TW201426354A - Integrated search system for multiple tenant cloud data warehouse and method thereof - Google Patents
Integrated search system for multiple tenant cloud data warehouse and method thereof Download PDFInfo
- Publication number
- TW201426354A TW201426354A TW101150377A TW101150377A TW201426354A TW 201426354 A TW201426354 A TW 201426354A TW 101150377 A TW101150377 A TW 101150377A TW 101150377 A TW101150377 A TW 101150377A TW 201426354 A TW201426354 A TW 201426354A
- Authority
- TW
- Taiwan
- Prior art keywords
- cloud data
- tenant
- user
- module
- data
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
本發明係關於一種應用於雲端資料倉儲資料擷取的系統與方法,特別是有關於整合異質多租戶(Multi-Tenancy)雲端資料倉儲檢索之系統與方法。在資料檢索的應用中,使用者透過整合平台,取得多租戶雲端資料倉儲存取權限,接著針對需求與條件,檢索多租戶雲端資料倉儲以得到所需的資訊,再加以分析運用。 The invention relates to a system and a method for applying cloud data storage data, in particular to a system and method for integrating a multi-Tenancy cloud data storage retrieval. In the data retrieval application, the user obtains the multi-tenant cloud data warehouse storage access authority through the integration platform, and then searches the multi-tenant cloud data storage for the demand and conditions to obtain the required information, and then analyzes and uses it.
傳統雲端資料倉儲系統,多半為企業於自家機房或租用專屬主機來架設,具有相當的封閉性,資安方面的問題較少。企業間的資料交換通常以匯出、匯入的方式來達成,各家雲端資料倉儲廠商並無提供直接跨雲端資料倉儲的增刪改查的功能。隨著近年來資訊科技的日新月異,雲端產業逐漸蓬勃發展,由於雲端運算處理大量資料的優勢,雲端資料倉儲可以發展出一種多租戶的架構,使雲端業者能以一套管理成本同時提供多家企業租用,各企業也能享有雲端資料倉儲「用多少付多少」、「隨時彈性調整資源」、「降低設置、管理與技術之門檻」等優點。除此之外,本發明洞見多租戶雲端資料倉儲尚能實現跨企業資料處理之功能。 Traditional cloud data storage systems are mostly erected by enterprises in their own computer rooms or leased exclusive hosts. They are quite closed and have fewer problems in terms of security. The exchange of information between enterprises is usually achieved by means of remittance and remittance. Each cloud data warehousing vendor does not provide the function of directly adding, deleting and revising the cross-cloud data warehousing. With the rapid development of information technology in recent years, the cloud industry is booming. Due to the advantages of cloud computing processing large amounts of data, cloud data warehousing can develop a multi-tenant architecture, enabling cloud operators to provide multiple enterprises at the same time with a set of management costs. By renting, companies can also enjoy the advantages of cloud data storage, how much to pay, how to adjust resources at any time, and lower the threshold for setting, management and technology. In addition, the present invention provides insight into the function of multi-tenant cloud data warehousing to achieve cross-enterprise data processing.
基於多租戶雲端資料倉儲架構與傳統雲端資料倉儲架構之差異,資料儲存於共用的環境而非自家專屬機房,因此要如何提供方便的接取方法讓使用者存取資料,整合異質的雲端資料倉儲提供檢索,並且提供多租戶功能,加強保護資料的隱私安全,讓不同使用者的操作不會互相影響,皆為多租戶雲端資料倉儲重要的課題。目前欲發展檢索異質多租戶雲端資料倉儲資料之新技術,主要面對下列幾處限制: Based on the difference between the multi-tenant cloud data warehousing architecture and the traditional cloud data warehousing architecture, the data is stored in a shared environment rather than in its own dedicated computer room. Therefore, how to provide convenient access methods for users to access data and integrate heterogeneous cloud data warehousing Providing search and providing multi-tenancy functions, enhancing the privacy and security of data protection, and allowing different users' operations to not affect each other, is an important issue for multi-tenant cloud data storage. At present, there are several limitations to the development of new technologies for searching heterogeneous multi-tenant cloud data storage materials:
1.於使用者操作端方面,習用雲端資料倉儲檢索方法,主要以使用者本地端軟體為主,使用者必須先安裝軟體,透過軟體輸入其個別權限及設定,載入特定資源,最後進行檢索後端雲端資料倉儲。雖然目前已有若干整合檢索工具正在發展中,但是都尚未提供多租戶整合介面的功能,亟需於權限認證上和多租戶各用戶權限獨立性提出一完善的安全控管機制,保障資料隱私安全,避免系統受到攻擊。 1. In terms of user operation, the cloud data storage retrieval method is mainly based on the user's local software. Users must first install the software, input their individual permissions and settings through the software, load specific resources, and finally search. Back-end cloud data warehousing. Although a number of integrated search tools are currently under development, they have not yet provided the function of multi-tenant integration interface. It is not necessary to propose a perfect security control mechanism for rights authentication and multi-tenant user rights independence to ensure data privacy. To avoid the system being attacked.
2.習用技術於雲端資料倉儲權限控管方面,資料提供單位必須於相異平台設定多租戶的權限。現今雲端資料倉儲平台,多租戶的功能主要以附加或修改雲端資料倉儲本體設定為主,例如增加特定的View或者是Bridge table,此舉往往會影響雲端資料倉儲本體效能或者是存放空間。當多租戶雲端資料倉儲運用於整合異質平台上時,必須遵循相異平台其特定的規則和操作方式,系統管理員難以限定使用者的權限範圍,使得安全考量上出現諸多疑慮。現今普遍使用的Hadoop Hive雲端資料倉儲,雖然於新版本CDH3中開始提出Kerberos安全性概念,讓不同使用者的權限分離,不同使用者有自己的MetaStore。但是當使用者需檢索或連接共用表格時,卻因此有了限制。而於遠端連線檢索中,Hadoop Hive提供管理者設定不同使用者可透過不同Port進行JDBC連線,依然無法解決使用者需檢索或連接共用表格的問題。因此於現有雲端資料倉儲安全機制下,檢索或連接共用表格需將共用資料,放置多份於不同使用者權限下的資料倉儲內,此舉造成了雲端空間的浪費,以及需維護資料同步和正確性的挑戰。要如何於安全的環境下,併考量使用者檢索 方便性下,還有許多技術困難待克服。 2. Conventional technology In the cloud data storage authority control, the data provider must set the multi-tenant permissions on different platforms. Nowadays, the cloud data storage platform, multi-tenant function is mainly to add or modify the cloud data storage body settings, such as adding a specific View or Bridge table, this will often affect the cloud data storage body performance or storage space. When multi-tenant cloud data warehousing is used to integrate heterogeneous platforms, it must follow the specific rules and operation modes of different platforms. It is difficult for system administrators to limit the scope of users' rights, which causes many doubts on security considerations. Hadoop Hive cloud data storage, which is commonly used today, has begun to propose the concept of Kerberos security in the new version of CDH3, so that different users have separate permissions, and different users have their own MetaStore. However, when users need to retrieve or connect to a shared form, there is a limit. In the remote connection search, Hadoop Hive provides administrators to set different users to connect to JDBC through different ports, and still can't solve the problem that users need to retrieve or connect shared forms. Therefore, under the existing cloud data storage security mechanism, the search or connection of the shared form requires the sharing of data and multiple copies of the data storage under different user rights, which causes waste of cloud space and maintenance of data synchronization and correctness. Sexual challenge. How to manage the user in a safe environment Convenience, there are still many technical difficulties to be overcome.
3.當使用者需整合相異雲端資料倉儲,或傳統關聯式資料庫,進行具有結合(JOIN)概念的資料表檢索查詢時,需各別取得相異雲端資料倉儲多租戶權限,再將JOIN資料表存放至主要倉儲空間,再進行檢索作業,過程繁瑣複雜無法一氣呵成,且於此作業中,使用者需多次取得多租戶權限,並將暫存JOIN資料表人工上載至主要倉儲空間,此舉使用者需碰觸到雲端倉儲系統的檔案系統,可能造成倉儲系統的漏洞與安全性問題。 3. When users need to integrate different cloud data warehousing, or traditional relational database, to carry out the data table search query with JOIN concept, they need to obtain different cloud data warehousing multi-tenant rights, and then JOIN The data table is stored in the main storage space, and then the retrieval operation is performed. The process is cumbersome and complicated, and in this operation, the user needs to obtain the multi-tenancy permission multiple times and manually upload the temporary JOIN data table to the main storage space. Users need to touch the file system of the cloud storage system, which may cause loopholes and security problems in the storage system.
4.於使用記錄稽核控管方面,如同權限控管、權限認證於異質雲端資料倉儲平台的問題,各雲端資料倉儲平台有各自特定的記錄方式和操作方法,因此難以建立統一性的即時預警機制,來確保資料的安全。此外不同平台之間的記錄無法相通,也難以於稽核時查詢相同使用者的檢索記錄。 4. In the use of record audit control, like the issue of authority control and authority authentication on the heterogeneous cloud data storage platform, each cloud data storage platform has its own specific recording mode and operation method, so it is difficult to establish a unified instant warning mechanism. To ensure the security of the data. In addition, the records between different platforms cannot be connected, and it is difficult to query the search records of the same users during the audit.
概括而論,使用者操作、權限控管和使用記錄控管沒有多租戶的整合平台來統一管理、新增或修改權限,都是相當不便利且耗費時間成本。由此可見,上述習用方式仍有諸多缺失,實非一良善之設計,而亟待加以改良。本案發明人鑑於上述習用方式所衍生的各項缺點,乃亟思加以改良創新,並經多年苦心孤詣潛心研究後,終於成功研發完成本件多租戶雲端資料倉儲整合性檢索系統及其方法。 In summary, user operations, access control, and use of record control without a multi-tenant integration platform to unify management, add or modify permissions are quite inconvenient and time consuming. It can be seen that there are still many shortcomings in the above-mentioned methods of use, which is not a good design, but needs to be improved. In view of the shortcomings derived from the above-mentioned conventional methods, the inventor of the present invention has improved and innovated, and after years of painstaking research, he finally successfully developed and completed this multi-tenant cloud data warehouse integrated retrieval system and its method.
本發明之目的在於提供一多租戶雲端資料倉儲(Data Warehouse)整合性檢索系統及其方法,解決使用者於檢索異質 多租戶雲端資料倉儲之問題,讓末端使用者可於同一整合系統,透過安全的認證機制,於任何平台透過網路即可檢索異質多租戶雲端資料倉儲。以及讓多租戶雲端資料倉儲管理者,可以有效的控管使用者的檢索權限和使用記錄,以確保資料安全。 The object of the present invention is to provide a multi-tenant cloud data storage (Data Warehouse) integrated retrieval system and a method thereof, and solve the user's heterogeneous search. The problem of multi-tenant cloud data warehousing allows end users to retrieve heterogeneous multi-tenant cloud data warehousing on any platform through the network through a secure authentication mechanism in the same integrated system. And let the multi-tenant cloud data storage manager can effectively control the user's search permission and usage record to ensure data security.
達成上述發明目的之多租戶雲端資料倉儲整合性檢索系統及其方法,係透過網路服務(Web Service)整合後端異質雲端資料倉儲,以及多租戶權限控管。使用者可以直接藉由一使用者介面端透過網路進行服務請求,系統具有憑證認證、使用者權限認證、多租戶認證、檢索連線記錄管理與預警系統,提高資料安全性。而於使用者介面端,提供了使用者便捷的網頁檢索介面,於同一介面下檢索異質多租戶雲端資料倉儲。 The multi-tenant cloud data warehousing integrated retrieval system and method thereof for achieving the above object aims to integrate back-end heterogeneous cloud data warehousing and multi-tenant privilege control through a web service (Web Service). The user can directly request service through the network through a user interface. The system has certificate authentication, user authority authentication, multi-tenant authentication, retrieval connection record management and early warning system to improve data security. On the user interface side, a convenient web search interface is provided for the user, and the heterogeneous multi-tenant cloud data storage is searched under the same interface.
一種多租戶雲端資料倉儲整合性檢索系統,包括:至少一個使用者介面端,係為使用者控制之介面,並透過該使用者介面端發出檢索請求;一多租戶三維認證模組,係接收該使用者介面端之檢索請求,並與連線記錄及中繼資料相連,為驗證該使用者介面端之模組,確認使否為經授權之介面端;一該中繼資料,係取得該使用者之基本資料與多租戶之連線權限,並進行該使用者之權限認證與該多租戶之認證;一該連線記錄,係儲存連線登入與檢索之記錄;一通用性資料介面模組,係與該使用者介面端、該多租戶三維認證模組以及異質雲端資料倉儲相連,並為解釋該連線記錄之檢索請求;以及至少一個異質雲端資料倉儲,係接收該通用性資料介面模組之檢所請求連線進行資料處理,並將結果回傳至該使用者介面端展現或下載者。 A multi-tenant cloud data warehousing integrated retrieval system includes: at least one user interface, which is a user-controlled interface, and sends a retrieval request through the user interface; a multi-tenant three-dimensional authentication module receives the The search request of the user interface is connected to the connection record and the relay data. To verify the module of the user interface, it is confirmed whether the interface is an authorized interface; and the relay data is obtained. Basic data and multi-tenant connection rights, and the user's authority certification and the multi-tenant certification; one of the connection records is a record of storage connection login and retrieval; a universal data interface module Corresponding to the user interface, the multi-tenant three-dimensional authentication module and the heterogeneous cloud data storage, and the retrieval request for interpreting the connection record; and the at least one heterogeneous cloud data storage receiving the universal data interface module The group inspection station requests to connect to the data processing, and the results are returned to the user interface to display or download.
其中該多租戶三維認證模組包括:憑證認證模組,係與該使用者介面端及該使用者權限認證模組相連,並驗證該使 用者介面端為經授權之介面端;使用者權限認證模組,係由中繼資料取得使用者基本資料,確認已註冊的身分及使用權,並與該中繼資料及該多租戶認證模組相連;以及多租戶認證模組,係與該中繼資料及該通用性資料介面模組相連,並由該中繼資料取得該使用者多租戶連線權限,確認擁有欲查詢條件之權限。 The multi-tenant three-dimensional authentication module includes: a credential authentication module, which is connected to the user interface end and the user authority authentication module, and verifies the The user interface is an authorized interface; the user authority authentication module obtains the user's basic data from the relay data, confirms the registered identity and usage rights, and cooperates with the relay data and the multi-tenant authentication module. The group is connected; and the multi-tenant authentication module is connected to the relay data and the universal data interface module, and the user accesses the multi-tenant connection right by the relay data to confirm the permission to have the condition to be queried.
其中該通用性資料介面模組包括:檢索請求解析模組,係將該使用者之檢索請求解譯為對應雲端資料倉儲檢索語法,再交由連接與查詢模組,並透過中介軟體向該異質雲端資料倉儲發出連線與資料處理請求,並與該多租戶三維認證模組及該連接與查詢模組相連;該連接與查詢模組,係與該異質雲端資料倉儲與結果轉譯模組相連,以及該結果轉譯模組,係與該使用者介面端相連,再將回傳的結果轉換為特定統一格式回傳至該使用者介面端展現或下載。 The universal data interface module includes: a search request parsing module, which is to interpret the user's search request into a corresponding cloud data storage search grammar, and then to the connection and query module, and to the heterogeneous through the intermediary software. The cloud data storage sends a connection and data processing request, and is connected to the multi-tenant three-dimensional authentication module and the connection and query module; the connection and query module is connected to the heterogeneous cloud data storage and result translation module. And the result translation module is connected to the user interface, and then the returned result is converted into a specific unified format and transmitted back to the user interface to display or download.
其中該使用者介面端與該多租戶三維認證模組間之連結係透過網路服務,其中該使用者介面端所發出之檢索請求係將網址編碼規則與多種超文本傳輸協議(Hypertext Transfer Protocol,HTTP或HTTPS)協定方法結合,建立對各種該異質性雲端資料倉儲適用之統一檢索語法,該使用者介面端與該多租戶三維認證模組及該通用性資料介面模組係採用超文件標示語言(HyperText Markup Language,HTML)、超文本預處理器(PHP Hypertext Preprocessor,PHP)、動態網頁技術標準(Java Server Pages,JSP)、或應用服務提供商(Application Service Provider,ASP),該異質雲端資料倉儲係採用非關聯式雲端資料倉儲、關聯式雲端資料倉儲、Hive、HBase、BigTable、Cassandra或Amazon SimpleDB,該檢索請求解析模組之所解譯出該對應雲端資料倉儲檢索語法包括結構式查詢語言(Structural Query Language,SQL)語法與NoSQL(Not Only SQL)語法,使該解決差異性問題之範圍涵蓋SQL與NoSQL雲端資料倉儲,亦包括傳統關聯式資料庫,該通用性資料介面模組係藉由中介軟體與該異質雲端資料倉儲相連結,其中該中介軟體係為開放資料庫互連(Open Database Connectivity,ODBC)或Java資料庫連線(Java Database Connectivity,JDBC)。 The connection between the user interface and the multi-tenant 3D authentication module is through a network service, wherein the search request sent by the user interface is a URL encoding rule and a plurality of Hypertext Transfer Protocols (Hypertext Transfer Protocol, The HTTP or HTTPS) protocol method is combined to establish a unified search syntax applicable to various heterogeneous cloud data warehousing, and the user interface and the multi-tenant three-dimensional authentication module and the universal data interface module adopt a hyper-file markup language. (HyperText Markup Language, HTML), Hypertext Preprocessor (PHP), Dynamic Web Technology Standard (Java Server Pages, JSP), or Application Service Provider (ASP), the heterogeneous cloud data The warehousing department uses non-associated cloud data warehousing, associated cloud data warehousing, Hive, HBase, BigTable, Cassandra or Amazon SimpleDB. The search request parsing module interprets the corresponding cloud data warehousing retrieval grammar including structured query language. (Structural Query Language, SQL) syntax and NoSQL (Not Only SQL) syntax, so that the scope of the solution to the difference between SQL and NoSQL cloud data warehousing, also includes the traditional association database, the universal data interface module is linked to the heterogeneous cloud data warehousing by the intermediary software, wherein The mediation soft system is Open Database Connectivity (ODBC) or Java Database Connectivity (JDBC).
一種多租戶雲端資料倉儲整合性檢索方法,其步驟包括:傳遞使用者檢索請求,該使用者透過該使用者介面端之圖形使用者介面,輸入帳號及密碼、該檢索請求條件,該使用者介面端更於傳送的該檢索請求中加入認證金鑰,透過該網路服務連接至該多租戶三為認證模組進行檢索;憑證認證,該模組係以交握認證,檢查該認證金鑰以確認該使用者端為合法使用者端;使用者權限認證,該使用者權限認證係於該中繼資料中取得該使用者權限之相關資訊;多租戶認證,該多租戶認證模組於該中繼資料中取得該使用者檢索資料之權限及條件限制,使不同使用者於不同該雲端資料倉儲擁有相異的權限;解析檢索請求,該通用性資料介面模組收到該使用者所傳送的該檢索請求時,將其轉換為對應之該雲端資料倉儲查詢語言,且依該雲端資料倉儲不同規格自動編譯成異質來源端資料檢索語法;傳送檢索請求至雲端資料倉儲,係傳送檢索請求至雲端資料倉儲,該連接與查詢模組向該異質雲端資料倉儲進行連線與資料處理的動作,且傳送已解析好的雲端資料倉儲檢索語法;雲端資料倉儲回傳結果,當檢索結束,該結果轉譯模組接收該雲端資料倉儲回傳之檢索結果並轉換為標準格式;以及結果解析,該使用者介面端將回傳之結果係轉換為使用者較容易閱讀之方式。 A multi-tenant cloud data warehousing integrated search method, the method comprising: transmitting a user search request, the user inputting an account number and a password, the search request condition, the user interface through a graphical user interface of the user interface The authentication key is added to the search request transmitted by the network, and the multi-tenant is connected to the multi-tenant three for searching by the authentication module; the credential authentication is performed by the module, and the authentication key is checked. Confirming that the user terminal is a legitimate user terminal; the user authority authentication is obtained by acquiring the user authority information in the relay data; the multi-tenant authentication, the multi-tenant authentication module is in the middle Following the permission and condition restriction of the user to retrieve the data, the different users have different rights in different cloud data storage; the retrieval data is parsed, and the universal data interface module receives the information transmitted by the user. When the search request is made, it is converted into the corresponding cloud data storage query language, and automatically edited according to different specifications of the cloud data storage. The heterogeneous source data retrieval grammar; transmitting the retrieval request to the cloud data warehousing, transmitting the retrieval request to the cloud data warehousing, the connection and the query module performing the connection and data processing actions to the heterogeneous cloud data warehousing, and the transmission is parsed Good cloud data warehousing search grammar; cloud data warehousing return result, when the search ends, the result translation module receives the cloud data warehousing return search result and converts into a standard format; and the result analysis, the user interface will The result of the return is converted to a way that the user is easier to read.
其中該憑證認證係採用RSA、DES、3DES或AES,該檢索請求係結合一種網址編碼規則與多種協定中的方法,該網 址編碼規則係包括請求解析主機位置、雲端資料倉儲類型、雲端資料倉儲名稱或代號、表格或檢視以及檢索條件,其中該編碼規則與多種協定中之方法包括POST、GET、PUT、DELETE,分別對應建立、查詢、異動、刪除之請求,以達到對多個異質性之雲端資料倉儲發出資料處理請求,該網址編碼規則更包括複數個資料目標及其關聯條件,形成結合語法,以成跨相異資料倉儲之資料處理,該解析檢索請求之步驟、該傳送檢索請求至雲端資料倉儲之步驟、以及該雲端資料倉儲回傳結果之步驟,係藉由通用性資料介面模組居中解析檢索請求與結果,自動判斷轉換該檢索請求為對應異質雲端資料倉儲的語法並透過中介軟體連接,以隔離保護該雲端資料倉儲及跨雲端資料倉儲資料處理。 The certificate authentication adopts RSA, DES, 3DES or AES, and the search request is combined with a URL encoding rule and a method in a plurality of agreements. The address encoding rule includes requesting to resolve the host location, the cloud data storage type, the cloud data storage name or code, the table or the view, and the search condition, wherein the coding rule and the methods in the plurality of agreements include POST, GET, PUT, and DELETE, respectively. Requests for establishing, querying, changing, and deleting, in order to obtain a data processing request for a plurality of heterogeneous cloud data warehousing, the URL encoding rule further includes a plurality of data targets and their associated conditions, forming a combined grammar to form a cross-dissimilar The data storage data processing, the step of parsing the retrieval request, the step of transmitting the retrieval request to the cloud data storage, and the step of the cloud data storage returning result are performed by the universal data interface module to retrieve the retrieval request and the result. Automatically judges the conversion request to be the grammar corresponding to the heterogeneous cloud data storage and connects through the intermediary software to isolate and protect the cloud data storage and the cross-cloud data storage data processing.
本發明所提供之多租戶雲端資料倉儲整合性檢索系統及其方法,與其他習用技術相互比較時,更具備下列優點: The multi-tenant cloud data warehouse integrated retrieval system and method provided by the invention have the following advantages when compared with other conventional technologies:
1.本發明提供使用者於一整合平台上,檢索異質的多租戶雲端資料倉儲系統,並整合認證、權限控管、使用記錄稽核、異常預警等,大幅縮短管理者控管多租戶權限和使用者檢索的時間成本。 1. The invention provides a user to search a heterogeneous multi-tenant cloud data storage system on an integrated platform, and integrates authentication, authority control, use record auditing, abnormal warning, etc., thereby greatly shortening the administrator's control over multi-tenant rights and use. The time cost of the search.
2.本發明之方法透過整合憑證認證、使用者權限認證、多租戶認證,有助於增加資料安全控管的能力,保障租戶各用戶權限獨立性。 2. The method of the present invention helps to increase the capability of data security control by integrating credential authentication, user authority authentication, and multi-tenant authentication, and guarantees the tenant's individual authority independence.
3.本發明藉由通用性資料介接模組達成跨雲端資料倉儲存取的功效,在多租戶雲端資料倉儲系統實現跨企業資料處理之功能。 3. The invention realizes the function of storing data across the cloud data warehouse by using the universal data interface module, and realizes the function of cross-enterprise data processing in the multi-tenant cloud data storage system.
4.使用者介面端為網頁版本,操作方便,亦無須進行軟體安裝,可於任何可上網的裝置使用。 4. The user interface is a web version, which is easy to operate and does not require software installation. It can be used on any Internet-enabled device.
請參考圖1所示,係為本發明多租戶雲端資料倉儲整合性檢索系統之示意圖,其中揭露本發明之較佳實施例之架構,至少一個使用者介面端1-1…1-n與一個多租戶三維認證模組2及一個通用性資料介面模組5相連,透過該通用性資料介面模組5,多租戶使用者可以利用網路介面進行檢索異質多租戶雲端資料倉儲,並且查看或下載檢索結果;該多租戶三維認證模組2負責驗證介面端是否擁有合法檢索授權,以及執行使用者權限認證和多租戶認證;一連線記錄3與該多租戶三維認證模組2相連,用來記錄使用者的登入記錄以及檢索記錄,以提供異常預警及稽核所用;一中繼資料4與該多租戶三維認證模組2相連,記錄了使用者的基本資料,以及多租戶的連線權限和帳號;一通用性資料介面模組5與該多租戶三維認證模組2相連,並與至少一個異質雲端資料倉儲6-1…6-n相連,負責解譯使用者透過網路服務傳來的檢索請求,轉換為該等異質雲端資料倉儲6-1…6-n之查詢語言,並將後端該等異質雲端資料倉儲6-1…6-n回傳的結果,轉換為標準規格以提供該使用者介面端1之使用者查看;其中該等異質雲端資料倉儲6-1…6-n為後端使用者欲查詢的雲端資料倉儲,可各為相異平台、不同廠牌、機房位置之雲端資料倉儲。 Please refer to FIG. 1 , which is a schematic diagram of a multi-tenant cloud data warehousing integrated retrieval system of the present invention, in which the architecture of the preferred embodiment of the present invention is disclosed, at least one user interface 1-1...1-n and one The multi-tenant 3D authentication module 2 is connected to a universal data interface module 5. Through the universal data interface module 5, multi-tenant users can use the network interface to search heterogeneous multi-tenant cloud data storage, and view or download The multi-tenant three-dimensional authentication module 2 is responsible for verifying whether the interface end has a legal retrieval authorization, and performing user authority authentication and multi-tenant authentication; a connection record 3 is connected to the multi-tenant three-dimensional authentication module 2 for Recording the user's login record and search record to provide abnormal warning and auditing; a relay data 4 is connected to the multi-tenant 3D authentication module 2, records the user's basic data, and the multi-tenant connection authority and Account number; a universal data interface module 5 is connected to the multi-tenant 3D authentication module 2, and is associated with at least one heterogeneous cloud data storage 6-1...6-n phase Responsible for interpreting the search request sent by the user through the Internet service, converting to the query language of the heterogeneous cloud data storage 6-1...6-n, and storing the heterogeneous cloud data storage 6-1...6 The result of the -n return is converted to the standard specification to provide the user view of the user interface 1; wherein the heterogeneous cloud data storage 6-1...6-n is the cloud data storage to be queried by the backend user. It can be cloud data storage for different platforms, different brands and computer rooms.
使用者登入時,透過該等使用者介面端1-1…1-n之一連接該多租戶三維認證模組2,透過該中繼資料4確認使用者的權限,同時將連線請求記錄於該連線記錄3,接著該多租戶三維認證模組2於認證後,將使用者檢索請求轉送至該連接通用性資料介面模組5,該通用性資料介面模組5將使用者檢索請求轉換後轉送至該等異質雲端資料倉儲6-1…6-n,並等待該等異質雲端資料倉儲6-1…6-n回送檢索結果,最後該通用性資料介面模組5將該等異質雲端資料倉儲6-1…6-n所回送的檢索結果,轉換為使用者較方便閱讀的格式後回傳至該使 用者介面端1,供使用者瀏覽和下載,完成整個檢索作業。 When the user logs in, the multi-tenant three-dimensional authentication module 2 is connected through one of the user interface terminals 1-1...1-n, and the user's authority is confirmed through the relay data 4, and the connection request is recorded at the same time. The connection record 3, after the multi-tenant 3D authentication module 2 is authenticated, forwards the user search request to the connection universal data interface module 5, and the universal data interface module 5 converts the user retrieval request After that, it is transferred to the heterogeneous cloud data storage 6-1...6-n, and waits for the heterogeneous cloud data storage 6-1...6-n to return the search result, and finally the universal data interface module 5 treats the heterogeneous cloud The search result returned by the data storage 6-1...6-n is converted into a format that is more convenient for the user to read, and then returned to the User interface end 1, for users to browse and download, complete the entire search operation.
熟習該項技藝人士實施本發明時,該等使用者介面端1-1‥‥1-n與該多租戶三維認證模組2之間的連結,以及其與該通用性資料介面模組5之間的連結,可採用網路服務(Web Service)技術透過網路向遠端伺服器傳送服務請求,而網路服務可以採取如表徵狀態轉移(Representational State Transfer,REST)、簡單物件存取協定(Simple Object Access Protocol,SOAP)等架構,透過網路HTTP/HTTPS(Hypertext Transfer Protocol)協定傳送;該通用性資料介面模組5可藉由開放資料庫互連(Open DataBase Connectivity,ODBC)或Java資料庫連線(Java Database Connectivity,JDBC)等中介軟體(middleware)與該等異質雲端資料倉儲6-1…6-n連結,以解決於異質雲端資料倉儲間查詢的問題。 The connection between the user interface ends 1-1....1-n and the multi-tenant three-dimensional authentication module 2, and the general data interface module 5 thereof, are familiar to those skilled in the art. The connection between the two can be transmitted to the remote server through the network by using Web Service technology, and the network service can adopt Representational State Transfer (REST) or Simple Object Access Protocol (Simple). Architecture such as Object Access Protocol (SOAP) is transmitted through the HTTP/HTTPS (Hypertext Transfer Protocol) protocol; the universal data interface module 5 can be interconnected by Open Data Base Connectivity (ODBC) or Java database. Middleware (Java Database Connectivity, JDBC) and other intermediate software are connected with these heterogeneous cloud data warehousing 6-1...6-n to solve the problem of querying between heterogeneous cloud data warehouses.
上述的該等使用者介面端1-1…1-n、該多租戶三維認證模組2和該通用性資料介面模組5可採用超文件標示語言(HyperText Markup Language,HTML)、超文本預處理器(PHP Hypertext Preprocessor,PHP)、動態網頁技術標準(Java Server Pages,JSP)、或應用服務提供商(Application Service Provider,ASP)等動態網頁語言來達成;該中繼資料4記錄可採用Key-Value、XML文字檔或開放原始碼的關聯式資料庫管理系統(MySQL)、Derby等資料庫來達成;而該等異質雲端資料倉儲6-1…6-n可採用Hive、HBase、BigTable、Cassandra、Amazon SimpleDB、Teradata、Microsoft SQL等等建立在平台上的雲端資料倉儲來存放海量資料,舉凡以上所述之實作方式皆應視為等效實施。 The user interface terminals 1-1...1-n, the multi-tenant three-dimensional authentication module 2, and the universal data interface module 5 can adopt HyperText Markup Language (HTML) and hypertext pre-preparation. A virtual web page language such as a processor (PHP Hypertext Preprocessor, PHP), a dynamic web page technology standard (Java Server Pages, JSP), or an application service provider (ASP); the relay data 4 record can be a Key -Value, XML text file or open source relational database management system (MySQL), Derby and other databases to achieve; and these heterogeneous cloud data storage 6-1...6-n can use Hive, HBase, BigTable, Cassandra, Amazon SimpleDB, Teradata, Microsoft SQL, etc. are built on the platform for cloud data storage to store large amounts of data. The implementation methods described above should be considered equivalent implementation.
請參考圖2所示,係為本發明多租戶雲端資料倉儲整合性檢索系統之多租戶三維認證模組示意圖,其更進一步揭露該多租戶三維認證模組2之實施方式。 Please refer to FIG. 2 , which is a schematic diagram of a multi-tenant three-dimensional authentication module of the multi-tenant cloud data storage integrated retrieval system of the present invention, which further discloses an implementation manner of the multi-tenant three-dimensional authentication module 2 .
如前述,使用者係透過該等使用者介面端1連接到該系統進行檢索,為了解決安全性上疑慮,以及多租戶各用戶權限獨立性的問題,該多租戶三維認證模組2更利用Hand Shake的概念,進行了憑證認證、使用者權限認證、多租戶認證,而該多租戶三維認證模組2更包括一憑證認證模組201,一使用者權限認證模組202,以及一多租戶認證模組203。 As described above, the user is connected to the system through the user interface 1 for searching. In order to solve the security concerns and the independence of the multi-tenant user rights, the multi-tenant three-dimensional authentication module 2 further utilizes Hand. The concept of Shake is performed by credential authentication, user authority authentication, multi-tenant authentication, and the multi-tenant three-dimensional authentication module 2 further includes a credential authentication module 201, a user authority authentication module 202, and a multi-tenant authentication. Module 203.
該憑證認證模組200係用來確認該使用者介面端1為合法的介面端,由於網路服務採用HTTP/HTTPS接口來接收使用者的檢索請求,為更進一步加強安全性,該使用者介面端1於傳送的檢索請求中包含了一認證金鑰,而該憑證認證模組201亦檢查並認證使用者介面端所傳送來的檢索請求中是否包含合法的金鑰,避免非法介面端透過網路直接入侵該系統,此外針對不同的使用者介面端,給予不同的憑證,也能利用憑證對使用者介面端進行安全性控管,熟習該項技藝人士實施本發明時,可於使用者HTTP/HTTPS請求中加入32bits或更高位元碼金鑰,並令該憑證認證模組201檢查使用者介面端傳送來的是否為合法金鑰,假如為合法的金鑰,才會繼續處理使用者的請求,反之為非法金鑰,則忽略此請求或回傳錯誤訊息。 The credential authentication module 200 is used to confirm that the user interface 1 is a legitimate interface end, and the network interface uses the HTTP/HTTPS interface to receive the user's search request, so as to further enhance security, the user interface The terminal 1 includes a certificate key in the search request transmitted, and the certificate authentication module 201 also checks and authenticates whether the search request sent by the user interface contains a legal key, so as to prevent the illegal interface from passing through the network. The road directly invades the system, and different credentials are given to different user interfaces, and the user interface can be securely controlled by using the credentials. When the person skilled in the art implements the present invention, the user can use HTTP. Adding a 32-bit or higher bit key to the HTTPS request, and causing the credential authentication module 201 to check whether the user interface is a legitimate key, and if it is a legitimate key, the user's Request, otherwise illegal, ignores this request or returns an error message.
此外當該等使用者介面端1-1…1-n和該多租戶三維認證模組2進行連線期間,任何服務請求都會記錄於該連線記錄3,以供管理者於未來管理記錄,和系統的自動預警功能之用,例如當非法請求太多,會自動通知管理者處理,也統整了所有異質雲端資料倉儲的請求記錄,管理者不需於異質雲端資料倉儲之間切換查看,只需於此整合平台記錄端查看即可,以便節省其管理者的時間成本,並且可以產生統整性的請求記錄統計報表。 In addition, during the connection between the user interface ends 1-1...1-n and the multi-tenant three-dimensional authentication module 2, any service request is recorded in the connection record 3 for the administrator to manage the records in the future. And the system's automatic warning function, for example, when there are too many illegal requests, it will automatically notify the manager to process, and also complete the request records of all heterogeneous cloud data warehousing, the manager does not need to switch between heterogeneous cloud data warehousing, Simply view the platform record side of this integration platform to save the time cost of its managers, and to generate a comprehensive report of the request record statistics.
該憑證認證模組201與該使用者權限認證模組202相連, 此使用者權限認證模組202之目的為確認使用者為已註冊的身分,使用者必須輸入向管理者申請的帳號及密碼,確認其身分後才能開始使用系統,該使用者權限認證模組202與後端該中繼資料4連接,以取得該使用者權限的相關資訊,熟習該項技藝人士實施本發明時,可採用動態網頁Session技術暫存使用者認證結果,使用者於特定時間內,只需要輸入一次帳號密碼即可。 The credential authentication module 201 is connected to the user authority authentication module 202. The purpose of the user authority authentication module 202 is to confirm that the user is a registered identity. The user must input the account number and password applied to the administrator to confirm the identity before the user can start using the system. The user authority authentication module 202 The relay data 4 is connected to the back end to obtain information about the user authority. When the person skilled in the art implements the present invention, the dynamic webpage session technology can be used to temporarily store the user authentication result, and the user is in a certain time. Just enter the account password once.
該多租戶認證模組203與該使用者權限認證模組202相連,係為了於整合檢索工具上保障租戶各用戶權限獨立性,以及不影響雲端資料倉儲效能運作,而進行多租戶認證,伺服器端查看該中繼資料4中,目前使用者擁有哪一些雲端資料倉儲中表格的權限,以及於該等表格中是否有其他條件限制;舉一範例,假設中繼資料有關多租戶的欄位包括使用者帳號、雲端資料倉儲類別、雲端資料倉儲名稱、資料表名稱、條件限制,假設其可能出現的值分別如下:
中繼資料4:
由上表中繼資料4可觀察到使用者User01僅擁有三個資料表的權限,分別是Teradata系統中資料倉儲MY_Store中的Store_Phone資料表、Hadoop Hive系統中的的Tainan_Store資料表和Hadoop HBase系統中的Hualien_Store資料表,因此User01欲瀏覽Teradata系統中資料倉儲MY_Store中的Store_Address資料表時,將會遭系統拒絕連線。中繼資料4 可設定其檢索條件限制,例如上例中Hadoop Hive系統中的的Tainan_Store資料表中,則限定使用者只能查詢有關Product是Cake的相關資訊。 From the above table relay data 4, it can be observed that the user User01 has only three data tables, which are the Store_Phone data table in the data storage MY_Store in the Teradata system, the Tainan_Store data table in the Hadoop Hive system, and the Hadoop HBase system. The Hualien_Store data table, so User01 will be rejected by the system when browsing the Store_Address data table in the data storage MY_Store in the Teradata system. Relay data 4 The search condition limit can be set. For example, in the Tainan_Store data table in the Hadoop Hive system in the above example, the limited user can only query related information about the product is Cake.
因此當使用者檢索請求通過該使用者憑證認證模組201和該使用者權限認證模組202後,該多租戶認證模組203將檢查該使用者是否為檢索擁有權限之資料表,假如使用者非檢索其權限內之資料表,系統將拒絕其檢索,透過該中繼資料4來限定多租戶的獨立性,於每次處理檢索請求之前,比對使用者請求與該中繼資料4中的權限限制,加強系統的安全性。 Therefore, after the user searches for the user certificate authentication module 201 and the user authority authentication module 202, the multi-tenant authentication module 203 checks whether the user is a data table for retrieving the authority, if the user If the data table within the authority is not retrieved, the system will reject the search, and the independence of the multi-tenant is limited by the relay data 4, and the user request and the relay data 4 are compared before each processing request is processed. Permission restrictions to enhance the security of the system.
系統為了確保雲端資料倉儲安全,確認多租戶認證之後,才建立使用者與該等雲端資料倉儲6-1…6-n中有關的連線,以避免建立沒必要的連線耗費系統資源,以及增加雲端資料倉儲安全性。 In order to ensure the security of cloud data storage, the system establishes the connection between the user and the cloud data storage 6-1...6-n after confirming the multi-tenant authentication, in order to avoid the establishment of unnecessary connection system resources, and Increase cloud data storage security.
於管理方面,管理者可以於該中繼資料4設定不同使用者擁有不同雲端資料倉儲表格的權限,即可達到多租戶的設定,不受限於相異平台特定的規則和操作方式,解決系統管理員難以限定使用者的權限範圍的問題,多租戶可以限定使用者的權限,讓管理者更簡易的管理個人資料或敏感性資料。 In terms of management, the administrator can set the permissions of different users to have different cloud data storage forms in the relay data 4, so that the multi-tenant setting can be achieved, and the specific rules and operation modes of the different platforms are not limited, and the system is solved. It is difficult for administrators to limit the scope of the user's permissions. Multi-tenancy can limit the user's permissions, making it easier for managers to manage personal data or sensitive data.
因此透過該多租戶三維認證模組2與該中繼資料4的整合,即可提增加資料安全控管的能力,並且保障租戶各用戶權限獨立性,達成於整合性平台檢索異質多租戶雲端資料倉儲的功效。 Therefore, through the integration of the multi-tenant three-dimensional authentication module 2 and the relay data 4, the capability of data security control can be increased, and the tenant's individual authority independence can be guaranteed, and the heterogeneous multi-tenant cloud data can be retrieved on the integrated platform. The effectiveness of warehousing.
使用者檢索請求於通過多租戶認證後,即可以透過該通用性資料介面模組5取得資料並傳回,該通用性資料介面模組5係將該使用者檢索請求解譯後,依照不同的雲端資料倉儲類型,產生其對應的語法,以解決異質雲端資料倉儲於檢 索上差異性的問題。 After the user search request is authenticated by the multi-tenant, the data can be retrieved and returned through the universal data interface module 5, and the universal data interface module 5 interprets the user search request according to different Cloud data storage type, generating its corresponding grammar to solve heterogeneous cloud data storage in inspection Ask for the difference.
請參考圖3所示,係為本發明多租戶雲端資料倉儲整合性檢索系統之通用性資料介面模組示意圖,該通用性資料介面模組5更由一檢索請求解析模組501,一連接與查詢模組502及一結果轉譯模組503組成,該檢索請求解析模組501與該多租戶三維認證模組2連結,該連接與查詢模組502與該檢索請求解析模組501相連結,並與前述該等異質雲端資料倉儲6質資料倉相連結,該結果轉譯模組503與該連接與查詢模組502相連,並與前述該等使用者介面端1相連。 Please refer to FIG. 3 , which is a schematic diagram of a general data interface module of the multi-tenant cloud data storage integrated retrieval system of the present invention. The universal data interface module 5 is further connected by a search request parsing module 501. The query module 502 and a result translation module 503 are connected to the multi-tenant three-dimensional authentication module 2, and the connection and query module 502 is coupled to the search request parsing module 501, and The result translation module 503 is connected to the connection and query module 502, and is connected to the user interface end 1 of the foregoing.
該檢索請求解析模組501連接多租戶三維認證模組2所傳送的網路服務請求,進而轉換為雲端資料倉儲查詢語言,以便進行雲端資料倉儲檢索。較佳實施例中,網路服務採用REST架構,結合了HTTP/HTTPS協定與網址(Uniform Resource Locator,URL)編碼規則,其中REST架構充分利用了HTTP/HTTPS協定所定義了四種基本方法,即POST、GET、PUT、DELETE,將以上四種基本方法對應到四種資料處理動作,即Create、Read、Update、Delete,組合出雲端資料倉儲上的基本應用之檢索請求;URL編碼規則為http://resource/{dbType}.{dbName}.{tableName}?{parameters},其中resource代表該請求解析模組主機的IP位置或網域名稱,dbType為雲端資料倉儲的類型,而dbName和tableName分別代表了雲端資料倉儲名稱或代號以及資料表格或檢視(View),而後面的parameters代表了使用者對於雲端資料倉儲表格或檢視所檢索的條件;當HTTP/HTTPS方法為POST時,代表請求為依上述條件建立(Create)資料;HTTP/HTTPS方法為GET則代表依上述條件查詢(Read)資料;HTTP/HTTPS方法為PUT則代表依上述條件異動(Update)資料;HTTP/HTTPS方法為DELETE則代表依上述條件刪除(Delete)資料。 The search request parsing module 501 is connected to the network service request transmitted by the multi-tenant three-dimensional authentication module 2, and then converted into a cloud data storage query language for cloud data storage search. In a preferred embodiment, the network service adopts a REST architecture, and combines HTTP/HTTPS protocol and URL (Uniform Resource Locator, URL) encoding rules, wherein the REST architecture fully utilizes four basic methods defined by the HTTP/HTTPS protocol, namely POST, GET, PUT, DELETE, the above four basic methods correspond to four data processing actions, namely Create, Read, Update, Delete, combined with the basic application retrieval request on the cloud data repository; URL encoding rule is http: //resource/{dbType}.{dbName}.{tableName}? {parameters}, where resource represents the IP location or domain name of the request resolution module host, dbType is the type of cloud data repository, and dbName and tableName represent the cloud data repository name or code and data table or view (View) respectively. The following parameters represent the conditions retrieved by the user for the cloud data repository table or view; when the HTTP/HTTPS method is POST, the request is to create data according to the above conditions; the HTTP/HTTPS method is GET represents The data is queried according to the above conditions; the HTTP/HTTPS method is PUT, which means that the data is updated according to the above conditions; and the HTTP/HTTPS method is DELETE, which means that the data is deleted according to the above conditions.
於上述的模組運作下,請求解析模組201可依照不同的雲端資料倉儲類型產生其對應語法,由於異質性資料倉儲包括傳統資料倉儲以及雲端資料倉儲,對應檢索語法又有結構式查詢語言(Structural Query Language,SQL)與NoSQL(Not Only SQL)的分別;其中對應語法為SQL者,於不同資料倉儲又有其特定的語法和限制,例如Teradata有提供隨機取樣(Sample)的語法,但是Hadoop Hive並沒有提供相關語法,只有限定筆數(Limit)的語法;又如Teradata於查詢資料表時,需要於資料表前帶上資料庫名稱,為dbName.tableName,而其他雲端資料倉儲平台則因有預設資料庫而語法不同。而當檢索資料倉儲為NoSQL系統時,對應檢索語法與SQL系統有更明顯的差別,以下為舉例說明: Under the above module operation, the request parsing module 201 can generate its corresponding grammar according to different cloud data storage types. Since the heterogeneous data warehousing includes traditional data warehousing and cloud data warehousing, the corresponding search grammar has a structured query language ( The difference between Structural Query Language (SQL) and NoSQL (Not Only SQL); where the corresponding syntax is SQL, there are specific syntax and restrictions for different data warehousing. For example, Teradata has the syntax to provide random sampling, but Hadoop. Hive does not provide the relevant grammar, only the qualifier of Limit (Limit); and when Teradata queries the data table, it needs to bring the database name in front of the data table, which is dbName.tableName, and other cloud data storage platforms are There are preset databases and different syntax. When the search data is stored in the NoSQL system, the corresponding search syntax is more distinct from the SQL system. The following is an example:
延續中繼資料4的例子,假設使用者User01即將對存放在Hadoop Hive資料表Tainan_Store進行檢索,欲查詢不同產品的每年總銷售量,檢索的範例資料表Tainan_Store如下:資料表Tainan Store:
延續上述假設,其中使用者只需於使用者介面端1挑選欲檢索資料表,並輸入檢索條件;假設使用者檢索的資料表為Hadoop Hive資料倉儲底下的Tainan_Store,並輸入Product其條件為Cake,最後的URL會由系統自行產生:HTTP方法為GET,URL為http://192.168.0.2/Hadoop.Hive.Tainan_Store?Product=Cake。 Continuing the above assumption, the user only needs to select the data table to be retrieved from the user interface 1 and input the search condition; suppose the user retrieves the data table as the Tainan_Store under the Hadoop Hive data repository, and enters the Product condition as Cake. The final URL will be generated by the system itself: HTTP method is GET, URL is http://192.168.0.2/Hadoop.Hive.Tainan_Store? Product=Cake.
當請求解析模組501收到URL之後即可解譯出使用者向IP位置為192.168.0.2的雲端資料倉儲送出請求,希望於 Hadoop Hive雲端資料倉儲中的資料表Tainan_Store進行檢索取得限定欄位Product值為Cake的資訊;延續中繼資料4的例子,使用者User01於Hadoop Hive雲端資料倉儲中的資料表Tainan_Store的限制條件為Product=‘Cake’,符合其限制條件,所以系統認定此為合法檢索;此例以Hadoop Hive為例,請求解析模組501會將此URL解譯為符合該雲端資料倉儲平台Hadoop Hive的SQL語法,所產生出的SQL語法為Select * from Tainan_Store where Product=’Cake’。 After the request parsing module 501 receives the URL, the user can be interpreted to send a request to the cloud data warehousing IP address of 192.168.0.2, hoping for Hadoop Hive cloud data repository data table Tainan_Store to retrieve the qualified field Product value Cake information; continuation of relay data 4 example, user User01 in Hadoop Hive cloud data repository data table Tainan_Store limit condition is Product = 'Cake', in line with its restrictions, so the system determines this as a legal search; this example takes Hadoop Hive as an example, the request parsing module 501 will interpret the URL as a SQL grammar that conforms to the cloud data storage platform Hadoop Hive. The resulting SQL syntax is Select * from Tainan_Store where Product='Cake'.
延續上述舉例,使用者於介面端1,透過圖形介面送出另一檢索請求,HTTP方法為GET,其URL為http://192.168.0.2/Hadoop.HBase.Hualien_Store?Product=‘Cookie’,檢索的範例資料表Hualien_Store如下:資料表Hualien_Store:
與前一例子不同的是這次檢索的雲端資料倉儲系統為Hadoop HBase,HBase為一NoSQL系統。因此於相同條件下,請求解析模組501會將此URL解譯為符合該雲端資料倉儲平台的NoSQL語法,為get’Hualien_Store’,‘Cookie’;從以上兩個例子即可發現SQL與NoSQL系統檢索時,請求解析模組501所解譯的方式不盡相同,以便讓使用者可透過同一介面檢索SQL與NoSQL系統。 Different from the previous example, the cloud data storage system of this search is Hadoop HBase, and HBase is a NoSQL system. Therefore, under the same conditions, the request parsing module 501 interprets the URL as a NoSQL grammar conforming to the cloud data storage platform, which is get'Hualien_Store', 'Cookie'; from the above two examples, the SQL and NoSQL system can be found. When searching, the way the request parsing module 501 interprets is different, so that the user can retrieve the SQL and NoSQL system through the same interface.
因此該請求解析模組501之設計係針對使用者檢索之不同雲端資料倉儲,自動判別和轉換其對應語法,讓使用者於切換雲端資料倉儲檢索時,可增加其操作便利性和避免語法錯誤;當檢索請求解析模組501將URL解譯為符合該雲端資 料倉儲檢索語法後,即可透過中介軟體(middleware)如ODBC(Open Database Connectivity)或JDBC(Java Database Connectivity)等,向後端雲端資料倉儲進行檢索,並回傳結果給使用者。 Therefore, the design of the request parsing module 501 automatically discriminates and converts the corresponding grammar for different cloud data wares retrieved by the user, so that the user can increase the convenience of operation and avoid grammatical errors when switching the cloud data warehousing retrieval; When the retrieval request parsing module 501 interprets the URL as conforming to the cloud resource After the warehousing retrieval grammar, the intermediate software such as ODBC (Open Database Connectivity) or JDBC (Java Database Connectivity) can be used to retrieve the back-end cloud data warehousing and return the result to the user.
然而雲端資料倉儲為近年來展新的技術,仍有許多使用者將部分資料留置於傳統關聯式資料庫內,例如歷年的顧客資訊等等…,因此當使用者需跨企業,或者跨雲端資料倉儲整合不同資料時,請求解析模組501也可協助使用者進行JOIN相異雲端資料倉儲,並且於中繼資料4的多租戶保護權限下進行檢索,以確保系統的安全性。 However, cloud data warehousing is a new technology in recent years. There are still many users who leave some data in the traditional related database, such as customer information over the years... so when users need to cross the enterprise or cross the cloud data. When the warehouse integrates different materials, the request parsing module 501 can also assist the user to perform JOIN different cloud data storage, and perform retrieval under the multi-tenant protection authority of the relay data 4 to ensure the security of the system.
當同時檢索JOIN相異的資料倉儲時,系統須要先將資料放置於相同雲端資料倉儲空間,以便進行檢索作業,所以使用者需於使用者介面端1先決定主要的JOIN的資料倉儲表格,告知系統將資料放置於主要的雲端資料倉儲空間,以及資料倉儲表格相關的檢索條件,假設主要的JOIN的資料倉儲表格為DB_A,主機的IP位置為resource_A,其條件為parameters_A;附要資料倉儲表格為DB_B,主機的IP位置為resource_B,其條件為parameters_B,而A與B進行JOIN時的條件為parameters_JOIN,最終請求解析模組501所產生的URL格式為http://resource_A/{DB_A}?{parameters_A}/JOIN/resource_B/{DB_B}?{parameters_B}/ON/parameters_JOIN。 When simultaneously searching for JOIN different data warehousing, the system needs to first place the data in the same cloud data storage space for the search operation, so the user needs to determine the main JOIN data warehousing form at the user interface end 1 to inform The system places the data in the main cloud data storage space and the search conditions related to the data storage table. It assumes that the main JOIN data storage table is DB_A, the host's IP address is resource_A, and the condition is parameters_A; the attached data storage table is DB_B, the IP address of the host is resource_B, the condition is parameters_B, and the condition when JO and A are JOIN is parameters_JOIN, and the URL format generated by the final request parsing module 501 is http://resource_A/{DB_A}? {parameters_A}/JOIN/resource_B/{DB_B}? {parameters_B}/ON/parameters_JOIN.
延續上述舉例,使用者User01欲整合Teradata系統中資料倉儲MY_Store中的Store_Phone資料表、和HBase系統中的Hualien_Store資料表,共同製作Hualien有關Cookie的銷售總表,並附上販售店面的電話,其中檢索的範例資料表Store_Phone如下:資料表Store_Phone:
使用者介面端1收到使用者的檢索條件後,檢索的URL由系統產生:http://192.168.0.1/Teradata.MY_Store.Store_Phone/Store_Name=Hualien_Store/JOIN/192.168.0.2/Hadoop.HBase.Hualien_Store?Product=‘Cookie’/ON/Teradata.MY_Store.Store_Phone.Store_Name=Hadoop.HBase.Hualien_Store.Store_Name;此URL會先與中繼資料4進行多租戶的權限驗證,再傳送至通用性資料介面模組5,進行解析與查詢。 After the user interface 1 receives the user's search condition, the retrieved URL is generated by the system: http://192.168.0.1/Teradata.MY_Store.Store_Phone/Store_Name=Hualien_Store/JOIN/192.168.0.2/Hadoop.HBase.Hualien_Store ? Product='Cookie'/ON/Teradata.MY_Store.Store_Phone.Store_Name=Hadoop.HBase.Hualien_Store.Store_Name; This URL will first verify the multi-tenant permissions with the relay data 4, and then transfer it to the universal data interface module 5 , for parsing and querying.
通用性資料介面模組5接收到此URL時,可拆解為以下步驟: When the universal data interface module 5 receives the URL, it can be disassembled into the following steps:
1.從HBase系統中的Hualien_Store資料表檢索使用者所下的條件資料,語法為NoSQL語法為get’Hualien_Store’,‘Cookie’,再將資料載入至Teradata資料倉儲MY_Store中的暫存表格,此時需檢驗使用者是否擁有Teradata資料倉儲MY_Store載入之權限。載入過程透過前述方法HTTP方法POST的方式,由系統協助載入,避免使用者直接接觸資料倉儲之檔案系統,加強系統安全性。 1. Retrieve the condition data of the user from the Hualien_Store data table in the HBase system. The syntax is NoSQL syntax is get'Hualien_Store', 'Cookie', and then the data is loaded into the temporary storage table in the Teradata data storage MY_Store. It is necessary to check whether the user has the right to load the Teradata data repository MY_Store. The loading process is loaded by the system through the above method HTTP method POST, which avoids the user directly contacting the data storage file system and strengthens the system security.
2. Teradata系統中資料倉儲MY_Store中的Store_Phone資料表與前一步驟所載入的暫存表格進行JOIN匯整分析。匯整分析的SQL語法為:Select * from MY_Store.Store_Phone A JOIN(Select * from MY_Store.TempTable)B ON A.Store_Name=B.Store_Name。 2. The Store_Phone data table in the data storage MY_Store in the Teradata system and the temporary storage table loaded in the previous step are JOIN. The SQL syntax for the takeover analysis is: Select * from MY_Store.Store_Phone A JOIN(Select * from MY_Store.TempTable)B ON A.Store_Name=B.Store_Name.
3.產生出結果之後,即由系統自動刪除暫存表格,以保 障資料隱私性安全。 3. After the result is generated, the system automatically deletes the temporary form to ensure The barrier data is private and secure.
基於上述設計,於該檢索請求URL中帶入跨雲端資料倉儲的多個不同資料目標及其關聯條件,發出上述POST、DELETE、PUT、GET等不同HTTP/HTTPS方法的請求,配合上述針對不同雲端資料倉儲的語法轉換與中介軟體,即可做到跨相異雲端資料倉儲的增刪改查等資料處理功能,在多租戶雲端資料倉儲系統則能跨企業處理資料。 Based on the above design, a plurality of different data objects and their associated conditions of the cross-cloud data storage are carried in the search request URL, and requests for different HTTP/HTTPS methods such as POST, DELETE, PUT, and GET are issued, and the foregoing is for different clouds. The grammar conversion and mediation software of data warehousing can realize the data processing functions such as addition, deletion and change of data storage in different clouds. In the multi-tenant cloud data storage system, data can be processed across enterprises.
此設計不僅巧妙配合該等使用者介面端1-1…1-n與該通用性資料介面模組5之間的連結架構特性,網址編碼的設計更形成一套統一且具一致性的檢索語法,使得各種異質性雲端資料倉儲皆可適用;此外由於結合了HTTP/HTTPS方法的請求,可對相同的資源做不同的資料處理動作,使用者可於使用者介面端1圖形化介面直接檢索,無須各自設計不同的語法,使得檢索資料表更為單純,使用起來亦更直覺且更方便。 This design not only cleverly matches the connection architecture between the user interface 1-1...1-n and the universal data interface module 5. The design of the URL coding forms a uniform and consistent search grammar. All kinds of heterogeneous cloud data storage can be applied; in addition, due to the combination of the HTTP/HTTPS method request, different data processing actions can be performed on the same resource, and the user can directly search in the graphical interface of the user interface 1 There is no need to design different grammars, making the search data table simpler and more intuitive and convenient to use.
於該檢索請求解析模組501解譯完使用者的檢索請求後,接著由該連接與查詢模組502向該等異質雲端資料倉儲6進行連線與檢索的動作,將解譯好的雲端資料倉儲語法,傳遞至對應雲端資料倉儲進行檢索,並等待雲端資料倉儲端回傳檢索結果;當收到該對應雲端資料倉儲回傳的結果之後,接著該結果轉譯模組503將該雲端資料倉儲回傳的結果轉換成方便傳遞的格式,例如可延伸標記式語言(Extensible Markup Language,XML)或資料交換語言(JavaScript Object Notation,JSON)等,再回傳至該使用者所使用之使用者介面端1;此設計有利與後端介接,增加伺服器端的彈性,讓未來可與更多使用者介面端連接,最重要的是能達成跨雲端資料倉儲的增刪改查的功效,在多租戶雲端資料倉儲系統則能實現跨企業資料處理之功能。 After the search request parsing module 501 interprets the user's search request, the connection and query module 502 then performs the connection and retrieval operation to the heterogeneous cloud data repository 6 to decode the cloud data. The warehousing grammar is passed to the corresponding cloud data warehousing for retrieval, and waits for the cloud data warehousing end to return the search result; after receiving the result of the corresponding cloud data warehousing return, the result translation module 503 then stores the cloud data back. The result of the transmission is converted into a convenient delivery format, such as an Extensible Markup Language (XML) or a JavaScript Object Notation (JSON), and then transmitted back to the user interface used by the user. 1; This design is beneficial to the back-end interface, increasing the flexibility of the server end, allowing future users to connect with more user interface, the most important thing is to achieve the effect of adding, deleting and changing cross-cloud data storage, in the multi-tenant cloud The data warehousing system can realize the function of cross-enterprise data processing.
最後該使用者介面端1再進行解譯的步驟,將伺服器端所回傳的結果轉換為特定統一格式回傳至該使用者介面端1以使用者較容易閱讀的表格顯示方式,讓使用者可以方便的進行查詢與閱讀,或者讓使用者直接下載檢索結果。 Finally, the user interface end 1 performs the step of interpreting again, and converts the result returned by the server end into a specific unified format and transmits it back to the user interface end 1 to display the table display mode which is easier for the user to read, so that the user can use The user can conveniently query and read, or let the user directly download the search results.
請參考圖4所示,係為本發明多租戶雲端資料倉儲整合性檢索方法之流程圖,並揭露本方法之實施步驟,包括使用者傳遞檢索請求700、憑證認證701、使用者權限認證702、多租戶認證703、解析檢索請求704、傳送檢索請求至雲端資料倉儲705、雲端資料倉儲回傳結果706、結果解析707等步驟,依序執行。 Please refer to FIG. 4 , which is a flowchart of the multi-tenant cloud data storage integrated retrieval method of the present invention, and discloses implementation steps of the method, including a user delivery retrieval request 700, a certificate authentication 701, and a user authority authentication 702. The multi-tenant authentication 703, the parsing retrieval request 704, the transmission of the retrieval request to the cloud data repository 705, the cloud data repository returning result 706, and the result analysis 707 are performed in sequence.
首先於步驟700傳遞使用者檢索請求,使用者透過前述該使用者介面端之圖形使用者介面(Graphical User Interface,GUI),輸入帳號及密碼、檢索請求條件,該使用者介面端更於傳送的檢索請求中加入認證金鑰,透過網路服務連接至前述該多租戶三為認證模組進行檢索。檢索請求係結合前述URL編碼規則與HTTP/HTTPS方法,URL編碼規則包括請求解析主機位置、雲端資料倉儲類型、雲端資料倉儲名稱或代號、表格或檢視以及檢索條件;而HTTP/HTTPS方法包括POST、GET、PUT、DELETE等分別對應建立、查詢、異動、刪除之請求,以達到對多個異質性之雲端資料倉儲發出檢索請求之目的。 First, in step 700, a user search request is transmitted, and the user inputs an account number and a password, and a search request condition through a graphical user interface (GUI) of the user interface, and the user interface is more transmitted. The authentication key is added to the search request, and the multi-tenant three is connected to the above-mentioned multi-tenant three through the network service for searching. The retrieval request is combined with the aforementioned URL encoding rules and HTTP/HTTPS methods, and the URL encoding rules include requesting to resolve host location, cloud data storage type, cloud data storage name or code, table or view, and retrieval conditions; and HTTP/HTTPS method includes POST, GET, PUT, DELETE, etc. correspond to requests for establishment, query, transaction, and deletion, respectively, to achieve the purpose of issuing search requests for multiple heterogeneous cloud data warehouses.
接著於步驟701憑證認證,前述該憑證認證模組採取交握(Hand Shaking)認證,檢查該認證金鑰以確認使用者端為合法使用者端;熟習該項技藝人士實施本發明時,金鑰認證的方法可採用RSA、DES、3DES、AES等技術。 Then, in step 701, the credential authentication is performed. The credential authentication module adopts Hand Shaking authentication, and the authentication key is checked to confirm that the user end is a legitimate user end. When the skilled person implements the present invention, the key is used. The authentication method can adopt technologies such as RSA, DES, 3DES, and AES.
接著於步驟702使用者權限認證,前述該使用者權限認證模組於前述該中繼資料中取得該使用者權限的相關資訊,確認使用者為合法使用者,以保障系統安全。 Then, in step 702, the user authority authentication is performed, and the user authority authentication module obtains related information of the user authority in the relay data, and confirms that the user is a legitimate user to ensure system security.
接著於步驟703多租戶認證,前述該多租戶認證模組於前述該中繼資料中取得該使用者檢索資料的權限及條件限制,讓不同使用者於不同雲端資料倉儲擁有相異的權限,保護資料不被任意提取,並且設定使用者對資料的條件限制,以加強資料安全性與隱私性。 Then, in step 703, the multi-tenant authentication module obtains the permission and condition restriction of the user to retrieve the data in the relay data, so that different users have different rights in different cloud data storage, and the protection is protected. The data is not arbitrarily extracted, and the user's conditional restrictions on the data are set to enhance data security and privacy.
接著於步驟704解析檢索請求,前述該通用性資料介面模組收到使用者所傳送的檢索請求時,將其轉換為對應的雲端資料倉儲查詢語言,且依雲端資料倉儲不同規格(Schema)自動編譯成異質來源端資料檢索語法。 Then, in step 704, the search request is parsed, and the universal data interface module converts the search request sent by the user into a corresponding cloud data storage query language, and automatically according to different specifications of the cloud data storage (Schema). Compile into a heterogeneous source data retrieval syntax.
接著於步驟705傳送檢索請求至雲端資料倉儲,前述該連接與查詢模組向該等異質雲端資料倉儲進行連線與資料處理的動作,傳送已解析好的雲端資料倉儲檢索語法。由於前述該通用性資料介面模組居中解析檢索請求與結果,因此使用者並不清楚真正雲端資料倉儲的IP位置,可隔離保護避免雲端資料倉儲直接曝險於外;此外,該模組自動判斷轉換檢索請求為對應異質雲端資料倉儲的語法並透過中介軟體連接,能達成跨雲端資料倉儲的增刪改查的功效,在多租戶雲端資料倉儲系統則能實現跨企業資料處理之功能。 Then, in step 705, the retrieval request is transmitted to the cloud data storage, and the connection and the query module perform the connection and data processing operations to the heterogeneous cloud data storage, and transmit the parsed cloud data storage retrieval syntax. Because the universal data interface module centrally analyzes the retrieval request and the result, the user does not know the IP location of the real cloud data storage, and can isolate and protect the cloud data storage from direct exposure; in addition, the module automatically determines The conversion search request is the grammar corresponding to the heterogeneous cloud data storage and is connected through the intermediary software, which can achieve the function of adding, deleting and changing the cross-cloud data storage, and realize the function of cross-enterprise data processing in the multi-tenant cloud data storage system.
接著於步驟706雲端資料倉儲回傳結果,當檢索結束,前述該結果轉譯模組接收雲端資料倉儲回傳的檢索結果並轉換為標準格式,例如XML或JSON等,再回傳至該使用端介面端。 Then, in step 706, the cloud data warehouse returns the result. When the search ends, the result translation module receives the search result of the cloud data warehouse return and converts it into a standard format, such as XML or JSON, and then transmits it back to the user interface. end.
接著於步驟707結果解析,前述該使用者介面端將回傳的結果轉換為使用者較容易閱讀的方式,例如以HTML呈現出表格,或者是提供XLS、CSV檔案讓使用者可儲存至電腦中。 Then, in step 707, the user interface end converts the returned result into a way that the user can easily read, for example, presents the form in HTML, or provides an XLS or CSV file for the user to store in the computer. .
上列詳細說明乃針對本發明之一可行實施例進行具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離 本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。 The detailed description above is specifically described for one possible embodiment of the present invention, but the embodiment is not intended to limit the scope of the patent of the present invention. Equivalent implementations or modifications of the spirit of the invention are intended to be included in the scope of the invention.
綜上所述,本案不僅於技術思想上確屬創新,並具備習用之傳統方法所不及之上述多項功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。 To sum up, this case is not only innovative in terms of technical thinking, but also has many of the above-mentioned functions that are not in the traditional methods of the past. It has fully complied with the statutory invention patent requirements of novelty and progressiveness, and applied for it according to law. Approved this invention patent application, in order to invent invention, to the sense of virtue.
1‧‧‧使用者介面端 1‧‧‧User interface
1-1~1-n‧‧‧使用者介面端1~n 1-1 ~ 1-n‧‧ User Interface End 1 ~ n
2‧‧‧多租戶三維認證模組 2‧‧‧Multi-tenant 3D authentication module
3‧‧‧連線記錄 3‧‧‧ Connection records
4‧‧‧中繼資料 4‧‧‧Relay information
5‧‧‧通用性資料介面模組 5‧‧‧Common Data Interface Module
6-1~6-n‧‧‧異質雲端資料倉儲1~n 6-1 ~ 6-n‧‧‧ Heterogeneous Cloud Data Warehousing 1 ~ n
201‧‧‧憑證認證模組 201‧‧‧Voucher Certification Module
202‧‧‧使用者權限認證模組 202‧‧‧User Authority Authentication Module
203‧‧‧多租戶認證模組 203‧‧‧Multi-tenant authentication module
501‧‧‧檢索請求解析模組 501‧‧‧Search request parsing module
502‧‧‧連接與查詢模組 502‧‧‧Connection and Query Module
503‧‧‧結果轉譯模組 503‧‧‧Results Translation Module
700‧‧‧傳遞使用者檢索請求 700‧‧‧Transfer user search request
701‧‧‧憑證認證 701‧‧‧Voucher Certification
702‧‧‧使用者權限認證 702‧‧‧User Authority Certification
703‧‧‧多租戶認證 703‧‧‧Multi-tenant certification
704‧‧‧解析檢索請求 704‧‧‧Resolve search request
705‧‧‧傳送檢索請求至雲端資料倉儲 705‧‧‧Transfer search request to cloud data repository
706‧‧‧雲端資料倉儲回傳結果 706‧‧‧Cloud data warehousing return results
707‧‧‧結果解析 707‧‧‧ Results analysis
請參閱有關本發明之詳細說明及其附圖,將可進一步瞭解本發明之技術內容及其目的功效;有關附圖為:圖1為本發明多租戶雲端資料倉儲整合性檢索系統之示意圖;圖2為本發明多租戶雲端資料倉儲整合性檢索系統之多租戶三維認證模組示意圖;圖3為本發明多租戶雲端資料倉儲整合性檢索系統之通用性資料介面模組示意圖;以及圖4為本發明多租戶雲端資料倉儲整合性檢索方法之流程圖。 The detailed description of the present invention and the accompanying drawings will be further understood, and the technical contents of the present invention and the functions thereof can be further understood. FIG. 1 is a schematic diagram of the multi-tenant cloud data storage integrated retrieval system of the present invention; 2 is a schematic diagram of a multi-tenant three-dimensional authentication module of the multi-tenant cloud data storage integrated retrieval system of the present invention; FIG. 3 is a schematic diagram of a universal data interface module of the multi-tenant cloud data storage integrated retrieval system of the present invention; A flow chart for inventing a multi-tenant cloud data repository integrated retrieval method.
1‧‧‧使用者介面端 1‧‧‧User interface
1-1~1-n‧‧‧使用者介面端1~n 1-1 ~ 1-n‧‧ User Interface End 1 ~ n
2‧‧‧多租戶三維認證模組 2‧‧‧Multi-tenant 3D authentication module
3‧‧‧連線記錄 3‧‧‧ Connection records
4‧‧‧中繼資料 4‧‧‧Relay information
5‧‧‧通用性資料介面模組 5‧‧‧Common Data Interface Module
6-1~6-n‧‧‧異質雲端資料倉儲1~n 6-1 ~ 6-n‧‧‧ Heterogeneous Cloud Data Warehousing 1 ~ n
Claims (13)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW101150377A TWI476614B (en) | 2012-12-27 | 2012-12-27 | Multi - tenant Cloud Warehouse Integrated Retrieval System and Its Method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW101150377A TWI476614B (en) | 2012-12-27 | 2012-12-27 | Multi - tenant Cloud Warehouse Integrated Retrieval System and Its Method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201426354A true TW201426354A (en) | 2014-07-01 |
| TWI476614B TWI476614B (en) | 2015-03-11 |
Family
ID=51725515
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW101150377A TWI476614B (en) | 2012-12-27 | 2012-12-27 | Multi - tenant Cloud Warehouse Integrated Retrieval System and Its Method |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI476614B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI557576B (en) * | 2014-08-15 | 2016-11-11 | Chunghwa Telecom Co Ltd | Method and System for Predicting Calculation of Timing Data |
| CN111984977A (en) * | 2020-08-06 | 2020-11-24 | 成都安恒信息技术有限公司 | Multi-tenant authority authentication method based on operation and maintenance auditing system |
| TWI762065B (en) * | 2019-12-27 | 2022-04-21 | 日商樂天集團股份有限公司 | Authentication system, authentication device, authentication method, and program product |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8019812B2 (en) * | 2007-04-13 | 2011-09-13 | Microsoft Corporation | Extensible and programmable multi-tenant service architecture |
| US8271536B2 (en) * | 2008-11-14 | 2012-09-18 | Microsoft Corporation | Multi-tenancy using suite of authorization manager components |
| CN101777047A (en) * | 2009-01-08 | 2010-07-14 | 国际商业机器公司 | System, equipment and method for accessing database under multiple-tenant environment |
| CN102693169B (en) * | 2011-03-25 | 2015-01-28 | 国际商业机器公司 | Method and device for recovering lessee data under multi-lessee environment, and database system |
| CN102651775B (en) * | 2012-03-05 | 2015-08-12 | 国家超级计算深圳中心(深圳云计算中心) | Based on method, the equipment and system of many tenants shared object management of cloud computing |
-
2012
- 2012-12-27 TW TW101150377A patent/TWI476614B/en not_active IP Right Cessation
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI557576B (en) * | 2014-08-15 | 2016-11-11 | Chunghwa Telecom Co Ltd | Method and System for Predicting Calculation of Timing Data |
| TWI762065B (en) * | 2019-12-27 | 2022-04-21 | 日商樂天集團股份有限公司 | Authentication system, authentication device, authentication method, and program product |
| CN111984977A (en) * | 2020-08-06 | 2020-11-24 | 成都安恒信息技术有限公司 | Multi-tenant authority authentication method based on operation and maintenance auditing system |
| CN111984977B (en) * | 2020-08-06 | 2022-07-19 | 成都安恒信息技术有限公司 | Multi-tenant authority authentication method based on operation and maintenance auditing system |
Also Published As
| Publication number | Publication date |
|---|---|
| TWI476614B (en) | 2015-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11038867B2 (en) | Flexible framework for secure search | |
| US10880292B2 (en) | Seamless transition between WEB and API resource access | |
| CN108337260B (en) | Multi-tenant identity and data security management cloud service | |
| US9251364B2 (en) | Search hit URL modification for secure application integration | |
| US9058353B2 (en) | Computer relational database method and system having role based access control | |
| US8005816B2 (en) | Auto generation of suggested links in a search system | |
| US8595255B2 (en) | Propagating user identities in a secure federated search system | |
| US8868540B2 (en) | Method for suggesting web links and alternate terms for matching search queries | |
| CN104283875B (en) | Cloud disk right management method | |
| US20070214129A1 (en) | Flexible Authorization Model for Secure Search | |
| US8745088B2 (en) | System and method of performing risk analysis using a portal | |
| CN103095720B (en) | A kind of method for managing security of cloud storage system of dialogue-based management server | |
| CN102089767A (en) | Authenticated database connectivity for unattended applications | |
| US9398075B2 (en) | Communication system, communication apparatus, communication method, and storage medium | |
| JP5342020B2 (en) | Group definition management system | |
| JP2009054086A (en) | Information providing device | |
| WO2011057488A1 (en) | System, apparatus and method for configuring user authority information of lightweight directory access protocol server | |
| US20220255914A1 (en) | Identity information linking | |
| TWI476614B (en) | Multi - tenant Cloud Warehouse Integrated Retrieval System and Its Method | |
| CN107465641B (en) | Software system based on three-layer architecture and data request method thereof | |
| TWI527419B (en) | Method and System of Integrating Backend Service Authentication with Proxy Servo | |
| CN106067881B (en) | Data Access Security control method based on OS/400, apparatus and system | |
| Huang et al. | Research on Single Sign-on Technology for Educational Administration Information Service Platform | |
| WO2023185386A1 (en) | Service data processing method and apparatus, device, storage medium and program product | |
| CN113973017B (en) | Business intelligent platform data processing system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |