CN111177700A - Method and device for controlling row-level authority - Google Patents
Method and device for controlling row-level authority Download PDFInfo
- Publication number
- CN111177700A CN111177700A CN201911419987.XA CN201911419987A CN111177700A CN 111177700 A CN111177700 A CN 111177700A CN 201911419987 A CN201911419987 A CN 201911419987A CN 111177700 A CN111177700 A CN 111177700A
- Authority
- CN
- China
- Prior art keywords
- row
- data
- tags
- level
- column
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2457—Query processing with adaptation to user needs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9535—Search customisation based on user profiles and personalisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9562—Bookmark management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Computational Linguistics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and a device for controlling row-level authority, wherein the method comprises the following steps: defining tags and tag groups according to an organizational schema; configuring row-level authority of each data table by using the labels and the label groups; performing white list configuration on each data sheet by marking each column of each data sheet with a column label and configuring corresponding keywords according to the column labels; and controlling the screening of data according to the configured row-level authority and the white list. In the invention, data is screened by configuring row-level authority, and data filtering of keywords is carried out by combining a white list, so that the row-level authority is effectively controlled.
Description
Technical Field
The invention relates to the field of data management, in particular to a method and a device for controlling row-level authority.
Background
In data sharing, filtering and screening are required according to different business systems, organization structures and sensitive data. How to effectively filter different users based on various organizational structures and sensitive data and screen out row-level data with authority is of great importance to data sharing nowadays. The existing permission system can not effectively control the row-level permission to adapt to different users aiming at a large amount of data.
Disclosure of Invention
The embodiment of the invention provides a method and a device for controlling row-level permission, which are used for at least solving the problem that the row-level permission cannot be effectively controlled in data sharing in the related art.
According to an embodiment of the present invention, there is provided a method for controlling row-level permissions, including: defining tags and tag groups according to an organizational schema; configuring row-level authority of each data table by using the labels and the label groups; performing white list configuration on each data sheet by marking each column of each data sheet with a column label and configuring corresponding keywords according to the column labels; and controlling the screening of data according to the configured row-level authority and the white list.
Optionally, the tag type includes at least one of: table classification tags, column classification tags, hierarchical tags, row level tags.
Optionally, the configuring of the row-level authority for each data table by using the tag and the tag group comprises: in each data sheet, a label group is configured for the fields needing filtering, and then the labels are configured according to the roles of the users.
Optionally, the screening of the control data according to the configured row-level authority and white list includes: screening out corresponding records from a data table according to the configured row-level authority, and judging whether the configured keywords exist in the field values of the records; if the keyword exists, the record is filtered.
According to another embodiment of the present invention, there is provided a control apparatus of row level authority, including: a definition module for defining tags and tag groups according to an organizational schema; the first configuration module is used for configuring the row-level authority of each data table by using the labels and the label groups; the second configuration module is used for performing white list configuration on each data sheet by marking each column of each data sheet with a column label and configuring corresponding keywords according to the column labels; and the screening module is used for controlling the screening of the data according to the configured row-level authority and the white list.
Optionally, the tag type includes at least one of: table classification tags, column classification tags, hierarchical tags, row level tags.
Optionally, the first configuration module includes: and the configuration unit is used for configuring a label group for the fields needing filtering in each data table and configuring labels according to the roles of the users.
Optionally, the screening module comprises: the screening unit is used for screening out corresponding records from the data table according to the configured row-level authority; the judging unit is used for judging whether the configured keywords exist in the field values of the records; and the filtering unit is used for filtering the record under the condition that the field value of the record has the keyword.
According to a further embodiment of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
According to yet another embodiment of the present invention, there is also provided an electronic device, including a memory in which a computer program is stored and a processor configured to execute the computer program to perform the steps in any of the above method embodiments.
In the embodiment of the invention, the data is screened by configuring the row-level authority, and the data of the keywords is filtered by combining the white list, so that the row-level authority is effectively controlled.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of a method of controlling row level permissions according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method of controlling row level permissions according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of tag classification according to an embodiment of the invention;
FIG. 4 is a control diagram of row level permissions according to an embodiment of the present invention;
FIG. 5 is a diagram illustrating a control apparatus for row-level permissions according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a control device for row-level permissions according to an alternative embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
The implementation aims to conveniently and quickly screen out data which is authorized by a user based on a complex organization structure and sensitive data.
To achieve the above object, in the present embodiment, the row level authority is controlled by combining the white list and the label.
The terms used in the present invention will be described correspondingly below.
1. Labeling: the label is an internet content organization mode, is a keyword with strong correlation, and helps people to easily describe and classify the content so as to facilitate retrieval and sharing.
2. And (3) tag group: the tags of the same type can be grouped into a tag group.
3. White list: data whitelisting is understood to mean that when a keyword is configured as a whitelist, the content contains a record of the keyword that is not visible to all people.
4. Row level permissions: in a relational database, a row of data in a data table represents a record. The row level permissions represent whether each record in the table has its own permission.
5. Permission: in the present invention, the right to view and download data is referred to.
In this embodiment, a method for controlling row-level permissions is provided, and fig. 1 is a flowchart of a method according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S102, defining tags and tag groups according to an organization architecture;
step S104, configuring row-level authority for each data table by using the labels and the label groups;
step S106, marking a column label on each column of each data sheet, and configuring corresponding keywords according to the column labels to perform white list configuration on each data sheet;
and S108, controlling the screening of data according to the configured row-level authority and the white list.
In step S102 of this embodiment, the tag type includes at least one of the following: table classification tags, column classification tags, hierarchical tags, row level tags.
In step S104 of this embodiment, in each data table, a tag group is configured for the field that needs to be filtered, and then tags are configured according to the role of the user.
In step S108 of this embodiment, a corresponding record is screened from a data table according to the configured row-level authority, and whether the configured keyword exists in the field value of the record is determined; if the keyword exists, the record is filtered.
In order to facilitate understanding of the technical solutions provided by the present invention, the following detailed description will be made with reference to embodiments of specific scenarios.
The present embodiment provides a method of controlling row-level permissions that combines whitelists and labels. As shown in fig. 2, the method of the present embodiment mainly includes the following steps:
step S201, defining labels and label groups according to the organization architecture.
As shown in fig. 3, in this embodiment, the tags may be classified into table classification tags, column classification tags, hierarchical tags, and row classification tags, and first, according to the organization structure, tags and tag groups are defined, for example, there are tag groups: city divisions, with labels: changsha, Tanzhou, Yueyang, etc.
Step S202, configuring the row-level authority for each table, and configuring a label group for the field needing to be filtered. And configuring the upper label according to different roles corresponding to different users.
For example: and configuring a city division tag group for the household address field of the person table, and then configuring a role corresponding to the policeman in Changsha with the label of Changsha, so that the policeman in Changsha can see that the value of the household address field in the data contains the people in Changsha, but the other data have no authority.
Step S203, white list configuration is performed on each table, a list label needs to be marked on each list of each table, then corresponding keywords are configured according to the list label, and if relevant keywords are included in the field value, the record is filtered.
And step S204, controlling the screening of data according to the configured row-level authority and the white list.
As shown in fig. 4, data is screened by combining the row-level tag group and the tags, data is filtered by combining the white list and the column tags, and data screening and filtering corresponding to different authorities according to different roles are realized by combining the white list and the tags.
In this embodiment, data is screened by configuring row-level permissions, and data filtering of keywords is performed in combination with a white list, so that row-level permissions are effectively controlled.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
In this embodiment, a control device of row-level permissions is also provided, and the device is used to implement the foregoing embodiments and preferred embodiments, and the description that has been already made is omitted. As used below, the term "module" or "unit" may implement a combination of software and/or hardware of predetermined functions. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 5 is a block diagram illustrating a structure of a control apparatus for row-level permissions according to an embodiment of the present invention, and as shown in fig. 5, the apparatus includes a definition module 10, a first configuration module 20, a second configuration module 30, and a filtering module 40.
A definition module 10 for defining tags and tag groups according to an organizational scheme.
And the first configuration module 20 is used for configuring row-level authority of each data table by using the tags and the tag groups.
The second configuration module 30 is configured to perform white list configuration on each data table by marking each column of each data table with a column tag and configuring a corresponding keyword according to the column tag.
And the screening module 40 is used for controlling the screening of the data according to the configured row-level authority and the white list.
Fig. 6 is a block diagram of a control apparatus for row-level permissions according to an embodiment of the present invention, and as shown in fig. 6, the apparatus includes, in addition to all the modules shown in fig. 5, a first configuration module 20 including: the configuration unit 201 is configured to configure a tag group for a field to be filtered in each data table, and then configure a tag according to a role of a user.
In this embodiment, the screening module 40 includes: the screening unit 401 is configured to screen out corresponding records from the data table according to the configured row-level permissions; a judging unit 402, configured to judge whether there is the configured keyword in the field value of the record; a filtering unit 403, configured to filter out the record if the field value of the record has the keyword.
It should be noted that, the above modules or units can be implemented by software or hardware, and for the latter, the following modes can be implemented, but are not limited to the following modes: the modules are all positioned in the same processor; alternatively, the modules are respectively located in different processors in any combination.
Embodiments of the present invention also provide a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, defining labels and label groups according to the organization architecture;
s2, configuring row-level authority for each data sheet by using the labels and the label groups;
s3, performing white list configuration on each data sheet by marking each column of each data sheet with a column label and configuring corresponding keywords according to the column label;
and S4, controlling the screening of data according to the configured row-level authority and the white list.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing computer programs, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Embodiments of the present invention also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, defining labels and label groups according to the organization architecture;
s2, configuring row-level authority for each data sheet by using the labels and the label groups;
s3, performing white list configuration on each data sheet by marking each column of each data sheet with a column label and configuring corresponding keywords according to the column label;
and S4, controlling the screening of data according to the configured row-level authority and the white list.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for controlling row-level permissions, comprising:
defining tags and tag groups according to an organizational schema;
configuring row-level authority of each data table by using the labels and the label groups;
performing white list configuration on each data sheet by marking each column of each data sheet with a column label and configuring corresponding keywords according to the column labels;
and controlling the screening of data according to the configured row-level authority and the white list.
2. The method of claim 1, wherein the tag type comprises at least one of: table classification tags, column classification tags, hierarchical tags, row level tags.
3. The method of claim 1, wherein configuring row-level permissions for each data table using the tags and tag groups comprises:
in each data sheet, a label group is configured for the fields needing filtering, and then the labels are configured according to the roles of the users.
4. The method of claim 1, wherein the screening of the row-level permissions and whitelist control data according to the configuration comprises:
screening out corresponding records from a data table according to the configured row-level authority, and judging whether the configured keywords exist in the field values of the records;
if the keyword exists, the record is filtered.
5. A control apparatus for row-level permissions, comprising:
a definition module for defining tags and tag groups according to an organizational schema;
the first configuration module is used for configuring the row-level authority of each data table by using the labels and the label groups;
the second configuration module is used for performing white list configuration on each data sheet by marking each column of each data sheet with a column label and configuring corresponding keywords according to the column labels;
and the screening module is used for controlling the screening of the data according to the configured row-level authority and the white list.
6. The apparatus of claim 5, wherein the tag type comprises at least one of: table classification tags, column classification tags, hierarchical tags, row level tags.
7. The apparatus of claim 5, wherein the first configuration module comprises:
and the configuration unit is used for configuring a label group for the fields needing filtering in each data table and configuring labels according to the roles of the users.
8. The apparatus of claim 5, wherein the screening module comprises:
the screening unit is used for screening out corresponding records from the data table according to the configured row-level authority;
the judging unit is used for judging whether the configured keywords exist in the field values of the records;
and the filtering unit is used for filtering the record under the condition that the field value of the record has the keyword.
9. A computer-readable storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the method of any of claims 1 to 4 when executed.
10. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the computer program to perform the method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911419987.XA CN111177700A (en) | 2019-12-31 | 2019-12-31 | Method and device for controlling row-level authority |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911419987.XA CN111177700A (en) | 2019-12-31 | 2019-12-31 | Method and device for controlling row-level authority |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111177700A true CN111177700A (en) | 2020-05-19 |
Family
ID=70655947
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911419987.XA Pending CN111177700A (en) | 2019-12-31 | 2019-12-31 | Method and device for controlling row-level authority |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111177700A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112287365A (en) * | 2020-10-23 | 2021-01-29 | 烽火通信科技股份有限公司 | Binary-based database permission control method, device, medium and system |
| CN113656827A (en) * | 2021-07-19 | 2021-11-16 | 中共四川省委组织部 | Method for realizing row-level authority control based on domestic database |
| CN113934995A (en) * | 2021-09-15 | 2022-01-14 | 南方电网深圳数字电网研究院有限公司 | Rank authority setting method and device applied to data access |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424287A (en) * | 2013-08-30 | 2015-03-18 | 深圳市腾讯计算机系统有限公司 | Query method and query device for data |
| CN106960030A (en) * | 2017-03-21 | 2017-07-18 | 北京百度网讯科技有限公司 | Pushed information method and device based on artificial intelligence |
| CN107391532A (en) * | 2017-04-14 | 2017-11-24 | 阿里巴巴集团控股有限公司 | The method and apparatus of data filtering |
| CN110162994A (en) * | 2019-04-16 | 2019-08-23 | 深圳壹账通智能科技有限公司 | Authority control method, system, electronic equipment and computer readable storage medium |
| CN110427775A (en) * | 2019-07-25 | 2019-11-08 | 北京明略软件系统有限公司 | Data query authority control method and device |
-
2019
- 2019-12-31 CN CN201911419987.XA patent/CN111177700A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424287A (en) * | 2013-08-30 | 2015-03-18 | 深圳市腾讯计算机系统有限公司 | Query method and query device for data |
| CN106960030A (en) * | 2017-03-21 | 2017-07-18 | 北京百度网讯科技有限公司 | Pushed information method and device based on artificial intelligence |
| CN107391532A (en) * | 2017-04-14 | 2017-11-24 | 阿里巴巴集团控股有限公司 | The method and apparatus of data filtering |
| CN110162994A (en) * | 2019-04-16 | 2019-08-23 | 深圳壹账通智能科技有限公司 | Authority control method, system, electronic equipment and computer readable storage medium |
| CN110427775A (en) * | 2019-07-25 | 2019-11-08 | 北京明略软件系统有限公司 | Data query authority control method and device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112287365A (en) * | 2020-10-23 | 2021-01-29 | 烽火通信科技股份有限公司 | Binary-based database permission control method, device, medium and system |
| CN113656827A (en) * | 2021-07-19 | 2021-11-16 | 中共四川省委组织部 | Method for realizing row-level authority control based on domestic database |
| CN113934995A (en) * | 2021-09-15 | 2022-01-14 | 南方电网深圳数字电网研究院有限公司 | Rank authority setting method and device applied to data access |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101448002B (en) | Method and device for accessing digital resources | |
| CN100430951C (en) | Systems and methods of access control enabling ownership of access control lists to users or groups | |
| EP2521066A1 (en) | Fine-grained relational database access-control policy enforcement using reverse queries | |
| CN110427775B (en) | Data query authority control method and device | |
| CN111177700A (en) | Method and device for controlling row-level authority | |
| US20120290544A1 (en) | Data compliance management | |
| CN113821777B (en) | Authority control method and device, computer equipment and storage medium | |
| CN107465687B (en) | Method, device and terminal for realizing permission configuration | |
| CN111966866A (en) | Data asset management method and device | |
| CN106503274A (en) | A kind of Data Integration and searching method and server | |
| CN110956431A (en) | Data authority control method and system, computer device and readable storage medium | |
| CN103150320A (en) | Systems and methods for electronically publishing content | |
| US20100114895A1 (en) | System and Method for Administering Data Ingesters Using Taxonomy Based Filtering Rules | |
| CN111460496A (en) | Permission configuration method based on user role, electronic device and storage medium | |
| CN104461634B (en) | The loading method and device of sharing module on webpage | |
| US20140365498A1 (en) | Finding A Data Item Of A Plurality Of Data Items Stored In A Digital Data Storage | |
| CN104063636A (en) | Role permission control method and system | |
| CN106844497A (en) | The check device and method of a kind of database code | |
| CN108228691B (en) | Processing method of data elements in government information management | |
| CN105844156A (en) | Process information acquisition method and device and electronic equipment | |
| CN109992980A (en) | A kind of user right multi-model management method | |
| CN109299613B (en) | Database partition authority setting method and terminal equipment | |
| CN116579007A (en) | Fine-grained data access right control method, device, equipment and storage medium | |
| CN110019229B (en) | Database configuration system | |
| CN105740251A (en) | Method and system for integrating different content sources in bus manner |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200519 |