limit the scope of organizations, regions, stores, customer groups, or projects that users can access; column replacement is used to replace unauthorized fields with range fields, bucket fields, hash fields, null fields, or aggregation fields; aggregation drill-down restrictions are used to prevent users from requesting detailed data below the authorized granularity; de-identification operators are used to perform masking, generalization, bucketing, rounding, noise perturbation, ranking substitution, trend direction substitution, or rejection of display.

[0074] The risk calculation module is used to calculate permission residuals, changes in permission residuals, session inheritance risk values, and unacknowledged risk values. This module is one of the input sources for the fragment security state machine.

[0075] The fragment security state machine module is used to compare fragment backtracking keys and calculate the change in permission residuals when follow-up questions, error corrections, drill-downs, or permission changes occur in the next round of questions. It then converts the answer fragments into the corresponding states according to the priorities of denial of display, freezing, downgrading, pending recalculation, and validity.

[0076] The results display module outputs results based on the fragment status. For valid fragments, the original results are reused; for fragments to be recalculated, the recalculated results are output; for frozen fragments, the original detailed values ​​are deleted or covered and a permission status change prompt is displayed; for downgraded fragments, aggregate values, interval values, trend direction, ranking information, or statistical summaries are output; for fragments that are refused display, only a permission insufficient prompt and the range of data that can be authorized are output.

[0077] The audit storage module records session rounds, query semantic graphs, permission semantic vectors, permission envelopes, fragment backtracking keys, state transition results, query rewrite statements, de-identification operators, and user operation logs. To prevent audit records from being tampered with, a chained digest can be generated for each fragment state transition record.

[0078] III. Specific Technical Route for Implementing the Method of the Invention

[0079] like Figure 1 As shown, the method of the present invention includes steps S1 to S5. The specific implementation of each step is described in detail below.

[0080] 1. S1: Receives multiple rounds of business question statements and generates a question semantic graph.

[0081] In S1, the system receives business-related questions from users via web, mobile, enterprise IM plugin, or voice-to-text interface. User input can be a complete question, such as "Query the sales and gross profit margin of each store in East China in the first quarter of 2026", or it can be a follow-up question based on the previous context, such as "Continue to look at stores", "Switch to the same period last month", "Only look at directly operated stores", "Why did the decline the most?"

[0082] The system first standardizes user input, including traditional and simplified Chinese character conversion, synonym normalization, time expression normalization, unit normalization, and punctuation cleaning. For example, it converts "last month," "last month," and "last calendar month" into a standard time range; maps "revenue," "sales income," and "sales amount" to the "sales amount" indicator in the indicator dictionary; and maps "East China" and "Eastern Region" to the standard regional codes in the organization dimension table.

[0083] The system then performs semantic parsing by combining a business metric dictionary, a field thesaurus, a dimension dictionary, and the previous session state. The business metric dictionary includes at least the metric name, metric definition, calculation formula, source table, source field, available dimensions, default aggregation function, and sensitivity level. The field thesaurus includes at least natural language vocabulary, business field names, data table field names, and field types. The previous session state includes at least the previous metric, dimension, filter conditions, time range, display granularity, answer fragment identifier, and fragment backtracking key.

[0084] In one embodiment, the question number semantic graph is represented as follows: .in, Request for current business inquiries The corresponding question number semantic graph; A collection of semantic nodes; This is a set of semantic edges. Semantic nodes may include indicator nodes. Dimension nodes Field nodes Time nodes Condition nodes Sort nodes Display nodes and session inheritance node Semantic edges can include metric-field mapping edges, metric-dimensional constraint edges, conditional filtering edges, time constraint edges, display granularity edges, and session inheritance edges.

[0085] For multi-round queries, the system needs to determine whether the current round's statement inherits the conditions from the previous round. If the user inputs "continue drill-down to stores," the system recognizes that the current round explicitly displays the "store" display granularity, but does not explicitly display the metrics, time, or region. In this case, the system can inherit the metrics, time range, and region conditions from the previous round's session state and generate session inheritance edges in the query semantic graph. Each session inheritance edge has an inheritance confidence level. Inheritance confidence can be calculated based on semantic similarity, round distance, conditional consistency, and user confirmation records:

[0086] ;

[0087] In the formula, For the first Inheritance confidence of each session inheritance edge; This represents the semantic similarity between the current round of statements and the previous round of fragments. This is the round distance attenuation coefficient, which decreases as the distance increases; The score is based on the consistency between the inheritance condition and the current explicit condition. Score the user's historical confirmation records; , , , The weights are denoted by 1, and can be configured to sum to 1. The edge sequence number is inherited for the session.

[0088] In such cases, the system does not directly inherit the state of the previous session, but instead outputs a clarification request to the user, such as "Please confirm whether you still want to use the East China region and the time range for this month". To allow the confidence threshold for inheriting the state of the previous session, in one embodiment it can be configured to be between 0.65 and 0.85. For follow-up inquiries involving sensitive fields, detailed granularity, or cross-organizational scope, It can be configured to be higher, for example, 0.80 to 0.90, to reduce the risk of implicit privilege escalation.

[0089] Semantic parsing using machine learning models can be structured as "intent classification model + entity recognition model + slot filling model + graph construction rules". The intent classification model identifies intents such as query, comparison, ranking, attribution, drill-down, error correction, time modification, and filter modification. The entity recognition model identifies metrics, dimensions, time, organization, customer, product, and action words. The slot filling model fills metric slots, dimension slots, time slots, filter slots, ranking slots, and display slots. Training data can come from historical BI query logs, manually annotated query corpora, metric platform metadata, and anonymized SQL query samples. Annotated data should include at least the user question, intent category, metric label, dimension label, time label, filter label, display granularity label, and whether to inherit the previous context label. To avoid leaking real operational data, customer names, store names, and employee names in the training data can be replaced with anonymous codes. The training, validation, and test sets can be divided in an 8:1:1 ratio. The model loss function can include intent classification cross-entropy loss, entity recognition sequence labeling loss, and slot filling loss. If a company does not use machine learning models, it can also achieve the above parsing process through rule templates, indicator dictionaries, and thesaurus.

[0090] 2. S2: Parse the permission semantic vector and form the permission envelope.

[0091] like Figure 3 As shown, the system no longer determines whether access is allowed solely based on user roles or accounts. Instead, it breaks down user permissions into data domains, row-level scopes, display granularity, field sensitivity levels, permission versions, and organizational job contexts, aligning them node-by-node with the question-data semantic graph.

[0092] In one embodiment, the permission semantic vector is represented as:

[0093] ;

[0094] In the formula, For users The permission semantic vector; For users who are currently initiating business-related inquiries; For users The set of accessible data domains, such as sales domain, inventory domain, financial domain, and customer domain; For users Accessible set of row-level data ranges, such as tenants, regions, stores, business units, projects, or customer groups; For users The smallest allowed display granularity level; For users The set of sensitivity levels for fields that are allowed to be accessed; For users The permission semantic vector version number; For users A set of permission contexts consisting of the tenant, organizational level, and job title.

[0095] The above data can originate from the enterprise unified authentication system, RBAC role and permission table, ABAC attribute and permission table, organization tree, tenant isolation table, field sensitivity level table, indicator permission table, and data service authorization table. For example, the regional manager's... It can include a collection of stores within its designated area. It can be at the store level. Access to low-sensitivity and medium-sensitivity fields is allowed, but access to high-sensitivity customer detail fields is not allowed; this applies to group administrators. It can be at the detail level or the customer level, and has a larger [value / capacity]. and .

[0096] Regarding the current business inquiry request The system extracts the set of data domains involved in the request from the question semantic graph. Row-level data range set Request to display granularity level Field sensitivity level set and organizational job context set Then, a permission envelope is formed:

[0097] ;

[0098] In the formula, Request for current business inquiries The permission envelope; For the request The set of data domains involved; For the request The set of row-level data involved; For the request The level of granularity of display; For the request The set of sensitivity levels of the fields involved; For the request The set of tenants, organizational levels, and job contexts involved; This indicates that the coarser granularity between the requested display granularity and the minimum display granularity authorized by the user is taken as the actual display granularity.

[0099] In this implementation, the display granularity uses a comparable encoding from fine to coarse. For example, the detailed level, customer level, store level, regional level, business unit level, and group level are encoded as 1, 2, 3, 4, 5, and 6, respectively. The smaller the encoding value, the finer the granularity, and the closer it is to detailed data; the larger the encoding value, the coarser the granularity, and the closer it is to summary data. This represents the smallest display granularity that a user is allowed to access. That is, at the store level, and user requests That is, the detailed level. The system will limit the actual display granularity to the store level, instead of performing detailed queries.

[0100] After the permission envelope is generated, the system writes it into the candidate logical query generation process. For example, if the query semantic graph requests "query customer-level gross profit margin ranking in East China," but the user's permissions only allow viewing store-level results, the system marks the customer-level drill-down request as an unauthorized drill-down risk and enters a degraded state in the subsequent state machine, outputting store-level or regional aggregated results. If the request involves highly sensitive fields... If the field is empty, it will not be written to the executable query, but will be handled by the column replacement or rejection display operator.

[0101] This step allows permission rules to be moved forward to the query semantic layer, rather than waiting for SQL to be generated before field interception, thereby avoiding permission bypass due to natural language probing, implicit inheritance, or semantic rewriting.

[0102] 3. S3: Generate candidate logical queries and construct fragment backtracking keys.

[0103] like Figure 4 As shown, while generating candidate logical queries, the system constructs a segment backtracking key for each possible output answer segment, so that the affected segment can be accurately located when subsequent follow-up questions, error correction, drill-down, or permission changes occur.

[0104] Candidate logical queries can be derived from the question semantic graph. For example, for the question "Query the sales ranking of each store in East China this month", the candidate logical query could include the indicator "sales", the dimension "stores", the time "this month", the filter condition "region=East China", the aggregation function "SUM", and the sorting condition "sales in descending order". At this stage, the candidate logical query does not necessarily correspond directly to a specific database syntax, but is instead represented as an intermediate query structure:

[0105] ;

[0106] In the formula, For candidate logic queries; For a set of indicators; A set of dimensions; For time range; For the set of filtering conditions; It is a set of aggregate functions; For sorting, pagination, or window conditions.

[0107] After generating candidate logical queries, the system divides the answer segments according to the output format. If the output is an indicator card, each indicator card can be an answer segment; if the output is a ranking table, each column of sensitive fields or each statistical conclusion can be an answer segment; if the output is a trend chart, each indicator curve can be an answer segment; if the output is a text explanation, sentences containing specific values, rankings, year-on-year and month-on-month comparisons, or customer names can be answer segments.

[0108] The fragment backtracking key is represented as:

[0109] ;

[0110] In the formula, For the first The fragment backtracking key for each answer segment; For the first A unique identifier for each answer segment; For the first The hash value of the filter conditions corresponding to each answer fragment; To generate the first The version number of the permission semantic vector used for each answer fragment; To generate the first The version number of the anonymization rule used for each answer segment; For the first The set of fields corresponding to each answer fragment; For the first The set of aggregate functions corresponding to each answer fragment; For the first The smallest display granularity corresponding to each answer fragment; For the first The set of session inheritance tags corresponding to each answer fragment.

[0111] Filter condition hash value This is used to determine whether the subsequent round of queries has changed the filtering criteria, time range, granularity, or window conditions corresponding to the segment. To avoid inconsistent hashes due to different field orders, the system normalizes the filtering criteria, time range, display granularity, and window conditions before calculating the hash. Normalization includes standardizing field names, sorting conditions, standardizing the time range format, standardizing the encoding of enumerated values, and cleaning up spaces. Then, it is generated as follows:

[0112] ;

[0113] In the formula, The hash function can be SHA-256, SM3, or an internal enterprise standard hash function; For the first The set of filtering criteria corresponding to each answer fragment; For the first The time range corresponding to each answer segment; For the first The display granularity corresponding to each answer segment; For the first The sorting, pagination, or window conditions corresponding to each answer segment; This indicates a field sequence concatenation operation.

[0114] Field source collection Record the data tables, fields, and metric definitions that this segment relies on. For example, the sales revenue segment... This can include the transaction amount field, refund amount field, and order status field from the order table; gross profit margin segment This can include sales revenue fields, cost fields, and gross profit margin calculation methods. Aggregate function set. Record calculation functions such as SUM, COUNT, AVG, MAX, MIN, RANK, year-on-year comparison, and month-on-month comparison. Minimum display granularity. The finest level of detail allowed to be displayed in the recorded segments, such as store-level, regional-level, or group-level. Session inheritance tag set. Record which conditions in this segment come from the previous session state, such as "time range inheritance", "regional condition inheritance", and "indicator inheritance".

[0115] By using the aforementioned fragment backtracking key, the system can determine in the next round of questioning whether a fragment has changed its display format simply because of user follow-up questions, whether it needs to be frozen due to changes in permission versions, whether it needs to be downgraded due to finer request granularity, or whether it can be directly reused.

[0116] 4. S4: Based on the permission envelope, perform query rewriting, anonymization, and generate answer fragments.

[0117] In S4, the system uses permission envelopes. The candidate logical query is rewritten. This step includes writing row filters, replacing columns, limiting aggregation drill-down, and writing de-identified operators.

[0118] Line filtering write refers to writing the permissions envelope... Convert this into query conditions. For example, if a user only has access to stores within the East China region, the system should add the condition "Store ID belongs to the set of authorized stores in the East China region" to the query. For multi-tenant systems, tenant isolation conditions should also be added to prevent cross-tenant access.

[0119] Column replacement refers to replacing fields that users do not have permission to access or whose sensitivity level exceeds the authorized scope. For example, sensitive fields such as mobile phone numbers, customer names, and employee names can be replaced with masked values, hash values, customer groups, range labels, or null values. For highly sensitive business indicators, such as profit per customer, performance per employee, and customer purchase details, the original field values ​​are not output when the user has not authorized access.

[0120] Aggregate drill-down limitation refers to the limitation on the granularity of the request for display. Below the minimum display granularity authorized by the user In such cases, the system will rewrite the query as an aggregate query at the level of authorization or higher. For example, if a user requests a detailed customer list but only has permissions at the store level, the system will not execute a customer-level query, but will instead rewrite it as a store-level summary query or display it in a downgraded manner.

[0121] Desensitization operators can include masking, generalization, bucketing, rounding, noise perturbation, ranking substitution, trend direction substitution, and rejection. For numerical indicators, the output can be a rounded value, range, trend direction, or ranking based on the desensitization level; for text fields, the output can be a partially masked string or category label.

[0122] In one embodiment, the system for the first Calculate the desensitization score for each answer fragment:

[0123] ;

[0124] In the formula, For the first Desensitization scoring of individual answer snippets; For the first The sensitivity level of each answer fragment corresponds to a field or metric; For the first The granularity risk value of each answer segment is displayed, showing that the finer the granularity, the larger the value. For the first The number of hit records corresponding to each answer fragment; For users to the first The degree of permission matching for each answer fragment corresponding to the data range; For the first Session inheritance risk value for each answer fragment; , , , , These are the weights corresponding to sensitivity level, granularity risk, number of hit records, permission matching degree, and session inheritance risk value, respectively.

[0125] when When the score falls within the first scoring range, it can be displayed as is; when it falls within the second scoring range, it can be displayed in aggregated form; when it falls within the third scoring range, it can be displayed with anonymized data; and when it falls within the fourth scoring range, it can be rejected from display. The scoring ranges can be configured according to the company's audit strategy. For example, the first scoring range could be... The second scoring range is The third scoring range is The fourth scoring range is The values ​​above are for illustrative purposes only and may be adjusted based on field sensitivity levels, industry compliance requirements, and organizational permission models.

[0126] After the query is executed, the system maps the results back to the answer fragments and stores the fragment backtracking key, desensitization operator, desensitization score, query statement summary, and output value in the audit storage module. When outputting to the front end, each answer fragment carries a fragment status and an interpretable tag, such as "original value displayed", "aggregated display", "desensitized display", "insufficient permissions", and "rule changes have been frozen".

[0127] 5. S5: Fragment backtracking key comparison, permission residual change calculation, and fragment safety state machine control.

[0128] like Figure 5 and Figure 6 As shown, when the number of questions in the next round changes due to follow-up questions, error correction, drill-down, or permission changes, the system does not simply re-execute the entire round of queries, nor does it unconditionally reuse the results of the previous round. Instead, it performs a segment backtracking key comparison and permission residual change calculation for each answer segment, and drives the segment security state machine.

[0129] When the next round of operational data requests arrives, the system constructs new candidate fragment backtracking keys. The set of affected fragments is determined according to the following formula. :

[0130] ;

[0131] In the formula, This refers to the set of affected segments that need to enter the segment safety state machine for state determination. The first question corresponding to the next round of operational inquiries Backtrack key for each candidate segment; This is the hash value of the filtering conditions corresponding to the next round of business inquiry requests; This is the version number of the permission semantic vector corresponding to the next round of operational inquiry requests; The version number of the desensitization rule corresponding to the next round of operational inquiry requests; This is the set of fields corresponding to the next round of business inquiry requests; This is the set of aggregate functions corresponding to the next round of business query requests; This sets the granularity of the request display corresponding to the next round of operational inquiry requests. This is the set of session inheritance tags corresponding to the next round of business inquiry requests.

[0132] like Not belonging to If the residual permissions have not increased, it means that the query conditions, permission versions, desensitization rules, field sources, aggregate functions, display granularity, and session inheritance conditions corresponding to this fragment have not changed, thus affecting output security. The system can set this fragment to a valid state and reuse the original result. belong If so, the segment enters the state machine for further judgment.

[0133] The system for the first Calculate the permission residual for each answer fragment:

[0134] ;

[0135] In the formula, Request for current business inquiries The Middle Permission residuals for each answer segment; For the first The number of semantic nodes involved in permission verification for each answer fragment; The semantic node number; For the first The semantic node is the permission level required for the current business query to access; For users to the first The authorization level of each semantic node; For the first Sensitive weights of semantic nodes; For the first Session inheritance risk value for each answer fragment; For the first The unconfirmed risk value of each answer segment; Inherit risk weights for sessions; Risk weights are not explicitly defined.

[0136] in, and Integer codes from 0 to 5 can be used. 0 represents no access required or public information, 1 represents low-sensitivity summary information, 2 represents ordinary business indicators, 3 represents medium-sensitivity fields, 4 represents high-sensitivity fields, and 5 represents strictly controlled detailed or personal-related fields. The sensitivity level of a field can be configured, for example, 0.5 for low-sensitivity fields, 1.0 for medium-sensitivity fields, and 1.5 to 2.0 for high-sensitivity fields. and It can be configured from 0.2 to 1.0. For scenarios with strong compliance requirements, such as financial details, customer personal information, and employee performance data, and It can be configured to be even higher.

[0137] The change in permission residuals between the next round of business query requests and the previous round of business query requests is expressed as follows:

[0138] ;

[0139] In the formula, For the first The change in permission residuals corresponding to each answer fragment; The first in the subsequent round of operational inquiry requests Permission residuals for each answer segment; In the previous round of operational inquiry requests, the first Permission residuals for each answer fragment.

[0140] Session inheritance risk value Calculate using the following formula:

[0141] ;

[0142] In the formula, For the first Session inheritance risk value for each answer fragment; For the first The number of semantic nodes in each answer fragment that are inherited from the previous round of conversation and do not appear explicitly in the current round of question statements; For the first The total number of semantic nodes contained in each answer fragment; For the first The average inheritance confidence of all session inheritance edges in the answer fragment; when season .

[0143] Unconfirmed risk value Determined according to the following rules: when the... If an answer fragment contains sensitive fields, detailed granularity, or cross-organizational row-level ranges, and the current round of queries does not explicitly specify the corresponding filter conditions, then... Otherwise, For example, if a user previously searched for "sales volume in East China this month" and then enters "continue to view customer details" in the next round, and if the current round does not explicitly confirm that it is still limited to the East China region, and the customer details are sensitive or detailed information, then... .

[0144] The fragment states of a fragment-safe state machine are represented as follows:

[0145] ;

[0146] In the formula, For the first The fragment status of each answer segment; It is in a valid state; The system is in a state where recalculation is pending. It is in a frozen state; It is in a downgraded state; To refuse to display the status.

[0147] The state machine transitions according to the priorities of denial of display, freeze, degradation, pending recalculation, and valid. Specifically, when... Greater than the rejection threshold At that time, Set as . It can be configured according to the enterprise's audit strategy, such as 1.2 to 3.0. When and When this occurs, it indicates that the permission version has changed and the permission residual has increased, and the system will... Set as .when and Not greater than When the requested display granularity is lower than the minimum display granularity but has not yet reached the rejection threshold, the system will... Set as .when Belongs to the set of affected fragments And if the conditions for refusing to display, freezing, or downgrading are not met, then Set as .when Not part of the affected fragment set and At that time, Set as .

[0148] like Figure 7 As shown, different states correspond to different output control actions. For Status, system reuse of the first The original display result of each answer fragment. For The system only applies to the state of the first... Instead of recalculating the entire answer fragment, the query rewriting, query execution, and desensitization processes are re-executed for each answer fragment. The system clears or overwrites the original detailed values ​​in the front-end cache, retaining only the fragment display location, title, unit, scope description, and permission status change notification; simultaneously, it records the reason for the freeze in the audit storage. For The system replaces the original detailed values ​​with aggregated values, range values, trend directions, ranking information, or statistical summaries at the authorized granularity. For example, the original customer-level details are replaced with store-level summaries. In this state, the system blocks numerical output and only outputs a permission insufficient message and the range of data for which authorization can be requested.

[0149] To ensure audit credibility, the system can generate a chained digest for each state transition record:

[0150] ;

[0151] In the formula, For the first A chained summary of each state transition audit record; This is a chained summary of the previous state transition audit record; For the first A unique identifier for each answer segment; For the first The current state of each answer fragment; For the first The fragment backtracking key for each answer segment; For the first The timestamp of each state transition record. In this way, the entire process of an answer fragment from its generation to its subsequent freezing, downgrading, or rejection can be traced.

[0152] IV. Specific Application Examples and Experimental Data

[0153] To verify the technical effectiveness of this invention in multi-turn conversational business data query scenarios regarding permission consistency, dynamic de-identification and backtracking, partial recalculation, and implicit privilege escalation suppression, the applicant constructed a simulated enterprise business data query experimental environment. The experimental environment includes a business query frontend, a query semantic parsing service, a permission semantic parsing service, an indicator platform, a data warehouse, a dynamic de-identification gateway, a fragment security state machine service, and an audit storage service. The data flow and system structure of the experimental environment can be combined... Figure 2The system architecture diagram shown can be used to understand the alignment process between the question semantic graph and the permission envelope. Figure 3 Understanding that the data composition of fragment backtracking keys can be combined Figure 4 Understanding that the transition logic of a fragment-safe state machine can be combined with... Figure 5 Understanding that the local recalculation process during multiple rounds of follow-up questioning can be combined with... Figure 6 It is understood that output controls for freezing, downgrading, and refusing to display can be combined. Figure 7 understand.

[0154] 1. Experimental Environment and Dataset Construction

[0155] The experiment used a de-identified retail operations dataset, which included a sales order table, store dimension table, region dimension table, customer dimension table, product dimension table, inventory table, refund table, and employee permission table. The dataset contained 1,200,000 sales order records, 386 store records, 96,000 customer records, 8,200 product records, and 68,000 refund records. Field types included general operational fields, low-sensitivity fields, medium-sensitivity fields, and high-sensitivity fields. High-sensitivity fields included customer name, customer mobile phone number, single customer transaction amount, single customer gross profit, and employee performance details.

[0156] The experiment set up six user roles: Group Administrator, Business Unit Head, Regional Manager, Store Manager, Store Operations Staff, and External Audit Account. Each user role corresponds to different data domains, row-level ranges, field sensitivity levels, and minimum display granularity. For example, a Regional Manager can view the store-level operational summary data for their assigned region but cannot view customer-level details; a Store Manager can view the operational summary for their store and some customer group data but cannot view cross-store customer details; and the External Audit Account can only view anonymized regional statistical data.

[0157] The experiment constructed 1200 multi-round operational question sessions, each containing 2 to 5 rounds of questions, covering scenarios such as direct queries, time replacement, condition inheritance, drill-down follow-up questions, error correction follow-up questions, permission changes, and changes in desensitization rules. Specifically, there were 300 regular query sessions, 250 sessions with time or condition changes, 250 sessions with drill-down follow-up questions, 200 sessions with permission changes, 100 sessions with changes in desensitization rules, and 100 sessions containing sensitive fields where the current round did not explicitly confirm the filter conditions.

[0158] For ease of comparison, the experiment was conducted using the following four schemes:

[0159] Comparative Example 1: Traditional conversational query solutions generate SQL based solely on natural language parsing and perform user role verification before query execution, without setting fragment backtracking keys or fragment security state machines.

[0160] Comparative Example 2: A dynamic SQL desensitization scheme combining natural language question counts and SQL was developed based on Comparative Example 1, adding SQL rewriting and sensitive field desensitization, but without recording answer fragment-level backtracking keys.

[0161] Comparative Example 3: Natural language query data combined with dynamic desensitization and field lineage schemes records SQL field-level lineage and query logs based on Comparative Example 2, but does not drive fragment state transitions based on session inheritance risks and permission residual changes.

[0162] Example 1: Using the method of the present invention, a semantic graph of question count and permission envelope are generated, a fragment backtracking key is constructed, the permission residual change amount, session inheritance risk value and unconfirmed risk value are calculated, and the fragment security state machine is used to perform state control of valid, pending recalculation, frozen, downgraded or refused to be displayed.

[0163] 2. Evaluation Indicators

[0164] To evaluate the technical effects of this invention, the following indicators are used.

[0165] 1) Implicit privilege escalation interception rate, representing the system's ability to identify and intercept potential privilege escalation requests during multi-round follow-up, conditional inheritance, or drill-down processes. It is calculated as follows:

[0166] ;

[0167] In the formula, This refers to the implicit unauthorized access interception rate. The number of risk requests that were correctly blocked, frozen, downgraded, or refused to be displayed by the system; The total number of actual risk requests labeled for the experiment.

[0168] 2) Fragment backtracking accuracy, which indicates whether the answer fragment can be correctly associated with the field source, filtering conditions, permission version, de-identification version, and session inheritance flag. The calculation method is as follows:

[0169] ;

[0170] In the formula, For fragment backtracking accuracy; This represents the number of answer fragments whose backtracking keys match those from manually annotated sources. This represents the total number of answer segments.

[0171] 3) Irrelevant fragment recalculation reduction rate, which represents the system's ability to avoid repeatedly querying unaffected fragments in subsequent rounds of queries, is calculated as follows:

[0172] ;

[0173] In the formula, Recalculate the reduction rate for irrelevant segments; This represents the number of answer segments that were actually recalculated in the next round of questions; This represents the total number of answer segments that need to be recalculated if a full round of recalculation is used.

[0174] 4) State transition accuracy, representing the accuracy with which the segment safety state machine sets the answer segment to a valid, pending recalculation, frozen, downgraded, or rejected state. The calculation method is as follows:

[0175] ;

[0176] In the formula, For state transition accuracy; This represents the number of segments whose state machine judgment results match the manual annotations. The number of segments that enter the state machine's decision process.

[0177] 5) Average response time, which represents the average time taken from user submission to system response for each round of operational questions.

[0178] 3. Experiment 1: Unauthorized Access Recognition and Degradation Display in Multi-Round Drill-Down Scenarios

[0179] This experiment was conducted to verify the ability of this invention to identify the risk of unauthorized drill-down in multi-round follow-up scenarios such as "continue drill-down", "view customer details", and "expand to store / customer". The experiment selected 250 drill-down follow-up conversations, of which 150 were drill-downs within the authorized scope and 100 were unauthorized drill-downs below the user's minimum display granularity.

[0180] Taking regional manager users as an example, their smallest display granularity is the store level, that is... In the first round, the user inputs "Query the sales ranking of each store in East China this month," and the system generates store-level ranking results. In the second round, the user inputs "Continue to view customer details," and the system recognizes the request to display customer-level granularity. Since the smallest display granularity corresponding to the answer fragment in the previous round was... ,satisfy Therefore, the fragment enters the set of affected fragments and transitions to a degraded state in the fragment safety state machine. The system does not output customer details, but instead outputs the range of customer numbers, sales range, and trend direction at the store level.

[0181] The experimental results are shown in the table below.

[0182] Table 1

[0183]

[0184] As shown in the table, Comparative Example 1 only performs pre-query validation at the role level, and it lacks sufficient recognition of expressions like "Continue to view customer details" that rely on the previous context, resulting in many incorrect displays. Comparative Example 2, while able to perform SQL masking on sensitive fields, lacks sufficient judgment on whether the display granularity is lower than the user's authorized granularity. Comparative Example 3 has field lineage records, but it cannot bind the smallest display granularity to the session follow-up status. Example 1 uses the fragment backtracking key... and the granularity of the next round of requests Comparison can accurately identify the risk of unauthorized drilling, and through Status degradation display significantly reduces the number of times detailed values ​​are displayed incorrectly.

[0185] The experimental results can be combined with Figure 5 Mid-segment safe state machine State transition path and Figure 7 The output control method of the medium-to-lower level display is explained.

[0186] 4. Experiment 2: Freezing display effect under permission change scenario

[0187] like Figure 8-9 As shown, this experiment verifies whether the present invention can prevent the continued display of previously generated detailed values ​​when user permissions change between multiple sessions. The experiment constructs 200 sets of permission change sessions, including four scenarios: permission revocation, organizational scope reduction, field sensitivity level adjustment, and role change.

[0188] During the experiment, the user first received the sales ranking results of stores in a certain region. Subsequently, the access control system adjusted the number of stores the user could access from 50 to 35 and updated the permission semantic vector version number. In the second round, the user input "replace the previous result with the same period last month". The system detected that the permission semantic vector version number in the fragment backtracking key had changed. Become And the change in permission residuals for the corresponding segments. Therefore, the affected fragments are set to a frozen state. In the frozen state, the system retains the segment title, unit, and scope description, but clears or covers the original detailed values ​​and prompts "Permission status has changed, the original detailed values ​​are no longer displayed".

[0189] The experimental results are shown in the table below.

[0190] Table 2

[0191]

[0192] As can be seen from the table, Comparative Example 1 and Comparative Example 2 both have a large number of residual original detailed values. This is because they only perform permission checks before executing a new query, without retrospectively checking the permission versions of the previously generated answer fragments. Although Comparative Example 3 can locate the source of a field through field lineage, it cannot determine the impact of changes in the permission semantic vector version on individual answer fragments. Example 1 compares... and And calculate It can accurately identify risky segments caused by the revocation of permissions and perform a freeze display to reduce the residual original detailed values.

[0193] The experimental results can be combined with Figure 4 The permission version field of the middle fragment backtracking key and Figure 7 The output method of freezing the display is explained.

[0194] 5. Experiment 3: Local recalculation effect under scenarios of changing desensitization rules

[0195] This experiment verifies whether, when the anonymization rules are updated, the present invention can only re-anonymize and recalculate the affected answer fragments, rather than re-querying the entire round. The experiment constructs 100 sessions with changes to the anonymization rules. These changes include: changing sales figures with low hit counts from exact values ​​to range values; changing customer names from partially masked to completely anonymous; and displaying only the trend direction when store sales are below a sample threshold.

[0196] In the experiment, in the first round, users queried "sales volume and gross profit margin trends for each store this month." The system generated trend charts and ranking tables, containing multiple answer fragments. Subsequently, the anonymization rule version number was changed from... Upgrade to When the user inputs "change to the same period last month" in the second round, the system determines the appropriate data based on the set of affected segments. Only store sales data and customer-related data with a low number of hit records need to be entered into a recalculation state. The gross profit margin trend segment and regional summary segment remain valid. .

[0197] The experimental results are shown in the table below.

[0198] Table 3

[0199]

[0200] As can be seen from the table, Example 1 uses the desensitization rule version number in the fragment backtracking key. Field source set Aggregate function set and filter condition hash value It can accurately locate the segments affected by changes in the desensitization rules, and only perform query rewriting, query execution and desensitization processing on the segments to be recalculated, thereby reducing the repeated calculation of irrelevant segments and improving response speed.

[0201] 6. Experiment 4: The effectiveness of identifying session inheritance risk and unacknowledged risk

[0202] This experiment is used to verify the session inheritance risk value introduced in this invention. and unconfirmed risk values The effectiveness of identifying implicit privilege escalation risks in multi-round conversations was then investigated. An experiment was conducted with 100 conversations containing sensitive fields where the current round did not explicitly confirm the filter conditions. For example, in the first round, the user entered "View the stores with the largest sales decline this month in East China," and in the second round, they entered "Continue to view customer contribution details." In the second round, the user did not explicitly confirm that the region was still limited to East China, and the request for customer details was at a sensitive granularity, thus posing risks of conversation inheritance and unconfirmed requests.

[0203] In Example 1, the first The session inheritance risk value for each answer fragment is calculated using the following formula:

[0204] ;

[0205] In the formula, For the first Session inheritance risk value for each answer fragment; For the first The number of semantic nodes in each answer fragment that are inherited from the previous round of conversation and do not appear explicitly in the current round of question statements; For the first The total number of semantic nodes contained in each answer fragment; For the first The average inheritance confidence of all session inheritance edges in the answer fragment; when season .

[0206] For example, in a set of tests, the first The answer fragment contains 8 semantic nodes, of which 3 nodes are inherited from the previous round and do not appear explicitly in the current round. The average confidence of the inherited edges is 0.72. Then:

[0207] ;

[0208] In the formula, The session inherits the risk value for this answer fragment; The number of semantic nodes that are inherited but not explicitly appearing; This represents the total number of semantic nodes. This represents the average inheritance confidence level.

[0209] If the fragment contains sensitive fields, detailed granularity, or cross-organizational row-level ranges, and the corresponding filter criteria have not been explicitly confirmed in the current round, then The system then calculates the permission residuals using the following formula:

[0210] ;

[0211] In the formula, Request for current business inquiries The Middle Permission residuals for each answer segment; For the first The number of semantic nodes involved in permission verification for each answer fragment; For the first The permission level required for a semantic node to be accessed; For users to the first The authorization level of each semantic node; For the first Sensitive weights of semantic nodes; Inherit risk weights for sessions; Risk weights are not explicitly defined.

[0212] The experimental results are shown in the table below.

[0213] Table 4

[0214]

[0215] As can be seen from the table, Example 1 can be achieved through and The system identifies sensitive conditions that are not explicitly acknowledged in the current round of statements but are inherited from the previous round, enabling the system to trigger clarification, downgrade, or rejection of display when the risk is high, effectively reducing false displays caused by implicit inheritance of context.

[0216] The experimental results can be combined with Figure 3 Session inheritance edges in semantic graphs of Chinese queries Figure 5 State machine transition path and Figure 7 The text provides an explanation of how the content is refused to be displayed or downgraded.

[0217] 7. Overall Experimental Results

[0218] A comprehensive test was conducted on 1200 sets of multi-round business inquiry sessions. The implicit overreach interception rate, fragment backtracking accuracy, state transition accuracy, irrelevant fragment recalculation reduction rate, and average response time were statistically analyzed. The results are shown in the table below.

[0219] Table 5

[0220]

[0221] The comprehensive test results show that Example 1 outperforms the comparative example in terms of implicit privilege escalation interception rate, fragment backtracking accuracy, state transition accuracy, and irrelevant fragment recalculation reduction rate. In particular, Example 1 binds the permission version, desensitization rule version, filtering condition hash, minimum display granularity, and session inheritance risk to the answer fragment through the fragment backtracking key and fragment security state machine. This enables the system to identify affected fragments in subsequent rounds of follow-up questions, error correction, drill-down, or permission changes, and to perform reuse, partial recalculation, freezing, downgrading, or rejection of display on fragments in different states.

[0222] The foregoing description of embodiments of the present invention, through which those skilled in the art are able to implement or use the present invention, will be readily apparent to those skilled in the art. Various modifications to these embodiments will be readily apparent to those skilled in the art. The general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novelty disclosed herein.

Claims

1. A conversational business query method based on permission semantic parsing and dynamic desensitization and backtracking, characterized in that, Includes the following steps: S1: Receive multiple rounds of business-related questions from users, combine them with a business metric dictionary, a field thesaurus, and the previous session state to generate a question semantic graph; S2: Parse user identity, job title, organizational level, tenant, authorized data domain, field sensitivity level, and displayable granularity into permission semantic vectors, and align them with the indicator nodes, field nodes, dimension nodes, and filter nodes in the question-number semantic graph to form a permission envelope; S3: Generate candidate logical queries based on the question number semantic graph, and bind the field source, aggregation function, filter condition hash value, permission semantic vector version number, desensitization rule version number and minimum display granularity of each answer fragment as fragment backtracking key; S4: Based on the permission envelope, write row filtering, column replacement, aggregation drill-down restriction and desensitization operators to the candidate logical query, generate answer fragments after execution, and input the answer fragments into the fragment security state machine; S5: When the number of queries in the next round is followed up, corrected, drilled down, or the permissions change, compare the fragment backtracking key and calculate the change in permission residual. Drive the fragment security state machine to change state according to the priority of rejecting display, freezing, downgrading, waiting to be recalculated, and valid. Only re-query the fragments to be recalculated. Block the output of the original detailed value for frozen, downgraded, or rejected fragments.

2. The method according to claim 1, characterized in that, In step S1, the question semantic graph is a directed semantic graph, which includes indicator nodes, dimension nodes, field nodes, time nodes, condition nodes, sorting nodes, display nodes, and session inheritance nodes. The edges in the directed semantic graph include indicator-field mapping edges, indicator-dimensional constraint edges, condition filtering edges, time constraint edges, display granularity edges, and session inheritance edges. The session inheritance edges represent indicators, dimensions, filtering conditions, time ranges, or aggregation granularities omitted in the current round of business question statements but inherited from the previous round of session state. Furthermore, an inheritance confidence level is set for each session inheritance edge. When the inheritance confidence level Less than the inheritance threshold In this case, instead of directly inheriting the conditions from the previous round, a clarification request is generated; For the first Inheritance confidence of each session inheritance edge. Inherited edge number for the session. A confidence threshold for allowing inheritance of the previous session state.

3. The method according to claim 1, characterized in that, In step S2, the permission semantic vector is represented as follows: ; In the formula, For users The permission semantic vector; For users who are currently initiating business-related inquiries; For users The set of accessible data domains; For users The set of accessible row-level data ranges; For users The smallest allowed display granularity level; For users The set of sensitivity levels for fields that are allowed to be accessed; For users The permission semantic vector version number; For users The permission context set consists of the tenant, organizational level, and job title; the permission envelope is represented as: ; In the formula, Request for current business inquiries The permission envelope; This is a request for information regarding current operations; For the request The set of data domains involved; For the request The set of row-level data involved; For the request The display granularity level; For the request The set of sensitivity levels of the fields involved; For the request The set of tenants, organizational levels, and job contexts involved; This indicates that the coarser granularity between the requested display granularity and the minimum display granularity authorized by the user is taken as the actual display granularity.

4. The method according to claim 1, characterized in that, In step S3, the minimum display granularity is divided into detail level, customer level, store level, regional level, business unit level, and group level in order from fine to coarse, and coded as follows: When the granularity of the subsequent query request is displayed. Less than the The smallest display granularity of an answer fragment When this occurs, it is determined that the subsequent query request carries a risk of exceeding authority and drilling down; when the granularity of the subsequent query request is displayed... Greater than or equal to the The smallest display granularity of an answer fragment At that time, it allows the generation of answer fragments with corresponding granularity within the scope of the permission envelope; where, For the next round of question number requests, the first... The granularity of display for each answer fragment request. For the first The smallest display granularity level corresponding to each answer fragment The answer segment number; And / or, in step S3, the fragment backtracking key is represented as: ; In the formula, For the first The fragment backtracking key for each answer segment; For the first A unique identifier for each answer segment; For the first The hash value of the filter conditions corresponding to each answer fragment; To generate the first The version number of the permission semantic vector used for each answer fragment; To generate the first The version number of the anonymization rule used for each answer segment; For the first The set of fields corresponding to each answer fragment; For the first The set of aggregate functions corresponding to each answer fragment; For the first The smallest display granularity corresponding to each answer fragment; For the first The set of session inheritance tags corresponding to each answer fragment; And / or, in step S3, the filtering condition hash value Generate as follows: ; In the formula, For hash functions; For the first The set of filtering criteria corresponding to each answer fragment; For the first The time range corresponding to each answer segment; For the first The display granularity corresponding to each answer segment; For the first The sorting, pagination, or window conditions corresponding to each answer segment; This represents the concatenation operation of strings or field sequences.

5. The method according to claim 4, characterized in that, In step S5, after the next round of business query requests arrives, a new candidate fragment backtracking key is constructed. The set of affected fragments is determined according to the following formula. : ; In the formula, This refers to the set of affected segments that need to enter the segment safety state machine for state determination. The first question corresponding to the next round of operational inquiries Backtrack key for each candidate segment; This is the hash value of the filtering conditions corresponding to the next round of business inquiry requests; This is the version number of the permission semantic vector corresponding to the next round of operational inquiry requests; The version number of the desensitization rule corresponding to the next round of operational inquiry requests; This is the set of fields corresponding to the next round of business inquiry requests; This is the set of aggregate functions corresponding to the next round of business query requests; This sets the granularity of the request display corresponding to the next round of operational inquiry requests. For the set of session inheritance tags corresponding to the next round of business inquiry requests; when Not belonging to At that time, the first Each answer fragment remains valid and the original answer fragment is reused; And / or, in S5, current business query request The permission residuals are calculated using the following formula: ; In the formula, Request for current business inquiries The Middle Permission residuals for each answer segment; For the first The number of semantic nodes involved in permission verification for each answer fragment; The semantic node number; For the first The semantic node is the permission level required for the current business query to access; For users to the first The authorization level of each semantic node; For the first Sensitive weights of semantic nodes; For the first Session inheritance risk value for each answer fragment; For the first The unconfirmed risk value of each answer segment; Inherit risk weights for sessions; Risk weights were not explicitly defined; the change in permission residuals between the subsequent round of operational inquiry requests and the previous round of operational inquiry requests is expressed as follows: ; In the formula, For the first The change in permission residuals corresponding to each answer fragment; The first in the subsequent round of operational inquiry requests Permission residuals for each answer segment; In the previous round of operational inquiry requests, the first Permission residuals for each answer fragment.

6. The method according to claim 5, characterized in that, The session inheritance risk value Calculate using the following formula: ; In the formula, For the first Session inheritance risk value for each answer fragment; For the first The number of semantic nodes in each answer fragment that are inherited from the previous round of conversation and do not appear explicitly in the current round of question statements; For the first The total number of semantic nodes contained in each answer fragment; For the first The average inheritance confidence of all session inheritance edges in the answer fragment; when season ; The unconfirmed risk value Determined according to the following rules: when the... If an answer fragment contains sensitive fields, detailed granularity, or cross-organizational row-level ranges, and the current round of queries does not explicitly specify the corresponding filter conditions, then... ; Otherwise .

7. The method according to claim 6, characterized in that, In step S5, the fragment state of the fragment security state machine is represented as follows: ; In the formula, For the first The fragment status of each answer segment; It is in a valid state; The system is in a state where recalculation is pending. It is in a frozen state; It is in a downgraded state; To refuse to display status; The segment security state machine performs state transitions according to the following priority: when Greater than the rejection threshold At that time, Set as ;when and At that time, Set as ;when and Not greater than At that time, Set as ;when Belongs to the set of affected fragments And if the conditions for refusing to display, freezing, or downgrading are not met, then Set as ;when Not part of the affected fragment set and At that time, Set as ;in, The residual threshold for triggering the denial of display permissions.

8. A conversational business inquiry system based on permission semantic parsing and dynamic desensitization and backtracking, the system being used to implement the method described in any one of claims 1-7, characterized in that, include: The conversation semantic parsing module is used to receive user's multi-round business question statements and generate a question semantic graph; the permission semantic parsing module is used to parse user identity, position, organizational level, tenant, authorized data domain, field sensitivity level and display granularity into permission semantic vectors, and align them with the question semantic graph to form a permission envelope; The query generation module is used to generate candidate logical queries based on the question number semantic graph; the fragment backtracking key generation module is used to bind the field source, aggregation function, filter condition hash value, permission semantic vector version number, desensitization rule version number, minimum display granularity and session inheritance tag set of each answer fragment as fragment backtracking keys; The query rewriting and desensitization module is used to write row filtering, column replacement, aggregation drill-down restrictions, and desensitization operators into candidate logical queries, and generate answer fragments; The risk calculation module is used to calculate the permission residuals of answer fragments, the change in permission residuals, the session inheritance risk value, and the unconfirmed risk value. The segment security state machine module is used to compare the segment backtracking key and calculate the change in permission residual when follow-up questions, error correction, drill-down, or permission changes occur in the next round of questions. The module then converts the answer segment into the corresponding state according to the priority of rejecting display, freezing, downgrading, waiting for recalculation, and valid. The module also performs reuse, recalculation, freezing, downgrading, or rejecting display on answer segments in different states.

9. A computer device, characterized in that, The computer device includes a processor, a graphics processing unit (GPU), and a memory, wherein the memory stores a computer program that, when executed by the processor and the GPU, causes the computer device to perform the method as described in any one of claims 1 to 7.

10. A computer-readable storage medium having a computer program stored thereon, the computer program, when executed by a computer device, causing the computer device to perform the method as described in any one of claims 1 to 7.