CN112580088A - Data loading method and device, computer equipment and storage medium - Google Patents
Data loading method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN112580088A CN112580088A CN201910940431.9A CN201910940431A CN112580088A CN 112580088 A CN112580088 A CN 112580088A CN 201910940431 A CN201910940431 A CN 201910940431A CN 112580088 A CN112580088 A CN 112580088A
- Authority
- CN
- China
- Prior art keywords
- target operation
- user corresponding
- authority
- user
- loading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a data loading method, a data loading device, computer equipment and a storage medium, and belongs to the technical field of big data. The method comprises the following steps: when a target operation of loading file data in a file system of the big data cluster system to an internal table in a computational analysis engine of the big data cluster system is detected, the security component is prohibited from judging whether a default user of the computational analysis engine has the authority of performing the target operation; judging whether a user corresponding to the target operation has the authority of performing the target operation; and when the user corresponding to the target operation has the right of performing the target operation, loading the file data into the internal table. By adopting the method, the normal operation failure of the user can be avoided.
Description
Technical Field
The present application relates to the field of big data technologies, and in particular, to a data loading method and apparatus, a computer device, and a storage medium.
Background
Currently, in many application scenarios, a large amount of data needs to be processed and analyzed by computer devices, and therefore, a large data cluster system is produced. Among them, the big data cluster system is a system capable of performing distributed processing on a large amount of data, and is capable of performing processing on data in a reliable, efficient, and scalable manner. For example, Hadoop is a common big data cluster system.
In order to ensure the security of the big data cluster system, many big data cluster systems are installed with a security component, for example, a Ranger component is a common security component of the big data cluster system. The security component may implement functions in terms of rights authentication, etc.
However, in some cases, the security component may intercept the user's normal operations within the big data cluster system, causing the user's normal operations to fail.
Disclosure of Invention
In view of the above, it is necessary to provide a data loading method, apparatus, computer device and storage medium capable of avoiding a failure of a normal operation of a user.
In a first aspect, a data loading method is provided, where the method is used in a big data cluster system installed with a security component, and the method includes:
when a target operation of loading file data in a file system of the big data cluster system to an internal table in a computational analysis engine of the big data cluster system is detected, the security component is prohibited from judging whether a default user of the computational analysis engine has the authority of performing the target operation;
judging whether a user corresponding to the target operation has the authority to perform the target operation;
and when the user corresponding to the target operation has the authority to perform the target operation, loading the file data to the internal table.
In one embodiment, disabling the security component from determining whether a default user of the computational analysis engine has permission to perform the target operation includes:
the security component is prohibited from determining whether a default user of the computational analysis engine is an owning user of the file data.
In one embodiment, the determining whether the user corresponding to the target operation has the right to perform the target operation includes:
judging whether a user corresponding to the target operation has the read-write permission of the file data;
and judging whether the user corresponding to the target operation is the owner user of the file data.
In one embodiment, determining whether the user corresponding to the target operation has the right to perform the target operation further includes:
and judging whether the user corresponding to the target operation has the write permission of the internal table.
In one embodiment, when the user corresponding to the target operation has the right to perform the target operation, loading the file data to the internal table includes:
and when the user corresponding to the target operation has the read-write permission of the file data, the user corresponding to the target operation is the owner user of the file data, and the user corresponding to the target operation has the write permission of the internal table, loading the file data to the internal table.
In one embodiment, the determining whether the user corresponding to the target operation has the right to perform the target operation includes:
acquiring target identification information of a user currently logging in the big data cluster system, and taking the target identification information as identification information of the user corresponding to the target operation;
and inquiring an authority database according to the identification information, and judging whether a user corresponding to the target operation has the authority for performing the target operation according to an inquiry result, wherein at least one corresponding relation between the identification information and the authority is stored in the authority database.
In one embodiment, the method further comprises:
and when the user corresponding to the target operation does not have the authority for carrying out the target operation, forbidding the target operation for loading the file data into the internal table.
In a second aspect, a data loading device is provided, which is disposed in a big data cluster system installed with a security component, and includes:
a first prohibiting module, configured to prohibit the security component from determining whether a default user of the computing analysis engine has an authority to perform a target operation when the target operation of loading file data in a file system of the big data cluster system to an internal table in the computing analysis engine of the big data cluster system is detected;
the judging module is used for judging whether the user corresponding to the target operation has the authority to carry out the target operation;
and the loading module is used for loading the file data to the internal table when the user corresponding to the target operation has the authority of performing the target operation.
In one embodiment, the first disabling module is specifically configured to disable the security component from determining whether the default user of the computational analysis engine is an owning user of the file data.
In one embodiment, the determining module is specifically configured to determine whether a user corresponding to the target operation has the read-write permission of the file data; and judging whether the user corresponding to the target operation is the owner user of the file data.
In one embodiment, the determining module is further configured to determine whether a user corresponding to the target operation has the write permission of the internal table.
In one embodiment, the loading module is specifically configured to load the file data into the internal table when the user corresponding to the target operation has the read-write permission of the file data, the user corresponding to the target operation is an owning user of the file data, and the user corresponding to the target operation has the write permission of the internal table.
In one embodiment, the determining module is specifically configured to obtain target identification information of a user currently logging in the big data cluster system, and use the target identification information as identification information of a user corresponding to the target operation; and inquiring an authority database according to the identification information, and judging whether a user corresponding to the target operation has the authority for performing the target operation according to an inquiry result, wherein at least one corresponding relation between the identification information and the authority is stored in the authority database.
In one embodiment, the apparatus further comprises a second disabling module;
the second prohibiting module is configured to prohibit the target operation of loading the file data into the internal table from being executed when the user corresponding to the target operation does not have the authority to perform the target operation.
In a third aspect, there is provided a computer device comprising a memory storing a computer program and a processor implementing the steps of the method of any of the first aspects when the processor executes the computer program.
In a fourth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the method of any of the first aspects described above.
The technical scheme provided by the embodiment of the application has at least the following beneficial effects:
when the target operation of loading the file data in the file system of the big data cluster system into the internal table of the calculation analysis engine of the big data cluster system is detected, the security component is prohibited to judge whether the default user of the calculation analysis engine has the authority of performing the target operation, judge whether the user corresponding to the target operation has the authority of performing the target operation, and then load the file data into the internal table when the user corresponding to the target operation has the authority of performing the target operation, so that the security component can be prevented from intercepting the target operation of loading the file data into the internal table, and the target operation of loading the file data into the internal table is prevented from failing.
Drawings
FIG. 1 is a flow diagram illustrating a data loading method according to one embodiment;
FIG. 2 is a flowchart illustrating a data loading method according to an embodiment;
FIG. 3 is a block diagram showing the structure of a data loading apparatus according to an embodiment;
FIG. 4 is a block diagram showing the structure of a data loading apparatus according to an embodiment;
FIG. 5 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The data loading method provided by the embodiment of the application can be applied to computer equipment, wherein a big data cluster system can be installed in the computer equipment, and a security component can be installed in the big data cluster system. Alternatively, the big data cluster system may be a Hadoop system, and the security component may be a Ranger component.
Referring to fig. 1, a schematic diagram of a data loading method provided in an embodiment of the present application is shown, where the data loading method may be applied to a computer device installed with a big data cluster system, where a security component may be installed in the big data cluster system, and as shown in fig. 1, the data loading method may include the following steps:
Optionally, in this embodiment of the present application, the big data cluster system may be a Hadoop system, the file system in the big data cluster system may be an HDFS file system, and the calculation analysis engine in the big data cluster system may be a HIVE engine, in this case, the target operation refers to an operation of loading file data in the HDFS file system to an internal table of the HIVE, and the default user of the calculation analysis engine refers to a default user of the HIVE, and in general, the default user of the HIVE may be referred to as a HIVE user for short.
Optionally, in this embodiment of the present application, the security component may be a range component. Optionally, the judgment whether the default user of the computational analysis engine has the authority to perform the target operation may be: whether the default user of the calculation analysis engine is the owning user of the file data or not, in other words, whether the default user of the calculation analysis engine has the authority to perform the target operation or not can be determined as follows: it is determined whether a default user of the computational analysis engine owns the file data.
Typically, when loading file data in a file system of a big data cluster system into an internal table in a computational analysis engine of the big data cluster system, a security component performs an operation to determine whether a default user of the computational analysis engine has authority to perform a target operation for data security. However, in practical applications, the user performing the target operation is mostly not the default user of the calculation analysis engine, for example, when the user logs in the big data cluster system according to the identification information of the user, the user performing the target operation is the user logging in the big data cluster system, and therefore, the security component performs the operation of determining whether the default user of the calculation analysis engine has the authority to perform the target operation, which may cause the target operation to fail instead. For example, when a default user of the computational analysis engine does not have permission to perform a target operation, the security component may prohibit loading file data in a file system of the big data cluster system into an internal table in the computational analysis engine of the big data cluster system.
To avoid a failure of a target operation of loading file data into the internal table, in an embodiment of the present application, the computer device may prohibit the security component from determining whether a default user of the computational analysis engine has a right to perform the target operation.
And 102, judging whether a user corresponding to the target operation has the authority of performing the target operation by the computer equipment.
Optionally, the user corresponding to the target operation refers to a user actually performing the target operation, and as described above, when the user logs in the big data cluster system according to the identification information of the user, the user corresponding to the target operation refers to the user who logs in the big data cluster system.
Optionally, the determining whether the user corresponding to the target operation has the authority to perform the target operation may include: and judging whether the user corresponding to the target operation has at least one of the read-write permission of the file data, judging whether the user corresponding to the target operation is the owner of the file data and judging whether the user corresponding to the target operation has the write permission of the internal table.
Optionally, in an embodiment of the present application, the security component in the big data cluster system may perform "determining whether the user corresponding to the target operation has the authority to perform the target operation", and optionally, in another embodiment of the present application, the file system and the computational analysis engine in the big data cluster system may perform "determining whether the user corresponding to the target operation has the authority to perform the target operation", and optionally, in yet another embodiment of the present application, the authentication component in the big data cluster system may perform "determining whether the user corresponding to the target operation has the authority to perform the target operation", which is not specifically limited in this embodiment of the present application.
The judgment of whether the user corresponding to the target operation has the read-write permission of the file data may be: and judging whether the user corresponding to the target operation has the right of reading the file data or not, and judging whether the user corresponding to the target operation has the right of writing the file data or not.
Whether the user corresponding to the target operation is the owned user finger of the file data or not can be judged as follows: and judging whether the user corresponding to the target operation owns the file data.
Judging whether the user corresponding to the target operation has the writing authority of the internal table or not can refer to: and judging whether the user corresponding to the target operation has the authority of writing the internal table.
It should be noted that, in practical applications, the computer device may first determine whether a user corresponding to the target operation has an authority to perform the target operation, and then prohibit the security component from determining whether a default user of the calculation analysis engine has the authority to perform the target operation; the security component may also be prohibited to determine whether a default user of the calculation analysis engine has the authority to perform the target operation, and then determine whether a user corresponding to the target operation has the authority to perform the target operation; the operation of prohibiting the security component from judging whether the default user of the calculation analysis engine has the authority to perform the target operation and the operation of judging whether the user corresponding to the target operation has the authority to perform the target operation can also be performed at the same time. The embodiment of the present application is not particularly limited to this.
And 103, when the user corresponding to the target operation has the right of performing the target operation, the computer equipment loads the file data into the internal table.
When it is determined that the user corresponding to the target operation has the right of the target operation, the computer device may load the file data into the internal table, thereby completing the target operation.
Optionally, in an embodiment of the present application, when the computer device determines that the user corresponding to the target operation has the read-write permission of the file data, the user corresponding to the target operation is an owning user of the file data, and the user corresponding to the target operation has the write permission of the internal table, the computer device may determine that the user corresponding to the target operation has the permission of the target operation.
In the data loading method provided in the embodiment of the present application, when a target operation of loading file data in a file system of a big data cluster system to an internal table in a calculation analysis engine of the big data cluster system is detected, the security component is prohibited to determine whether a default user of the calculation analysis engine has an authority to perform the target operation, and determine whether a user corresponding to the target operation has the authority to perform the target operation, and then, when the user corresponding to the target operation has the authority to perform the target operation, the file data is loaded to the internal table, so that the security component can be prevented from intercepting the target operation of loading the file data to the internal table, and thus, the target operation of loading the file data to the internal table is prevented from failing.
The embodiment of the present application further provides another data loading method, and on the basis of the above embodiment, the data loading method may further include the following steps:
and when the user corresponding to the target operation does not have the right of performing the target operation, the computer equipment prohibits the target operation of loading the file data into the internal table.
Optionally, in this embodiment of the present application, the fact that the user corresponding to the target operation does not have the authority to perform the target operation may be: the user corresponding to the target operation does not have the read-write permission of the file data, or the user corresponding to the target operation is not the user who owns the file data, or the user corresponding to the target operation does not have the write permission of the internal table.
Optionally, in this embodiment of the application, after the target operation of loading the file data into the internal table is prohibited from being executed, the computer device may generate and present, to a user corresponding to the target operation, execution prohibition reason information, where the execution prohibition reason information is used to indicate a reason why the computer device prohibits execution of the target operation of loading the file data into the internal table, and for example, the execution prohibition reason information may be: because you do not have the read-write permission of the file data, the file data cannot be loaded into the internal table.
Referring to fig. 2, another data loading method is further provided in the embodiment of the present application, and on the basis of any of the above embodiments, the step 102 may include a technical process shown in the following steps:
And step 1022, the computer device queries the permission database according to the target identification information, and determines whether the user corresponding to the target operation has permission to perform the target operation according to the query result.
Wherein, at least one corresponding relation between the identification information and the authority is stored in the authority database.
Optionally, in an embodiment of the present application, the permission database may store a corresponding relationship between the identification information and the read-write permission of the file data, and the computer device may query the permission database according to the target identification information, so as to determine whether a user corresponding to the target operation has the read-write permission of the file data according to a query result.
Optionally, in an embodiment of the present application, the authority database may store identification information of an owning user of the file data, and the computer device may query the authority database according to the target identification information, so as to determine whether a user corresponding to the target operation is the owning user of the file data according to a query result.
Optionally, in an embodiment of the present application, the permission database may store a corresponding relationship between the identification information and the write permission of the internal table, and the computer device may query the permission database according to the target identification information, so as to determine whether a user corresponding to the target operation is the write permission having the internal table according to a query result.
It should be understood that although the steps in the flowcharts of fig. 1 to 2 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 1-2 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least some of the sub-steps or stages of other steps.
Referring to fig. 3, which shows a schematic diagram of a data loading apparatus 300 according to an embodiment of the present application, as shown in fig. 3, the data loading apparatus 300 may include: a first disabling module 301, a determining module 302, and a loading module 303.
The first prohibiting module 301 is configured to, when a target operation of loading file data in a file system of the big data cluster system to an internal table in a computational analysis engine of the big data cluster system is detected, prohibit the security component from determining whether a default user of the computational analysis engine has a right to perform the target operation.
The determining module 302 is configured to determine whether a user corresponding to the target operation has a right to perform the target operation.
The loading module 303 is configured to load the file data into the internal table when the user corresponding to the target operation has the authority to perform the target operation.
In an embodiment of the application, the first disabling module 301 is specifically configured to disable the security component from determining whether the default user of the computational analysis engine is an owning user of the file data.
In an embodiment of the present application, the determining module 302 is specifically configured to determine whether a user corresponding to the target operation has a read-write permission of the file data; and judging whether the user corresponding to the target operation is the owner user of the file data.
In an embodiment of the application, the determining module 302 is further configured to determine whether a user corresponding to the target operation has a write right of the internal table.
In an embodiment of the application, the loading module 303 is specifically configured to load the file data into the internal table when the user corresponding to the target operation has the read-write permission of the file data, the user corresponding to the target operation is an owning user of the file data, and the user corresponding to the target operation has the write permission of the internal table.
In an embodiment of the present application, the determining module 302 is specifically configured to obtain target identification information of a user currently logging in the big data cluster system, and use the target identification information as identification information of a user corresponding to the target operation; and inquiring an authority database according to the identification information, and judging whether a user corresponding to the target operation has the authority for performing the target operation according to an inquiry result, wherein at least one corresponding relation between the identification information and the authority is stored in the authority database.
Referring to fig. 3, which is a schematic diagram illustrating another data loading apparatus 400 according to an embodiment of the present application, as shown in fig. 4, the data loading apparatus 400 may further include a second prohibition module 304 in addition to the modules included in the data loading apparatus 300.
The prohibiting module 304 is configured to prohibit the target operation of loading the file data into the internal table from being executed when the user corresponding to the target operation does not have the authority to perform the target operation.
For specific limitations of the data loading device, reference may be made to the above limitations of the data loading method, which is not described herein again. The modules in the data loading device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, the internal structure of which may be as shown in FIG. 5. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device may be the rights database described above. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a data loading method.
Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
when a target operation of loading file data in a file system of the big data cluster system to an internal table in a computational analysis engine of the big data cluster system is detected, the security component is prohibited from judging whether a default user of the computational analysis engine has the authority of performing the target operation; judging whether a user corresponding to the target operation has the authority to perform the target operation; and when the user corresponding to the target operation has the authority to perform the target operation, loading the file data to the internal table.
In one embodiment, the processor, when executing the computer program, further performs the steps of: the security component is prohibited from determining whether a default user of the computational analysis engine is an owning user of the file data.
In one embodiment, the processor, when executing the computer program, further performs the steps of: judging whether a user corresponding to the target operation has the read-write permission of the file data; and judging whether the user corresponding to the target operation is the owner user of the file data.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and judging whether the user corresponding to the target operation has the write permission of the internal table.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and when the user corresponding to the target operation has the read-write permission of the file data, the user corresponding to the target operation is the owner user of the file data, and the user corresponding to the target operation has the write permission of the internal table, loading the file data to the internal table.
In one embodiment, the processor, when executing the computer program, further performs the steps of: acquiring target identification information of a user currently logging in the big data cluster system, and taking the target identification information as identification information of the user corresponding to the target operation; and inquiring an authority database according to the identification information, and judging whether a user corresponding to the target operation has the authority for performing the target operation according to an inquiry result, wherein at least one corresponding relation between the identification information and the authority is stored in the authority database.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and when the user corresponding to the target operation does not have the authority for carrying out the target operation, forbidding the target operation for loading the file data into the internal table.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
when a target operation of loading file data in a file system of the big data cluster system to an internal table in a computational analysis engine of the big data cluster system is detected, the security component is prohibited from judging whether a default user of the computational analysis engine has the authority of performing the target operation; judging whether a user corresponding to the target operation has the authority to perform the target operation; and when the user corresponding to the target operation has the authority to perform the target operation, loading the file data to the internal table.
In one embodiment, the computer program when executed by the processor further performs the steps of: the security component is prohibited from determining whether a default user of the computational analysis engine is an owning user of the file data.
In one embodiment, the computer program when executed by the processor further performs the steps of: judging whether a user corresponding to the target operation has the read-write permission of the file data; and judging whether the user corresponding to the target operation is the owner user of the file data.
In one embodiment, the computer program when executed by the processor further performs the steps of: and judging whether the user corresponding to the target operation has the write permission of the internal table.
In one embodiment, the computer program when executed by the processor further performs the steps of: and when the user corresponding to the target operation has the read-write permission of the file data, the user corresponding to the target operation is the owner user of the file data, and the user corresponding to the target operation has the write permission of the internal table, loading the file data to the internal table.
In one embodiment, the computer program when executed by the processor further performs the steps of: acquiring target identification information of a user currently logging in the big data cluster system, and taking the target identification information as identification information of the user corresponding to the target operation; and inquiring an authority database according to the identification information, and judging whether a user corresponding to the target operation has the authority for performing the target operation according to an inquiry result, wherein at least one corresponding relation between the identification information and the authority is stored in the authority database.
In one embodiment, the computer program when executed by the processor further performs the steps of: and when the user corresponding to the target operation does not have the authority for carrying out the target operation, forbidding the target operation for loading the file data into the internal table.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, however, as long as there is no contradiction between the combinations of the technical features, the scope of the present specification should be considered as being loaded.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A data loading method, for use in a big data cluster system with security components installed, the method comprising:
when a target operation of loading file data in a file system of the big data cluster system to an internal table in a computational analysis engine of the big data cluster system is detected, the security component is prohibited from judging whether a default user of the computational analysis engine has the authority to perform the target operation;
judging whether a user corresponding to the target operation has the authority to perform the target operation;
and when the user corresponding to the target operation has the authority of performing the target operation, loading the file data to the internal table.
2. The method of claim 1, wherein the disabling the security component determines whether a default user of the computational analysis engine has permission to perform the target operation, comprising:
the security component is prohibited from determining whether a default user of the computational analysis engine is an owning user of the file data.
3. The method according to claim 1, wherein the determining whether the user corresponding to the target operation has the authority to perform the target operation comprises:
judging whether a user corresponding to the target operation has the read-write permission of the file data;
and judging whether the user corresponding to the target operation is the owned user of the file data.
4. The method according to claim 3, wherein the determining whether the user corresponding to the target operation has the authority to perform the target operation further comprises:
and judging whether the user corresponding to the target operation has the write permission of the internal table.
5. The method according to claim 4, wherein loading the file data into the internal table when the user corresponding to the target operation has the right to perform the target operation comprises:
and when the user corresponding to the target operation has the read-write permission of the file data, the user corresponding to the target operation is the user owning the file data, and the user corresponding to the target operation has the write permission of the internal table, loading the file data to the internal table.
6. The method according to claim 1, wherein the determining whether the user corresponding to the target operation has the authority to perform the target operation comprises:
acquiring target identification information of a user currently logging in the big data cluster system, and taking the target identification information as identification information of the user corresponding to the target operation;
and inquiring an authority database according to the target identification information, and judging whether a user corresponding to the target operation has the authority for performing the target operation according to an inquiry result, wherein at least one corresponding relation between the identification information and the authority is stored in the authority database.
7. The method of claim 1, further comprising:
and when the user corresponding to the target operation does not have the authority of performing the target operation, forbidding to execute the target operation of loading the file data to the internal table.
8. A data loading device, characterized in that, set up in the big data cluster system who installs the security subassembly, the device includes:
a first prohibiting module, configured to prohibit the security component from determining whether a default user of a computational analysis engine has an authority to perform a target operation when the target operation of loading file data in a file system of the big data cluster system to an internal table in the computational analysis engine of the big data cluster system is detected;
the judging module is used for judging whether a user corresponding to the target operation has the authority to carry out the target operation;
and the loading module is used for loading the file data to the internal table when the user corresponding to the target operation has the authority of performing the target operation.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910940431.9A CN112580088B (en) | 2019-09-30 | 2019-09-30 | Data loading method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910940431.9A CN112580088B (en) | 2019-09-30 | 2019-09-30 | Data loading method, device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112580088A true CN112580088A (en) | 2021-03-30 |
| CN112580088B CN112580088B (en) | 2024-08-23 |
Family
ID=75116411
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910940431.9A Active CN112580088B (en) | 2019-09-30 | 2019-09-30 | Data loading method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112580088B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020108050A1 (en) * | 2000-08-28 | 2002-08-08 | Contentguard Holdings, Inc. | System and method for digital rights management using a standard rendering engine |
| CN104536981A (en) * | 2014-12-05 | 2015-04-22 | 北京奇虎科技有限公司 | Browser safety achieving method, browser client-side and device |
| CN106909838A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | A kind of method and device of hooking system service call |
| CN108280367A (en) * | 2018-01-22 | 2018-07-13 | 腾讯科技(深圳)有限公司 | Management method, device, computing device and the storage medium of data manipulation permission |
| CN109543448A (en) * | 2018-11-16 | 2019-03-29 | 深圳前海微众银行股份有限公司 | HDFS file access authority control method, equipment and storage medium |
-
2019
- 2019-09-30 CN CN201910940431.9A patent/CN112580088B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020108050A1 (en) * | 2000-08-28 | 2002-08-08 | Contentguard Holdings, Inc. | System and method for digital rights management using a standard rendering engine |
| CN104536981A (en) * | 2014-12-05 | 2015-04-22 | 北京奇虎科技有限公司 | Browser safety achieving method, browser client-side and device |
| CN106909838A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | A kind of method and device of hooking system service call |
| CN108280367A (en) * | 2018-01-22 | 2018-07-13 | 腾讯科技(深圳)有限公司 | Management method, device, computing device and the storage medium of data manipulation permission |
| CN109543448A (en) * | 2018-11-16 | 2019-03-29 | 深圳前海微众银行股份有限公司 | HDFS file access authority control method, equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 俞木发;: "巧施妙招 绕过UAC拦截", 电脑爱好者, no. 07 * |
| 老万;: "如何对应用访问进行屏蔽拦截", 电脑爱好者, no. 22 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112580088B (en) | 2024-08-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110647329B (en) | Code obfuscation method, apparatus, computer device and storage medium | |
| US20080229425A1 (en) | Secure Terminal, a Routine and a Method of Protecting a Secret Key | |
| CN113114674A (en) | Service access method, device, equipment and storage medium | |
| CN114186239A (en) | Program white list method and device based on path information | |
| CN113886835A (en) | Container escape protection method, device, computer equipment and storage medium | |
| CN109413153B (en) | Data crawling method and device, computer equipment and storage medium | |
| CN109460252B (en) | Configuration file processing method and device based on git and computer equipment | |
| CN110928653A (en) | Cross-cluster task execution method and device, computer equipment and storage medium | |
| CN110990844A (en) | Cloud data protection method based on kernel, cloud server and system | |
| CN110363013A (en) | A method and system for realizing file access control at application layer under Linux system | |
| CN113949579A (en) | Website attack defense method and device, computer equipment and storage medium | |
| CN116094848B (en) | Access control method, device, computer equipment and storage medium | |
| CN112580088B (en) | Data loading method, device, computer equipment and storage medium | |
| US11269986B2 (en) | Method for authenticating a program and corresponding integrated circuit | |
| CN109656948B (en) | Bitmap data processing method and device, computer equipment and storage medium | |
| CN111078370B (en) | Task execution method and device of fabric alliance chain and computer equipment | |
| CN108647516B (en) | Method and device for defending against illegal privilege escalation | |
| JP2018514860A (en) | Fine-grained memory protection to prevent memory overrun attacks | |
| CN110969430B (en) | Suspicious user identification method, suspicious user identification device, computer equipment and storage medium | |
| CN113342594B (en) | An industrial control host and a dynamic health evaluation method thereof | |
| CN111158701B (en) | Library module issuing method, device, equipment and storage medium | |
| CN110661765B (en) | Authorized network updating method and device, computer equipment and storage medium | |
| CN112685021A (en) | API (application program interface) generating method and device, computer equipment and storage medium | |
| CN112199678A (en) | An online forensics method, apparatus, computer equipment and readable storage medium | |
| CN118627114B (en) | Application file protection method, device, equipment, medium and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |