Nothing Special   »   [go: up one dir, main page]

CN104679792A - Data permission achievement method - Google Patents

Data permission achievement method Download PDF

Info

Publication number
CN104679792A
CN104679792A CN201310642062.8A CN201310642062A CN104679792A CN 104679792 A CN104679792 A CN 104679792A CN 201310642062 A CN201310642062 A CN 201310642062A CN 104679792 A CN104679792 A CN 104679792A
Authority
CN
China
Prior art keywords
data permission
sql
configuration
data
implementation method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310642062.8A
Other languages
Chinese (zh)
Inventor
瞿建军
周正
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201310642062.8A priority Critical patent/CN104679792A/en
Publication of CN104679792A publication Critical patent/CN104679792A/en
Pending legal-status Critical Current

Links

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data permission achievement method. The data permission achievement method comprises the following steps of configuring data permissions; performing sql analysis according to the data permission configuration; obtaining a result set after data permission filtration. According to the data permission achievement method, a user can simply achieve data permission configuration through a unit configuration page, a high-level configuration method is provided for a high-level user, the data permission is controlled through a mode of sql analysis or intervention during page execution or display, and a business developer is not influenced.

Description

A kind of implementation method of data permission
Technical field
The present invention relates to data permission technical field, particularly a kind of implementation method of data permission, it is applied to the system needing to control user data access rights, such as: infosystem, and enterprise management software system etc.
Background technology
In existing ERP system, generally can not according to the difference of user, the service authority showing different business datums or each module controls to be that business development personnel write respectively, and efficiency is very low.Also there is following point in prior art:
User does not carry out setting data authority by configuration mode, or configuration mode complexity is not easy to operate, and simple control can not meet the demand of advanced level user;
The business development personnel of each module need to consider data permission on stream, and each sql inquiry, each list will process separately.
Therefore, need to develop a set of business realizing, for different users, them can be made to see different data acquisitions by the mode of configuration; And do not affect the exploitation of business function, be the research direction place of those skilled in the art.
Summary of the invention
Fundamental purpose of the present invention is to provide a kind of implementation method of data permission, solves the problem that different user has different pieces of information authority; And be transparent to service logic developer, business development personnel do not need the problem considering that data permission is relevant.
In order to achieve the above object, the invention provides a kind of implementation method of data permission, it comprises the steps:
Carry out data permission configuration;
Sql parsing is carried out according to data permission configuration;
Data permission sql after resolving is performed;
Obtain the result set after data permission filtration.
Wherein: carry out data permission configuration and comprise following sub-step:
The project needing control authority is set;
Authority items is tied to user, makes user can only see the project being associated with oneself.
Wherein, carry out data permission configuration and also comprise sql is set, authority items is carried out to the sub-step of advanced inquiry.
Wherein, in the step arranging the project needing control authority, arranging the project needing control authority, is a field of setting data storehouse table.
Wherein, carry out sql parsing according to data permission configuration and comprise following sub-step:
Add when configuration sql and explain@filter;
When execution sql statement, call sqlannotation.filter service, according to data permission configuration, sql statement is processed.
Wherein, the step processed sql statement is the value table name in@filter note or expression formula being replaced with data permission configuration.
Wherein, the definition mode that@filter adopts is: single authority items, associated permissions item or comprise the associated permissions item of AND.
Wherein, the data permission sql after parsing is performed in a database.
Compared with prior art:
The present invention is by the unified configuration page, and user simply can realize the configuration of data permission, provides senior collocation method for advanced level user.Perform at the page or when display, pass through to resolve the mode control data authority of sql or intervention, not affecting business development personnel like this.
Accompanying drawing explanation
Fig. 1 is the implementation method process flow diagram of a kind of data permission of one embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing, to above-mentioned being described in more detail with other technical characteristic and advantage of the present invention.
As shown in Figure 1, the implementation method process flow diagram of a kind of data permission provided for the embodiment of the present invention.
A kind of data permission implementation method provided by the invention comprises the steps:
Step S1: carry out data permission configuration; It comprises following sub-step:
Step S11: arrange the project needing control authority is generally some tables of database; Such as, need controllers to the access of depot data, only have the personnel specified can access this warehouse, at this moment need warehouse table to be set to authority project.
Step S12: authority items is tied to user, makes user can only see the project being associated with oneself; The binding data of authority items is generally kept in database association table, and contingency table must comprise two fields, the major key of authority items and the major key of user, data in a corresponding contingency table of binding relationship.Such as, in S11 example, the corresponding relation of warehouse major key and user's major key is a binding relationship; If user Zhang San can access warehouse one, then in corresponding contingency table, data are: the id of Zhang San and the id in warehouse one.
Step S13: arrange authority sql, distributes to respective user; This is the mode of another kind of setting data authority, can configure a sql statement to authority items, and gives certain user by this right assignment; If the result that sql performs is "True", represents corresponding access rights, if be "false", then represented and do not possess access rights.Such as, Zhang San can access in warehouse, Pekinese, at this moment configures sql(from storeware where s.place=' Beijing ') and distribute to Zhang San, then Zhang San has the authority in access warehouse, Beijing.
Step S2: carry out sql parsing according to data permission configuration, the realization of data permission adopts the mode of sql parsing, and it comprises following sub-step:
Step S21: add when configuration sql and explain@filter;
Step S22: when execution sql statement, call sqlannotation.filter service, configure according to data permission, sql statement is processed, carrying out treatment step to sql statement is the value table name in@filter note or expression formula being replaced with data permission configuration, wherein :@filter can adopt following three kinds of definition modes, and correspondingly to resolve;
A. single authority items
select t.*from pl_user t @filter[pl_user]→→
select t.*from(select*from pl_user where iValid=1)t
B. associated permissions item
select t.*from ST_StkRecord t@filter[ST_StkRecorD.cCreatorGuid=Pl_user.cpkid]→→
select t.*from(select*from ST_StkRecorD ST_StkRecorD where exists(select 1 from Pl_user Pl_user whereST_StkRecorD.cCreatorGuid=Pl_user.cpkid andPl_user.cpkid=@sess:userid))t
C. the associated permissions item of AND is comprised
select t.*from ST_StkRecord t@filter[ST_StkRecorD.cCreatorGuid=Pl_user.cpkid andST_StkRecorD.cAuditorGuid=Pl_user.cpkid]→→
select t.*from(select*from ST_StkRecorD ST_StkRecorD where exists(select 1 from Pl_user Pl_user whereST_StkRecorD.cCreatorGuid=Pl_user.cpkid andST_StkRecorD.cAuditorGuid=Pl_user.cpkid andPl_user.cpkid=@sess:userid))t
Step S3: obtain the sql statement after resolving, perform in a database; Generally carry out execution sql statement by the mode of routine call: obtain DataBase combining, obtain inquiry session, open affairs, perform sql, process is abnormal, obtain rreturn value.
Step S4: the result set obtaining sql inquiry, result set is a series of data that user has permission access.Can result set be obtained by program and resolve, result display is showed user in lists or otherwise.
Compared with prior art, the embodiment of the present invention solves the problem that different user has different pieces of information authority; And be transparent to service logic developer, business development personnel do not need the problem considering that data permission is relevant.
More than illustrate just illustrative for the purpose of the present invention; and nonrestrictive, those of ordinary skill in the art understand, when not departing from the spirit and scope that claim limits; many amendments, change or equivalence can be made, but all will fall within protection scope of the present invention.

Claims (8)

1. an implementation method for data permission, is characterized in that, it comprises the steps:
Carry out data permission configuration;
Sql parsing is carried out according to data permission configuration;
Data permission sql after resolving is performed;
Obtain the result set after data permission filtration.
2. the implementation method of a kind of data permission according to claim 1, is characterized in that,
Carry out data permission configuration and comprise following sub-step:
The project needing control authority is set;
Authority items is tied to user, makes user can only see the project being associated with oneself.
3. the implementation method of a kind of data permission according to claim 2, is characterized in that, carries out data permission configuration and also comprises and arrange sql, authority items is carried out to the sub-step of advanced inquiry.
4. the implementation method of a kind of data permission according to claim 2, is characterized in that, in the step arranging the project needing control authority, arranges the project needing control authority, is a field of setting data storehouse table.
5. the implementation method of a kind of data permission according to claim 1, is characterized in that, carries out sql parsing comprise following sub-step according to data permission configuration:
Add when configuration sql and explain@filter;
When execution sql statement, call sqlannotation.filter service, according to data permission configuration, sql statement is processed.
6. the implementation method of a kind of data permission according to claim 5, is characterized in that, the step processed sql statement is the value table name in@filter note or expression formula being replaced with data permission configuration.
7. the implementation method of a kind of data permission according to claim 5, is characterized in that, the definition mode that@filter adopts is: single authority items, associated permissions item or comprise the associated permissions item of AND.
8. the implementation method of a kind of data permission according to claim 5, is characterized in that, performs in a database the data permission sql after resolving.
CN201310642062.8A 2013-12-03 2013-12-03 Data permission achievement method Pending CN104679792A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310642062.8A CN104679792A (en) 2013-12-03 2013-12-03 Data permission achievement method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310642062.8A CN104679792A (en) 2013-12-03 2013-12-03 Data permission achievement method

Publications (1)

Publication Number Publication Date
CN104679792A true CN104679792A (en) 2015-06-03

Family

ID=53314846

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310642062.8A Pending CN104679792A (en) 2013-12-03 2013-12-03 Data permission achievement method

Country Status (1)

Country Link
CN (1) CN104679792A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106250782A (en) * 2016-08-12 2016-12-21 天津西瑞尔信息工程有限公司 A kind of data permission control method resolved based on SQL statement and device
CN106469282A (en) * 2015-08-21 2017-03-01 阿里巴巴集团控股有限公司 data access authority control method and device
CN106778341A (en) * 2016-12-02 2017-05-31 华北计算技术研究所(中国电子科技集团公司第十五研究所) data right management system and method
CN108388809A (en) * 2018-01-17 2018-08-10 链家网(北京)科技有限公司 A kind of data area control method and system
CN110019335A (en) * 2017-10-17 2019-07-16 航天信息股份有限公司 A kind of method and system carrying out dynamic expansion to SQL query statement based on note
CN111339560A (en) * 2020-02-26 2020-06-26 中国邮政储蓄银行股份有限公司 Data isolation method, device and system
CN112948849A (en) * 2021-02-25 2021-06-11 浙江百应科技有限公司 Lightweight data authority control method and device and electronic equipment
CN113190864A (en) * 2021-05-21 2021-07-30 中国工商银行股份有限公司 Data access method, device, system and storage medium based on authority configuration

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1967560A (en) * 2006-11-09 2007-05-23 华为技术有限公司 Controlling method of business operations competence and generating method of relational database
CN102063479A (en) * 2010-12-22 2011-05-18 北京中电普华信息技术有限公司 Method and system for controlling data access right
CN103377336A (en) * 2013-01-21 2013-10-30 航天数联信息技术(深圳)有限公司 Method and system for controlling computer system user rights

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1967560A (en) * 2006-11-09 2007-05-23 华为技术有限公司 Controlling method of business operations competence and generating method of relational database
CN102063479A (en) * 2010-12-22 2011-05-18 北京中电普华信息技术有限公司 Method and system for controlling data access right
CN103377336A (en) * 2013-01-21 2013-10-30 航天数联信息技术(深圳)有限公司 Method and system for controlling computer system user rights

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106469282A (en) * 2015-08-21 2017-03-01 阿里巴巴集团控股有限公司 data access authority control method and device
CN106250782A (en) * 2016-08-12 2016-12-21 天津西瑞尔信息工程有限公司 A kind of data permission control method resolved based on SQL statement and device
CN106250782B (en) * 2016-08-12 2019-04-09 天津西瑞尔信息工程有限公司 A kind of data permission control method and device based on SQL statement parsing
CN106778341A (en) * 2016-12-02 2017-05-31 华北计算技术研究所(中国电子科技集团公司第十五研究所) data right management system and method
CN110019335A (en) * 2017-10-17 2019-07-16 航天信息股份有限公司 A kind of method and system carrying out dynamic expansion to SQL query statement based on note
CN110019335B (en) * 2017-10-17 2021-05-28 航天信息股份有限公司 Method and system for dynamically expanding SQL query statement based on annotation
CN108388809A (en) * 2018-01-17 2018-08-10 链家网(北京)科技有限公司 A kind of data area control method and system
CN111339560A (en) * 2020-02-26 2020-06-26 中国邮政储蓄银行股份有限公司 Data isolation method, device and system
CN112948849A (en) * 2021-02-25 2021-06-11 浙江百应科技有限公司 Lightweight data authority control method and device and electronic equipment
CN113190864A (en) * 2021-05-21 2021-07-30 中国工商银行股份有限公司 Data access method, device, system and storage medium based on authority configuration

Similar Documents

Publication Publication Date Title
CN104679792A (en) Data permission achievement method
CN108536761B (en) Report data query method and server
CN102567539B (en) Intelligent WEB report implementation method and intelligent WEB report implementation system
Haase et al. The information workbench as a self-service platform for developing linked data applications
US9361137B2 (en) Managing application parameters based on parameter types
EP3759611A1 (en) Data retention handling for data object stores
CN105487864A (en) Method and device for automatically generating code
CN103309650B (en) The generation method and apparatus of persistent layer code
KR101534153B1 (en) Method of designing business logic, server performing the same and storage media storing the same
CN102999537A (en) System and method for data migration
CN102393889A (en) Permissions configuration management system
WO2014080297A3 (en) Secure data copying
CN102810057A (en) Log recording method
CN110046287A (en) A kind of the data query method, apparatus and storage medium unrelated with type of database
WO2014074961A2 (en) Filtering views with predefined query
US10255338B2 (en) System and method for file management in data structures
CN104156640A (en) Data access right control method
US20110264703A1 (en) Importing Tree Structure
CN111177700A (en) Method and device for controlling row-level authority
US11886434B1 (en) Management of application entities
US20180173601A1 (en) Energy consumption analysis based on telemetry data
Brunozzi Big data and nosql with amazon dynamodb
CN105354891A (en) Attendance checking management method and system
US20150100888A1 (en) Providing a common interface for accessing and presenting component configuration settings
JP2011513842A5 (en)

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20150603

RJ01 Rejection of invention patent application after publication