CN109657436A - A kind of method and system in the long-range number library of access - Google Patents
A kind of method and system in the long-range number library of access Download PDFInfo
- Publication number
- CN109657436A CN109657436A CN201811615673.2A CN201811615673A CN109657436A CN 109657436 A CN109657436 A CN 109657436A CN 201811615673 A CN201811615673 A CN 201811615673A CN 109657436 A CN109657436 A CN 109657436A
- Authority
- CN
- China
- Prior art keywords
- data base
- remote data
- role
- user
- functional module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
This application provides a kind of method and systems for accessing remote data base, and when user logs in, user terminal verifies the character data permission of login user;If it is determined that the character data permission cannot access any producing line tree of remote data base, then user terminal terminates the login of the user;If it is determined that the character data permission is able to access that the producing line tree of remote data base, then user terminal verification is allocated to the functional module of role's operating right of the user, it sends and instructs to remote data base, call the functional module for being allocated to role's operating right in remote data base on producing line tree.The method and system of access remote data base provided by the present invention, multiple functional modules are configured for remote data base, role's operating right of user and data permission difference, the functional module with its permission match can only then be transferred, do not have the user of permission can not access or operate related function module, so that it is guaranteed that Information Security.
Description
Technical field
The present invention relates to a kind of management methods of remote data base, more particularly to one kind, and there is higher-security remotely to count libraries
Access method and system.
Background technique
With the development of internet industry, remote data base, especially cloud database have become common data storage
Mode.Remote data base is the installation database in remote server, and user terminal accesses to database by internet.Cloud
Database is a kind of special remote data base, is deployed in a virtual computation environmental, and, deployment low with use cost is held
Easily, the features such as automated back-up, can carry out it is simple, facilitate drive data management.
But network security has become the focus that entire internet industry is paid close attention to, for remote data base,
Ensure that system data receives protection, do not wreck due to accidental or malice the reason of, change, reveal, is very crucial.
Summary of the invention
For the safety problem of remote data base, this application provides a kind of method and systems for accessing remote data base.
First aspect of the present invention provides a kind of method for accessing remote data base, comprising:
For teledata lab setting functional module, functional module is formed into one or more producing line trees;For user terminal configuration
It may have access to the character data permission of remote data base producing line tree, configure one or more role's operating rights for user terminal, and be
Every kind of role's operating right setting may have access to or the functional module of editor;
When user logs in, user terminal verifies the character data permission of login user;If it is determined that the character data permission is not
Any producing line tree of remote data base can be accessed, then user terminal terminates the login of the user;If it is determined that the character data permission
Being able to access that the producing line tree of remote data base, then user terminal verification is allocated to the functional module of role's operating right of the user,
It sends and instructs to remote data base, call the function mould for being allocated to role's operating right in remote data base on producing line tree
Block.
The second aspect of the present invention provides a kind of system for accessing remote data base, comprising: user terminal, character data permission
Configuration module, role's operating right configuration module, functional module configuration module, character data authorization check module, role's operation
Authorization check module, communication module, wherein
Functional module configuration module is teledata lab setting functional module, and functional module is formed one or more producing lines
Tree;Character data permission configuration module user terminal configures the character data permission that may have access to remote data base producing line tree;Role behaviour
Making permission configuration module is that user terminal configures one or more role's operating rights, and can visit for every kind of role's operating right setting
The functional module asked or edited;
Character data authorization check module verifies the character data permission of login user when user logs in;
The verification of role's operating right correction verification module is allocated to the functional module of role's operating right of the user;
Communication module sends to remote data base and instructs, and calls in remote data base and is allocated to role behaviour on producing line tree
Make the functional module of permission.
In an advantageous embodiment, user terminal judges that role's operating right of the user is a kind of or a variety of, if
It is a kind of role's operating right, then sends and instruct to remote data base, calls in remote data base and be allocated to this on producing line tree
The functional module of role's operating right, if it is various rolls operating right, then user terminal will be allocated to various rolls operation
The functional module of module takes maximum intersection, sends and instructs to remote data base, calls the configuration in remote data base on producing line tree
To the intersection of the functional module of the various rolls operating right.
In an advantageous embodiment, user terminal judge the character data permission of login user be it is a kind of or a variety of, such as
Fruit is judged as a variety of, then successively verifies each character data permission of login user, and finds out the maximum character data power of permission
Limit, and judge that the maximum character data permission of the permission is any products-tree for accessing enough wide remote databases, if it can,
Then verify role's operating right of the user.
In an advantageous embodiment, user terminal judge the character data permission of login user be it is a kind of or a variety of, such as
Fruit is judged as a variety of, then successively verifies each character data permission of login user, and finds out and be able to access that in remote data base
All character data permissions of one or more producing line trees, and then judge role's operating right of all data permissions.
In an advantageous embodiment, whether remote data base checks producing line tree after the instruction for receiving user terminal transmission
The functional module in need transferred is preset, if presetting the functional module in need transferred, is called for user terminal.
It is highly preferred that if the producing line tree Non-precondition functional module in need transferred, verifying role's operating right is
It is no to be able to access that or edit the functional module, if it is then user terminal transfers the functional module from remote data base, for
Family accesses or is edited on producing line tree.
In an advantageous embodiment, the system of the access remote data base further includes producing line tree building module, user
After transferring functional module in remote data base, user constructs module by producing line tree and the functional module is edited into producing line tree at end
On.
In an advantageous embodiment, remote data base checks login user after the instruction for receiving user terminal transmission
Character data permission, if it is determined that the character data permission cannot access the producing line tree of remote data base, then remote data base to
The instruction that the transmission of user forbids user to log in;If it is determined that the character data permission is able to access that the producing line of remote data base
Tree, then allow user terminal calling functional modules.
In an advantageous embodiment, remote data base is after the instruction for receiving user terminal transmission, or is judging the angle
After color data permission is able to access that the producing line tree of remote data base, role's operating right of the user is checked, if it is a kind of angle
Color permission then allows to be allocated to the functional module of role's operating right described in user terminal calling, operates if it is various rolls
Permission, then the functional module for being allocated to the various rolls operation module is taken maximum intersection by database, and user terminal is allowed to call
The intersection of the functional module for being allocated to the various rolls operating right.
In an advantageous embodiment, the system of the access remote data base further includes for being arranged in remote data base
Second role data permission correction verification module, remote data base receive user terminal transmission instruction after, second role data power
Limit the character data permission that correction verification module checks login user.
In an advantageous embodiment, the system of the access remote data base further includes for being arranged in remote data base
Second role operating right correction verification module, journey database or judging the role after the instruction for receiving user terminal transmission
After data permission is able to access that the producing line tree of remote data base, second role operating right correction verification module checks the role of the user
Operating right
The method and system of access remote data base provided by the present invention, configures multiple function moulds for remote data base
Block, role's operating right and the data permission difference of user, then can only transfer the functional module with its permission match, not have power
The user's of limit can not access or operate related function module, so that it is guaranteed that Information Security.
Detailed description of the invention
Fig. 1 is that remote data base method flow schematic diagram is accessed in an embodiment of the present invention;
Fig. 2 is to access remote data base method flow schematic diagram in another embodiment of the present invention;
Fig. 3 is to access remote data base method flow schematic diagram in the third embodiment of the invention.
Specific embodiment
Embodiment 1
Present embodiments provide a kind of system for accessing remote data base, comprising: user terminal, character data authority configuration mould
Block, role's operating right configuration module, functional module configuration module, character data authorization check module, role's operating right school
Test module, communication module.
Referring to Fig.1, the method for the present embodiment access remote data base is as follows:
For teledata lab setting functional module, functional module is formed into one or more producing line trees;For user terminal configuration
It may have access to the character data permission of remote data base producing line tree, configure one or more role's operating rights for user terminal, and be
Every kind of role's operating right setting may have access to or the functional module of editor;
When user logs in, user terminal verifies the character data permission of login user;If it is determined that the character data permission is not
Any producing line tree of remote data base can be accessed, then user terminal terminates the login of the user;If it is determined that the character data permission
Being able to access that the producing line tree of remote data base, then user terminal verification is allocated to the functional module of role's operating right of the user,
It sends and instructs to remote data base, call the function mould for being allocated to role's operating right in remote data base on producing line tree
Block.
Wherein, user terminal judge the character data permission of login user be it is a kind of or a variety of, if it is determined that a variety of, then
Each character data permission of login user is successively verified, and finds out the maximum character data permission of permission, and judge the permission
Maximum character data permission is any products-tree for accessing enough wide remote databases, if it is then verifying the user's
Role's operating right.Alternatively, user terminal judge login user character data permission be it is a kind of or a variety of, if it is determined that more
Kind, then each character data permission of login user is successively verified, and find out and be able to access that one or more in remote data base
All character data permissions of producing line tree, and then judge role's operating right of all data permissions.
Embodiment 2
Referring to Fig. 2, the method that the present embodiment accesses remote data base is as follows:
For teledata lab setting functional module, functional module is formed into one or more producing line trees;For user terminal configuration
It may have access to the character data permission of remote data base producing line tree, configure one or more role's operating rights for user terminal, and be
Every kind of role's operating right setting may have access to or the functional module of editor;
When user logs in, user terminal verifies the character data permission of login user;If it is determined that the character data permission is not
Any producing line tree of remote data base can be accessed, then user terminal terminates the login of the user;If it is determined that the character data permission
It is able to access that the producing line tree of remote data base, then user terminal verification is allocated to the functional module of role's operating right of the user.
Wherein, user terminal judge role's operating right of the user be it is a kind of or a variety of, if it is a kind of role operate
Permission then sends to remote data base and instructs, and calls in remote data base the role's operating right that is allocated on producing line tree
Functional module, if it is various rolls operating right, then user terminal will be allocated to the functional module of the various rolls operation module
Maximum intersection is taken, sends and instructs to remote data base, calls in remote data base and is allocated to various rolls behaviour on producing line tree
Make the intersection of the functional module of permission.
Remote data base checks whether producing line tree presets the function in need of transferring after the instruction for receiving user terminal transmission
Module is called if presetting the functional module in need transferred for user terminal.It is transferred if producing line tree Non-precondition is in need
Functional module, then verify whether role's operating right is able to access that or edits the functional module, if it is then user terminal from
The functional module is transferred in remote data base, accesses for user or is edited on producing line tree.
Embodiment 2
Referring to Fig. 2, the method that the present embodiment accesses remote data base is as follows:
For teledata lab setting functional module, functional module is formed into one or more producing line trees;For user terminal configuration
It may have access to the character data permission of remote data base producing line tree, configure one or more role's operating rights for user terminal, and be
Every kind of role's operating right setting may have access to or the functional module of editor;
When user logs in, user terminal verifies the character data permission of login user;If it is determined that the character data permission is not
Any producing line tree of remote data base can be accessed, then user terminal terminates the login of the user;If it is determined that the character data permission
It is able to access that the producing line tree of remote data base, then user terminal verification is allocated to the functional module of role's operating right of the user;
User terminal judge role's operating right of the user be it is a kind of or a variety of, if it is a kind of role's operating right, then Xiang Yuancheng
Database sends instruction, calls the functional module for being allocated to role's operating right in remote data base on producing line tree, if
It is various rolls operating right, then the functional module for being allocated to the various rolls operation module is taken maximum intersection by user terminal, to
Remote data base sends instruction, calls the function mould for being allocated to the various rolls operating right in remote data base on producing line tree
The intersection of block;
Remote data base checks the character data permission of login user, if sentenced after the instruction for receiving user terminal transmission
The character data permission of breaking cannot access the producing line tree of remote data base, then transmission of the remote data base to user forbids user to step on
The instruction of record;If it is determined that the character data permission is able to access that the producing line tree of remote data base, then user terminal is allowed to call function
It can module.
Wherein, remote data base is after the instruction for receiving user terminal transmission, or is judging that the character data permission can
After the producing line tree for accessing remote data base, checks role's operating right of the user, if it is a kind of role-security, then allow to use
The functional module of role's operating right is allocated to described in the calling of family end, if it is various rolls operating right, then database will
The functional module for being allocated to the various rolls operation module takes maximum intersection, and allows to be allocated to this described in user terminal calling a variety of
The intersection of the functional module of role's operating right.
Specific embodiments of the present invention are described in detail above, but it is merely an example, the present invention is simultaneously unlimited
It is formed on particular embodiments described above.To those skilled in the art, any couple of present invention carries out equivalent modifications and
Substitution is also all among scope of the invention.Therefore, without departing from the spirit and scope of the invention made by equal transformation and
Modification, all should be contained within the scope of the invention.
Claims (10)
1. a kind of access remote data base method characterized by comprising
For teledata lab setting functional module, functional module is formed into one or more producing line trees;It can be visited for user terminal configuration
It asks the character data permission of remote data base producing line tree, configures one or more role's operating rights for user terminal, and be every kind
The setting of role's operating right may have access to or the functional module of editor;
When user logs in, user terminal verifies the character data permission of login user;If it is determined that the character data permission cannot visit
Ask any producing line tree of remote data base, then user terminal terminates the login of the user;If it is determined that the character data permission can
The producing line tree of remote data base is accessed, then user terminal verification is allocated to the functional module of role's operating right of the user, Xiang Yuan
Journey database sends instruction, calls the functional module for being allocated to role's operating right in remote data base on producing line tree.
2. access remote data base method according to claim 1, which is characterized in that user terminal judges the angle of login user
Color data permission be it is a kind of or a variety of, if it is determined that a variety of, then successively verify each character data permission of login user,
And the maximum character data permission of permission is found out, and judge that the maximum character data permission of the permission is to access enough wide remote numbers
According to any products-tree in library, if it is then verifying role's operating right of the user.
3. access remote data base method according to claim 1, which is characterized in that user terminal judges the angle of login user
Color data permission be it is a kind of or a variety of, if it is determined that a variety of, then successively verify each character data permission of login user,
And all character data permissions for being able to access that one or more producing line trees in remote data base are found out, and then judge the institute
There is role's operating right of data permission.
4. access remote data base method according to claim 1, which is characterized in that remote data base is receiving user terminal
After the instruction of transmission, check whether producing line tree presets the functional module in need transferred, if presetting the function in need of transferring
Module is then called for user terminal.
5. access remote data base method according to claim 4, which is characterized in that if producing line tree Non-precondition, which has, to be needed
The functional module to be transferred, then verify whether role's operating right is able to access that or edits the functional module, if it is then with
The functional module is transferred at family end from remote data base, is accessed or is edited on producing line tree for user.
6. access remote data base method according to claim 1, which is characterized in that user terminal judges the role of the user
Operating right be it is a kind of or a variety of, if it is a kind of role's operating right, then send and instruct to remote data base, call long-range
The functional module for being allocated to role's operating right in database on producing line tree is then used if it is various rolls operating right
The functional module for being allocated to the various rolls operation module is taken maximum intersection by family end, is sent and is instructed to remote data base, is called
The intersection of the functional module for being allocated to the various rolls operating right in remote data base on producing line tree.
7. access remote data base method according to claim 6, which is characterized in that remote data base is receiving user terminal
After the instruction of transmission, the character data permission of login user is checked, if it is determined that the character data permission cannot access long-range number
According to the producing line tree in library, then the instruction that transmission of the remote data base to user forbids user to log in;If it is determined that the character data is weighed
Limit is able to access that the producing line tree of remote data base, then allows user terminal calling functional modules.
8. access remote data base method according to claim 7, which is characterized in that remote data base is receiving user terminal
After the instruction of transmission, or after judging that the character data permission is able to access that the producing line tree of remote data base, check the user
Role's operating right, if it is a kind of role-security, then allow user terminal call described in be allocated to role's operating right
Functional module, if it is various rolls operating right, then database will be allocated to the functional module of the various rolls operation module
Maximum intersection is taken, and allows to be allocated to the intersection of the functional module of the various rolls operating right described in user terminal calling.
9. a kind of system for accessing remote data base characterized by comprising user terminal, character data permission configuration module, angle
Color operating right configuration module, functional module configuration module, character data authorization check module, role's operating right calibration mode
Block, communication module, wherein
Functional module configuration module is teledata lab setting functional module, and functional module is formed one or more producing line trees;
Character data permission configuration module user terminal configures the character data permission that may have access to remote data base producing line tree;Role's operating rights
Limit configuration module and be that user terminal configures one or more role's operating rights, and may have access to for every kind of role's operating right setting or
The functional module of editor;
Character data authorization check module verifies the character data permission of login user when user logs in;
The verification of role's operating right correction verification module is allocated to the functional module of role's operating right of the user;
Communication module sends to remote data base and instructs, and calls in remote data base and is allocated to role's operating rights on producing line tree
The functional module of limit.
10. the system of access remote data base according to claim 1, which is characterized in that the access remote data base
System further include producing line tree building module, for user terminal after transferring functional module in remote data base, user passes through producing line tree
The functional module is edited on producing line tree by building module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811615673.2A CN109657436B (en) | 2018-12-27 | 2018-12-27 | Method and system for accessing remote number library |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811615673.2A CN109657436B (en) | 2018-12-27 | 2018-12-27 | Method and system for accessing remote number library |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109657436A true CN109657436A (en) | 2019-04-19 |
| CN109657436B CN109657436B (en) | 2020-07-07 |
Family
ID=66117270
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811615673.2A Active CN109657436B (en) | 2018-12-27 | 2018-12-27 | Method and system for accessing remote number library |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109657436B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102654864A (en) * | 2011-03-02 | 2012-09-05 | 华北计算机***工程研究所 | Independent transparent security audit protection method facing real-time database |
| CN106778345A (en) * | 2016-12-19 | 2017-05-31 | 网易(杭州)网络有限公司 | The treating method and apparatus of the data based on operating right |
| US20170195572A1 (en) * | 2016-01-06 | 2017-07-06 | Orcam Technologies Ltd. | Systems and methods for automatically varying privacy settings of wearable camera systems |
| CN107133516A (en) * | 2017-04-24 | 2017-09-05 | 深信服科技股份有限公司 | A kind of authority control method and system |
-
2018
- 2018-12-27 CN CN201811615673.2A patent/CN109657436B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102654864A (en) * | 2011-03-02 | 2012-09-05 | 华北计算机***工程研究所 | Independent transparent security audit protection method facing real-time database |
| US20170195572A1 (en) * | 2016-01-06 | 2017-07-06 | Orcam Technologies Ltd. | Systems and methods for automatically varying privacy settings of wearable camera systems |
| CN106778345A (en) * | 2016-12-19 | 2017-05-31 | 网易(杭州)网络有限公司 | The treating method and apparatus of the data based on operating right |
| CN107133516A (en) * | 2017-04-24 | 2017-09-05 | 深信服科技股份有限公司 | A kind of authority control method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109657436B (en) | 2020-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6990534B2 (en) | Process control communication between portable field maintenance tools and process control devices | |
| US7289994B2 (en) | Interconnected zones within a process control system | |
| CN106878459B (en) | Self-adaptive Internet of things intelligent gateway implementation method and equipment thereof | |
| CN102823195B (en) | The system and method for the FTP client FTP in the software test remote maintenance electric network that utilization is carried out by virtual machine | |
| CN104796969A (en) | Network accessing method and system for equipment of internet of things on basis of recognition codes of internet of things | |
| CN105721426B (en) | Access authorization methods, server, target terminal equipment and the system of terminal device | |
| CN107153565A (en) | Configure the method and its network equipment of resource | |
| CN110109427A (en) | Process control software security architecture based on least privilege | |
| CN106134143A (en) | Method, apparatus and system for dynamic network access-in management | |
| CN103929838A (en) | System And Method For Providing Wireless Local Area Networks As Service | |
| CN101952830A (en) | Methods and systems for user authorization | |
| CN101369979B (en) | Communication method and system for network camera and user terminal | |
| CN110727938B (en) | Configuration method and device of intelligent equipment, electronic equipment and storage medium | |
| CN110021086A (en) | A method of the temporary Authorization opening gate based on openid | |
| CN103646198A (en) | Method, system and device for locking working region of mobile terminal | |
| CN104852915A (en) | Network access control method and device | |
| CN113973275A (en) | Data processing method, apparatus and medium | |
| CN107872440A (en) | Identification authentication methods, devices and systems | |
| CN104794390B (en) | A kind of associated person information access control method and device | |
| CN112422555B (en) | Kubernetes-based resource authority management system and method for distributed system | |
| CN109657436A (en) | A kind of method and system in the long-range number library of access | |
| CN111131324A (en) | Login method and device of business system, storage medium and electronic device | |
| CN112702743B (en) | Network data monitoring and protecting method based on artificial intelligence | |
| CN106067881A (en) | Data Access Security control method based on OS/400, Apparatus and system | |
| CN105653975A (en) | APP (Application) operation control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |