CN111400170B

CN111400170B - Data authority testing method and device

Info

Publication number: CN111400170B
Application number: CN202010131924.0A
Authority: CN
Inventors: 原鹏飞
Original assignee: Ping An Life Insurance Company of China Ltd
Current assignee: Ping An Life Insurance Company of China Ltd
Priority date: 2020-02-29
Filing date: 2020-02-29
Publication date: 2024-06-07
Anticipated expiration: 2040-02-29
Also published as: CN111400170A

Abstract

The embodiment of the application is suitable for testing in research and development management, and discloses a data authority testing method, which comprises the following steps: acquiring a product document of a database and an authority configuration file associated with the product document, wherein the product document comprises a role information set and an authority information set; determining the association relation between the role information set and the authority information set and the hierarchical relation of each authority information in the authority information set according to the authority configuration file; generating a role authority relation tree of each role information; comparing the role authority relation tree of each role information with the authority set associated with the role information in the database, testing the role authority configuration result of each role information in the database, and outputting the test result. By adopting the application, the disordered authority information can be ordered, thereby improving the efficiency of the authority test.

Description

Data authority testing method and device

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for testing data authority.

Background

Along with the development of the Internet, the more widely the large data and artificial intelligence are used, the more important is that large data testing is performed when a large data technology is used, and the large data testing needs to be performed with test guarantee on the aspects of accurate synchronization, storage, disaster tolerance and the like of mass data. Meanwhile, for Application (APP) testing, especially for data APP, besides testing the synchronization accuracy of mass data, the data authority testing of mass data needs to be paid attention to. For example, for the same APP scene or page, since for the APP there may be permission data in the mass data, only team leader members or VIP users or developers, etc. have viewing permission, that is, the data that different users can acquire or review is not the same.

At present, the common data APP in the market has the condition that the permission data contains a large amount of chart data, and under the condition, a mature large data permission testing method does not exist for testing the mass data stored in the data APP, so that the large data testing efficiency is lower.

Disclosure of Invention

Based on the data authority test method and device, the application provides a data authority test method and device, so as to improve the test efficiency of the data authority.

The first aspect of the embodiment of the application provides a data authority testing method, which comprises the following steps:

Acquiring a product document of a database, wherein the product document comprises a role information set and a permission information set, the role information set comprises a plurality of role information, the role information is used for indicating one type of user, the permission information set comprises a plurality of permission information, and each permission information is used for indicating permission to one type of data in the database;

Acquiring a permission configuration file associated with the product document, and determining the association relationship between the role information set and the permission information set and the hierarchical relationship among the plurality of permission information according to the permission configuration file;

Determining a role node according to each role information in the role information set, and determining a right node according to each right information in the right information set;

generating a role authority relation tree corresponding to each role information based on the association relation between the role information set and the authority information set and the hierarchical relation among the plurality of authority information, wherein the role authority relation tree consists of a corresponding role node and a plurality of authority nodes associated with the role node;

Performing joint query on a plurality of authority data tables of the database based on target role information, and acquiring an authority set associated with the target role information in the plurality of authority data tables, wherein each authority data table in the plurality of authority data tables comprises a plurality of service data names, each service data name indicates one type of data in the database, the authority set consists of service data names associated with the target role information in the database, and the authority set is used for indicating that the target role information has access authority to at least one type of data corresponding to the service data names associated with the target role information in the database;

And if the authority node names contained in the role authority relation tree corresponding to each role information in the role information set are consistent with the service data names in the authority set corresponding to the role information, outputting a test result of successful role authority configuration of the database.

The authority configuration file includes at least one section of program code, and the determining, according to the authority configuration file, an association relationship between the role information set and the authority information set, and a hierarchical relationship between the plurality of authority information sets includes:

acquiring the at least one section of program code in the authority configuration file, and analyzing each line of code statement in the at least one section of program code;

And determining the association relation between each role information in the role information set and each authority information in the authority information set and the hierarchical relation between each authority information in the plurality of authority information according to the calling relation and the execution sequence of each row of code sentences.

The generating a role authority relation tree corresponding to each role information based on the association relation between the role information set and the authority information set and the hierarchical relation among the plurality of authority information includes:

Taking an ith role node corresponding to the ith role information in the role information as a root node of an ith role authority relation tree, wherein i is a positive integer, and is smaller than or equal to the number of the role information included in the role information set;

Acquiring a first authority node associated with the ith role node from the authority nodes based on the association relation between the role information set and the authority information set;

Determining the inclusion relation between the first authority nodes based on the hierarchical relation between the authority information in the authority information set;

According to the containing relation among the first authority nodes, establishing a father-son relation and a brother relation among the first authority nodes, and taking the first authority nodes as child nodes in the ith role authority relation tree based on the father-son relation and the brother relation;

and obtaining a role authority relation tree corresponding to each role information in the role information set.

Wherein after the rights set associated with the target role information in the plurality of rights data tables is acquired, the method further comprises:

Acquiring a role authority relation tree corresponding to the target role information;

acquiring a target authority node from a role authority relation tree corresponding to the target role information;

And comparing the name of the target authority node with the name of the business data in the authority set of the target role information.

Wherein, after the method, the method further comprises:

If the authority node names contained in the role authority relation tree corresponding to each role information in the role information set are different from the service data names in the authority set corresponding to the role information, acquiring abnormal authority information and abnormal role information associated with the abnormal authority information, wherein the abnormal authority information is data different between the authority node names contained in the role authority relation tree corresponding to each role information in the role information set and the service data names in the authority set corresponding to the role information;

If the abnormal authority information belongs to the authority set and does not belong to the authority node, sending an authority recovery request to an authority management terminal so that the authority management terminal recovers the authority of the abnormal role information on the data corresponding to the abnormal authority information, wherein the authority recovery request comprises the abnormal authority information and the abnormal role information;

If the abnormal authority information belongs to the authority node and not belongs to the authority set, an authority issuing request is sent to the authority management terminal, so that the authority management terminal increases the authority of the data corresponding to the abnormal authority information for the abnormal role information, and the authority issuing request comprises the abnormal authority information and the abnormal role information.

Wherein the method further comprises the following steps:

Receiving a permission adjustment message sent by the permission management terminal, and acquiring permission sets associated with the abnormal role information from the permission data tables;

And if the service data name in the authority set associated with the abnormal role information is consistent with the authority node name in the role authority relation tree of the abnormal role information, outputting a successful authority adjustment result aiming at the abnormal role information in the database.

The determining, according to the calling relationship and the execution sequence between each line of code sentences, an association relationship between each role information in the role information set and each authority information in the authority information set, and a hierarchical relationship between each authority information in the plurality of authority information, includes:

If the code statement is a conditional statement, determining that role information and authority information included in the conditional statement are associated;

and if the code statement is an execution statement, determining the hierarchical relationship among authority information included in the execution statement according to the execution sequence of the execution statement.

A second aspect of an embodiment of the present application provides a data authority testing device, including:

The first acquisition module is used for acquiring a product document of a database, wherein the product document comprises a role information set and a permission information set, the role information set comprises a plurality of role information, the role information is used for indicating one type of user, the permission information set comprises a plurality of permission information, and each permission information is used for indicating permission to one type of data in the database;

The second acquisition module is used for acquiring a permission configuration file associated with the product document, and determining the association relation between the role information set and the permission information set and the hierarchical relation among the plurality of permission information according to the permission configuration file;

the determining module is used for determining a role node according to each role information in the role information set and determining a right node according to each right information in the right information set;

The generation module is used for generating a role authority relation tree corresponding to each role information based on the association relation between the role information set and the authority information set and the hierarchical relation among the plurality of authority information, wherein the role authority relation tree consists of a corresponding role node and a plurality of authority nodes associated with the role node;

A third obtaining module, configured to perform joint query on a plurality of authority data tables of the database based on target role information, to obtain an authority set associated with the target role information in the plurality of authority data tables, where each authority data table in the plurality of authority data tables includes a plurality of service data names, each service data name indicates one type of data in the database, the authority set is composed of service data names associated with the target role information in the database, and the authority set is used to indicate that the target role information has access authority to at least one type of data corresponding to the service data names associated with the target role information in the database;

And the display module is used for outputting a test result of successful role authority configuration of the database if authority node names contained in the role authority relation tree corresponding to each role information in the role information set are consistent with service data names in the authority set corresponding to the role information.

The second obtaining module is specifically configured to:

The generating module is specifically configured to:

Wherein, the device still includes:

a fourth obtaining module, configured to obtain a role authority relationship tree corresponding to the target role information;

The fourth obtaining module is further configured to obtain a target authority node from a role authority relationship tree corresponding to the target role information;

And the comparison module is used for comparing the name of the target authority node with the name of the service data in the authority set of the target role information.

Wherein, the device still includes:

A fifth obtaining module, configured to obtain abnormal authority information and abnormal role information associated with the abnormal authority information if authority node names included in a role authority relationship tree corresponding to each role information in the role information set are different from service data names in the authority set corresponding to the role information, where the abnormal authority information is data different between authority node names included in the role authority relationship tree corresponding to each role information in the role information set and service data names in the authority set corresponding to the role information;

The sending module is used for sending a permission recovery request to the permission management terminal if the abnormal permission information belongs to the permission set and does not belong to the permission node, so that the permission management terminal recovers the permission of the abnormal role information on the data corresponding to the abnormal permission information, and the permission recovery request comprises the abnormal permission information and the abnormal role information;

The sending module is further configured to send a permission issuing request to the permission management terminal if the abnormal permission information belongs to the permission node and not to the permission set, so that the permission management terminal increases the permission of the data corresponding to the abnormal permission information for the abnormal role information, and the permission issuing request includes the abnormal permission information and the abnormal role information.

Wherein the apparatus further comprises:

The receiving module is used for receiving the authority adjustment message sent by the authority management terminal;

the third obtaining module is further configured to obtain a permission set associated with the abnormal role information from the plurality of permission data tables;

The display module is further configured to output a result of successful authority adjustment for the abnormal role information in the database if the service data name in the authority set associated with the abnormal role information is consistent with the authority node name in the role authority relationship tree of the abnormal role information.

The second obtaining module is specifically configured to:

A third aspect of the embodiment of the application provides an electronic device, which includes a processor, a memory, and an input/output interface;

The processor is respectively connected with the memory and the input/output interface, wherein the input/output interface is used for carrying out data interaction, the memory is used for storing program codes, and the processor is used for calling the program codes to execute the data authority testing method according to the first aspect in the embodiment of the application.

The implementation of the embodiment of the application has the following beneficial effects:

According to the embodiment of the application, the product document of the database is obtained, the product document comprises a role information set and a permission information set, each role information included in the role information set indicates one type of user respectively, and each permission information in the permission information set indicates permission to one type of data in the database respectively; acquiring a permission configuration file associated with a product document, determining an association relation between a role information set and the permission information set according to the permission configuration file, and generating a role permission relation tree of each role information based on the association relation and the hierarchy relation among a plurality of pieces of permission information; performing joint query on a plurality of authority data tables in the database to obtain an associated authority set of each role information in the database; and comparing each node in the role authority relation tree of each role information with the authority set of the role information to test the role authority configuration of the database, and outputting the test result, thereby realizing the test of the operation authority of the data possessed by the user. According to the application, the role information and the authority information in the product document are arranged to obtain the tree structure, and the tree structure can embody the association relation between the role information and the authority information, the hierarchical relation among the authority information and the like, so that the disordered data authority information is ordered, the extraction and comparison of data are facilitated, and the testing efficiency of the data authority is improved. And simultaneously, a plurality of authority data tables in the database are subjected to joint query, so that the query efficiency of the database can be improved, and the test efficiency of the authority is further improved.

Drawings

In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Wherein:

FIG. 1a is a diagram of a data authority test architecture according to an embodiment of the present application;

FIG. 1b is a schematic diagram of a role authority relationship tree provided by an embodiment of the present application;

FIG. 2 is a schematic flow chart of a method for testing data authority provided by an embodiment of the application;

FIG. 3 is a schematic diagram of an example role authority relationship tree provided by an embodiment of the present application;

FIG. 4 is a schematic diagram of a data authority testing device according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

Referring to fig. 1a, fig. 1a is a diagram of a data authority test structure according to an embodiment of the present application. As shown in fig. 1a, the server 103 obtains a product document 101 corresponding to the database 105, where the product document 101 includes a set of role information and a set of authority information, where the set of role information includes a plurality of role information, each role information indicates a type of user, and the set of authority information includes a plurality of authority information, and each authority information indicates an authority for a type of data in the database 105. The server 103 obtains the authority configuration file 102 associated with the product document 101, determines the association relationship between the role information set and the authority information set and the hierarchical relationship between the authority information sets according to the product document 101 and the authority configuration file 102, so as to generate a role authority relationship tree 104 corresponding to each role information. Meanwhile, the server 103 performs joint query on a plurality of authority data tables 106 of the database 105, acquires an authority set 107 associated with each role information, compares the role authority relation tree 104 of each role information with the authority set 107 of the role information, so as to realize the test of the role authority configuration condition in the database, and outputs the test result. The permission information may be considered as a description about one type of data, and when a role is associated with the permission information, the role is considered to have permission of the type of data indicated by the permission information.

For example, when the set of authority information includes data 1, data 2 and data 3, the set of authority information includes role 1 and role 2, it is determined that data 1 includes data 2 according to the authority configuration file 102, role 1 is associated with data 1, data 2 and data 3, role 2 is associated with data 3, according to the above association relationship and hierarchical relationship, a role authority relationship tree "role 1-" data 2, a role 1- "data 3 composition" of role 1 and a role authority relationship tree "role 2-" data 3 "of role 2 are generated, the authority set associated with role 1 and the authority set associated with role 2 are queried from the plurality of data authority tables 106 of the database 105, the role authority tree and the authority set of role 1 and the role authority tree and the authority set of role 2 are compared, a test result of the configuration situation of the role authority in the database 105 is obtained, and the test result is output. Wherein the role authority relationship tree of the role 1 is shown as a role authority relationship tree 108 shown in fig. 1b, and the role authority relationship tree of the role 2 is shown as a role authority relationship tree 109 shown in fig. 1 b.

Further, please refer to fig. 2, which is a schematic flow chart of a data authority testing method according to an embodiment of the present application. Specifically, all data contained in any data application program are different in data which can be operated for different roles, the application is based on testing the data authority of different roles, and the method specifically shown in fig. 2 comprises the following steps:

step S201, a product document of a database is acquired.

Specifically, a product document of a database is obtained, the product document comprises a role information set and a permission information set, the role information set comprises a plurality of role information, each role information is used for indicating one type of user, the permission information set comprises a plurality of permission information, and each permission information is used for indicating permission to one type of data in the database. When the data authority stored in the database is required to be tested, a product document of the database is obtained, wherein the product document comprises a role information set and an authority information set, the role information set comprises a plurality of role information, and each role information has a corresponding storage record in the database and corresponds to one type of data recorded in the database. The product document is used for business data and role information (the business data is used for representing authority information) contained in the application program, and can be considered as a requirement analysis of the application program to indicate functions required to be realized by the application program, so that each role information in a role information set and each authority information in an authority information set contained in the product document can be unordered, and the relevance between the role information set and the authority information set cannot be represented. Optionally, the product document includes hierarchical relationships among the authority information, such as a relationship in which one authority information belongs to another authority information.

The role information is divided based on the authority of the role information, and each user indicated by each role information can be considered to have the same authority, i.e. the data that can be operated are the same. For example, assuming that a dataclass APP is used to present text data, the operation rights for the text data in the dataclass APP are determined based on the identity location of each user in the dataclass APP, the obtained set of role information in the product document may include "tourists, general users, short-term importance (Very Important Person, VIP users), life VIP users, APP administrators, etc.", and the obtained set of rights information in the product document may include "resource data, function data, resource 1, channel 1, service 1, channel 2, resource 2, channel 3, service 2, service 3, etc. Optionally, if the product document includes hierarchical relationships of resource data 1 channel 1 business 1, resource data 1 channel 2, resource data 2 channel 3 business 3, and the like among the authority information.

Step S202, acquiring a right configuration file associated with a product document.

Specifically, a permission configuration file associated with the product document is obtained, and the association relationship between the role information set and the permission information set and the hierarchical relationship among a plurality of pieces of permission information are determined according to the permission configuration file. Optionally, if the product document includes a hierarchical relationship between each piece of authority information, the association relationship between each piece of role information in the role information set and each piece of authority information in the authority information set is determined only according to the authority configuration file. The authority configuration file is at least one section of program code, and the at least one section of program code comprises a plurality of lines of code statements. Specifically, at least one section of program code in the authority configuration file is obtained, and each line of code statement in the at least one section of program code is analyzed; according to the calling relation and the execution sequence (namely the logic relation realized by codes) among each row of code sentences, determining the association relation between each role information in the role information set and each authority information in the authority information set and the hierarchical relation among each authority information in the plurality of authority information. The method comprises the steps of determining code data corresponding to each role information in a permission configuration file and code data corresponding to each permission information in the permission configuration file, and determining association relations between each role information and each permission information and hierarchical relations between each permission information by analyzing positions of the code data corresponding to each role information and the code data corresponding to each permission information in the permission configuration file.

If the code statement is a conditional statement, determining that role information and authority information included in the conditional statement are associated; if the code statement is an execution statement, determining the hierarchical relationship among authority information included in the execution statement according to the execution sequence of the execution statement; if the code statement is a function call, determining an association relationship between the role information and the authority information or a hierarchical relationship among the authority information and the like according to the code statement and a call relationship between the role information and the authority information contained in the called function. Optionally, if the product document includes a hierarchical relationship between each piece of authority information in the authority information set, the association relationship between each piece of role information and each piece of authority information in the authority information set is determined only according to the calling relationship and the execution sequence of the code statement.

For example, if the code statement is a conditional statement, that is, if statement, where statement, switch statement, or the like, the condition in the conditional statement and the statement executed when the condition is satisfied can be obtained, the role information or authority information contained in the condition is associated with the role information or authority information contained in the statement executed when the condition is satisfied. For example, there is a conditional statement, which is represented in the form of a pseudo code, and is "if (character 1) printf data 1, data 2and data 3", it is determined that there is an association between character 1 and data 1, data 2and data, and data 1 includes data 2.

And analyzing the logic relationship realized by the authority configuration file to obtain the association relationship between the role information set and the authority information set in the product document and the hierarchical relationship among the authority information.

For example, based on the example in the step S201, the association relationship "APP administrator" between the role information set and the authority information set is obtained and associated with all authority information, "lifetime VIP user" is associated with "resource data, resource 1, channel 1, service 1, channel 2, resource 2, channel 3, service 2, and function data," short-term VIP user "is associated with" resource data, resource 1, channel 1, service 1, channel 2, resource 2, channel 3, and service 2, "general user" is associated with "resource data, resource 1, channel 1, service 1, and channel 2," guest "is associated with" resource data, resource 1, channel 1, service 1 ".

Step S203, a role authority relation tree is generated according to the product document and the authority configuration file.

Specifically, a role authority relation tree is generated according to the product document and the authority configuration file. Determining a role node according to each role information in the role information set, and determining a role node according to each role information in the role information set, in other words, acquiring a role name in each role information, taking the role name as a role node corresponding to the role information, acquiring a role name in each role information, and taking the role name as a role node corresponding to the role information, thereby acquiring the role node of each role information and the role node of each role information; based on the association relation between the role information set and the authority information set and the hierarchical relation among the plurality of authority information, a role authority relation tree corresponding to each role information is generated, and each role authority relation tree consists of a corresponding role node and a plurality of authority nodes associated with the role node.

Specifically, taking an ith role node corresponding to the ith role information in the role information as a root node of an ith role authority relation tree, wherein i is a positive integer, and is smaller than or equal to the number of the role information included in the role information set; acquiring a first authority node associated with an ith role node from the authority nodes based on the association relation between the role information set and the authority information set; determining the inclusion relationship among the first authority nodes based on the hierarchical relationship among the authority information in the authority information set; according to the containing relation among the first authority nodes, establishing a father-son relation and a brother relation among the first authority nodes, and taking the first authority nodes as child nodes in an ith role authority relation tree based on the father-son relation and the brother relation; and obtaining a role authority relation tree corresponding to each role information in the role information set.

For example, based on the example shown in the above step S202, a role authority relationship tree of each role information is generated according to the association relationship between each role information in the role information set and each authority information in the authority information set and the hierarchical relationship between each authority information, and the role authority relationship tree can be seen in fig. 3. The figure 3 includes a role authority relationship tree 301 of an APP administrator, a role authority relationship tree 302 of a lifelong VIP user, a role authority relationship tree 303 of a short-term VIP user, a role authority relationship tree 304 of a general user, and a role authority relationship tree 305 of a guest. Wherein, the role authority relation tree 301 of the APP administrator uses the APP administrator as a root node, and is used for representing role nodes in the role authority relation tree 301; taking an APP manager as a father node, wherein resource data and functional data are all child nodes of the user node of the APP manager; taking a permission node of the resource data as a father node, and taking both the resource 1 and the resource 2 as child nodes of the permission node of the resource data; taking the resource 1 as a father node, and both the channel 1 and the channel 2 are child nodes of the authority node of the resource 1; taking a channel 1 as a father node, and taking a service 1 as a child node of the authority node of the channel 1; taking the resource 2 as a father node, and taking the channel 3 as a child node of the authority node of the resource 2; and taking the channel 3 as a father node, and both the service 2 and the service 3 are child nodes of the authority node of the channel 3. Similarly, the role authority relationship tree 302 of the lifelong VIP user uses the user node of the lifelong VIP user as the root node of the tree, and includes branches of "lifelong VIP user- > resource data- > resource 1- > channel 1- > service 1, lifelong VIP user- > resource data- > channel 1- > 2, lifelong VIP user- > resource data- > resource 2- > channel 3- > service 2, and lifelong VIP user- > function data; the role authority relation tree 303 of the short-term VIP user takes a user node of the short-term VIP user as a root node of the tree, and includes branches of short-term VIP user- > resource data- > resource 1- > channel 1- > service 1, short-term VIP user- > resource data- > resource 1- > channel 2, and short-term VIP user- > resource data- > resource 2- > channel 3- > service 2; the role authority relation tree 304 of the ordinary user takes a user node of the ordinary user as a root node of the tree, and includes branches of an ordinary user-resource data-resource 1-channel 1-service 1 and an ordinary user-resource data-resource 1-channel 2; the guest role authority relationship tree 305 includes branches of "guest-resource data-resource 1-channel 1-service 1" with a guest user node as a root node of the tree.

Step S204, acquiring the authority set of each role information in the database, and comparing the authority set with the role authority relation tree of the role information to obtain a test result.

Specifically, a plurality of authority data tables of a database are queried in a combined mode based on target role information, an authority set associated with the target role information in the authority data tables is obtained, each authority data table in the authority data tables comprises a plurality of service data names, each service data name indicates one type of data in the database, the authority set consists of service data names associated with the target role information in the database, the authority set is used for indicating that the target role information has access authority to at least one type of data corresponding to the service data names associated with the target role information in the database, a role authority relation tree of the target role information is obtained, and the authority set of the target role information is compared with the role authority relation tree of the target role information to obtain a test result. The target role information is any one role information in a role information set in the product document. Acquiring a role authority relation tree corresponding to target role information; acquiring a target authority node from a role authority relation tree corresponding to target role information; and comparing the name of the target authority node with the service data name in the authority set of the target role information to obtain a test result.

If the authority node names contained in the role authority relation tree corresponding to each role information in the role information set are different from the business data names in the authority set of the corresponding role information, acquiring abnormal authority information and abnormal role information related to the abnormal authority information, wherein the abnormal authority information is data different between the authority node names contained in the role authority relation tree corresponding to each role information in the role information set and the business data names in the authority set of the corresponding role information.

If the abnormal authority information belongs to the authority set and does not belong to the authority node, sending an authority recovery request to the authority management terminal so that the authority management terminal recovers the authority of the data corresponding to the abnormal authority information by the abnormal role information, wherein the authority recovery request comprises the abnormal authority information and the abnormal role information; if the abnormal authority information belongs to the authority node and does not belong to the authority set, an authority issuing request is sent to the authority management terminal, so that the authority management terminal increases the authority of the data corresponding to the abnormal authority information for the abnormal role information, and the authority issuing request comprises the abnormal authority information and the abnormal role information.

Optionally, after sending a permission recovery request or a permission issuing request to the permission management terminal, receiving a permission adjustment message sent by the permission management terminal, acquiring a permission set associated with abnormal role information from a plurality of permission data tables, and comparing the permission set with a role permission relation tree of the abnormal role information. And if the service data names in the authority set associated with the abnormal role information are consistent with the authority node names in the role authority relation tree of the abnormal role information, outputting a successful authority adjustment result aiming at the abnormal role information in the database.

Optionally, when acquiring the authority set of any role information, determining the inclusion relationship among the multiple service data names obtained after the joint query based on the nested relationship when performing the joint query on the multiple authority data tables, obtaining the authority set based on the inclusion relationship and the multiple service data names, comparing the authority node names contained in the role authority relationship tree with the service data names in the authority set of the corresponding role information when comparing the authority set of the role information with the role authority relationship tree of the role information, determining the accuracy of the service data associated with the role information recorded in the database, and comparing the inclusion relationship of each service data in the authority set with the brother relationship and the father relationship among each authority node in the role authority relationship tree of the corresponding role information, wherein only when the relationships between the data and the authority information are identical, the role authority configuration of the database is considered successful. For example, a joint query is performed on a plurality of authority data tables, and assuming that role information is stored in association with the minimum service data that can be operated by the role information, where the minimum service number is used to indicate that the role information can operate all service data included in the minimum service data, if a query is performed on role 1, the pseudo code of the query statement is "select service data 1from table 1where associated 1= (select service data 2from table 2where associated 2= (select service data 3from table 3where associated 3= (… (select service data n from table n where associated n=role 1)))", and if the result queried from each select statement from the pseudo code bracket of the query statement is in an inclusion relationship, that is, service data n belongs to service data (n-1) up to service data 1. The method for determining the association storage mode in the plurality of authority data tables and the inclusion relation between the service data associated with each role information is an optional method, and is not limited to other storage modes capable of realizing the association of roles and service data, or other determination methods capable of determining the inclusion relation between the service data.

Wherein the authority name included in the authority information mentioned in the present application is essentially the name of the service data, and when the authority information is associated with the character information, it means that the character information has the operation authority for the service data indicated by the authority information.

Further, referring to fig. 4, fig. 4 is a schematic diagram of a data authority testing device according to an embodiment of the present application. As shown in fig. 4, the data authority testing device may be used in the electronic apparatus in the embodiment corresponding to fig. 2, and the data authority testing device 40 specifically includes a first obtaining module 11, a second obtaining module 12, a determining module 13, a generating module 14, a third obtaining module 15, and a display module 16.

A first obtaining module 11, configured to obtain a product document of a database, where the product document includes a set of role information and a set of authority information, the set of role information includes a plurality of role information, the role information is used to indicate a class of users, the set of authority information includes a plurality of authority information, and each of the authority information is used to indicate an authority for a class of data in the database;

a second obtaining module 12, configured to obtain a rights configuration file associated with the product document, and determine an association relationship between the role information set and the rights information set, and a hierarchical relationship between the plurality of rights information according to the rights configuration file;

A determining module 13, configured to determine a role node according to each role information in the role information set, and determine a rights node according to each rights information in the rights information set;

A generating module 14, configured to generate a role authority relationship tree corresponding to each role information based on the association relationship between the role information set and the authority information set and the hierarchical relationship between the plurality of authority information, where the role authority relationship tree is composed of a corresponding role node and a plurality of authority nodes associated with the role node;

A third obtaining module 15, configured to perform joint query on a plurality of authority data tables of the database based on target role information, obtain an authority set associated with the target role information in the plurality of authority data tables, where each authority data table in the plurality of authority data tables includes a plurality of service data names, each service data name indicates one type of data in the database, where the authority set is composed of service data names associated with the target role information in the database, and the authority set is used to indicate that the target role information has access authority to at least one type of data corresponding to the service data names associated with the target role information in the database;

And the display module 16 is configured to output a test result of successful configuration of the role authority of the database if the authority node names included in the role authority relationship tree corresponding to each role information in the role information set are consistent with the service data names in the authority set corresponding to the role information.

The second obtaining module 12 is specifically configured to:

Wherein, the generating module 14 is specifically configured to:

Wherein, the device still includes:

a fourth obtaining module 17, configured to obtain a role authority relationship tree corresponding to the target role information;

The fourth obtaining module 17 is further configured to obtain a target authority node from a role authority relationship tree corresponding to the target role information;

And the comparison module 18 is used for comparing the name of the target authority node with the name of the service data in the authority set of the target role information.

Wherein, the device still includes:

a fifth obtaining module 19, configured to obtain abnormal authority information and abnormal role information associated with the abnormal authority information if authority node names included in the role authority relationship tree corresponding to each role information in the role information set are different from service data names in the authority set corresponding to the role information, where the abnormal authority information is data different between authority node names included in the role authority relationship tree corresponding to each role information in the role information set and service data names in the authority set corresponding to the role information;

A sending module 20, configured to send a permission recovery request to a permission management terminal if the abnormal permission information belongs to the permission set and not to the permission node, so that the permission management terminal recovers the permission of the abnormal role information on the data corresponding to the abnormal permission information, where the permission recovery request includes the abnormal permission information and the abnormal role information;

The sending module 20 is further configured to send a permission issuing request to the permission management terminal if the abnormal permission information belongs to the permission node and not to the permission set, so that the permission management terminal increases the permission of the data corresponding to the abnormal permission information for the abnormal role information, where the permission issuing request includes the abnormal permission information and the abnormal role information.

Wherein the apparatus further comprises:

A receiving module 21, configured to receive a rights adjustment message sent by the rights management terminal;

the third obtaining module 15 is further configured to obtain a permission set associated with the abnormal role information from the plurality of permission data tables;

The display module 16 is further configured to output a result of successful authority adjustment for the abnormal role information in the database if the service data name in the authority set associated with the abnormal role information is consistent with the authority node name in the role authority relationship tree of the abnormal role information.

The second obtaining module 12 is specifically configured to:

The embodiment of the application provides a data authority testing device, which is characterized in that a product document of a database is obtained, the product document comprises a role information set and an authority information set, each role information included in the role information set indicates one type of user respectively, and each authority information in the authority information set indicates the authority of one type of data in the database respectively; acquiring a permission configuration file associated with a product document, determining an association relation between a role information set and the permission information set according to the permission configuration file, and generating a role permission relation tree of each role information based on the association relation and the hierarchy relation among a plurality of pieces of permission information; performing joint query on a plurality of authority data tables in the database to obtain an associated authority set of each role information in the database; and comparing each node in the role authority relation tree of each role information with the authority set of the role information to test the role authority configuration of the database, and outputting the test result, thereby realizing the test of the operation authority of the data possessed by the user. According to the application, the role information and the authority information in the product document are arranged to obtain the tree structure, and the tree structure can embody the association relation between the role information and the authority information, the hierarchical relation among the authority information and the like, so that the disordered data authority information is ordered, the extraction and comparison of data are facilitated, and the testing efficiency of the data authority is improved. And simultaneously, a plurality of authority data tables in the database are subjected to joint query, so that the query efficiency of the database can be improved, and the test efficiency of the authority is further improved.

Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 5, the electronic device in this embodiment may include: one or more processors 501, memory 502, and input-output interfaces 503. The processor 501, the memory 502, and the input/output interface 503 are connected via a bus 504. The memory 502 is used for storing a computer program, the computer program comprises program instructions, and the input/output interface 503 is used for data interaction with a calling party and a processing party; the processor 501 is configured to execute program instructions stored in the memory 502 and perform the following operations:

In some possible embodiments, the above processor 501 may be a central processing unit (central processing unit, CPU), which may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processors, DSPs), application Specific Integrated Circuits (ASICs), off-the-shelf programmable gate arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The memory 502 may include read only memory and random access memory and provides instructions and data to the processor 501 and input output interface 503. A portion of memory 502 may also include non-volatile random access memory. For example, the memory 502 may also store information of device type.

In a specific implementation, the electronic device may execute, through each functional module built in the electronic device, an implementation manner provided by each step in fig. 2, and specifically, the implementation manner provided by each step in fig. 2 may be referred to, which is not described herein again.

The embodiment of the application provides electronic equipment, which comprises: the method comprises the steps of acquiring computer instructions in the memory by the processor, executing the steps of the method shown in the figure 2, arranging a disordered character information set and a disordered authority information set in a product document into a character authority relation tree by an authority configuration file, ordering the character information set and the authority information set, carrying out joint inquiry on a plurality of authority data tables in a database, and improving the inquiry efficiency, so that the efficiency of testing the data authority of a character can be improved.

The embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium stores a computer program, where the computer program includes program instructions, and when the program instructions are executed by a processor, implement a method for testing data authority provided by each step in fig. 2, and specifically, the implementation manner provided by each step in fig. 2 may be referred to herein, and will not be described herein again.

The computer readable storage medium may be the data authority test apparatus provided in any one of the foregoing embodiments or an internal storage unit of the terminal device, for example, a hard disk or a memory of an electronic device. The computer readable storage medium may also be an external storage device of the electronic device, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), or the like, which are provided on the electronic device. Further, the computer-readable storage medium may also include both an internal storage unit and an external storage device of the electronic device. The computer-readable storage medium is used to store the computer program and other programs and data required by the electronic device. The computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.

The terms first, second and the like in the description and in the claims and drawings of embodiments of the application are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the term "include" and any variations thereof is intended to cover a non-exclusive inclusion. For example, a process, method, apparatus, article, or device that comprises a list of steps or elements is not limited to the list of steps or modules but may, in the alternative, include other steps or modules not listed or inherent to such process, method, apparatus, article, or device.

Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The method and related apparatus provided in the embodiments of the present application are described with reference to the flowchart and/or schematic structural diagrams of the method provided in the embodiments of the present application, and each flow and/or block of the flowchart and/or schematic structural diagrams of the method may be implemented by computer program instructions, and combinations of flows and/or blocks in the flowchart and/or block diagrams. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or structural diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or structures.

The foregoing disclosure is illustrative of the present invention and is not to be construed as limiting the scope of the invention, which is defined by the appended claims.

Claims

1.A method for testing data rights, comprising:

2. The method of claim 1, wherein the rights configuration file includes at least one piece of program code, the determining the association of the set of role information with the set of rights information and the hierarchical relationship between the plurality of rights information according to the rights configuration file comprises:

3. The method of claim 1, wherein the generating a role authority relationship tree corresponding to each role information based on the association relationship between the set of role information and the set of authority information and the hierarchical relationship between the plurality of authority information comprises:

4. The method of claim 1, wherein after the obtaining the set of permissions associated with the target role information in the plurality of permission data tables, further comprising:

5. The method of claim 1, further comprising, after the method:

6. The method of claim 5, further comprising, after the method:

7. The method of claim 2, wherein determining the association relationship between each role information in the set of role information and each authority information in the set of authority information, and the hierarchical relationship between each authority information in the plurality of authority information according to the calling relationship and the execution sequence between each row of code statements, respectively, comprises:

8. A data rights testing device, the device comprising:

9. An electronic device is characterized by comprising a processor, a memory and an input-output interface;

The processor is connected to the memory and the input-output interface, respectively, wherein the input-output interface is used for data interaction, the memory is used for storing program code, and the processor is used for calling the program code to execute the method as claimed in any one of claims 1-7.

10. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program comprising program instructions which, when executed by a processor, perform the method of any of claims 1-7.