[go: up one dir, main page]

CN111400696A - Data table authority processing method and device, computer equipment and storage medium - Google Patents

Data table authority processing method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN111400696A
CN111400696A CN202010100595.3A CN202010100595A CN111400696A CN 111400696 A CN111400696 A CN 111400696A CN 202010100595 A CN202010100595 A CN 202010100595A CN 111400696 A CN111400696 A CN 111400696A
Authority
CN
China
Prior art keywords
data table
authority
user
permission
user class
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010100595.3A
Other languages
Chinese (zh)
Inventor
陈丽华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Life Insurance Company of China Ltd
Original Assignee
Ping An Life Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Life Insurance Company of China Ltd filed Critical Ping An Life Insurance Company of China Ltd
Priority to CN202010100595.3A priority Critical patent/CN111400696A/en
Publication of CN111400696A publication Critical patent/CN111400696A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本申请实施例属于管理技术领域,涉及一种数据表权限的处理方法,包括:接收模型文件和权限文件;解析权限文件,并对模型文件进行加权处理,权限文件包括至少一个权限用户类,权限用户类具有查看对应数据表的权限;使用模型文件从数据库中调取数据生成数据表,对数据表依照预设的规则进行命名,生成数据表名称;将权限用户类与数据表名称在数据库中关联存储;提供前端页面,当接收到前端页面发送的数据表名称时,根据数据表名称确定具有查看权限的权限用户类,并展示给用户。本申请还提供一种数据表权限的处理装置、计算机设备及存储介质。本申请实现了对数据表的查看权限的管理,且用户能够自助查询获知具有查看对应数据表的权限用户类。

Figure 202010100595

The embodiments of the present application belong to the technical field of management, and relate to a method for processing data table rights, including: receiving a model file and a rights file; The user class has the permission to view the corresponding data table; use the model file to fetch data from the database to generate the data table, name the data table according to the preset rules, and generate the data table name; put the permission user class and the data table name in the database Associative storage; provide front-end pages, when receiving the data table name sent by the front-end page, determine the permission user class with viewing rights according to the data table name, and display it to the user. The present application also provides a data table permission processing device, computer equipment and storage medium. The present application realizes the management of the viewing authority of the data table, and the user can self-check to know the user class that has the authority to view the corresponding data table.

Figure 202010100595

Description

数据表权限的处理方法、装置、计算机设备及存储介质Processing method, device, computer equipment and storage medium for data table rights

技术领域technical field

本申请涉及大数据技术领域,尤其涉及一种数据表权限的处理方法、装置、计算机设备及存储介质。The present application relates to the field of big data technologies, and in particular, to a method, device, computer equipment and storage medium for processing data table permissions.

背景技术Background technique

数据表存储在系统中,不同的用户类对于数据表有不同的查看权限,根据用户类的权限不同,对应用户所能查看的数据表中的信息量也不同。The data table is stored in the system, and different user classes have different viewing permissions for the data table. According to the different permissions of the user class, the amount of information in the data table that the corresponding user can view is also different.

而用户类对数据表的查看权限的情况,依赖于运营人员登录生产服务器找到开发人员移交的文件才能获知;但是因为系统中具有海量的数据表,每张数据表都需要运营人员一张张查看,所以非常耗费人力物力,导致效率低,运营成本居高不下。The user's permission to view the data table depends on the operator logging in to the production server to find the files handed over by the developer; however, because there are a large number of data tables in the system, each data table needs to be viewed by the operator one by one. , so it is very labor-intensive, resulting in low efficiency and high operating costs.

发明内容SUMMARY OF THE INVENTION

本申请实施例的目的在于提出一种数据表权限的处理方法,以实现了用户可以通过前端页面自助获知具有查看对应数据表的权限的用户类。The purpose of the embodiments of the present application is to propose a method for processing data table permissions, so as to realize that the user can automatically know the user class that has the permission to view the corresponding data table through the front-end page.

为了解决上述技术问题,本申请实施例提供一种数据表权限的处理方法,采用了如下所述的技术方案:In order to solve the above-mentioned technical problems, the embodiment of the present application provides a method for processing data table permissions, which adopts the following technical solutions:

一种数据表权限的处理方法,包括下述步骤:A method for processing data table permissions, comprising the following steps:

接收开发人员移交到生产环境中的至少两个不同的模型文件和至少两个不同的权限文件;Receive at least two different model files and at least two different permissions files that developers hand over to the production environment;

解析所述权限文件,并对所述模型文件进行加权处理,以获得添加权限控制的模型文件,其中,所述权限文件包括至少一个权限用户类,所述权限用户类具有查看对应数据表的权限;Parse the authority file, and perform weighting processing on the model file to obtain a model file with added authority control, wherein the authority file includes at least one authority user class, and the authority user class has the authority to view the corresponding data table ;

使用添加权限控制的模型文件从数据库中调取数据生成添加权限控制的数据表,并对所述数据表依照预设的规则进行命名,生成数据表名称;Use the model file with added authority control to call data from the database to generate a data table with added authority control, and name the data table according to preset rules to generate a data table name;

将所述权限用户类与数据表名称在数据库中关联存储;以及storing the privileged user class in association with the data table name in the database; and

提供前端页面,当接收到所述前端页面发送的数据表名称时,根据所述数据表名称确定具有查看权限的权限用户类,通过前端页面向用户展示具有查看对应数据表权限的权限用户类。Provide a front-end page, when receiving the data table name sent by the front-end page, determine the permission user class with viewing permission according to the data table name, and display the permission user class with the permission to view the corresponding data table to the user through the front-end page.

进一步的,所述解析所述权限文件,并对所述模型文件进行加权处理的步骤包括:Further, the step of parsing the authority file and performing weighting processing on the model file includes:

使用加权工具解析所述权限文件,提取所述权限文件中的权限用户类、模型名称和加权要求;Use a weighting tool to parse the permission file, and extract the permission user class, model name and weighting requirement in the permission file;

依据提取到的所述模型名称确定对应的模型文件;Determine the corresponding model file according to the extracted model name;

根据所述加权要求获得权限限制,将所述权限限制和权限用户类附加到所述模型文件中,以获得添加权限控制的模型文件。The permission limit is obtained according to the weighting requirement, and the permission limit and the permission user class are added to the model file to obtain a model file with permission control added.

进一步的,所述对所述数据表依照预设的规则进行命名,生成数据表名称的步骤包括:Further, the described data table is named according to a preset rule, and the step of generating the data table name includes:

识别当前年份、月份和数据表中数据类型,对所述数据表进行命名,生成数据表名称。Identify the current year, month and data type in the data table, name the data table, and generate a data table name.

进一步的,所述将所述权限用户类与所述数据表名称在数据库中关联存储的步骤包括:Further, the step of storing the permission user class and the data table name in association with the database includes:

处理当前开发人员移交的所有所述模型文件和权限文件后,将生成的数据表名称与权限用户类关联存储,生成查找表;After processing all the model files and permission files handed over by the current developer, store the generated data table name in association with the permission user class, and generate a lookup table;

判断数据库中的是否存储有查找表;Determine whether a lookup table is stored in the database;

若数据库中未存储查找表,则将生成的查找表写入数据库;If the lookup table is not stored in the database, the generated lookup table will be written into the database;

若数据库中存储有查找表,则删除原有的查找表,将生成的查找表写入数据库。If a lookup table is stored in the database, the original lookup table is deleted, and the generated lookup table is written into the database.

进一步的,在所述解析所述权限文件,并对所述模型文件进行加权处理,以获得添加权限控制的模型文件的步骤之后还包括:Further, after the step of parsing the authority file and performing weighting processing on the model file to obtain a model file with authority control added, the method further includes:

定期检测数据表被查看情况;Regularly check the data sheet is checked;

若当前被检测的数据表上一次登录的时间与当前检测时间的时间差值大于一预设的时间段,则将当前被检测的数据表隐藏。If the time difference between the last login time of the currently detected data table and the current detection time is greater than a preset time period, the currently detected data table is hidden.

进一步的,在所述解析所述权限文件,并对所述模型文件进行加权处理,以获得添加权限控制的模型文件的步骤之后,还包括:Further, after the step of parsing the authority file and performing weighting processing on the model file to obtain a model file for adding authority control, the method further includes:

将预先存储的第一用户ID与至少一个权限用户类进行关联,以使得所述第一用户ID具有查看所述权限用户类控制的数据表的权限;Associating the pre-stored first user ID with at least one privileged user class, so that the first user ID has the right to view the data table controlled by the privileged user class;

定期检测所述第一用户ID的登录情况;Periodically detect the login situation of the first user ID;

若所述第一用户ID上一次登录的时间与当前检测时间的时间差值大于一预设的时间段,则将所述第一用户ID与所述权限用户类的关联解除。If the time difference between the last login time of the first user ID and the current detection time is greater than a preset time period, the association between the first user ID and the authorized user class is released.

进一步的,在所述将预先存储的第一用户ID与至少一个权限用户类进行关联,以使得所述第一用户ID具有查看所述权限用户类控制的数据表的权限的步骤之后,还包括:Further, after the step of associating the pre-stored first user ID with at least one permission user class, so that the first user ID has the permission to view the data table controlled by the permission user class, further comprising: :

提供前端页面,当接收到所述前端页面发送的申请权限请求时,所述申请权限请求携带权限用户类和第二用户ID,将所述权限用户类和第二用户ID发送至管理人员审核;A front-end page is provided, when receiving a permission application request sent by the front-end page, the permission application request carries the permission user class and the second user ID, and the permission user class and the second user ID are sent to the administrator for review;

当接收到管理人员发送的同意指令时,为所述第二用户ID配置所述权限用户类,以使得所述第二用户ID具有查看对应所述数据表的权限,并通过前端页面向用户展示审核结果。When receiving the consent instruction sent by the administrator, configure the permission user class for the second user ID, so that the second user ID has the permission to view the corresponding data table, and display it to the user through the front-end page Audit results.

为了解决上述技术问题,本申请实施例还提供一种数据表权限的处理装置,采用了如下所述的技术方案:In order to solve the above technical problem, the embodiment of the present application also provides a processing device for data table permissions, which adopts the following technical solutions:

一种数据表权限的处理装置,包括:A processing device for data table permissions, comprising:

接收模块,用于接收开发人员移交到生产环境中的至少两个不同的模型文件和至少两个不同的权限文件;a receiving module for receiving at least two different model files and at least two different permission files handed over to the production environment by the developer;

加权模块,用于解析所述权限文件,并对所述模型文件进行加权处理,以获得添加权限控制的模型文件,其中,所述权限文件包括至少一个权限用户类,所述权限用户类具有查看对应数据表的权限;A weighting module, configured to parse the authority file and perform weighting processing on the model file to obtain a model file with added authority control, wherein the authority file includes at least one authority user class, and the authority user class has the ability to view Permissions corresponding to the data table;

生成模块,用于使用添加权限控制的模型文件从数据库中调取数据生成添加权限控制的数据表,并对所述数据表依照预设的规则进行命名,生成数据表名称;A generation module is used for using the model file with added authority control to call data from the database to generate a data table with added authority control, and to name the data table according to preset rules, and to generate a data table name;

存储模块,用于将所述权限用户类与数据表名称在数据库中关联存储;以及a storage module for storing the privileged user class and the name of the data table in the database in association; and

提供模块,用于提供前端页面,当接收到所述前端页面发送的数据表名称时,根据所述数据表名称确定具有查看权限的权限用户类,通过前端页面向用户展示具有查看对应数据表权限的权限用户类。The providing module is used to provide the front-end page, when receiving the data table name sent by the front-end page, determine the permission user class with viewing authority according to the data table name, and show the user through the front-end page that has the authority to view the corresponding data table Permission user class.

为了解决上述技术问题,本申请实施例还提供一种计算机设备,采用了如下所述的技术方案:In order to solve the above-mentioned technical problems, the embodiment of the present application also provides a computer device, which adopts the following technical solutions:

一种计算机设备,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器执行所述计算机程序时实现上述的数据表权限的处理方法的步骤。A computer device includes a memory and a processor, wherein a computer program is stored in the memory, and when the processor executes the computer program, the processor implements the steps of the above method for processing data table permissions.

为了解决上述技术问题,本申请实施例还提供一种计算机可读存储介质,采用了如下所述的技术方案:In order to solve the above technical problems, the embodiments of the present application also provide a computer-readable storage medium, which adopts the following technical solutions:

一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现上述的数据表权限的处理方法的步骤。A computer-readable storage medium stores a computer program on the computer-readable storage medium, and when the computer program is executed by a processor, implements the steps of the above method for processing data table permissions.

与现有技术相比,本申请实施例主要有以下有益效果:Compared with the prior art, the embodiments of the present application mainly have the following beneficial effects:

将用户类与数据表对应的权限情况落入数据库中,实现了所有用户都可以通过前端页面自助查询,用户只要在页面输入框输入数据表名称,点击查询就能查看哪些用户类具有查看该数据表的权限,事件人员查看可以快速响应用户上报的权限问题,运营人员查看可以快速处理报表权限报错问题,开发人员可以快速查看报表权限进行报表开发的参考;进而帮助企业改善服务质量,提高客户满意度;当用户长期未登录时,则将用户ID与权限用户类的关联取消,以及时的保证系统中的信息安全The permissions corresponding to the user class and the data table are placed in the database, so that all users can self-check through the front-end page. Users only need to enter the name of the data table in the input box on the page, and click query to see which user classes have the ability to view the data. The permission of the table, the event personnel can quickly respond to the permission problem reported by the user, the operation personnel can quickly deal with the report permission error problem, and the developer can quickly view the report permission for the reference of report development; thereby helping enterprises to improve service quality and customer satisfaction When the user has not logged in for a long time, the association between the user ID and the authorized user class will be cancelled to ensure the information security in the system in time.

附图说明Description of drawings

为了更清楚地说明本申请中的方案,下面将对本申请实施例描述中所需要使用的附图作一个简单介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the solutions in the present application more clearly, the following will briefly introduce the accompanying drawings used in the description of the embodiments of the present application. For those of ordinary skill, other drawings can also be obtained from these drawings without any creative effort.

图1是本申请可以应用于其中的示例性系统架构图;FIG. 1 is an exemplary system architecture diagram to which the present application can be applied;

图2是根据本申请的一种数据表权限的处理方法的一个实施例的流程图;2 is a flowchart of an embodiment of a method for processing data table permissions according to the present application;

图3是图2中步骤S2的具体流程图;Fig. 3 is the concrete flow chart of step S2 in Fig. 2;

图4是图2中步骤S4的具体流程图;Fig. 4 is the concrete flow chart of step S4 in Fig. 2;

图5是根据本申请的一种数据表权限的处理方法中的另一个实施例的流程图;5 is a flowchart of another embodiment of a method for processing data table permissions according to the present application;

图6是根据本申请的一种数据表权限的处理方法中的另一个实施例的流程图;6 is a flowchart of another embodiment in a method for processing data table permissions according to the present application;

图7是根据本申请的一种数据表权限的处理装置的一个实施例的结构示意图;7 is a schematic structural diagram of an embodiment of an apparatus for processing data table permissions according to the present application;

图8是根据本申请的计算机设备的一个实施例的结构示意图。FIG. 8 is a schematic structural diagram of an embodiment of a computer device according to the present application.

附图标记:200、计算机设备;201、存储器;202、处理器;203、网络接口;300、数据表权限的处理装置;301、接收模块;302、加权模块;303、生成模块;304、存储模块;305、提供模块。Reference numerals: 200, computer equipment; 201, memory; 202, processor; 203, network interface; 300, processing device for data table authority; 301, receiving module; 302, weighting module; 303, generating module; 304, storage module; 305. Provide a module.

具体实施方式Detailed ways

除非另有定义,本文所使用的所有的技术和科学术语与属于本申请的技术领域的技术人员通常理解的含义相同;本文中在申请的说明书中所使用的术语只是为了描述具体的实施例的目的,不是旨在于限制本申请;本申请的说明书和权利要求书及上述附图说明中的术语“包括”和“具有”以及它们的任何变形,意图在于覆盖不排他的包含。本申请的说明书和权利要求书或上述附图中的术语“第一”、“第二”等是用于区别不同对象,而不是用于描述特定顺序。Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the technical field of this application; the terms used herein in the specification of the application are for the purpose of describing specific embodiments only It is not intended to limit the application; the terms "comprising" and "having" and any variations thereof in the description and claims of this application and the above description of the drawings are intended to cover non-exclusive inclusion. The terms "first", "second" and the like in the description and claims of the present application or the above drawings are used to distinguish different objects, rather than to describe a specific order.

在本文中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本文所描述的实施例可以与其它实施例相结合。Reference herein to an "embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor a separate or alternative embodiment that is mutually exclusive of other embodiments. It is explicitly and implicitly understood by those skilled in the art that the embodiments described herein may be combined with other embodiments.

为了使本技术领域的人员更好地理解本申请方案,下面将结合附图,对本申请实施例中的技术方案进行清楚、完整地描述。In order to make those skilled in the art better understand the solutions of the present application, the technical solutions in the embodiments of the present application will be described clearly and completely below with reference to the accompanying drawings.

如图1所示,系统架构100可以包括终端设备101、102、103,网络104和服务器105。网络104用以在终端设备101、102、103和服务器105之间提供通信链路的介质。网络104可以包括各种连接类型,例如有线、无线通信链路或者光纤电缆等等。As shown in FIG. 1 , the system architecture 100 may include terminal devices 101 , 102 , and 103 , a network 104 and a server 105 . The network 104 is a medium used to provide a communication link between the terminal devices 101 , 102 , 103 and the server 105 . The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.

用户可以使用终端设备101、102、103通过网络104与服务器105交互,以接收或发送消息等。终端设备101、102、103上可以安装有各种通讯客户端应用,例如网页浏览器应用、购物类应用、搜索类应用、即时通信工具、邮箱客户端、社交平台软件等。The user can use the terminal devices 101, 102, 103 to interact with the server 105 through the network 104 to receive or send messages and the like. Various communication client applications may be installed on the terminal devices 101 , 102 and 103 , such as web browser applications, shopping applications, search applications, instant messaging tools, email clients, social platform software, and the like.

终端设备101、102、103可以是具有显示屏并且支持网页浏览的各种电子设备,包括但不限于智能手机、平板电脑、电子书阅读器、MP3播放器(Moving Picture ExpertsGroup Audio Layer III,动态影像专家压缩标准音频层面3)、MP4(Moving PictureExperts Group Audio Layer IV,动态影像专家压缩标准音频层面4)播放器、膝上型便携计算机和台式计算机等等。The terminal devices 101, 102, and 103 may be various electronic devices that have a display screen and support web browsing, including but not limited to smart phones, tablet computers, e-book readers, MP3 players (Moving Picture Experts Group Audio Layer III, moving image Expert Compression Standard Audio Layer 3), MP4 (Moving PictureExperts Group Audio Layer IV, Moving Picture Experts Group Audio Layer 4) Players, Laptops and Desktops, etc.

服务器105可以是提供各种服务的服务器,例如对终端设备101、102、103上显示的页面提供支持的后台服务器。The server 105 may be a server that provides various services, such as a background server that provides support for the pages displayed on the terminal devices 101 , 102 , and 103 .

需要说明的是,本申请实施例所提供的数据表权限的处理方法一般由服务器/终端设备执行,相应地,数据表权限的处理装置一般设置于服务器/终端设备中。It should be noted that the method for processing data table permissions provided by the embodiments of the present application is generally executed by a server/terminal device, and correspondingly, the processing apparatus for data table permissions is generally set in the server/terminal device.

应该理解,图1中的终端设备、网络和服务器的数目仅仅是示意性的。根据实现需要,可以具有任意数目的终端设备、网络和服务器。It should be understood that the numbers of terminal devices, networks and servers in FIG. 1 are merely illustrative. There can be any number of terminal devices, networks and servers according to implementation needs.

继续参考图2,示出了根据本申请的数据表权限的处理方法的一个实施例的流程图。所述的数据表权限的处理方法,包括以下步骤:Continuing to refer to FIG. 2 , there is shown a flowchart of an embodiment of a method for processing data table permissions according to the present application. The processing method of the data table permission includes the following steps:

S1:接收开发人员移交到生产环境中的至少两个不同的模型文件和至少两个不同的权限文件。S1: Receive at least two different model files and at least two different permissions files that developers hand over to the production environment.

在本实施例中,模型文件与权限文件的后缀名不同,模型文件的后缀名为mdl,权限文件的后缀名为xml,所述模型文件的模型名称与所述权限文件的权限名称具有一一对应关系。截取当前模型文件的模型名称,根据所述模型名称识别与所述模型名称对应的权限名称,以确定对应的权限文件。模型文件用于从数据库中调取数据从而生成数据表。比如:当前模型文件的模型名称为a.mdl,则通过找到权限名称a.xml找到对应的权限文件。此外,数据表可以是报表;模型文件从数据库中调取包括所需的企业一定时期的财务状况、经营成果和现金流量等信息的数据,从而生成报表。权限文件(xml)用于对模型文件添加权限,使得模型文件生成的报表只能被具有对应权限的用户类才能查看。In this embodiment, the suffix names of the model file and the authority file are different, the suffix name of the model file is mdl, the suffix name of the authority file is xml, and the model name of the model file and the authority name of the authority file are one-to-one. Correspondence. The model name of the current model file is intercepted, and the authority name corresponding to the model name is identified according to the model name, so as to determine the corresponding authority file. Model files are used to retrieve data from the database to generate data tables. For example, if the model name of the current model file is a.mdl, then find the corresponding permission file by finding the permission name a.xml. In addition, the data table can be a report; the model file retrieves data including the required information such as the financial status, operating results and cash flow of the enterprise in a certain period from the database, thereby generating a report. The permission file (xml) is used to add permission to the model file, so that the report generated by the model file can only be viewed by the user class with the corresponding permission.

在本实施例中,数据表权限的处理方法运行于其上的电子设备(例如图1所示的服务器/终端设备)可以通过有线连接方式或者无线连接方式来接收开发人员移交的模型文件和权限文件。需要指出的是,上述无线连接方式可以包括但不限于3G/4G连接、WiFi连接、蓝牙连接、WiMAX连接、Zigbee连接、UWB(ultra wideband)连接、以及其他现在已知或将来开发的无线连接方式。In this embodiment, the electronic device (for example, the server/terminal device shown in FIG. 1 ) on which the data table permission processing method runs can receive the model file and the permission handed over by the developer through a wired connection or a wireless connection. document. It should be pointed out that the above wireless connection methods may include but are not limited to 3G/4G connection, WiFi connection, Bluetooth connection, WiMAX connection, Zigbee connection, UWB (ultra wideband) connection, and other wireless connection methods currently known or developed in the future .

S2:解析所述权限文件,并对所述模型文件进行加权处理,以获得添加权限控制的模型文件,其中,所述权限文件包括至少一个权限用户类,所述权限用户类具有查看对应数据表的权限。S2: Parse the permission file, and perform weighting processing on the model file to obtain a model file with permission control added, wherein the permission file includes at least one permission user class, and the permission user class has the ability to view a corresponding data table permission.

在本实施例中,在生产环境中对模型文件进行加权处理,通过对模型文件添加权限控制,使得只有具有对应权限的用户类才可以查看对应的模型文件生成的数据表。当然,本申请也可以在模型文件生成数据表之后,解析所述权限文件,对所述数据表进行加权处理。模型文件用于从数据库中调取数据从而生成数据表,权限文件用于对模型文件添加权限,使得模型文件生成的数据表只能被具有对应权限的用户类才能查看。In this embodiment, model files are weighted in the production environment, and permission control is added to the model files, so that only user classes with corresponding permissions can view the data tables generated by the corresponding model files. Of course, the present application may also parse the authority file after the model file generates the data table, and perform weighting processing on the data table. The model file is used to retrieve data from the database to generate a data table, and the permission file is used to add permissions to the model file, so that the data table generated by the model file can only be viewed by user classes with corresponding permissions.

具体的,如图3所示,图3是图2中步骤S2的具体流程图。在步骤S2中,即解析所述权限文件,并对所述模型文件进行加权处理的步骤包括:Specifically, as shown in FIG. 3 , FIG. 3 is a specific flowchart of step S2 in FIG. 2 . In step S2, the steps of parsing the authority file and performing weighting processing on the model file include:

S21:使用加权工具解析所述权限文件,提取所述权限文件中的权限用户类、模型名称和加权要求;S21: Use a weighting tool to parse the authority file, and extract the authority user class, model name and weighting requirement in the authority file;

S22:依据提取到的所述模型名称确定对应的模型文件;S22: Determine the corresponding model file according to the extracted model name;

S23:根据所述加权要求获得权限限制,将所述权限限制和权限用户类附加到所述模型文件中,以获得添加权限控制的模型文件。S23: Obtain the permission limit according to the weighting requirement, and append the permission limit and the permission user class to the model file to obtain a model file to which permission control is added.

在本实施例中,使用加权工具将权限文件(xml)里面的内容附加到模型(mdl)文件中,使得对模型文件添加了一层权限控制,当模型文件从数据库中提取数据,形成数据表后,只有具有对应权限的权限用户类才可以解除权限限制,进而查看对应的数据表;而没有使用加权工具将权限文件里面的内容附加到模型文件中时,该模型文件从数据库中提取数据形成的数据表是所有用户类都可以查看,而不需要权限的。In this embodiment, a weighting tool is used to add the content in the authority file (xml) to the model (mdl) file, so that a layer of authority control is added to the model file. When the model file extracts data from the database, a data table is formed After that, only the permission user class with the corresponding permission can lift the permission restriction, and then view the corresponding data table; and when the weighting tool is not used to append the content in the permission file to the model file, the model file extracts data from the database to form The data table is viewable by all user classes without permission.

当然也可以,将权限文件中的权限用户类、模型名称和加权要求等信息提取出来在数据库中建立对应关系进行存储。从而实现不需要立刻对所述模型文件进行加权处理。而当需要对模型文件进行加权处理时,可以直接将数据库中存储的权限用户类附加到对应的模型文件中,不需要重新接收并解析权限文件,提升计算机的响应速度。Of course, it is also possible to extract information such as the permission user class, model name, and weighting requirements in the permission file, and establish a corresponding relationship in the database for storage. Therefore, it is not necessary to perform weighting processing on the model file immediately. When the model file needs to be weighted, the permission user class stored in the database can be directly attached to the corresponding model file, without the need to re-receive and parse the permission file, which improves the response speed of the computer.

S3:使用添加权限控制的模型文件从数据库中调取数据生成添加权限控制的数据表,并对所述数据表依照预设的规则进行命名,生成数据表名称。S3: Use the model file with added authority control to retrieve data from the database to generate a data table with added authority control, and name the data table according to a preset rule to generate a data table name.

在本实施例中,生产的数据表名称与其添加权限控制的数据表具有对应对应关系。添加权限控制的数据表与其添加权限控制的模型文件具有对应关系。添加权限控制的模型文件与附加到其中的权限用户类具有对应关系。故,数据表名称与权限用户类具有对应关系。依照预设的规则生成数据表名称,便于对数据表的管理。In this embodiment, the name of the produced data table has a corresponding relationship with the data table to which the permission control is added. The data table to which permission control is added has a corresponding relationship with the model file to which permission control is added. The model file to which permission control is added has a corresponding relationship with the permission user class attached to it. Therefore, the data table name has a corresponding relationship with the permission user class. The name of the data table is generated according to the preset rules, which is convenient for the management of the data table.

具体的,在步骤S3中,即所述对所述数据表依照预设的规则进行命名,生成数据表名称的步骤包括:Specifically, in step S3, that is, the data table is named according to a preset rule, and the step of generating the data table name includes:

识别当前年份、月份和数据表中数据类型,对所述数据表进行命名,生成数据表名称。Identify the current year, month and data type in the data table, name the data table, and generate a data table name.

在本实施例中,若数据表中数据类型为数据型,则为财务表,若数据表中数据类型为统计图型,则为统计表。只需要根据数据表名称就可以获得数据表生成的年份、月份和其中的数据类型,便于相关人员对数据表的统一管理和识别。In this embodiment, if the data type in the data table is a data type, it is a financial table, and if the data type in the data table is a statistical graph type, it is a statistical table. The year, month and data type in which the data table is generated only need to be obtained according to the name of the data table, which facilitates the unified management and identification of the data table by the relevant personnel.

S4:将所述权限用户类与数据表名称在数据库中关联存储。S4: Associate and store the permission user class and the data table name in the database.

在本实施例中,将所述权限用户类与数据表名称在数据库中关联存储,使得数据库中存储有对应的记录,方便调用和查看对应的关联关系。In this embodiment, the permission user class and the name of the data table are stored in association with each other in the database, so that the corresponding records are stored in the database, which facilitates calling and viewing of the corresponding association relationship.

具体的,如图4所示,图4是图2中步骤S4的具体流程图。在步骤S4中,即将所述权限用户类与数据表名称在数据库中关联存储的步骤包括:Specifically, as shown in FIG. 4 , FIG. 4 is a specific flowchart of step S4 in FIG. 2 . In step S4, the step of storing the privileged user class and the name of the data table in association with the database includes:

S41:处理当前开发人员移交的所有所述模型文件和权限文件后,将生成的数据表名称与权限用户类关联存储,生成查找表;S41: After processing all the model files and authority files handed over by the current developer, store the generated data table name in association with the authority user class, and generate a lookup table;

S42:判断数据库中的是否存储有查找表;S42: Determine whether a lookup table is stored in the database;

S43:若数据库中未存储查找表,则将生成的查找表写入数据库;S43: If the lookup table is not stored in the database, write the generated lookup table into the database;

S44:若数据库中存储有查找表,则删除原有的查找表,将生成的查找表写入数据库。S44: If the lookup table is stored in the database, delete the original lookup table, and write the generated lookup table into the database.

在本实施例中,在将查找表写入数据库之前,确认数据库中是否已经存储有查找表,若数据库中存储有查找表,说明是旧的查找表,删除旧的查找表;写入新的查找表。若数据中未存储有查找表,说明之前未将查找表写入数据库中,则可以直接写入新的查找表。新旧查找表分别是当前次和上一次处理所有所述模型文件和权限文件后生成的;随着时间的改变,原数据库中的数据有所改变,新的模型文件也有所不同,权限文件赋予的模型文件的权限用户类也有新的变化,此时一处处修改则极为复杂,便可以重新传输新的模型文件和权限文件,那么生成的新的查找表则与旧的查找表内容有所不同,则删除旧的查找表,以避免系统识别错误,且释放系统的存储空间,提升系统响应速度。In this embodiment, before writing the lookup table into the database, confirm whether the lookup table has been stored in the database. If there is a lookup table stored in the database, it is an old lookup table, and the old lookup table is deleted; lookup table. If no lookup table is stored in the data, it means that the lookup table has not been written into the database before, and a new lookup table can be directly written. The old and new lookup tables are generated after processing all the model files and permission files at the current time and last time respectively; as time changes, the data in the original database changes, and the new model files are also different. There are also new changes in the permission user class of the model file. At this time, it is extremely complicated to modify everywhere, and the new model file and permission file can be retransmitted. Then the content of the new lookup table generated is different from the old lookup table. Then delete the old lookup table to avoid system identification errors, release the storage space of the system, and improve the response speed of the system.

进一步的,在所述查找表中,所述数据表名称和权限用户类具有一一对应关系、一对多的关系、多对一的关系或者多对多的关系。Further, in the lookup table, the data table name and the permission user class have a one-to-one correspondence, a one-to-many relationship, a many-to-one relationship, or a many-to-many relationship.

在本实施例中,在权限文件中,数据表名称和权限用户类具有一对一、一对多或者多对一的关系,可以根据需求灵活调整。In this embodiment, in the authority file, the data table name and the authority user class have a one-to-one, one-to-many or many-to-one relationship, which can be flexibly adjusted according to requirements.

S5:提供前端页面,当接收到所述前端页面发送的数据表名称时,根据所述数据表名称确定具有查看权限的权限用户类,通过前端页面向用户展示具有查看对应数据表权限的权限用户类。S5: Provide a front-end page, when receiving the data table name sent by the front-end page, determine the permission user class with viewing permission according to the data table name, and display the permission user with the permission to view the corresponding data table to the user through the front-end page kind.

在本实施例中,用户可以通过前端页面输入所需要查询的数据表名称,根据用户输入的数据表名称,通过从数据库中查找数据表名称与权限用户类的对应关系,确定具有查看数据表权限的权限用户类,通过前端页面向用户展示对应权限用户类,使得用户可以获知哪些用户类对该数据表具有查看的权限。In this embodiment, the user can input the name of the data table to be queried through the front-end page, and according to the name of the data table input by the user, by looking up the corresponding relationship between the name of the data table and the permission user class in the database, it is determined that the user has the permission to view the data table The permission user class is displayed to the user through the front-end page, so that the user can know which user class has the permission to view the data table.

当事件人员接到权限问题的反馈,可以通过在前端页面查询,快速确定和响应权限问题;运营人员也可以快速处理数据表权限报错的问题;开发人员可以通过前端页面快速查看和确认数据表权限,进行数据表开发的参考。同时,还实现了对于哪些数据表可以被哪些用户查看的监控;比如:某些重要的数据表不能被所有人查看,但是开发人员忘记添加权限或者忘记移交权限文件的情况下,根据在前端页面查询数据库里面的信息就可以快速监控出数据表对应的权限用户类情况。When incident personnel receive feedback on permission issues, they can quickly determine and respond to permission issues by querying on the front-end page; operators can also quickly deal with data table permission errors; developers can quickly view and confirm data table permissions through the front-end page , a reference for data sheet development. At the same time, it also realizes the monitoring of which data tables can be viewed by which users; for example: some important data tables cannot be viewed by everyone, but if the developer forgets to add permissions or forget to hand over the permission files, according to the front-end page By querying the information in the database, you can quickly monitor the privileged user class corresponding to the data table.

在实际应用中,比如报表的应用:报表中的数据属于机密不能够让所有人都可以查看所有数据,通过前端页面,用户就可以获知哪些用户类具有查看所查询的报表的权限,从而可以及时的统计和确定相关的权限信息。In practical applications, such as the application of reports: the data in the report is confidential and cannot allow everyone to view all the data. Through the front-end page, users can know which user classes have the permission to view the queried report, so that they can timely statistics and determine relevant permission information.

同时,本申请还可以,提供前端页面,当接收到所述前端页面发送的申请权限请求时,所述申请权限请求携带权限用户类和第二用户ID,将所述权限用户类和第二用户ID发送至管理人员审核;当接收到管理人员发送的同意指令时,为所述第二用户ID配置所述权限用户类,以使得所述第二用户ID具有查看对应所述数据表的权限,并通过前端页面向用户展示审核结果。At the same time, the application can also provide a front-end page, when receiving the request for permission to apply sent by the front-end page, the request for permission to apply carries the permission user class and the second user ID, and the permission user class and the second user The ID is sent to the manager for review; when the consent instruction sent by the manager is received, the permission user class is configured for the second user ID, so that the second user ID has the permission to view the corresponding data table, And display the audit results to users through the front-end page.

在本实施例中,第二用户ID对应的用户为公司的普通职员,当该普通职员因为工作需要而请求获得查看数据表的权限时,需要通过前端页面发送携带对应的第二用户ID的申请权限请求,进而通过管理人员的审核,才能够获得查看数据表的权限。本申请的数据表和权限用户类的对应关系是由业务部门的人预先设定好的,即业务部门的人预先决定好哪一个数据表可以给哪几个用户类查看;当用户需要查看某一个数据表时,需要先通过查询哪些用户类具有查看该数据表的权限;再通过申请这些具有权限的权限用户类,当管理人员同意后,该用户才能够获得权限用户类,进而才获得查看该数据表的权限。有利于对数据表查看权限的清晰管理和控制,并且保证数据表的信息安全。In this embodiment, the user corresponding to the second user ID is an ordinary employee of the company. When the ordinary employee requests the permission to view the data table due to work needs, it is necessary to send an application carrying the corresponding second user ID through the front-end page. Permission request, and then through the review of the administrator, can obtain the permission to view the data table. The correspondence between the data tables and the authorized user classes in this application is preset by the people in the business department, that is, the people in the business department have pre-determined which data table can be viewed for which user classes; when the user needs to view a certain When a data table is used, it is necessary to first query which user classes have the permission to view the data table; and then apply for these permission user classes with permissions. After the administrator agrees, the user can obtain the permission user class, and then obtain the view. permissions for this data sheet. It is conducive to the clear management and control of the viewing authority of the data table, and ensures the information security of the data table.

在本实施例的一些可选的实现方式中,如图5所示,图5是根据本申请的一种数据表权限的处理方法中的另一个实施例的流程图。在步骤S2之后,即在解析所述权限文件,并对所述模型文件进行加权处理,以获得添加权限控制的模型文件的步骤之后,上述电子设备还可以执行以下步骤:In some optional implementations of this embodiment, as shown in FIG. 5 , FIG. 5 is a flowchart of another embodiment of a method for processing data table permissions according to the present application. After step S2, that is, after parsing the authority file and performing a weighting process on the model file to obtain a model file to which authority control is added, the electronic device may also perform the following steps:

S6:定期检测数据表被查看情况;S6: Regularly check the status of the data sheet being viewed;

S7:若当前被检测的数据表上一次登录的时间与当前检测时间的时间差值大于一预设的时间段,则将当前被检测的数据表隐藏。S7 : If the time difference between the last login time of the currently detected data table and the current detection time is greater than a preset time period, the currently detected data table is hidden.

在本实施例中,检测到一数据表长期不被查看,则将该数据表隐藏,使得即使具有查看对应数据表权限的权限用户类也无法查看该数据表;隐藏数据表,则系统在查找数据表的时候可以忽略该数据表,减少系统查找数据表的数量,提升系统的响应速度。当数据表隐藏超过预设时间后,将数据表名称和开始隐藏时间发送给相关人员,相关人员根据实际情况将数据表删除或解除隐藏。In this embodiment, if it is detected that a data table has not been viewed for a long time, the data table is hidden, so that even a user class with the authority to view the corresponding data table cannot view the data table; if the data table is hidden, the system is searching for the data table. The data table can be ignored when the data table is used to reduce the number of data tables searched by the system and improve the response speed of the system. When the data table is hidden for more than the preset time, send the data table name and start hiding time to the relevant personnel, and the relevant personnel will delete or unhide the data table according to the actual situation.

如图6所示,图6是根据本申请的一种数据表权限的处理方法中的另一个实施例的流程图。在步骤S2之后,即在解析所述权限文件,并对所述模型文件进行加权处理,以获得添加权限控制的模型文件的步骤之后,还包括:As shown in FIG. 6 , FIG. 6 is a flowchart of another embodiment of a method for processing data table permissions according to the present application. After step S2, that is, after parsing the authority file and performing a weighting process on the model file to obtain a model file for adding authority control, the method further includes:

S8:将预先存储的第一用户ID与至少一个权限用户类进行关联,以使得所述第一用户ID具有查看所述权限用户类控制的数据表的权限;S8: associate the pre-stored first user ID with at least one privileged user class, so that the first user ID has the right to view the data table controlled by the privileged user class;

S9:定期检测所述第一用户ID的登录情况;S9: Regularly detect the login status of the first user ID;

S10:若所述第一用户ID上一次登录的时间与当前检测时间的时间差值大于一预设的时间段,则将所述第一用户ID与所述权限用户类的关联解除。S10: If the time difference between the last login time of the first user ID and the current detection time is greater than a preset time period, disassociate the first user ID with the authorized user class.

在本实施例中,第一用户ID对应的用户为公司的各部门的主管、总经理、副总经理等,根据用户的职位权限,为对应的第一用户ID关联不同的权限用户类。若所述第一用户ID上一次登录的时间与当前检测时间的时间差值大于半年,则将权限收回,解除第一用户ID与权限用户类的关联;第一用户ID超过半年未登陆,说明第一用户ID的对应用户离职或休长假,则取消长期未登陆的第一用户ID的查看权限,以保证信息的安全性;In this embodiment, the user corresponding to the first user ID is the supervisor, general manager, deputy general manager, etc. of each department of the company. According to the user's position authority, the corresponding first user ID is associated with different permission user classes. If the time difference between the last login time of the first user ID and the current detection time is greater than half a year, the authority will be withdrawn, and the association between the first user ID and the authority user class will be cancelled; the first user ID has not logged in for more than half a year, indicating that If the corresponding user of the first user ID resigns or takes a long vacation, the viewing authority of the first user ID that has not logged in for a long time is cancelled to ensure the security of information;

当然也可以,将预先存储的第一用户ID与至少一个权限用户类进行关联,以使得所述第一用户ID具有查看所述权限用户类控制的数据表的权限,定期检测第一用户ID查看各数据表的情况,确定超过预设的时间段未被第一用户ID查看的数据表,识别该数据表对应的权限用户类,将该权限用户类与第一用户ID的关联解除,保留其他权限用户类与第一用户ID的关联关系。本方案中,不论该权限用户类对多少个数据表具有查看权限,只要该权限用户类下有任意一个数据表超过预设的时间未被第一用户ID查看,则解除该权限用户类和第一用户ID的关联,使得第一用户ID不能再查看该权限用户类下的所有数据表;保护该用户类下所有数据表的安全。Of course, it is also possible to associate a pre-stored first user ID with at least one permission user class, so that the first user ID has the permission to view the data table controlled by the permission user class, and regularly detect the first user ID to view the In the case of each data table, determine the data table that has not been viewed by the first user ID for more than a preset time period, identify the authorized user class corresponding to the data table, disassociate the authorized user class with the first user ID, and retain other The association relationship between the authorized user class and the first user ID. In this solution, no matter how many data tables the permission user class has viewing permission, as long as any data table under the permission user class has not been viewed by the first user ID for more than a preset time, the permission user class and the first user ID will be released. The association of a user ID makes it impossible for the first user ID to view all the data tables under the privileged user class; the security of all the data tables under the user class is protected.

此外,还可以是,将预先存储的第一用户ID与至少一个权限用户类进行关联,以使得所述第一用户ID具有查看所述权限用户类控制的数据表的权限,定期检测第一用户ID查看各数据表的情况,确定超过预设的时间段未被第一用户ID查看的数据表,识别该数据表对应的权限用户类,若所述权限用户类下的所有数据表都超过预设的时间未被第一用户ID查看,则将该权限用户类与第一用户ID的关联解除,保留其他权限用户类与第一用户ID的关联关系。本方案中,是需要该权限用户类下的所有数据表都超过预设的时间未被第一用户ID查看,才解除该权限用户类和第一用户ID的关联,以防止错误解除,防止影响用户的工作进度。In addition, it is also possible to associate a pre-stored first user ID with at least one permission user class, so that the first user ID has the permission to view the data table controlled by the permission user class, and regularly detect the first user ID checks the situation of each data table, determines the data table that has not been viewed by the first user ID for more than a preset time period, and identifies the authorized user class corresponding to the data table, if all data tables under the authorized user class exceed the predetermined time period If the set time is not checked by the first user ID, the association between the authorized user class and the first user ID is released, and the association between other authorized user classes and the first user ID is retained. In this solution, all data tables under the permission user class are required to be unchecked by the first user ID for more than a preset time, so that the association between the permission user class and the first user ID is released, so as to prevent erroneous release and prevent impact. The user's work progress.

本申请的上述实现方式可根据实际情况灵活选择。The above-mentioned implementation manner of the present application can be flexibly selected according to the actual situation.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,该计算机程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,前述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)等非易失性存储介质,或随机存储记忆体(Random Access Memory,RAM)等。Those of ordinary skill in the art can understand that the realization of all or part of the processes in the methods of the above embodiments can be accomplished by instructing relevant hardware through a computer program, and the computer program can be stored in a computer-readable storage medium, and the program is During execution, it may include the processes of the embodiments of the above-mentioned methods. The aforementioned storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM).

应该理解的是,虽然附图的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,其可以以其他的顺序执行。而且,附图的流程图中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,其执行顺序也不必然是依次进行,而是可以与其他步骤或者其他步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the various steps in the flowchart of the accompanying drawings are sequentially shown in the order indicated by the arrows, these steps are not necessarily executed in sequence in the order indicated by the arrows. Unless explicitly stated herein, the execution of these steps is not strictly limited to the order and may be performed in other orders. Moreover, at least a part of the steps in the flowchart of the accompanying drawings may include multiple sub-steps or multiple stages, and these sub-steps or stages are not necessarily executed at the same time, but may be executed at different times, and the execution sequence is also It does not have to be performed sequentially, but may be performed alternately or alternately with other steps or at least a portion of sub-steps or stages of other steps.

进一步参考图7,作为对上述图2所示方法的实现,本申请提供了一种数据表权限的处理装置的一个实施例,该装置实施例与图2所示的方法实施例相对应,该装置具体可以应用于各种电子设备中。With further reference to FIG. 7 , as an implementation of the method shown in FIG. 2 above, the present application provides an embodiment of a data table permission processing apparatus. The apparatus embodiment corresponds to the method embodiment shown in FIG. 2 . The device can be specifically applied to various electronic devices.

如图7所示,本实施例所述的数据表权限的处理装置300包括:接收模块301、加权模块302、生成模块303、存储模块304和提供模块305。其中:As shown in FIG. 7 , the apparatus 300 for processing data table permissions according to this embodiment includes: a receiving module 301 , a weighting module 302 , a generating module 303 , a storage module 304 and a providing module 305 . in:

接收模块301,用于接收开发人员移交到生产环境中的至少两个不同的模型文件和至少两个不同的权限文件;A receiving module 301, configured to receive at least two different model files and at least two different permission files that are handed over to the production environment by the developer;

加权模块302,用于解析所述权限文件,并对所述模型文件进行加权处理,以获得添加权限控制的模型文件,其中,所述权限文件包括至少一个权限用户类,所述权限用户类具有查看对应数据表的权限;The weighting module 302 is configured to parse the authority file and perform weighting processing on the model file to obtain a model file with added authority control, wherein the authority file includes at least one authority user class, and the authority user class has Permission to view the corresponding data sheet;

生成模块303,用于使用添加权限控制的模型文件从数据库中调取数据生成添加权限控制的数据表,并对所述数据表依照预设的规则进行命名,生成数据表名称;The generating module 303 is configured to use the model file for adding authority control to call data from the database to generate a data table for adding authority control, and to name the data table according to a preset rule to generate a data table name;

存储模块304,用于将所述权限用户类与数据表名称在数据库中关联存储;以及a storage module 304, configured to associate and store the privileged user class and the data table name in the database; and

提供模块305,用于提供前端页面,当接收到所述前端页面发送的数据表名称时,根据所述数据表名称确定具有查看权限的权限用户类,通过前端页面向用户展示具有查看对应数据表权限的权限用户类。The providing module 305 is configured to provide a front-end page, when receiving the data table name sent by the front-end page, determine a permission user class with viewing authority according to the data table name, and display the corresponding data table to the user through the front-end page The permission user class for the permission.

所述加权模块302包括解析单元、提取单元和附加单元。所述解析单元用于使用加权工具解析所述权限文件,提取所述权限文件中的权限用户类、模型名称和加权要求;所述提取单元用于依据提取到的所述模型名称确定对应的模型文件;所述附加单元用于根据所述加权要求获得权限限制,将所述权限限制和权限用户类附加到所述模型文件中,以获得添加权限控制的模型文件。The weighting module 302 includes a parsing unit, an extraction unit and an additional unit. The parsing unit is configured to use a weighting tool to parse the authority file, and extract the authority user class, model name and weighting requirement in the authority file; the extraction unit is configured to determine the corresponding model according to the extracted model name file; the appending unit is configured to obtain the permission limit according to the weighting requirement, and append the permission limit and the permission user class to the model file to obtain the model file to which permission control is added.

所述存储模块304包括创建单元、判断单元、写入单元和删除单元。所述创建单元用于处理当前开发人员移交的所有所述模型文件和权限文件后,将生成的数据表名称与权限用户类关联存储,生成查找表;所述判断单元用于判断数据库中的是否存储有查找表;所述写入单元用于当数据库中未存储查找表时,将生成的查找表写入数据库;所述删除单元用于当数据库中存储有查找表时,删除原有的查找表,通过所述写入单元将生成的查找表写入数据库。The storage module 304 includes a creation unit, a judgment unit, a writing unit and a deletion unit. The creation unit is used to process all the model files and authority files handed over by the current developer, store the generated data table name in association with the authority user class, and generate a lookup table; the judgment unit is used to judge whether the data in the database is A look-up table is stored; the writing unit is used to write the generated look-up table into the database when the look-up table is not stored in the database; the deletion unit is used to delete the original look-up table when the look-up table is stored in the database table, and the generated lookup table is written into the database through the writing unit.

所述数据表权限的处理装置300还包括检测模块和隐藏模块,所述检测模块用于定期检测数据表被查看情况;所述隐藏模块用于当当前被检测的数据表上一次登录的时间与当前检测时间的时间差值大于一预设的时间段时,隐藏当前被检测的数据表。The processing device 300 of the data table authority also includes a detection module and a hidden module, the detection module is used to regularly detect the situation of the data table being viewed; the hidden module is used for when the current detected data table was last logged in time and When the time difference between the current detection time is greater than a preset time period, the currently detected data table is hidden.

在本实施例中,相对于只能依赖运营人员登录生产服务器找到开发移交的文件,才能确定哪些用户类具有查看对应数据表的权限,且每个系统中的数据表都有几百上千张,每张数据表都是靠运营人员一张张查看,非常耗费人力,运营成本居高不下,客户满意度也受到了影响的方案来说,本申请将用户类与数据表对应的权限情况落入数据库中,实现了所有用户都可以通过前端页面自助查询,用户只要在页面输入框输入数据表名称,点击查询就能查看哪些用户类具有查看该数据表的权限,事件人员查看可以快速响应用户上报的权限问题,运营人员查看可以快速处理报表权限报错问题,开发人员可以快速查看报表权限进行报表开发的参考;进而帮助企业改善服务质量,提高客户满意度;当用户长期未登录时,则将用户ID与权限用户类的关联取消,以及时的保证系统中的信息安全。In this embodiment, compared to only relying on the operator to log in to the production server to find the development and handover files, it is possible to determine which user classes have the authority to view the corresponding data tables, and there are hundreds of thousands of data tables in each system. Each data table is viewed one by one by the operator, which is very labor-intensive, the operating cost remains high, and customer satisfaction is also affected. In the database, all users can self-check through the front-end page. Users only need to enter the name of the data table in the input box on the page, and click query to see which user classes have the permission to view the data table. Event personnel can quickly respond to user reports. The operator can quickly deal with the report permission problem, and the developer can quickly view the report permission for the reference of report development; thus helping the enterprise to improve the service quality and customer satisfaction; when the user has not logged in for a long time, the user The association between the ID and the authorized user class is canceled, and the information security in the system is ensured in a timely manner.

为解决上述技术问题,本申请实施例还提供计算机设备。具体请参阅图8,图8为本实施例计算机设备基本结构框图。To solve the above technical problems, the embodiments of the present application also provide computer equipment. For details, please refer to FIG. 8 , which is a block diagram of a basic structure of a computer device according to this embodiment.

所述计算机设备200包括通过系统总线相互通信连接存储器201、处理器202、网络接口203。需要指出的是,图中仅示出了具有组件201-203的计算机设备200,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。其中,本技术领域技术人员可以理解,这里的计算机设备是一种能够按照事先设定或存储的指令,自动进行数值计算和/或信息处理的设备,其硬件包括但不限于微处理器、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程门阵列(Field-Programmable Gate Array,FPGA)、数字处理器(Digital Signal Processor,DSP)、嵌入式设备等。The computer device 200 includes a memory 201 , a processor 202 , and a network interface 203 that communicate with each other through a system bus. It should be noted that only the computer device 200 with components 201-203 is shown in the figure, but it should be understood that implementation of all shown components is not required, and more or less components may be implemented instead. Among them, those skilled in the art can understand that the computer device here is a device that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions, and its hardware includes but is not limited to microprocessors, special-purpose Integrated circuit (Application Specific Integrated Circuit, ASIC), Programmable Gate Array (Field-Programmable Gate Array, FPGA), Digital Signal Processor (Digital Signal Processor, DSP), embedded devices, etc.

所述计算机设备可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。所述计算机设备可以与用户通过键盘、鼠标、遥控器、触摸板或声控设备等方式进行人机交互。The computer equipment may be a desktop computer, a notebook computer, a palmtop computer, a cloud server and other computing equipment. The computer device can perform human-computer interaction with the user through a keyboard, a mouse, a remote control, a touch pad or a voice control device.

所述存储器201至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等。在一些实施例中,所述存储器201可以是所述计算机设备200的内部存储单元,例如该计算机设备200的硬盘或内存。在另一些实施例中,所述存储器201也可以是所述计算机设备200的外部存储设备,例如该计算机设备200上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。当然,所述存储器201还可以既包括所述计算机设备200的内部存储单元也包括其外部存储设备。本实施例中,所述存储器201通常用于存储安装于所述计算机设备200的操作系统和各类应用软件,例如数据表权限的处理方法的程序代码等。此外,所述存储器201还可以用于暂时地存储已经输出或者将要输出的各类数据。The memory 201 includes at least one type of readable storage medium, and the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static Random Access Memory (SRAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Programmable Read Only Memory (PROM), Magnetic Memory, Magnetic Disk, Optical Disk, etc. In some embodiments, the memory 201 may be an internal storage unit of the computer device 200 , such as a hard disk or a memory of the computer device 200 . In other embodiments, the memory 201 may also be an external storage device of the computer device 200 , for example, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital disk equipped on the computer device 200 (Secure Digital, SD) card, flash memory card (Flash Card) and so on. Of course, the memory 201 may also include both an internal storage unit of the computer device 200 and an external storage device thereof. In this embodiment, the memory 201 is generally used to store the operating system and various application software installed in the computer device 200, such as program codes of a method for processing data table permissions. In addition, the memory 201 can also be used to temporarily store various types of data that have been output or will be output.

所述处理器202在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器202通常用于控制所述计算机设备200的总体操作。本实施例中,所述处理器202用于运行所述存储器201中存储的程序代码或者处理数据,例如运行数据表权限的处理方法的程序代码。In some embodiments, the processor 202 may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor, or other data processing chips. The processor 202 is typically used to control the overall operation of the computer device 200 . In this embodiment, the processor 202 is configured to run the program code or process data stored in the memory 201 , for example, the program code of a method for processing data table permissions.

所述网络接口203可包括无线网络接口或有线网络接口,该网络接口203通常用于在所述计算机设备200与其他电子设备之间建立通信连接。The network interface 203 may include a wireless network interface or a wired network interface, and the network interface 203 is generally used to establish a communication connection between the computer device 200 and other electronic devices.

在本实施例中,可以直接通过计算机设备向用户展示具有查看对应数据表的权限用户类,便于管理,并且提升用户体验。In this embodiment, the user class with the right to view the corresponding data table can be displayed to the user directly through the computer device, which facilitates management and improves user experience.

本申请还提供了另一种实施方式,即提供一种计算机可读存储介质,所述计算机可读存储介质存储有数据表权限的处理程序,所述数据表权限的处理程序可被至少一个处理器执行,以使所述至少一个处理器执行如上述的数据表权限的处理方法的步骤。The present application also provides another implementation manner, which is to provide a computer-readable storage medium, where the computer-readable storage medium stores a processing program for data table rights, and the processing program for data table rights can be processed by at least one The processor executes, so that the at least one processor executes the steps of the method for processing the permissions of the data table as described above.

在本实施例中,通过计算机可读存储介质中存储的数据表权限的处理程序,可以有效管理数据表的查看权限,并且实现了用户对数据表的权限用户类的自助查询。In this embodiment, the data table permission processing program stored in the computer-readable storage medium can effectively manage the data table viewing authority, and realize the user's self-service query of the data table permission user class.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that the method of the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation. Based on this understanding, the technical solution of the present application can be embodied in the form of a software product in essence or in a part that contributes to the prior art, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, CD-ROM), including several instructions to make a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the methods described in the various embodiments of this application.

显然,以上所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例,附图中给出了本申请的较佳实施例,但并不限制本申请的专利范围。本申请可以以许多不同的形式来实现,相反地,提供这些实施例的目的是使对本申请的公开内容的理解更加透彻全面。尽管参照前述实施例对本申请进行了详细的说明,对于本领域的技术人员来而言,其依然可以对前述各具体实施方式所记载的技术方案进行修改,或者对其中部分技术特征进行等效替换。凡是利用本申请说明书及附图内容所做的等效结构,直接或间接运用在其他相关的技术领域,均同理在本申请专利保护范围之内。Obviously, the above-described embodiments are only a part of the embodiments of the present application, rather than all of the embodiments. The accompanying drawings show the preferred embodiments of the present application, but do not limit the scope of the patent of the present application. This application may be embodied in many different forms, rather these embodiments are provided so that a thorough and complete understanding of the disclosure of this application is provided. Although the present application has been described in detail with reference to the foregoing embodiments, those skilled in the art can still modify the technical solutions described in the foregoing specific embodiments, or perform equivalent replacements for some of the technical features. . Any equivalent structure made by using the contents of the description and drawings of the present application, which is directly or indirectly used in other related technical fields, is also within the scope of protection of the patent of the present application.

Claims (10)

1. A method for processing data table permissions, comprising the steps of:
receiving at least two different model files and at least two different rights files that a developer hands over to a production environment;
analyzing the authority file, and carrying out weighting processing on the model file to obtain a model file added with authority control, wherein the authority file comprises at least one authority user class which has authority for viewing a corresponding data table;
calling data from a database by using the model file added with the authority control to generate a data table added with the authority control, naming the data table according to a preset rule, and generating a data table name;
storing the authority user class and the name of the data table in a database in an associated manner; and
providing a front-end page, determining an authority user class with viewing authority according to the data table name when the data table name sent by the front-end page is received, and displaying the authority user class with the authority for viewing the corresponding data table to a user through the front-end page.
2. The method of claim 1, wherein the step of parsing the rights file and weighting the model file comprises:
analyzing the authority file by using a weighting tool, and extracting an authority user class, a model name and a weighting requirement in the authority file;
determining a corresponding model file according to the extracted model name;
and acquiring authority limit according to the weighting requirement, and attaching the authority limit and the authority user class to the model file to acquire the model file added with the authority control.
3. The method for processing data table permission according to claim 2, wherein the step of naming the data table according to a preset rule and generating a data table name comprises:
and identifying the current year, month and data type in the data table, naming the data table, and generating a data table name.
4. The method for processing the authority of the data table according to any one of claims 1 to 3, wherein the step of storing the authority user class and the name of the data table in association with each other in a database comprises:
after all the model files and the authority files handed over by the current developer are processed, the generated data table name and the authority user class are stored in an associated mode to generate a lookup table;
judging whether a lookup table is stored in a database or not;
if the database does not store the lookup table, writing the generated lookup table into the database;
if the database stores the lookup table, deleting the original lookup table and writing the generated lookup table into the database.
5. The method for processing the authority of the data table according to any one of claims 1 to 3, further comprising, after the step of parsing the authority file and performing weighting processing on the model file to obtain the model file added with the authority control:
regularly detecting the viewing condition of the data table;
and if the time difference value between the last login time of the currently detected data table and the current detection time is greater than a preset time period, hiding the currently detected data table.
6. The method for processing authority of data table according to any of claims 1 to 3, further comprising, after the step of parsing the authority file and performing weighting processing on the model file to obtain a model file added with authority control:
associating a pre-stored first user ID with at least one authority user class so that the first user ID has authority for viewing a data table controlled by the authority user class;
regularly detecting the login condition of the first user ID;
and if the time difference between the last login time of the first user ID and the current detection time is greater than a preset time period, releasing the association between the first user ID and the authorized user class.
7. The method for processing data table permission according to claim 6, after the step of associating a pre-stored first user ID with at least one permission user class so that the first user ID has permission to view the data table controlled by the permission user class, further comprising:
providing a front-end page, when receiving an application authority request sent by the front-end page, carrying an authority user class and a second user ID by the application authority request, and sending the authority user class and the second user ID to a manager for auditing;
and when an agreement instruction sent by a manager is received, configuring the authority user class for the second user ID so that the second user ID has the authority of viewing the corresponding data table, and displaying an auditing result to a user through a front-end page.
8. An apparatus for processing data table permissions, comprising:
the system comprises a receiving module, a generating module and a processing module, wherein the receiving module is used for receiving at least two different model files and at least two different authority files which are handed over to a production environment by a developer;
the weighting module is used for analyzing the authority file and carrying out weighting processing on the model file to obtain a model file added with authority control, wherein the authority file comprises at least one authority user class which has authority for viewing a corresponding data table;
the generating module is used for calling data from a database by using the model file added with the authority control to generate a data table added with the authority control, naming the data table according to a preset rule and generating a data table name;
the storage module is used for storing the authority user class and the name of the data table in a database in a correlation manner; and
and the providing module is used for providing a front-end page, determining the authority user class with the viewing authority according to the data table name when the data table name sent by the front-end page is received, and displaying the authority user class with the viewing authority corresponding to the data table to the user through the front-end page.
9. A computer arrangement, characterized by a memory in which a computer program is stored and a processor which, when executing the computer program, carries out the steps of a method of processing data table permissions according to any of claims 1 to 7.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method of processing data table permissions according to any of claims 1 to 7.
CN202010100595.3A 2020-02-18 2020-02-18 Data table authority processing method and device, computer equipment and storage medium Pending CN111400696A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010100595.3A CN111400696A (en) 2020-02-18 2020-02-18 Data table authority processing method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010100595.3A CN111400696A (en) 2020-02-18 2020-02-18 Data table authority processing method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111400696A true CN111400696A (en) 2020-07-10

Family

ID=71434245

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010100595.3A Pending CN111400696A (en) 2020-02-18 2020-02-18 Data table authority processing method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111400696A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104090770A (en) * 2014-07-22 2014-10-08 中国地质大学(北京) Method based on function of user right configuration system in software development
CN107480537A (en) * 2017-06-28 2017-12-15 北京小度信息科技有限公司 Authority the Resources list automatic generation method and device
CN108280365A (en) * 2017-09-19 2018-07-13 平安科技(深圳)有限公司 Data access authority management method, device, terminal device and storage medium
CN109522357A (en) * 2018-11-28 2019-03-26 北京锐安科技有限公司 A kind of data processing method, device, server and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104090770A (en) * 2014-07-22 2014-10-08 中国地质大学(北京) Method based on function of user right configuration system in software development
CN107480537A (en) * 2017-06-28 2017-12-15 北京小度信息科技有限公司 Authority the Resources list automatic generation method and device
CN108280365A (en) * 2017-09-19 2018-07-13 平安科技(深圳)有限公司 Data access authority management method, device, terminal device and storage medium
CN109522357A (en) * 2018-11-28 2019-03-26 北京锐安科技有限公司 A kind of data processing method, device, server and storage medium

Similar Documents

Publication Publication Date Title
US8645866B2 (en) Dynamic icon overlay system and method of producing dynamic icon overlays
US11386224B2 (en) Method and system for managing personal digital identifiers of a user in a plurality of data elements
KR101699653B1 (en) Identifying and preventing leaks of sensitive information
US20090313079A1 (en) Managing access rights using projects
WO2019153592A1 (en) User authority data management device and method, and computer readable storage medium
US10545991B2 (en) Synchronizing local and remote data
US11799890B2 (en) Detecting anomalous downloads
JP2024524094A (en) Data governance system and method
CN111352986A (en) Method and device for exporting database table structure and terminal equipment
CN110365642B (en) Method and device for monitoring information operation, computer equipment and storage medium
CN117633837A (en) Data access processing method, device, system and storage medium
US12339981B2 (en) Preventing illicit data transfer and storage
CN111400696A (en) Data table authority processing method and device, computer equipment and storage medium
CN110851346A (en) Method, device and equipment for detecting boundary problem of query statement and storage medium
US20120323840A1 (en) Data flow cost modeling
CN116071152A (en) Data processing method and device, electronic equipment and storage medium
JP7637041B2 (en) Information processing device, information processing method, and computer program
CN118296622A (en) A database account management method, device, medium and product
CN106156348A (en) A kind of auditing method of database object script risky operation
CN116432229A (en) Browser screen capture prevention method, device, computer equipment, medium and program product
US20230074366A1 (en) Information management device, information management system, information management method, and nontransitory computer-readable medium
TWM665417U (en) User terminal devices and information security verification server
CN118916906A (en) Data authority configuration method, device and storage medium
CN117171734A (en) Sensitive configuration abnormal behavior detection methods, devices, equipment and storage media
CN115801421A (en) A file identification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination