[go: up one dir, main page]

CN111898161B - Method, system, device and medium for managing authority of HUE - Google Patents

Method, system, device and medium for managing authority of HUE Download PDF

Info

Publication number
CN111898161B
CN111898161B CN202010789712.1A CN202010789712A CN111898161B CN 111898161 B CN111898161 B CN 111898161B CN 202010789712 A CN202010789712 A CN 202010789712A CN 111898161 B CN111898161 B CN 111898161B
Authority
CN
China
Prior art keywords
hue
user
log
user authority
management system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010789712.1A
Other languages
Chinese (zh)
Other versions
CN111898161A (en
Inventor
张东东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202010789712.1A priority Critical patent/CN111898161B/en
Publication of CN111898161A publication Critical patent/CN111898161A/en
Application granted granted Critical
Publication of CN111898161B publication Critical patent/CN111898161B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • G06F16/275Synchronous replication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a HUE authority management method, which comprises the following steps: respectively detecting and judging whether user rights are created in the HUE and the resource management system; in response to the user permission created in the HUE and the resource management system, clearing the user permission in the HUE, backing up the user permission in the resource management system and clearing the user permission; reestablishing the user authority by using the backed-up user authority in the resource management system, and recording the reestablished user authority information into a log; and responding to trigger permission synchronization, synchronizing the user permission information in the log to the HUE so as to create new user permission in the HUE according to the user permission information in the log. The invention also discloses a system, a computer device and a readable storage medium. The scheme provided by the invention can remove the dependency relationship of the current HUE service on Zookeeper, HDFS, YARN, hive, HBase, oozie and Spark components, and improve the autonomy of HUE cluster authority.

Description

一种HUE的权限管理方法、系统、设备以及介质A rights management method, system, device and medium of HUE

技术领域technical field

本发明涉及HUE领域,具体涉及一种HUE的权限管理方法、系统、设备以及存储介质。The present invention relates to the field of HUE, and in particular to a method, system, device and storage medium for rights management of HUE.

背景技术Background technique

当前HUE的用户管理系统完全同步开源,用户权限依赖HUE UI用户管理系统维护,也需在Ranger安全组件中赋权,HUE下的各组件的用户无法同步到HUE,HUE当前用户只限制了权限并未限制资源,因此造成两大不便:各组件自有用户资源权限无法在HUE用户管理系统中使用,当前用户资源管理系统的用户资源权限只能单独开客户端去使用,这样是极其不便的,也给使用大数据平台的企业增加很大的运营成本。Currently, the user management system of HUE is fully synchronized and open source. User permissions depend on the maintenance of the HUE UI user management system, and also need to be authorized in the Ranger security component. There are no restrictions on resources, which causes two major inconveniences: the user resource permissions of each component cannot be used in the HUE user management system, and the user resource permissions of the current user resource management system can only be used by opening the client separately, which is extremely inconvenient. It also adds a lot of operating costs to companies using big data platforms.

发明内容Contents of the invention

有鉴于此,为了克服上述问题的至少一个方面,本发明实施例提出一种HUE的权限管理方法,包括以下步骤:In view of this, in order to overcome at least one aspect of the above problems, an embodiment of the present invention proposes a HUE rights management method, including the following steps:

分别检测并判断在HUE中和在资源管理系统中是否创建了用户权限;Detect and judge whether user permissions have been created in HUE and in the resource management system respectively;

响应于在所述HUE中和在所述资源管理系统中均已创建了用户权限,清空所述HUE中的用户权限,并将所述资源管理系统中的用户权限进行备份后清空;Responding to the creation of user rights in the HUE and in the resource management system, clear the user rights in the HUE, and clear the user rights in the resource management system after backup;

在所述资源管理系统中利用备份的用户权限重新创建用户权限,并将重新创建的用户权限信息记录到日志;Using the backup user authority to recreate the user authority in the resource management system, and record the recreated user authority information to a log;

响应于触发权限同步,将所述日志中的用户权限信息同步到所述HUE,以在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。In response to triggering permission synchronization, synchronizing the user permission information in the log to the HUE, so as to create a new user permission in the HUE according to the user permission information in the log.

在一些实施例中,还包括:In some embodiments, also include:

判断在所述HUE中创建新的用户权限后的用户信息表和在所述资源管理系统中利用备份的用户权限重新创建用户权限后的用户信息表是否一致;Judging whether the user information table after creating a new user authority in the HUE is consistent with the user information table after recreating user authority with the backup user authority in the resource management system;

响应于不一致,根据所述HUE的系统日志确定不一致的原因并重新在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。In response to the inconsistency, determine the cause of the inconsistency according to the system log of the HUE, and recreate a new user permission in the HUE according to the user permission information in the log.

在一些实施例中,根据所述HUE的系统日志确定不一致的原因并重新在所述HUE中根据所述日志中的用户权限信息创建新的用户权限,进一步包括:In some embodiments, determining the cause of the inconsistency according to the system log of the HUE and re-creating a new user permission in the HUE according to the user permission information in the log, further comprising:

响应于因所述HUE获取所述资源管理系统的日志中的用户权限信息导致不一致,删除在所述HUE中创建的新的用户权限,并再次将所述资源管理系统的日志中的用户权限信息同步到所述HUE。In response to the inconsistency caused by the HUE obtaining the user authority information in the log of the resource management system, deleting the new user authority created in the HUE, and re-applying the user authority information in the resource management system log Sync to the HUE.

在一些实施例中,还包括:In some embodiments, also include:

响应于因所述HUE切换新的用户信息表导致不一致,删除在所述HUE中创建的新的用户权限,并再次在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。In response to an inconsistency caused by the HUE switching a new user information table, delete the new user authority created in the HUE, and create a new user authority in the HUE again according to the user authority information in the log.

在一些实施例中,还包括:In some embodiments, also include:

响应于一致,在所述HUE中验证新创建的用户权限是否与所述资源管理系统相同。In response to agreement, it is verified in the HUE whether the newly created user rights are the same as the resource management system.

在一些实施例中,还包括:In some embodiments, also include:

响应于在所述资源管理系统中对用户权限进行变更,将变更后的用户权限信息记录到日志;In response to changing the user authority in the resource management system, record the changed user authority information in a log;

响应于触发权限同步,将所述日志中的用户权限信息同步到所述HUE,以在所述HUE中根据所述日志中的用户权限信息变更对应的用户权限。In response to triggering permission synchronization, synchronizing the user permission information in the log to the HUE, so as to change the corresponding user permission in the HUE according to the user permission information in the log.

在一些实施例中,清空所述HUE中的用户权限,进一步包括:In some embodiments, clearing the user rights in the HUE further includes:

对所述HUE中的用户权限进行备份。Back up the user rights in the HUE.

基于同一发明构思,根据本发明的另一个方面,本发明的实施例还提供了一种HUE的权限管理系统,包括:Based on the same inventive concept, according to another aspect of the present invention, an embodiment of the present invention also provides a HUE rights management system, including:

检测模块,所述检测模块配置为分别检测并判断在HUE中和在资源管理系统中是否创建了用户权限;A detection module, the detection module is configured to respectively detect and determine whether user rights are created in the HUE and in the resource management system;

初始化模块,所述初始化模块配置为响应于在所述HUE中和在所述资源管理系统中均已创建了用户权限,清空所述HUE中的用户权限,并将所述资源管理系统中的用户权限进行备份后清空;an initialization module, the initialization module is configured to clear the user permissions in the HUE in response to user permissions created in the HUE and in the resource management system, and set the Clear permissions after backing up;

记录模块,所述记录模块配置为在所述资源管理系统中利用备份的用户权限重新创建用户权限,并将重新创建的用户权限信息记录到日志;A recording module, the recording module is configured to use the backup user authority to recreate user authority in the resource management system, and record the recreated user authority information to a log;

同步模块,所述同步模块配置为响应于触发权限同步,将所述日志中的用户权限信息同步到所述HUE,以在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。A synchronization module configured to, in response to triggering permission synchronization, synchronize the user permission information in the log to the HUE, so as to create a new user permission in the HUE according to the user permission information in the log .

基于同一发明构思,根据本发明的另一个方面,本发明的实施例还提供了一种计算机设备,包括:Based on the same inventive concept, according to another aspect of the present invention, an embodiment of the present invention also provides a computer device, including:

至少一个处理器;以及at least one processor; and

存储器,所述存储器存储有可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时执行如上所述的任一种HUE的权限管理方法的步骤。A memory, the memory stores a computer program that can run on the processor, wherein the processor executes the steps of any one of the HUE rights management methods described above when executing the program.

基于同一发明构思,根据本发明的另一个方面,本发明的实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时执行如上所述的任一种HUE的权限管理方法的步骤。Based on the same inventive concept, according to another aspect of the present invention, an embodiment of the present invention also provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor Execute the steps of any one of the HUE rights management methods described above.

本发明具有以下有益技术效果之一:本发明提供出的方案能够解除当前HUE服务对Zookeeper、HDFS、YARN、Hive、HBase、Oozie、Spark等组件依赖关系,提高HUE集群部署自主选择性与灵活便捷性,降低HUE版本更新、二次开发后验证成本,同时节省集群部署时间成本、集群运维成本。The present invention has one of the following beneficial technical effects: the solution provided by the present invention can remove the dependencies of current HUE services on Zookeeper, HDFS, YARN, Hive, HBase, Oozie, Spark and other components, and improve the autonomous selectivity, flexibility and convenience of HUE cluster deployment Reliability, reducing HUE version update and verification costs after secondary development, while saving cluster deployment time costs and cluster operation and maintenance costs.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的实施例。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention, and those skilled in the art can obtain other embodiments according to these drawings without any creative effort.

图1为本发明的实施例提供的HUE和DataSpace的结构连接示意图;Fig. 1 is the structural connection diagram of HUE and DataSpace provided by the embodiment of the present invention;

图2为本发明的实施例提供的HUE的权限管理方法的流程示意图;FIG. 2 is a schematic flow chart of the HUE rights management method provided by the embodiment of the present invention;

图3为本发明的实施例提供的HUE的权限管理系统的结构示意图;FIG. 3 is a schematic structural diagram of an HUE rights management system provided by an embodiment of the present invention;

图4为本发明的实施例提供的计算机设备的结构示意图;FIG. 4 is a schematic structural diagram of a computer device provided by an embodiment of the present invention;

图5为本发明的实施例提供的计算机可读存储介质的结构示意图。FIG. 5 is a schematic structural diagram of a computer-readable storage medium provided by an embodiment of the present invention.

具体实施方式detailed description

为使本发明的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本发明实施例进一步详细说明。In order to make the object, technical solution and advantages of the present invention clearer, the embodiments of the present invention will be further described in detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

需要说明的是,本发明实施例中所有使用“第一”和“第二”的表述均是为了区分两个相同名称非相同的实体或者非相同的参量,可见“第一”“第二”仅为了表述的方便,不应理解为对本发明实施例的限定,后续实施例对此不再一一说明。It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are to distinguish two entities with the same name but different parameters or parameters that are not the same, see "first" and "second" It is only for the convenience of expression, and should not be construed as a limitation on the embodiments of the present invention, which will not be described one by one in the subsequent embodiments.

需要说明的是,在本发明的实施例中,资源管理系统可以是DataSpace,如图1所示,DataSpace是一个简单易用的大数据集群资源管理系统。用户可以通过可视化界面或Rest API创建自己的数据空间,实现空间内数据的数据资源和计算资源隔离,并且支持对空间中的数据资源进行共享。Hue面向数据查询、处理和分析等操作,为用户提供了相关组件的图形化操作界面。通过使用Hue,用户可以在Web控制台上与Hadoop集群进行交互式数据分析处理,例如操作HDFS上的数据、运行MapReduce Job等,极大降低相关组件的使用门槛。通过本发明提出的方案可以实现DataSpace上的用户同步到HUE中,也即只需在DataSpace上创建相应的用户或租户具有的权限,在HUE中就可以实现相同的用户或租户具有同样的权限。It should be noted that, in the embodiment of the present invention, the resource management system may be DataSpace. As shown in FIG. 1 , DataSpace is a simple and easy-to-use big data cluster resource management system. Users can create their own data space through the visual interface or Rest API, realize the isolation of data resources and computing resources of data in the space, and support the sharing of data resources in the space. Hue is oriented towards operations such as data query, processing, and analysis, and provides users with a graphical operation interface for related components. By using Hue, users can perform interactive data analysis and processing with the Hadoop cluster on the web console, such as operating data on HDFS, running MapReduce Job, etc., which greatly reduces the threshold for using related components. Through the solution proposed by the present invention, the users on DataSpace can be synchronized to HUE, that is, only the corresponding users or tenants need to be created on DataSpace, and the same users or tenants can have the same permissions in HUE.

根据本发明的一个方面,本发明的实施例提出一种HUE的权限管理方法,如图2所示,其可以包括步骤:According to one aspect of the present invention, an embodiment of the present invention proposes a HUE rights management method, as shown in FIG. 2 , which may include steps:

S1,分别检测并判断在HUE中和在资源管理系统中是否创建了用户权限;S1, respectively detecting and judging whether user permissions have been created in the HUE and in the resource management system;

S2,响应于在所述HUE中和在所述资源管理系统中均已创建了用户权限,清空所述HUE中的用户权限,并将所述资源管理系统中的用户权限进行备份后清空;S2. Responding to the fact that user rights have been created in both the HUE and the resource management system, clear the user rights in the HUE, and clear the user rights in the resource management system after backing up;

S3,在所述资源管理系统中利用备份的用户权限重新创建用户权限,并将重新创建的用户权限信息记录到日志;S3, using the backup user authority to recreate the user authority in the resource management system, and record the recreated user authority information in a log;

S4,响应于触发权限同步,将所述日志中的用户权限信息同步到所述HUE,以在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。S4. In response to triggering permission synchronization, synchronize the user permission information in the log to the HUE, so as to create a new user permission in the HUE according to the user permission information in the log.

本发明提供出的方案能够解除当前HUE服务对Zookeeper、HDFS、YARN、Hive、HBase、Oozie、Spark组件依赖关系,提高HUE集群部署自主选择性与灵活便捷性,降低HUE版本更新、二次开发后验证成本,同时节省集群部署时间成本、集群运维成本。The solution provided by the present invention can remove the dependencies of the current HUE service on Zookeeper, HDFS, YARN, Hive, HBase, Oozie, and Spark components, improve the autonomous selectivity and flexibility and convenience of HUE cluster deployment, and reduce the HUE version update and secondary development. Verification cost, while saving cluster deployment time cost and cluster operation and maintenance cost.

在一些实施例中,对HUE中原有的用户权限进行清空的目的是防止原有的用户权限对同步过程造成干扰。In some embodiments, the purpose of clearing the original user rights in the HUE is to prevent the original user rights from interfering with the synchronization process.

在一些实施例中,步骤S2,清空所述HUE中的用户权限,进一步包括:In some embodiments, step S2, clearing the user rights in the HUE, further includes:

对所述HUE中的用户权限进行备份。Back up the user rights in the HUE.

在一些实施例中,方法还包括:In some embodiments, the method also includes:

判断在所述HUE中创建新的用户权限后的用户信息表和在所述资源管理系统中利用备份的用户权限重新创建用户权限后的用户信息表是否一致;Judging whether the user information table after creating a new user authority in the HUE is consistent with the user information table after recreating user authority with the backup user authority in the resource management system;

响应于不一致,根据所述HUE的系统日志确定不一致的原因并重新在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。In response to the inconsistency, determine the cause of the inconsistency according to the system log of the HUE, and recreate a new user permission in the HUE according to the user permission information in the log.

具体的,当在HUE中用读取到的日志中的用户权限数据,将MYSQL中自身用户信息表内容按照日期备份,并根据日志中的用户权限数据将原用户信息表变更,变更完成后由HUE切换用户信息表,完成用户信息数据同步。接着判断所述HUE中创建新的用户权限后的用户信息表和在所述资源管理系统中利用备份的用户权限重新创建用户权限后的用户信息表是否一致,如果不一致,则可以根据HUE的系统日志确定不一致的原因并重新在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。Specifically, when using the user authority data in the read log in HUE, back up the content of the user information table in MYSQL according to the date, and change the original user information table according to the user authority data in the log. After the change is completed, the The HUE switches the user information table to complete user information data synchronization. Then determine whether the user information table after creating a new user authority in the HUE is consistent with the user information table after recreating user authority with the backup user authority in the resource management system, if inconsistent, it can be determined according to the system of the HUE The log determines the cause of the inconsistency and recreates a new user permission in the HUE according to the user permission information in the log.

在一些实施例中,根据所述HUE的系统日志确定不一致的原因并重新在所述HUE中根据所述日志中的用户权限信息创建新的用户权限,进一步包括:In some embodiments, determining the cause of the inconsistency according to the system log of the HUE and re-creating a new user permission in the HUE according to the user permission information in the log, further comprising:

响应于因所述HUE获取所述资源管理系统的日志中的用户权限信息导致不一致,删除在所述HUE中创建的新的用户权限,并再次将所述资源管理系统的日志中的用户权限信息同步到所述HUE。In response to the inconsistency caused by the HUE obtaining the user authority information in the log of the resource management system, deleting the new user authority created in the HUE, and re-applying the user authority information in the resource management system log Sync to the HUE.

具体的,如果是因HUE在获取所述资源管理系统的日志中的用户权限信息出问题,在需要删除在所述HUE中创建的新的用户权限,即执行清空在HUE中所创建的所有的用户权限,并再次将所述资源管理系统的日志中的用户权限信息同步到所述HUE。Specifically, if there is a problem with HUE obtaining the user authority information in the log of the resource management system, it is necessary to delete the new user authority created in the HUE, that is, to clear all the user authority information created in the HUE User rights, and synchronize the user rights information in the log of the resource management system to the HUE again.

在一些实施例中,还包括:In some embodiments, also include:

响应于因所述HUE切换新的用户信息表导致不一致,删除在所述HUE中创建的新的用户权限,并再次在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。In response to an inconsistency caused by the HUE switching a new user information table, delete the new user authority created in the HUE, and create a new user authority in the HUE again according to the user authority information in the log.

具体的,如果是因HUE自身在切换新的用户信息出问题导致不一致,则可以先删除同步完成的用户权限信息,然后再次在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。Specifically, if the inconsistency is caused by the fact that the HUE itself is switching new user information, you can first delete the user authority information that has been synchronized, and then create a new user in the HUE again based on the user authority information in the log authority.

在一些实施例中,还包括:In some embodiments, also include:

响应于一致,在所述HUE中验证新创建的用户权限是否与所述资源管理系统相同。In response to agreement, it is verified in the HUE whether the newly created user rights are the same as the resource management system.

具体的,如果一致,则说明权限同步成功,如果不一致,则需要将HUE中的用户权限信息删除后,再次进行用户权限信息的同步。Specifically, if they are consistent, it means that the permission synchronization is successful; if they are inconsistent, it is necessary to delete the user permission information in the HUE, and then perform the synchronization of the user permission information again.

在一些实施例中,还包括:In some embodiments, also include:

响应于在所述资源管理系统中对用户权限进行变更,将变更后的用户权限信息记录到日志;In response to changing the user authority in the resource management system, record the changed user authority information in a log;

响应于触发权限同步,将所述日志中的用户权限信息同步到所述HUE,以在所述HUE中根据所述日志中的用户权限信息变更对应的用户权限。In response to triggering permission synchronization, synchronizing the user permission information in the log to the HUE, so as to change the corresponding user permission in the HUE according to the user permission information in the log.

具体的,资源管理系统每变更一次用户资源权限数据,都将实时同步到Edit.log日志中,Edit.log保存在内存中以供高速存取数据,由HUE定时(每隔一段时间)或定量(Edit.log大小)或人工(由运维人员)将Edit.log数据用户数据变更信息更新至HUE用户管理系统中。例如,可以每隔10分钟触发一次HUE获取Edit.log;还可以当Edit.log容量大小到大10M触发一次HUE获取Edit.log;或者还可以运维人员点击一键同步,即可立即触发一次HUE获取Edit.log。以上三项互不影响,先到达触发阈值则立即触发,触发后,所有定时定量清空重新计算。Specifically, every time the resource management system changes the user resource permission data, it will be synchronized to the Edit.log log in real time. (Edit.log size) or manually (by the operation and maintenance personnel) to update the Edit.log data user data change information to the HUE user management system. For example, HUE can be triggered to obtain Edit.log every 10 minutes; HUE can also be triggered to obtain Edit.log when the size of Edit.log reaches 10M; or the operation and maintenance personnel can click one-key synchronization to trigger once immediately HUE gets Edit.log. The above three items do not affect each other. If the trigger threshold is reached first, it will be triggered immediately. After triggering, all timing and quantitative calculations will be cleared and recalculated.

在一些实施例中,可以通过内存模块实时监控并读取当资源管理系统中的任何用户信息变更记录并生成Edit.log日志,以供HUE获取。内存模块将Edit.log备份至多个内存条中以供HUE更快速读,且保证Edit.log高可用。并且当触发同步的同时,备份当时资源管理系统的用户信息表以供数据同步完后验证使用。In some embodiments, the memory module can be used to monitor and read any user information change records in the resource management system in real time and generate an Edit.log log for the HUE to obtain. The memory module backs up Edit.log to multiple memory sticks for faster reading by HUE and ensures high availability of Edit.log. And when synchronization is triggered, the user information table of the resource management system at that time is backed up for verification after data synchronization.

本发明提供出的方案能够解除当前HUE服务对Zookeeper、HDFS、YARN、Hive、HBase、Oozie、Spark组件依赖关系,提高HUE集群部署自主选择性与灵活便捷性,降低HUE版本更新、二次开发后验证成本,同时节省集群部署时间成本、集群运维成本。The solution provided by the present invention can remove the dependencies of the current HUE service on Zookeeper, HDFS, YARN, Hive, HBase, Oozie, and Spark components, improve the autonomous selectivity and flexibility and convenience of HUE cluster deployment, and reduce the HUE version update and secondary development. Verification cost, while saving cluster deployment time cost and cluster operation and maintenance cost.

基于同一发明构思,根据本发明的另一个方面,本发明的实施例还提供了一种HUE的权限管理系统400,如图3所示,包括:Based on the same inventive concept, according to another aspect of the present invention, an embodiment of the present invention also provides a HUE rights management system 400, as shown in FIG. 3 , including:

检测模块401,所述检测模块401配置为分别检测并判断在HUE中和在资源管理系统中是否创建了用户权限;A detection module 401, the detection module 401 is configured to respectively detect and judge whether user rights are created in the HUE and in the resource management system;

初始化模块402,所述初始化模块402配置为响应于在所述HUE中和在所述资源管理系统中均已创建了用户权限,清空所述HUE中的用户权限,并将所述资源管理系统中的用户权限进行备份后清空;An initialization module 402, the initialization module 402 is configured to clear the user permissions in the HUE and set the Clear the user permissions after backup;

记录模块403,所述记录模块403配置为在所述资源管理系统中利用备份的用户权限重新创建用户权限,并将重新创建的用户权限信息记录到日志;A recording module 403, the recording module 403 is configured to use the backup user authority to recreate the user authority in the resource management system, and record the recreated user authority information to a log;

同步模块404,所述同步模块404配置为响应于触发权限同步,将所述日志中的用户权限信息同步到所述HUE,以在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。A synchronization module 404, the synchronization module 404 is configured to, in response to triggering permission synchronization, synchronize the user permission information in the log to the HUE, so as to create a new user permission information in the log according to the user permission information in the HUE User rights.

在一些实施例,还包括判断模块,所述判断模块配置为:In some embodiments, a judging module is also included, and the judging module is configured to:

判断在所述HUE中创建新的用户权限后的用户信息表和在所述资源管理系统中利用备份的用户权限重新创建用户权限后的用户信息表是否一致;Judging whether the user information table after creating a new user authority in the HUE is consistent with the user information table after recreating user authority with the backup user authority in the resource management system;

响应于不一致,根据所述HUE的系统日志确定不一致的原因并重新在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。In response to the inconsistency, determine the cause of the inconsistency according to the system log of the HUE, and recreate a new user permission in the HUE according to the user permission information in the log.

在一些实施例,所述判断模块还配置为:In some embodiments, the judging module is further configured to:

响应于因所述HUE获取所述资源管理系统的日志中的用户权限信息导致不一致,删除在所述HUE中创建的新的用户权限,并再次将所述资源管理系统的日志中的用户权限信息同步到所述HUE。In response to the inconsistency caused by the HUE obtaining the user authority information in the log of the resource management system, deleting the new user authority created in the HUE, and re-applying the user authority information in the resource management system log Sync to the HUE.

在一些实施例,所述判断模块还配置为:In some embodiments, the judging module is further configured to:

响应于因所述HUE切换新的用户信息表导致不一致,删除在所述HUE中创建的新的用户权限,并再次在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。In response to an inconsistency caused by the HUE switching a new user information table, delete the new user authority created in the HUE, and create a new user authority in the HUE again according to the user authority information in the log.

在一些实施例,所述判断模块还配置为:In some embodiments, the judging module is further configured to:

响应于一致,在所述HUE中验证新创建的用户权限是否与所述资源管理系统相同。In response to agreement, it is verified in the HUE whether the newly created user rights are the same as the resource management system.

在一些实施例,还包括变更模块,所述变更模块配置为:In some embodiments, it also includes a change module, the change module is configured to:

响应于在所述资源管理系统中对用户权限进行变更,将变更后的用户权限信息记录到日志;In response to changing the user authority in the resource management system, record the changed user authority information in a log;

响应于触发权限同步,将所述日志中的用户权限信息同步到所述HUE,以在所述HUE中根据所述日志中的用户权限信息变更对应的用户权限。In response to triggering permission synchronization, synchronizing the user permission information in the log to the HUE, so as to change the corresponding user permission in the HUE according to the user permission information in the log.

在一些实施例,所述初始化模块402还配置为:In some embodiments, the initialization module 402 is further configured to:

对所述HUE中的用户权限进行备份。Back up the user rights in the HUE.

基于同一发明构思,根据本发明的另一个方面,如图4所示,本发明的实施例还提供了一种计算机设备501,包括:Based on the same inventive concept, according to another aspect of the present invention, as shown in FIG. 4 , an embodiment of the present invention also provides a computer device 501, including:

至少一个处理器520;以及at least one processor 520; and

存储器510,存储器510存储有可在处理器上运行的计算机程序511,处理器520执行程序时执行如上的任一种HUE的权限管理方法的步骤。A memory 510, the memory 510 stores a computer program 511 that can run on the processor, and the processor 520 executes the steps of any one of the above HUE rights management methods when executing the program.

基于同一发明构思,根据本发明的另一个方面,如图5所示,本发明的实施例还提供了一种计算机可读存储介质601,计算机可读存储介质601存储有计算机程序指令610,计算机程序指令610被处理器执行时执行如上的任一种HUE的权限管理方法的步骤。Based on the same inventive concept, according to another aspect of the present invention, as shown in FIG. When the program instruction 610 is executed by the processor, the steps of any one of the above HUE rights management methods are executed.

最后需要说明的是,本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,可以通过计算机程序来指令相关硬件来完成,的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。Finally, it should be noted that those skilled in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct related hardware, and the programs can be stored in a computer-readable storage medium. When the program is executed, it may include the procedures of the embodiments of the above-mentioned methods.

此外,应该明白的是,本文的计算机可读存储介质(例如,存储器)可以是易失性存储器或非易失性存储器,或者可以包括易失性存储器和非易失性存储器两者。In addition, it should be appreciated that a computer-readable storage medium (eg, memory) herein can be either volatile memory or nonvolatile memory, or can include both volatile memory and nonvolatile memory.

本领域技术人员还将明白的是,结合这里的公开所描述的各种示例性逻辑块、模块、电路和算法步骤可以被实现为电子硬件、计算机软件或两者的组合。为了清楚地说明硬件和软件的这种可互换性,已经就各种示意性组件、方块、模块、电路和步骤的功能对其进行了一般性的描述。这种功能是被实现为软件还是被实现为硬件取决于具体应用以及施加给整个系统的设计约束。本领域技术人员可以针对每种具体应用以各种方式来实现的功能,但是这种实现决定不应被解释为导致脱离本发明实施例公开的范围。Those of skill would also appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described generally in terms of their functionality. Whether such functionality is implemented as software or as hardware depends upon the particular application and design constraints imposed on the overall system. Those skilled in the art may implement the functions in various ways for each specific application, but such implementation decisions should not be interpreted as causing a departure from the scope disclosed in the embodiments of the present invention.

以上是本发明公开的示例性实施例,但是应当注意,在不背离权利要求限定的本发明实施例公开的范围的前提下,可以进行多种改变和修改。根据这里描述的公开实施例的方法权利要求的功能、步骤和/或动作不需以任何特定顺序执行。此外,尽管本发明实施例公开的元素可以以个体形式描述或要求,但除非明确限制为单数,也可以理解为多个。The above are the exemplary embodiments disclosed in the present invention, but it should be noted that various changes and modifications can be made without departing from the scope of the disclosed embodiments of the present invention defined in the claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. In addition, although the elements disclosed in the embodiments of the present invention may be described or required in an individual form, they may also be understood as a plurality unless explicitly limited to a singular number.

应当理解的是,在本文中使用的,除非上下文清楚地支持例外情况,单数形式“一个”旨在也包括复数形式。还应当理解的是,在本文中使用的“和/或”是指包括一个或者一个以上相关联地列出的项目的任意和所有可能组合。It should be understood that as used herein, the singular form "a" and "an" are intended to include the plural forms as well, unless the context clearly supports an exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.

上述本发明实施例公开实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments disclosed in the above-mentioned embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.

本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps for implementing the above-mentioned embodiments can be completed by hardware, or can be completed by instructing related hardware through a program, and the program can be stored in a computer-readable storage medium. The above-mentioned The storage medium can be read-only memory, magnetic disk or optical disk and so on.

所属领域的普通技术人员应当理解:以上任何实施例的讨论仅为示例性的,并非旨在暗示本发明实施例公开的范围(包括权利要求)被限于这些例子;在本发明实施例的思路下,以上实施例或者不同实施例中的技术特征之间也可以进行组合,并存在如上的本发明实施例的不同方面的许多其它变化,为了简明它们没有在细节中提供。因此,凡在本发明实施例的精神和原则之内,所做的任何省略、修改、等同替换、改进等,均应包含在本发明实施例的保护范围之内。Those of ordinary skill in the art should understand that: the discussion of any of the above embodiments is exemplary only, and is not intended to imply that the scope (including claims) disclosed by the embodiments of the present invention is limited to these examples; under the idea of the embodiments of the present invention , the technical features in the above embodiments or different embodiments can also be combined, and there are many other changes in different aspects of the above embodiments of the present invention, which are not provided in details for the sake of brevity. Therefore, within the spirit and principle of the embodiments of the present invention, any omissions, modifications, equivalent replacements, improvements, etc., shall be included in the protection scope of the embodiments of the present invention.

Claims (7)

1.一种HUE的权限管理方法,其特征在于,包括以下步骤:1. A rights management method of HUE, is characterized in that, comprises the following steps: 分别检测并判断在HUE中和在资源管理系统中是否创建了用户权限;Detect and judge whether user permissions have been created in HUE and in the resource management system respectively; 响应于在所述HUE中和在所述资源管理系统中均已创建了用户权限,清空所述HUE中的用户权限,并将所述资源管理系统中的用户权限进行备份后清空;Responding to the creation of user rights in the HUE and in the resource management system, clear the user rights in the HUE, and clear the user rights in the resource management system after backup; 在所述资源管理系统中利用备份的用户权限重新创建用户权限,并将重新创建的用户权限信息记录到日志;Using the backup user authority to recreate the user authority in the resource management system, and record the recreated user authority information to a log; 响应于触发权限同步,将所述日志中的用户权限信息同步到所述HUE,以在所述HUE中根据所述日志中的用户权限信息创建新的用户权限;In response to triggering permission synchronization, synchronizing the user permission information in the log to the HUE, so as to create a new user permission in the HUE according to the user permission information in the log; 判断在所述HUE中创建新的用户权限后的用户信息表和在所述资源管理系统中利用备份的用户权限重新创建用户权限后的用户信息表是否一致;Judging whether the user information table after creating a new user authority in the HUE is consistent with the user information table after recreating user authority with the backup user authority in the resource management system; 响应于不一致,根据所述HUE的系统日志确定不一致的原因并重新在所述HUE中根据所述日志中的用户权限信息创建新的用户权限;In response to the inconsistency, determine the cause of the inconsistency according to the system log of the HUE and re-create a new user authority in the HUE according to the user authority information in the log; 根据所述HUE的系统日志确定不一致的原因并重新在所述HUE中根据所述日志中的用户权限信息创建新的用户权限,进一步包括:Determine the cause of the inconsistency according to the system log of the HUE and create a new user authority in the HUE according to the user authority information in the log, further comprising: 响应于因所述HUE获取所述资源管理系统的日志中的用户权限信息导致不一致,删除在所述HUE中创建的新的用户权限,并再次将所述资源管理系统的日志中的用户权限信息同步到所述HUE;In response to the inconsistency caused by the HUE obtaining the user authority information in the log of the resource management system, deleting the new user authority created in the HUE, and re-applying the user authority information in the resource management system log Sync to said HUE; 响应于因所述HUE切换新的用户信息表导致不一致,删除在所述HUE中创建的新的用户权限,并再次在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。In response to an inconsistency caused by the HUE switching a new user information table, delete the new user authority created in the HUE, and create a new user authority in the HUE again according to the user authority information in the log. 2.如权利要求1所述的方法,其特征在于,还包括:2. The method of claim 1, further comprising: 响应于一致,在所述HUE中验证新创建的用户权限是否与所述资源管理系统相同。In response to agreement, it is verified in the HUE whether the newly created user rights are the same as the resource management system. 3.如权利要求1所述的方法,其特征在于,还包括:3. The method of claim 1, further comprising: 响应于在所述资源管理系统中对用户权限进行变更,将变更后的用户权限信息记录到日志;In response to changing the user authority in the resource management system, record the changed user authority information in a log; 响应于触发权限同步,将所述日志中的用户权限信息同步到所述HUE,以在所述HUE中根据所述日志中的用户权限信息变更对应的用户权限。In response to triggering permission synchronization, synchronizing the user permission information in the log to the HUE, so as to change the corresponding user permission in the HUE according to the user permission information in the log. 4.如权利要求1所述的方法,其特征在于,清空所述HUE中的用户权限,进一步包括:4. The method according to claim 1, wherein clearing the user authority in the HUE further comprises: 对所述HUE中的用户权限进行备份。Back up the user rights in the HUE. 5.一种HUE的权限管理系统,其特征在于,包括:5. A rights management system of HUE, characterized in that, comprising: 检测模块,所述检测模块配置为分别检测并判断在HUE中和在资源管理系统中是否创建了用户权限;A detection module, the detection module is configured to respectively detect and determine whether user rights are created in the HUE and in the resource management system; 初始化模块,所述初始化模块配置为响应于在所述HUE中和在所述资源管理系统中均已创建了用户权限,清空所述HUE中的用户权限,并将所述资源管理系统中的用户权限进行备份后清空;an initialization module, the initialization module is configured to clear the user permissions in the HUE in response to user permissions created in the HUE and in the resource management system, and set the Clear permissions after backing up; 记录模块,所述记录模块配置为在所述资源管理系统中利用备份的用户权限重新创建用户权限,并将重新创建的用户权限信息记录到日志;A recording module, the recording module is configured to use the backup user authority to recreate user authority in the resource management system, and record the recreated user authority information to a log; 同步模块,所述同步模块配置为响应于触发权限同步,将所述日志中的用户权限信息同步到所述HUE,以在所述HUE中根据所述日志中的用户权限信息创建新的用户权限;A synchronization module configured to, in response to triggering permission synchronization, synchronize the user permission information in the log to the HUE, so as to create a new user permission in the HUE according to the user permission information in the log ; 还包括判断模块,所述判断模块配置为:Also includes a judging module, the judging module is configured to: 判断在所述HUE中创建新的用户权限后的用户信息表和在所述资源管理系统中利用备份的用户权限重新创建用户权限后的用户信息表是否一致;Judging whether the user information table after creating a new user authority in the HUE is consistent with the user information table after recreating user authority with the backup user authority in the resource management system; 响应于不一致,根据所述HUE的系统日志确定不一致的原因并重新在所述HUE中根据所述日志中的用户权限信息创建新的用户权限;In response to the inconsistency, determine the reason for the inconsistency according to the system log of the HUE and create a new user authority in the HUE according to the user authority information in the log; 响应于因所述HUE获取所述资源管理系统的日志中的用户权限信息导致不一致,删除在所述HUE中创建的新的用户权限,并再次将所述资源管理系统的日志中的用户权限信息同步到所述HUE;In response to the inconsistency caused by the HUE obtaining the user authority information in the log of the resource management system, deleting the new user authority created in the HUE, and re-applying the user authority information in the resource management system log Sync to said HUE; 响应于因所述HUE切换新的用户信息表导致不一致,删除在所述HUE中创建的新的用户权限,并再次在所述HUE中根据所述日志中的用户权限信息创建新的用户权限。In response to the inconsistency caused by the HUE switching a new user information table, delete the new user authority created in the HUE, and create a new user authority in the HUE again according to the user authority information in the log. 6.一种计算机设备,包括:6. A computer device comprising: 至少一个处理器;以及at least one processor; and 存储器,所述存储器存储有可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时执行如权利要求1-4任意一项所述的方法的步骤。A memory, the memory stores a computer program operable on the processor, wherein the processor executes the steps of the method according to any one of claims 1-4 when executing the program. 7.一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时执行如权利要求1-4任意一项所述的方法的步骤。7. A computer-readable storage medium, the computer-readable storage medium is stored with a computer program, characterized in that, when the computer program is executed by a processor, the method according to any one of claims 1-4 is executed step.
CN202010789712.1A 2020-08-07 2020-08-07 Method, system, device and medium for managing authority of HUE Active CN111898161B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010789712.1A CN111898161B (en) 2020-08-07 2020-08-07 Method, system, device and medium for managing authority of HUE

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010789712.1A CN111898161B (en) 2020-08-07 2020-08-07 Method, system, device and medium for managing authority of HUE

Publications (2)

Publication Number Publication Date
CN111898161A CN111898161A (en) 2020-11-06
CN111898161B true CN111898161B (en) 2023-01-06

Family

ID=73247115

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010789712.1A Active CN111898161B (en) 2020-08-07 2020-08-07 Method, system, device and medium for managing authority of HUE

Country Status (1)

Country Link
CN (1) CN111898161B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113407530A (en) * 2020-11-20 2021-09-17 广东美云智数科技有限公司 Permission data recovery method, management device and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110971580B (en) * 2018-09-30 2022-05-17 北京国双科技有限公司 Authority control method and device
CN109189753B (en) * 2018-10-18 2021-02-19 浪潮云信息技术股份公司 Method and device for adding user information in HUE
CN111327613B (en) * 2020-02-20 2022-06-21 深圳市腾讯计算机系统有限公司 Distributed service authority control method and device and computer readable storage medium

Also Published As

Publication number Publication date
CN111898161A (en) 2020-11-06

Similar Documents

Publication Publication Date Title
US12339965B2 (en) Malware detection and content item recovery
US8677253B2 (en) Replicating recorded actions across computer systems in a collaborative environment
US8245192B1 (en) Independent software development zones
US20230409540A1 (en) End-to-end restartability of cross-region replication using a new replication
US10185637B2 (en) Preserving management services with distributed metadata through the disaster recovery life cycle
CN107656797A (en) The method and apparatus of across virtual platform migration virtual machine
US11003362B2 (en) Disaster recovery practice mode for application virtualization infrastructure
US9317380B2 (en) Preserving management services with self-contained metadata through the disaster recovery life cycle
US9274719B2 (en) Snapshot management in hierarchical storage infrastructure
AU2019200945B2 (en) Automated issue detection and resolution framework for enterprise resource planning
US20210026658A1 (en) Central storage management interface supporting native user interface versions
US11204794B2 (en) Automated disaster recovery of discrete virtual machines
US11849037B1 (en) Cross-region replication of secrets
CN111898161B (en) Method, system, device and medium for managing authority of HUE
US20180349407A1 (en) Techniques for preserving clone relationships between files
US9485308B2 (en) Zero copy volume reconstruction
CN114756410B (en) Data recovery method, device and medium for dual-computer hot standby system
US20230161497A1 (en) Application environment recovery using cloud-based immutable storage devices
CN110737906A (en) Method and device for insensitive switching middleware connection pool privileged account
CN111813501B (en) Data deleting method, device, equipment and storage medium
RU2746570C1 (en) Method for managing access service and displaying confidential information and data using virtual desktop
US12332852B1 (en) Techniques for handling schema mismatch when migrating databases
US20240086285A1 (en) Configuration recovery for a data management system
CN112732679B (en) Data migration method, device, electronic equipment and readable storage medium
US11748314B2 (en) Method, device and computer program product for data replication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant