CN108153799A - Access and control strategy of database method, apparatus and Database Systems - Google Patents

Access and control strategy of database method, apparatus and Database Systems Download PDF

Info

Publication number
CN108153799A
CN108153799A CN201611113770.2A CN201611113770A CN108153799A CN 108153799 A CN108153799 A CN 108153799A CN 201611113770 A CN201611113770 A CN 201611113770A CN 108153799 A CN108153799 A CN 108153799A
Authority
CN
China
Prior art keywords
node
data base
distributed data
user
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611113770.2A
Other languages
Chinese (zh)
Other versions
CN108153799B (en
Inventor
范孝剑
张广舟
林晓斌
窦贤明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Cloud Computing Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201611113770.2A priority Critical patent/CN108153799B/en
Publication of CN108153799A publication Critical patent/CN108153799A/en
Application granted granted Critical
Publication of CN108153799B publication Critical patent/CN108153799B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2471Distributed queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Software Systems (AREA)
  • Probability & Statistics with Applications (AREA)
  • Fuzzy Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

This application discloses a kind of Access and control strategy of database method, apparatus and Database Systems, this method to include:Management node in distributed data base receives the data manipulation sentence of user;The management node having permission in the node of the distributed data base performs the corresponding data operation request of data manipulation sentence on node, wherein, this has permission the node that the user in the node that node is the distributed data base has the access rights of the corresponding data manipulation type of the data manipulation sentence.The scheme of the embodiment of the present application can avoid user from performing data operation request in the node for not having access rights, reduce influencing each other between the data access of different user.

Description

Access and control strategy of database method, apparatus and Database Systems
Technical field
This application involves database field more particularly to Access and control strategy of database method, apparatus and Database Systems.
Background technology
In distributed data base system, it can generally set and the permission of database, table, user, row is controlled, control is each The data that user can see.
In practical application, distributed data base system has multiple users, it is thus possible to can there are multiple users to be total to The situation of a tables of data is enjoyed, wherein each user can only see the data for oneself having permission and seeing.Existing database is realized multiple The common method that users to share one opens table is:When user inquires this table, injection condition in queries, such as user A are only transported Row inquiry field c is 1 data record, etc..
In the existing mode for realizing same table of multiple users share, distributed data base system does not carry out object to data Reason isolation, and each user is used in conjunction with all nodes of distributed data base system, it can between the performance of each user It can interact.
How according to the data access of the access privilege control user of control user, and the data access of different user is reduced Between influence each other, be technical problems to be solved in this application.
Invention content
The purpose of the embodiment of the present application is to provide a kind of Access and control strategy of database method, apparatus and Database Systems, to subtract Influencing each other between the data access of different user in few distributed data base system.
The embodiment of the present application uses following technical proposals:
In a first aspect, providing a kind of Access and control strategy of database method, this method includes:Management in distributed data base Node receives the data manipulation sentence of user;The management node having permission in the node of the distributed data base is held on node The row corresponding data operation request of data manipulation sentence, wherein, this is had permission in the node that node is the distributed data base The user has the node of the access rights of the corresponding data manipulation type of the data manipulation sentence.
Second aspect, it is proposed that a kind of Access and control strategy of database method, including:Non-management node in distributed data base Receive the data operation request that the management node in the distributed data base is sent according to the data manipulation sentence of user;The non-pipe Reason node determines that the user performs the access rights of the data operation request in the non-management node;When the non-management node determines The user has when the non-management node performs the access rights of the data operation request, which performs the data Operation requests, and return to the management node implementing result of the data operation request;Alternatively, when the non-management node determines this User does not have when the non-management node performs the access rights of the data operation request, and empty result is returned to the management node Collection;Wherein, which stores the information of the user of the distributed data base to the access rights of the non-management node.
The third aspect, it is proposed that a kind of Access and control strategy of database device, the device are applied to the management of distributed data base Node, the device include:Receiving unit and execution unit, wherein, which receives the data manipulation sentence of user;This is held Row unit having permission in the node of the distributed data base performs the corresponding data manipulation of data manipulation sentence on node Request, wherein, this has permission the user in the node that node is the distributed data base, and to have the data manipulation sentence corresponding The node of the access rights of data manipulation type.
Fourth aspect, it is proposed that a kind of Access and control strategy of database device, the device are applied to the non-pipe of distributed data base Node is managed, which includes:Receiving unit, determination unit, transmitting element and execution unit, wherein, which receives should The data operation request that management node in distributed data base is sent according to the data manipulation sentence of user;The determination unit is true The fixed user performs the access rights of the data operation request in the non-management node;When the determination unit determines that the user has When the non-management node performs the access rights of the data operation request, which performs the data operation request, and The implementing result of the data operation request is returned to the management node by the transmitting element;Alternatively, when the determination unit determines The user does not have when the non-management node performs the access rights of the data operation request, which passes through the transmission Unit returns to empty result set to the management node;Wherein, which stores the user of the distributed data base to this The information of the access rights of non-management node.
5th aspect, it is proposed that a kind of distributed data base system, including:Management node and non-management node, wherein, pipe Reason node includes the Access and control strategy of database device of the third aspect, and non-management node includes the Access and control strategy of database of fourth aspect Device.
Above-mentioned at least one technical solution that the embodiment of the present application uses can reach following advantageous effect:
In the embodiment of the present application, by the table for carrying out data manipulation being needed to be distributed according to the data manipulation sentence of user Data distribution request in formula database determines the node for needing to access, and then has data manipulation sentence correspondence in user The access rights of data manipulation type have permission on node, perform the corresponding data operation request of data manipulation sentence, So as to which user is avoided to perform data operation request in the node for not having access rights, reduce distribution to a certain extent Influencing each other between the data access of different user in formula database.
Description of the drawings
Attached drawing described herein is used for providing further understanding of the present application, forms the part of the application, this Shen Illustrative embodiments and their description please do not form the improper restriction to the application for explaining the application.In the accompanying drawings:
Fig. 1 is the method flow diagram of one embodiment Access and control strategy of database of the application.
Fig. 2 is the method flow diagram of another embodiment Access and control strategy of database of the application.
Fig. 3 is the method flow diagram of the further embodiment Access and control strategy of database of the application.
Fig. 4 is the method flow diagram of the further embodiment Access and control strategy of database of the application.
Fig. 5 is the method flow diagram of the further embodiment Access and control strategy of database of the application.
Fig. 6 is the interaction diagrams of the further embodiment Access and control strategy of database of the application.
Fig. 7 is the interaction diagrams of the further embodiment Access and control strategy of database of the application.
Fig. 8 is the method flow diagram of the further embodiment Access and control strategy of database of the application.
Fig. 9 is the structure diagram of one embodiment electronic equipment of the application.
Figure 10 is the structure diagram of another embodiment Access and control strategy of database device of the application.
Figure 11 is the structure diagram of one embodiment Access and control strategy of database device of the application.
Specific embodiment
Purpose, technical scheme and advantage to make the application are clearer, below in conjunction with the application specific embodiment and Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing Go out all other embodiments obtained under the premise of creative work, shall fall in the protection scope of this application.
In order to facilitate the embodiment of the present application is understood, introduced first at this embodiment of the present application description in can introduce it is several will Element.
Distributed data base:Finger is connected the multiple data storage cells physically disperseed using information autobahn To form a unified database in logic.The basic thought of distributed data base is by the number in original centralized database According to dispersion storage on multiple data memory nodes by network connection, to obtain the memory capacity of bigger and higher concurrent Visit capacity.
In the management system of distributed data base, it may include the data base management system (Local of local field ground DBMS, LDBMS) and global data library management system (Global DBMS, GDBMS).Wherein,
The major function of LDBMS is foundation and management local data bank, provides site autonomy ability, perform topical application and The subquery of global query.
The major function of GDBMS is to provide distribution transparency, coordinates the execution of global things, coordinates each part DBMS with complete Into global application, ensure the global coherency of database, perform con current control, realize that update synchronizes, global repair function is provided Deng.
In each node of distributed data base, the node for disposing GDBMS can be described as host node, be for coordinating and managing The node of distributed data base.It should be understood, of course, that other coordinated management distributed data bases can also be disposed on the primary node Management system, title is not necessarily GDBMS, but the management system centainly has GDBMS coordinated management distributed data bases The function of node.The management node being previously mentioned in this application, as host node.
Other nodes for disposing LDBMS of distributed data base can be described as from node.What is be previously mentioned in this application is non- Management node, as from node.
Below in conjunction with attached drawing, the technical solution that each embodiment of the application provides is described in detail.
Fig. 1 is the method flow diagram of one embodiment Access and control strategy of database of the application.The method of Fig. 1 is by distributed number It is performed according to the management node in library.It should be understood that the management node that the application is previously mentioned, refers both to the main section in distributed data base Point is used to coordinate and manage the node of distributed data base.In distributed data base, the node other than management node is referred to as non- Management node, the also slave node or branch node as in distributed data base.The method of Fig. 1 includes:
S110, the management node in distributed data base receive the data manipulation sentence of user.
It should be understood that in the embodiment of the present application, management node is the node for coordinating and managing the distributed data base, i.e., The host node of distributed data base.In other words, node of the management node to dispose GDBMS in the node of distributed data base. It should be understood that in the embodiment of the present application, management node can also have other than having management function and perform data manipulation sentence pair The data operation request and the function of execution result back answered;Certainly, management node, which can not also have, performs data manipulation language The function of the corresponding data operation request of sentence, the embodiment of the present application are not limited herein.
It should be understood that in the embodiment of the present application, which can include data query sentence select sentences, Or data manipulation statement such as insert sentences, update sentences, delete sentences etc..
S120, management node having permission in the node of the distributed data base perform the data manipulation sentence on node Corresponding data operation request.
Wherein, having permission the user in the node that node is the distributed data base, to have the data manipulation sentence corresponding The node of the access rights of data manipulation type.
It should be understood that in the embodiment of the present application, the user of distributed data base may include the access rights of node following It is at least one:
The role of the user of the distributed data base is to the node middle finger fixed number of the distributed data base according to action type Access rights;
The user of the distributed data base is to the node middle finger fixed number of the distributed data base according to the access right of action type Limit.
For example, it is assumed that user A is authorized to the access rights of select types in node 1, then node 1 can perform user A's Select sentences;In another example the role of user B is operational group, operational group is authorized to delete types and update classes in node 2 Type, then node 2 can perform the delete sentences of user B and update sentences.
It should be understood, of course, that the access rights of the embodiment of the present application interior joint only determine whether user has certain number According to the access rights of action type, in a particular application, it is also necessary to which whether there is the visit of tables of data to be operated in view of user Ask permission.
In the embodiment of the present application, by the table for carrying out data manipulation being needed to be distributed according to the data manipulation sentence of user Data distribution request in formula database determines the node for needing to access, and then has data manipulation sentence correspondence in user The access rights of data manipulation type have permission on node, perform the corresponding data operation request of data manipulation sentence, So as to which user is avoided to perform data operation request in the node for not having access rights, reduce distribution to a certain extent Influencing each other between the data access of different user in formula database.
It should be understood that in the embodiment of the present application, management node can also need the table operated to exist according to the data manipulation sentence Data distribution situation in the distributed data base determines the node of the data there are the table.At this point, step S120 is implemented For:
Data distribution of the table that the management node is operated according to data manipulation sentence needs in the distributed data base Situation determines that there are at least one nodes of the data of the table in the node of the distributed data base;The management node at this extremely Having permission in a few node performs the corresponding data operation request of data manipulation sentence on node.
Before the corresponding data operation request of data manipulation sentence is performed, it can need to operate according to the data manipulation sentence Table data each node in distributed data base data distribution situation, determine with the table data node. That is performing data manipulation type as inquiry (select) type, update (update) type or deleting (delete) class During the data manipulation sentence of type, the node of the data there is no the table is may skip, effect is performed so as to improve data manipulation sentence Rate.
For example, it is assumed that the data manipulation sentence is " select*from table1 ", it is table1 to need the table operated.It is false If distributed data base shares totally 5 nodes of 1~node of node 5, wherein table1 has data in node 1, node 3 and node 5, It then may skip node 2 and node 4 at this time, only need to consider to perform the data manipulation sentence on node 1, node 3 and node 5.When So, it should be appreciated that in the embodiment of the present application, it is also necessary to determined according to user in the access rights of node 1, node 3 and node 5 be It is no that the data manipulation sentence is performed on node 1, node 3 or node 5.
In the embodiment of the present application, pass through the number according to the table that operates of data manipulation sentence needs in distributed data base The node of the table data is filtered out according to distribution situation, so as to avoid that inquiry (select) is performed on the node without the table data Type, update (update) type or the data manipulation sentence for deleting (delete) type, hold so as to improve distributed data base The efficiency of row data action statement.
Fig. 2 is the method flow diagram of the further embodiment Access and control strategy of database of the application.Optionally, as a reality Example is applied, as shown in Fig. 2, step S120 is implemented as:Step S121 and step S122.
S121, management node is according to the data manipulation type and the user of the data manipulation sentence in the distributed data base Node access rights, determine to have permission node in the node of the distributed data base.
Wherein, management node stores the access right of the user of the distributed data base to the node of the distributed data base The information of limit.
S122, have permission node of the management node other than management node send the corresponding data behaviour of the data manipulation sentence It asks, having permission node with request performs the data operation request.
It should be understood that in the embodiment of the present application, for inquiry (select) type, update (update) type or deletion (delete) the data manipulation sentence of type, if the data in the table that management node is operated by data manipulation sentence needs are divided Cloth situation determines in the node of the distributed data base that there are at least one node of the table data then management node only needs really Node is had permission, and the node that has permission at least one node sends the data manipulation in fixed at least one node The corresponding data operation request of sentence.
In the embodiment of the present application, access of the management node according to the user that store in management node on each node Authority information, determines the node that has permission of user Internet access in the node of the distributed data base, and to management node with Outer has permission node transmission data operation requests, so as to the access rights according to the node stored in management node, really Surely the node of execution data operation request is needed, and user is avoided to perform data manipulation in the node for not having access rights and is asked It asks, reduces influencing each other between the data access of different user to a certain extent.
In addition, the method for the embodiment of the present application, additionally it is possible to improve the execution efficiency for performing data manipulation sentence.
Optionally, as another embodiment, step S120 is implemented as:Management node is sent out at least one node The data operation request is given, the node that has permission at least one node to be asked to perform the data operation request, wherein, it should Each node in the node of distributed data base stores the user of the distributed data base to the access rights of the node Information.
It should be understood that if the node for receiving the data operation request has permission, directly perform, return performs knot Fruit.For query statement, cancel statement and update sentence, the row record being related to is had existed in corresponding node;For inserting Enter sentence, the node for receiving the data operation request has permission, then the data operation request is inserted into the node and is asked The record of insertion.It should be understood that for being inserted into sentence, it will usually provide distribution rule of the data being inserted into each node.For example, In the rule of ID card No., front two represents province, and when the beginning that the identity card of insertion records, two are 34, then it represents that should Anhui is recorded as, meeting the identity card record of the rule will be put on the node of Anhui.It should be understood, of course, that the embodiment of the present application The insertion rule being previously mentioned is only schematical, in practical application scenarios, it is understood that there may be more complicated insertion rule or Person may not limit data distribution when being inserted into.
In the embodiment of the present application, when the access rights of user are stored in each node, management node is to the distribution The node of database sends the data operation request, so as to which the node execution that has permission for asking the access rights with the user is somebody's turn to do Data operation request can avoid the user for not having access rights from performing the data operation request, reduce to a certain extent Influencing each other between the data access of different user.
Fig. 3 is the method flow diagram of the further embodiment Access and control strategy of database of the application.Optionally, as a reality Example is applied, as shown in figure 3, after step S120, this method may also include step S130.
S130, management node determine lack of competence node of the data manipulation sentence in the node of the distributed data base Implementing result is empty result set.
Wherein, lack of competence node is that the user does not have the data manipulation sentence pair in the node of the distributed data base The node of the access rights of data manipulation type answered.
Fig. 4 is the method flow diagram of the further embodiment Access and control strategy of database of the application.Optionally, as a reality Example is applied, as shown in figure 4, step S130 is implemented as:Step S131 and step S132.
S131, management node is according to the data manipulation type and the user of the data manipulation sentence in the distributed data base Node in access rights, determine the lack of competence node in the node of the distributed data base.
Wherein, management node stores the access right of the user of the distributed data base to the node of the distributed data base The information of limit.
S132, management node determine that the data manipulation sentence in the implementing result of lack of competence node is empty result set.
In the embodiment of the present application, management node is according to the information of the access rights that this node is stored in management node, It determines that user does not have the lack of competence node of access rights, and directly determines execution of the data manipulation sentence in lack of competence node As a result it is empty result set, so as to improve the execution efficiency of data manipulation sentence, and user is avoided not have access rights Node performs data operation request, reduces influencing each other between the data access of different user to a certain extent.
Fig. 5 is the method flow diagram of the further embodiment Access and control strategy of database of the application.Optionally, as a reality Example is applied, as shown in figure 5, step S130 is implemented as:Step 133 and step 134.
133, management node sends the corresponding data manipulation of data manipulation sentence to the node of the distributed data base please It asks, which is performed with the node for asking the distributed data base, wherein, in the node of the distributed data base Each node stores the information of the user of the distributed data base to the access rights of the node.
134, management node receives the empty result set of lack of competence node feeding back, and confirms the data manipulation sentence in lack of competence The implementing result of node is empty result set.
In the embodiment of the present application, when the access rights of user are stored in each node, management node is to the distribution The node of database sends the data operation request, so as to ask the lack of competence node of the access rights without the user direct Empty result set is returned, the user for not having access rights can be avoided to perform the data operation request, reduced to a certain extent Influencing each other between the data access of different user.
In the following, the method for the embodiment of the present application will be further described in conjunction with specific embodiments.
Fig. 6 is the interaction diagrams of one embodiment Access and control strategy of database method of the application.Implementation shown in Fig. 6 In example, management node is the host node of distributed data base, and it is the node that user has permission to have permission node, and lack of competence node is User the node not having permission to access.In the embodiment of the present application, the data manipulation sentence of user performs in management node, pipe Store access rights of the user to data manipulation type each in each node of distributed data base on reason node.The application The method of embodiment is suitable for the data manipulation sentence of select types, delete types, Insert types and update types. It should be understood that management node can have permission node or lack of competence node, this is not restricted for the embodiment of the present application.
The idiographic flow of Fig. 6 is as follows:
610, management node receives the data manipulation sentence of user.
It should be understood that when management node receives the data manipulation sentence of user, it can be by data manipulation statement translation into corresponding Data operation request.
620, management node analyzes the data distribution situation of the data manipulation sentence table to be operated, and determines that there are the tables Data at least one node.
Management node can determine the table to be operated, and analyze in the table by the syntax parsing to data action statement Data distribution situation, so as to filter out, there are at least one nodes of the data of the table in the node of the distributed data base.
For example, it is assumed that the data manipulation sentence that user A needs perform is " select*from table1 ", need what is operated Table is table1;And assume that distributed data base shares totally 5 nodes of 1~node of node 5, wherein, node 1 is management node, Table1 has data in node 1, node 3 and node 5.Node 1 can filter out the node of the data there are table1 at this time, that is, save Point 1, node 3 and node 5.
It should be understood, of course, that step 620 is optionally, management node can not perform step 620 and directly perform step 630 Method.
630, management node determines to have permission node and lack of competence node, and the implementing result of determining lack of competence node is sky Result set.
In the embodiment of the present application, management node according to the user recorded in authority list each node access rights, Can determine user have the right to perform the data manipulation sentence have permission node and user haves no right to perform the nothing of the data manipulation sentence Permission node.
It should be understood that if management node performs step 620, management node can determine with data in act 630 Have permission node.
For lack of competence node, management node can determine that its implementing result is empty result set.
For having permission node, management node also needs to perform step 640.
For example, it is assumed that distributed data base includes 1~node of node 5, it is assumed that user A is authorized to node 1, node 2 and section The access rights of select types in point 3.Then to have permission node, node 4 and node 5 are for node 1, node 2 and node 3 at this time Lack of competence node.
At this point, management node can directly determine that the implementing result of node 4 and node 5 is empty result set.
640, management node is to having permission the corresponding data operation request of node transmission data action statement.
It should be understood that if management node is to have permission node, only need to perform data operation request and feedback result.
It should be understood that for the data manipulation sentence of select types, delete types and update types, management node needs Data there are the table that will be other than management node have permission node transmission data operation requests, and each node that has permission is held Capable data operation request generally can be identical.
Specifically, such as:
If management node (node 1) screening egress 1, node 3 and node 5 are the node there are table1 data, and Determine that node 1, node 2 and node 3 to have permission node, determine that node 4 and node 5 are lack of competence node, then management node Need the implementing result of node 1 and node 3;In addition, since node 1 is management node, management node is needed to node 3 Transmission data operation requests.
If management node is not filtered out, there are the nodes of table1 data, and only node 1, node 2 and node 3 is have Permission node determines that node 4 and node 5 are lack of competence node, then management node needs node 1, node 2 and node 3 to perform knot Fruit, management node are needed to 3 transmission data operation requests of node 2 and node.
It should be understood that for the data manipulation sentence of insert types, then need, according to predefined rule, to be grasped according to data Make sentence and generate the corresponding data operation request of each node.
For example, it is assumed that the data to be inserted into are ID card information, wherein, each province is inserted into respectively corresponding to each province Node.Assuming that the data to be inserted into include the information of Beijing (11), Anhui (35) and Fujian (35), then generation is needed for inserting Enter the data operation request 1 of Beijing data, for the data operation request 2 of being inserted into Anhui data and for being inserted into Fujian data Data operation request 3, wherein, data operation request 1, data operation request 2 and data operation request 3 are all inserted into for data please It asks, is sent respectively to the corresponding node in Beijing, the corresponding node of the corresponding node in Anhui and Fujian.
650, it has permission node and performs data operation request.
660, have permission node feeding back implementing result.
The specific implementation of step 650 and step 660 can refer to the prior art, repeat no more.
Fig. 7 is the interaction diagrams of one embodiment Access and control strategy of database method of the application.Implementation shown in Fig. 7 In example, management node is the host node of distributed data base, and it is the node that user has permission to have permission node, and lack of competence node is User the node not having permission to access.In the embodiment of the present application, the data manipulation sentence of user performs in management node, uses The access rights of data manipulation type each in each node are stored in each node at family respectively.The side of the embodiment of the present application Method is suitable for the data manipulation sentence of select types, delete types, Insert types and update types.It should be understood that pipe It can have permission node or lack of competence node to manage node, and this is not restricted for the embodiment of the present application.
The idiographic flow of Fig. 7 is as follows:
710, management node receives the data manipulation sentence of user.
It should be understood that when management node receives the data manipulation sentence of user, it can be by data manipulation statement translation into corresponding Data operation request.
720, management node analyzes the data distribution situation of the data manipulation sentence table to be operated, and determines that there are the tables Data at least one node.
The specific implementation of step 710 and step 720 can refer to the step 710 and step 720 of Fig. 7, repeat no more.
730, the corresponding data operation request of management node transmission data action statement.
Management node is needed to there are the corresponding data operation request of node transmission data action statement of the data of the table, It implements the step 640 that can refer to embodiment illustrated in fig. 6.
It should be understood, of course, that at this point, management node can determine that the implementing result of the node of the data there is no the table is tied to be empty Fruit collects.
740, the node of distributed data base determines the access rights of user.
Each node of distributed data base determines whether user has the right to perform the data manipulation according to data operation request Corresponding data manipulation type is asked, so as to can determine that the node has permission node or lack of competence node.
For lack of competence node, step 750 is performed;For having permission node, step 760 and step 770 are performed.
750, lack of competence node feeding back sky result set.
When the node for receiving the data operation request determines that user haves no right to access the corresponding data of the data operation request During action type, i.e., when the node is lack of competence node, which need not perform the data operation request, directly to management node Feedback air result set.
760, it has permission node and performs data operation request.
770, have permission node feeding back implementing result.
When the node for receiving the data operation request determines the corresponding data of user's Internet access data operation request During action type, i.e., the node can perform data operation request and execution result back when having permission node, to have permission node, Specific implementation can refer to the prior art, repeat no more.
Fig. 8 is the method flow diagram of another embodiment Access and control strategy of database of the application.The method of Fig. 8 is by non-management Node performs.The node of distributed data base belonging to the non-management node of the embodiment of the present application includes management node and at least One non-management node, management node are the node for coordinating and managing the distributed data base, and non-management node is saved for management Node other than point.In specific application, management node is generally the host node of distributed data base, and non-management node is divides The slave node of cloth database.The method of Fig. 8 includes:
S810, non-management node receive the data operation request that management node is sent according to the data manipulation sentence of user.
S820, non-management node determine that the user performs the access rights of the data operation request in non-management node.
S830, when non-management node determines that the user has the access right that the data operation request is performed in non-management node In limited time, non-management node performs the data operation request, and the implementing result of the data operation request is returned to management node;Or Person, when non-management node determines that the user does not have when non-management node performs the access rights of the data operation request, to Management node returns to empty result set.
Wherein, non-management node stores the letter of the user of the distributed data base to the access rights of non-management node Breath.
In the embodiment of the present application, non-management node according to the data operation request and user of management node in non-pipe The permission of node is managed, data operation request is performed when having permission and returns to implementing result, is directly returned when not having permission Receipt row is as a result, so as to avoid user from performing data operation request in the node for not having access rights, to a certain degree On reduce influencing each other between the data access of different user.
In addition, the method for the embodiment of the present application, additionally it is possible to improve the execution efficiency for performing data manipulation sentence.
Optionally, the user of the distributed data base information of the access rights of the non-management node is included it is following at least It is a kind of:
The role of the user of the distributed data base is to the non-management node middle finger fixed number according to the access rights of action type;
The user of the distributed data base is to the non-management node middle finger fixed number according to the access rights of action type.
The specific implementation of embodiment illustrated in fig. 8 can refer to embodiment illustrated in fig. 7 right of possession limit node, lack of competence node performs Method, details are not described herein for the embodiment of the present application.
Fig. 9 shows the schematic configuration diagram of the electronic equipment of the exemplary embodiment according to the application.Please refer to Fig. 9, In hardware view, which includes processor, internal bus, network interface, memory and nonvolatile memory, certainly It is also possible that the required hardware of other business.Processor read from nonvolatile memory corresponding computer program to It in memory and then runs, the device of user interface unlock is formed on logic level.Certainly, other than software realization mode, Other realization methods, such as mode of logical device or software and hardware combining etc. is not precluded in the application, that is to say, that following The executive agent of process flow is not limited to each logic unit or hardware or logical device.
Figure 10 is the structure diagram of the Access and control strategy of database device 1000 of the embodiment of the present application.0 is please referred to Fig.1, In a kind of Software Implementation, Access and control strategy of database device 1000 is applied to the management node of distributed data base, database Access control apparatus 1000 may include receiving unit 1010 and execution unit 1020, wherein,
The receiving unit 1010 receives the data manipulation sentence of user;
The execution unit 1020 having permission in the node of the distributed data base performs the data manipulation language on node The corresponding data operation request of sentence, wherein, it has permission the user in the node that node is the distributed data base and has the data The node of the access rights of the corresponding data manipulation type of action statement.
In the embodiment of the present application, has the data manipulation sentence pair in user by the data manipulation sentence according to user The access rights of data manipulation type answered are had permission on node, and performing the corresponding data manipulation of data manipulation sentence please It asks, so as to which user is avoided to perform data operation request in the node for not having access rights, reduces to a certain extent Influencing each other between the data access of different user in distributed data base.
Optionally, the table operated as one embodiment, execution unit 1020 with specific reference to data manipulation sentence needs Data distribution situation in the distributed data base is determined in the node of the distributed data base there are the data of the table extremely A few node, and having permission at least one node performs the corresponding data manipulation of data manipulation sentence on node Request.
As shown in Figure 10, Access and control strategy of database device 1000 may also include transmitting element 1020.
Optionally, as one embodiment, the execution unit 1020 is according to the data manipulation type of the data manipulation sentence With access rights of the user in the node of the distributed data base, this for determining in the node of the distributed data base is had the right Node is limited, wherein, which stores the access of the user of the distributed data base to the node of the distributed data base The information of permission;The execution unit 1020 has permission node by this of the transmitting element 1030 other than the management node and sends The corresponding data operation request of data manipulation sentence performs the data operation request so that this to be asked to have permission node;The execution Unit 1020 also receives this by the receiving unit 1010 and has permission node and perform the execution knot fed back after the data operation request Fruit.
Optionally, as another embodiment, the execution unit 1020 is by the transmitting element 1030 to the distribution number The data operation request is sent according to the node in library, having permission that node performs with this for asking in the node of the distributed data base should Data operation request;The execution unit 1020 also receives this by the receiving unit 1010 and has permission node and perform the data manipulation The implementing result fed back after request, wherein, each node in the node of the distributed data base stores the distributed data The user in library is to the information of the access rights of the node.
It should be understood that in the embodiment of the present application, the access rights of the node may include following at least one:
The role of the user of the distributed data base is to the node middle finger fixed number of the distributed data base according to action type Access rights;
The user of the distributed data base is to the node middle finger fixed number of the distributed data base according to the access right of action type Limit.
Optionally, as one embodiment, which also determines the data manipulation sentence in the distribution number Implementing result according to the lack of competence node in the node in library is empty result set, wherein, which is the distributed data The user does not have the node of the access rights of the corresponding data manipulation type of the data manipulation sentence in the node in library.
Further, in a kind of realization method of the present embodiment, which determines the data manipulation sentence The implementing result of lack of competence node in the node of the distributed data base is that empty result set includes:The execution unit 1020 According to the data manipulation type of the data manipulation sentence and access rights of the user in the node of the distributed data base, determine The lack of competence node in the node of the distributed data base, and determine execution of the data manipulation sentence in the lack of competence node As a result it is empty result set, wherein, which stores section of the user to the distributed data base of the distributed data base The information of the access rights of point.
Alternatively, further, in another realization method of the present embodiment, the execution unit 1020 is by the distribution The node of formula database sends the corresponding data operation request of data manipulation sentence, and passes through the receiving unit 1010 reception and be somebody's turn to do The empty result set that lack of competence node is not carried out the data operation request and directly feeds back, wherein, the node of the distributed data base In each node store the information of the user of the distributed data base to the access rights of the node;The execution unit 1020 According to the empty result set of the lack of competence node feeding back, determine that the data manipulation sentence in the implementing result of the lack of competence node is sky Result set.
Access and control strategy of database device 1000 can also carry out the method for Fig. 1-embodiment illustrated in fig. 4, and realize management node In the function of Fig. 1-embodiment illustrated in fig. 7, details are not described herein for the embodiment of the present application.
Figure 11 is the structure diagram of the Access and control strategy of database device 1100 of the embodiment of the present application.1 is please referred to Fig.1, In a kind of Software Implementation, Access and control strategy of database device 1100 is applied to the non-management node of distributed data base, data Library access control apparatus 1100 may include receiving unit 1010 and execution unit 1020.It should be understood that in the embodiment of the present application, point The node of cloth database includes management node and at least one non-management node, and management node is for coordinating and managing this point The node of cloth database, non-management node are the node other than management node.Wherein,
The management node that the receiving unit 1110 is received in the distributed data base is sent out according to the data manipulation sentence of user The data operation request sent;
The determination unit 1120 determines that the user performs the access rights of the data operation request in the non-management node;
When the determination unit 1120 determines that the user has the access that the data operation request is performed in the non-management node During permission, which performs the data operation request, and passes through the transmitting element 1140 and returned to the management node The implementing result of the data operation request;Alternatively,
When the determination unit 1120 determines that the user does not have the visit that the data operation request is performed in the non-management node When asking permission, which returns to empty result set by the transmitting element 1140 to the management node;
Wherein, which stores the user of the distributed data base to the access rights of the non-management node Information.
In the embodiment of the present application, non-management node according to the data operation request and user of management node in non-pipe The permission of node is managed, data operation request is performed when having permission and returns to implementing result, is directly returned when not having permission Receipt row is as a result, so as to avoid user from performing data operation request in the node for not having access rights, to a certain degree On reduce influencing each other between the data access of different user.
Access and control strategy of database device 1100 can also carry out the method for Fig. 8, and realize the implementation shown in Fig. 8 of non-management node Example and have permission node, lack of competence node embodiment shown in Fig. 7 function, details are not described herein for the embodiment of the present application.
Optionally, the user of the distributed data base includes following at least one to the information of the access rights of non-management node Kind:
The role of the user of the distributed data base is to non-management node middle finger fixed number according to the access rights of action type;
The user of the distributed data base is to non-management node middle finger fixed number according to the access rights of action type.
The embodiment of the present application also discloses a kind of management node of distributed data base, the number including embodiment illustrated in fig. 10 According to library access control apparatus 1000.The embodiment of the present application also discloses a kind of non-management node of distributed data base, including figure The Access and control strategy of database device 1100 of 11 illustrated embodiments.The embodiment of the present application also discloses a kind of distributed data base system System, including above-mentioned management node and non-management node.
In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example, Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit. Designer nearly all obtains corresponding hardware circuit by the way that improved method flow is programmed into hardware circuit.Cause This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device (Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer Voluntarily programming a digital display circuit " integrated " on a piece of PLD, designs and make without asking chip maker Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " patrols Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development, And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language (Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL (Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL (Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language) etc., VHDL (Very-High-Speed are most generally used at present Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also should This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages, The hardware circuit for realizing the logical method flow can be readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing The computer of computer readable program code (such as software or firmware) that device and storage can be performed by (micro-) processor can Read medium, logic gate, switch, application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), the form of programmable logic controller (PLC) and embedded microcontroller, the example of controller include but not limited to following microcontroller Device:ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, are deposited Memory controller is also implemented as a part for the control logic of memory.It is also known in the art that in addition to Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic Controller is obtained in the form of logic gate, switch, application-specific integrated circuit, programmable logic controller (PLC) and embedded microcontroller etc. to come in fact Existing identical function.Therefore this controller is considered a kind of hardware component, and various to being used to implement for including in it The device of function can also be considered as the structure in hardware component.Or even, the device for being used to implement various functions can be regarded For either the software module of implementation method can be the structure in hardware component again.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by having the function of certain product.A kind of typical realization equipment is computer.Specifically, computer for example may be used Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment The combination of equipment.
For convenience of description, it is divided into various units during description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit is realized can in the same or multiple software and or hardware during application.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware can be used in the application Apply the form of example.Moreover, the computer for wherein including computer usable program code in one or more can be used in the application The computer program production that usable storage medium is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The application is with reference to the flow according to the method for the embodiment of the present application, equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real The device of function specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps are performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net Network interface and memory.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, CD-ROM read-only memory (CD-ROM), Digital versatile disc (DVD) or other optical storages, magnetic tape cassette, the storage of tape magnetic rigid disk or other magnetic storage apparatus Or any other non-transmission medium, available for storing the information that can be accessed by a computing device.It defines, calculates according to herein Machine readable medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability Comprising so that process, method, commodity or equipment including a series of elements are not only including those elements, but also wrap Include other elements that are not explicitly listed or further include for this process, method, commodity or equipment it is intrinsic will Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that wanted including described Also there are other identical elements in the process of element, method, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product. Therefore, complete hardware embodiment, complete software embodiment or the embodiment in terms of combining software and hardware can be used in the application Form.It is deposited moreover, the application can be used to can be used in one or more computers for wherein including computer usable program code The shape of computer program product that storage media is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.
The application can be described in the general context of computer executable instructions, such as program Module.Usually, program module includes routines performing specific tasks or implementing specific abstract data types, program, object, group Part, data structure etc..The application can also be put into practice in a distributed computing environment, in these distributed computing environment, by Task is performed and connected remote processing devices by communication network.In a distributed computing environment, program module can be with In the local and remote computer storage media including storage device.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment Point just to refer each other, and the highlights of each of the examples are difference from other examples.Especially for system reality For applying example, since it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method Part explanation.
The foregoing is merely embodiments herein, are not limited to the application.For those skilled in the art For, the application can have various modifications and variations.All any modifications made within spirit herein and principle are equal Replace, improve etc., it should be included within the scope of claims hereof.

Claims (20)

  1. A kind of 1. Access and control strategy of database method, which is characterized in that the method includes:
    Management node in distributed data base receives the data manipulation sentence of user;
    The management node having permission in the node of the distributed data base performs the data manipulation sentence on node Corresponding data operation request, wherein, it is described to have permission user described in the node that node is the distributed data base and have The node of the access rights of the corresponding data manipulation type of the data manipulation sentence.
  2. 2. the method as described in claim 1, which is characterized in that the management node is in the node of the distributed data base Have permission and the corresponding data operation request of the data manipulation sentence is performed on node include:
    Data point of the table that the management node is operated according to data manipulation sentence needs in the distributed data base Cloth situation determines that there are at least one nodes of the data of the table in the node of the distributed data base;
    The management node having permission at least one node performs the data manipulation sentence on node corresponding Data operation request.
  3. 3. method as claimed in claim 1 or 2, which is characterized in that the management node is in the section of the distributed data base Having permission in point performs the corresponding data operation request of the data manipulation sentence and includes on node:
    The management node is according to the data manipulation type and the user of the data manipulation sentence in the distributed data Access rights in the node in library, determine in the node of the distributed data base it is described have permission node, wherein, the pipe Reason node stores the information of the user of the distributed data base to the access rights of the node of the distributed data base;
    The management node has permission the node transmission data manipulation sentence described in other than the management node corresponding Data operation request performs the data operation request to have permission node described in request.
  4. 4. method as claimed in claim 1 or 2, which is characterized in that the management node is in the section of the distributed data base Having permission in point performs the corresponding data operation request of the data manipulation sentence and includes on node:
    The management node sends the data operation request to the node of the distributed data base, to ask the distribution The node that has permission in the node of database performs the data operation request, wherein, the section of the distributed data base Each node in point stores the information of the user of the distributed data base to the access rights of the node.
  5. 5. the method as described in claim 3 or 4, which is characterized in that the user of the distributed data base is to the node Access rights include following at least one:
    The role of the user of the distributed data base is to the node middle finger fixed number of the distributed data base according to action type Access rights;
    The user of the distributed data base is to the node middle finger fixed number of the distributed data base according to the access right of action type Limit.
  6. 6. such as claim 1-5 any one of them methods, which is characterized in that the method further includes:
    The management node determines lack of competence node of the data manipulation sentence in the node of the distributed data base Implementing result is empty result set, wherein, the lack of competence node is that user described in the node of the distributed data base does not have The node of the access rights of the corresponding data manipulation type of the standby data manipulation sentence.
  7. 7. method as claimed in claim 6, which is characterized in that the management node determines the data manipulation sentence described The implementing result of lack of competence node in the node of distributed data base is that empty result set includes:
    The management node is according to the data manipulation type and the user of the data manipulation sentence in the distributed data Access rights in the node in library determine the lack of competence node in the node of the distributed data base, wherein, the pipe Reason node stores the information of the user of the distributed data base to the access rights of the node of the distributed data base;
    The management node determines that the data manipulation sentence in the implementing result of the lack of competence node is empty result set.
  8. 8. method as claimed in claim 6, which is characterized in that the management node determines the data manipulation sentence described The implementing result of lack of competence node in the node of distributed data base is that empty result set includes:
    The management node sends the corresponding data manipulation of the data manipulation sentence to the node of the distributed data base please It asks, the node of the distributed data base to be asked to perform the data operation request, wherein, the section of the distributed data base Each node in point stores the information of the user of the distributed data base to the access rights of the node;
    The management node receives the empty result set of the lack of competence node feeding back, and confirms the data manipulation sentence described The implementing result of lack of competence node is empty result set.
  9. A kind of 9. Access and control strategy of database method, which is characterized in that including:
    Non-management node in distributed data base receives data of the management node in the distributed data base according to user The data operation request that action statement is sent;
    The non-management node determines that the user performs the access rights of the data operation request in the non-management node;
    When the non-management node determines that the user has the visit that the data operation request is performed in the non-management node When asking permission, the non-management node performs the data operation request, and returns to the data manipulation to the management node The implementing result of request;Alternatively,
    When the non-management node determines that the user does not have the data operation request is performed in the non-management node During access rights, empty result set is returned to the management node;
    Wherein, the non-management node stores access rights of the user to the non-management node of the distributed data base Information.
  10. 10. method as claimed in claim 9, which is characterized in that the user of the distributed data base is to the non-management section The information of the access rights of point includes following at least one:
    The role of the user of the distributed data base is to the non-management node middle finger fixed number according to the access rights of action type;
    The user of the distributed data base is to the non-management node middle finger fixed number according to the access rights of action type.
  11. 11. a kind of Access and control strategy of database device, which is characterized in that described device is applied to the management section of distributed data base Point, described device include:Receiving unit and execution unit, wherein,
    The receiving unit receives the data manipulation sentence of user;
    The execution unit having permission in the node of the distributed data base performs the data manipulation sentence on node Corresponding data operation request, wherein, it is described to have permission user described in the node that node is the distributed data base and have The node of the access rights of the corresponding data manipulation type of the data manipulation sentence.
  12. 12. device as claimed in claim 11, which is characterized in that the execution unit is with specific reference to the data manipulation sentence Data distribution situation of the table operated in the distributed data base is needed, determines to deposit in the node of the distributed data base In at least one node of the data of the table, and having permission at least one node performs the data on node The corresponding data operation request of action statement.
  13. 13. the device as described in claim 11 or 12, which is characterized in that described device further includes transmitting element, the execution Unit is according to the data manipulation type and the user of the data manipulation sentence in the node of the distributed data base Access rights, determine in the node of the distributed data base it is described have permission node, wherein, the management node stores The user of the distributed data base is to the information of the access rights of the node of the distributed data base;The execution unit leads to It crosses the transmitting element and the corresponding number of the node transmission data manipulation sentence is had permission described in other than the management node According to operation requests, the data operation request is performed to have permission node described in request;
    The execution unit also by the receiving unit receive described in have permission node perform it is anti-after the data operation request The implementing result of feedback.
  14. 14. device as claimed in claim 13, which is characterized in that described device further includes transmitting element, the execution unit The data operation request is sent to the node of the distributed data base by the transmitting element, to ask the distribution The node that has permission in the node of database performs the data operation request;
    The execution unit also by the receiving unit receive described in have permission node perform it is anti-after the data operation request The implementing result of feedback, wherein, each node in the node of the distributed data base stores the distributed data base User is to the information of the access rights of the node.
  15. 15. the device as described in claim 13 or 14, which is characterized in that the access rights of the node include following at least one Kind:
    The role of the user of the distributed data base is to the node middle finger fixed number of the distributed data base according to action type Access rights;
    The user of the distributed data base is to the node middle finger fixed number of the distributed data base according to the access right of action type Limit.
  16. 16. such as claim 11-15 any one of them devices, which is characterized in that the execution unit also determines the data The implementing result of lack of competence node of the action statement in the node of the distributed data base is empty result set, wherein, it is described Lack of competence node is that user described in the node of the distributed data base does not have the corresponding data of the data manipulation sentence The node of the access rights of action type.
  17. 17. device as claimed in claim 16, which is characterized in that the execution unit determines the data manipulation sentence in institute The implementing result for stating the lack of competence node in the node of distributed data base is that empty result set includes:The execution unit is according to institute The access rights of the data manipulation type and the user of data manipulation sentence in the node of the distributed data base are stated, really The lack of competence node in the node of the fixed distributed data base, and determine the data manipulation sentence in the lack of competence The implementing result of node is empty result set, wherein, the management node stores the user of the distributed data base to described The information of the access rights of the node of distributed data base.
  18. 18. device as claimed in claim 16, which is characterized in that the management node further includes transmitting element,
    The execution unit is grasped by sending the corresponding data of the data manipulation sentence to the node of the distributed data base It asks, and the lack of competence node received by the receiving unit is not carried out the data operation request and directly feed back Empty result set, wherein, each node in the node of the distributed data base stores the user of the distributed data base To the information of the access rights of the node;
    The execution unit determines the data manipulation sentence in the nothing according to the empty result set of the lack of competence node feeding back The implementing result of permission node is empty result set.
  19. 19. a kind of Access and control strategy of database device, which is characterized in that described device is applied to the non-management section of distributed data base Point, described device include:Receiving unit, determination unit, transmitting element and execution unit, wherein,
    What the management node that the receiving unit receives in the distributed data base was sent according to the data manipulation sentence of user Data operation request;
    The determination unit determines that the user performs the access rights of the data operation request in the non-management node;
    When the determination unit determines that the user has the access that the data operation request is performed in the non-management node During permission, the execution unit performs the data operation request, and is returned by the transmitting element to the management node The implementing result of the data operation request;Alternatively,
    When the determination unit determines that the user does not have the visit that the data operation request is performed in the non-management node When asking permission, the execution unit returns to empty result set by the transmitting element to the management node;
    Wherein, the non-management node stores access rights of the user to the non-management node of the distributed data base Information.
  20. 20. device as claimed in claim 19, which is characterized in that the user of the distributed data base is to the non-management section The information of the access rights of point includes following at least one:
    The role of the user of the distributed data base is to the non-management node middle finger fixed number according to the access rights of action type;
    The user of the distributed data base is to the non-management node middle finger fixed number according to the access rights of action type.
CN201611113770.2A 2016-12-06 2016-12-06 Database access control method and device and database system Active CN108153799B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611113770.2A CN108153799B (en) 2016-12-06 2016-12-06 Database access control method and device and database system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611113770.2A CN108153799B (en) 2016-12-06 2016-12-06 Database access control method and device and database system

Publications (2)

Publication Number Publication Date
CN108153799A true CN108153799A (en) 2018-06-12
CN108153799B CN108153799B (en) 2022-03-25

Family

ID=62468563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611113770.2A Active CN108153799B (en) 2016-12-06 2016-12-06 Database access control method and device and database system

Country Status (1)

Country Link
CN (1) CN108153799B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110474910A (en) * 2019-08-19 2019-11-19 甘肃万华金慧科技股份有限公司 A kind of right management method
CN112800033A (en) * 2021-03-18 2021-05-14 太平金融科技服务(上海)有限公司 Data operation request processing method and device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100198888A1 (en) * 2009-01-30 2010-08-05 Blomstedt Linda C System for managing distributed assets and medadata
CN102929903A (en) * 2012-07-04 2013-02-13 北京中盾安全技术开发公司 Rapid video retrieval method based on layered structuralized description of video information
CN104331457A (en) * 2014-10-31 2015-02-04 北京思特奇信息技术股份有限公司 Database node-based data access method and system
CN104333512A (en) * 2014-10-30 2015-02-04 北京思特奇信息技术股份有限公司 Distributed memory database access system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100198888A1 (en) * 2009-01-30 2010-08-05 Blomstedt Linda C System for managing distributed assets and medadata
CN102929903A (en) * 2012-07-04 2013-02-13 北京中盾安全技术开发公司 Rapid video retrieval method based on layered structuralized description of video information
CN104333512A (en) * 2014-10-30 2015-02-04 北京思特奇信息技术股份有限公司 Distributed memory database access system and method
CN104331457A (en) * 2014-10-31 2015-02-04 北京思特奇信息技术股份有限公司 Database node-based data access method and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110474910A (en) * 2019-08-19 2019-11-19 甘肃万华金慧科技股份有限公司 A kind of right management method
CN112800033A (en) * 2021-03-18 2021-05-14 太平金融科技服务(上海)有限公司 Data operation request processing method and device, computer equipment and storage medium
CN112800033B (en) * 2021-03-18 2021-06-25 太平金融科技服务(上海)有限公司 Data operation request processing method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN108153799B (en) 2022-03-25

Similar Documents

Publication Publication Date Title
CN104160381B (en) Managing method and system for tenant-specific data sets in a multi-tenant environment
CN104471585B (en) For data access control implementation based on the SQL optimization methods changed and equipment
US10452632B1 (en) Multi-input SQL-MR
CN107688500A (en) A kind of distributed task scheduling processing method, device, system and equipment
Koufogiannakis et al. Greedy δ-approximation algorithm for covering with arbitrary constraints and submodular cost
CN107395665A (en) A kind of block chain service handling and business common recognition method and device
CN108537063A (en) A kind of method, apparatus and equipment of data storage
CN107644286A (en) Workflow processing method and device
CN109906448A (en) Promote the operation on pluggable database using individual logical time stamp service
CN108683695A (en) Hot spot access processing method, cache access agent equipment and distributed cache system
CN109582485A (en) A kind of configuration change method for detecting abnormality and device
CN104423982B (en) The processing method and processing equipment of request
Bugiotti et al. RDF data management in the Amazon cloud
CN106708996A (en) Method and system for full text search of relational database
CN106845175B (en) Method and device for setting data permission
CN109408689A (en) Data capture method, device, system and electronic equipment
WO2018085475A2 (en) Multi-level data pagination
CN107251023A (en) A kind of blended data distribution in MPP framework
CN110019277A (en) A kind of method, the method, device and equipment of data query of data accumulation
CN109389386A (en) A kind of barcode scanning control method, apparatus and system
CN108363732A (en) A kind of form processing method of multi-user collaborative, device and equipment
CN108153799A (en) Access and control strategy of database method, apparatus and Database Systems
CN108920566A (en) Operating method, device and the equipment of a kind of pair of SQLite database
US20170068703A1 (en) Local database cache
CN109117426A (en) Distributed networks database query method, apparatus, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1256844

Country of ref document: HK

TA01 Transfer of patent application right

Effective date of registration: 20210903

Address after: Room 508, floor 5, building 4, No. 699, Wangshang Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province

Applicant after: Alibaba (China) Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: ALIBABA GROUP HOLDING Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20211231

Address after: 310000 No. 12, Zhuantang science and technology economic block, Xihu District, Hangzhou City, Zhejiang Province

Applicant after: Aliyun Computing Co.,Ltd.

Address before: 310000 room 508, 5th floor, building 4, No.699 Wangshang Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province

Applicant before: Alibaba (China) Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant