[go: up one dir, main page]

CN113438232B - Method and device for determining data authorization form, electronic equipment and storage medium - Google Patents

Method and device for determining data authorization form, electronic equipment and storage medium Download PDF

Info

Publication number
CN113438232B
CN113438232B CN202110702170.4A CN202110702170A CN113438232B CN 113438232 B CN113438232 B CN 113438232B CN 202110702170 A CN202110702170 A CN 202110702170A CN 113438232 B CN113438232 B CN 113438232B
Authority
CN
China
Prior art keywords
data
enterprise
authorization
authorized
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110702170.4A
Other languages
Chinese (zh)
Other versions
CN113438232A (en
Inventor
陈垚亮
徐晓旻
赵超毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rootcloud Technology Co Ltd
Original Assignee
Rootcloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rootcloud Technology Co Ltd filed Critical Rootcloud Technology Co Ltd
Priority to CN202110702170.4A priority Critical patent/CN113438232B/en
Publication of CN113438232A publication Critical patent/CN113438232A/en
Application granted granted Critical
Publication of CN113438232B publication Critical patent/CN113438232B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a method and a device for determining a data authorization form, electronic equipment and a storage medium, wherein a data authorization mode between an authority distribution enterprise and an enterprise to be authorized is determined in response to a data authorization instruction of the authority distribution enterprise; if the data authorization mode is the independent authorization mode, acquiring the data query quantity and the newly-added working condition data quantity of the enterprise to be authorized within a first preset time period; determining a data authorization form distributed to an enterprise to be authorized based on the data query quantity and the newly-added working condition data quantity; and adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount and the data attenuation time of the enterprise to be authorized and the real-time working condition data amount of the enterprise to be authorized in a second preset time period. Therefore, the data authorization form of the enterprise to be authorized can be real-time, a more appropriate data authorization form is distributed to the enterprise to be authorized, and the data sharing rate among the enterprises is improved.

Description

Method and device for determining data authorization form, electronic equipment and storage medium
Technical Field
The present application relates to the field of access control technologies, and in particular, to a method and an apparatus for determining a data authorization form, an electronic device, and a storage medium.
Background
With the rapid development of the cloud platform in the internet of things industry in recent years, a large number of enterprises report some data related to production and operation to the cloud platform for management and calculation. The cloud platform has professional personnel for maintenance, and enterprises only need to directly realize services on the interface, so that the operating cost of the enterprises is saved, and the working efficiency is greatly improved.
However, for each enterprise, its own data is usually stored in its own independent storage space, and when the requirements of joint analysis, authorization, access control and the like of data among multiple enterprises are involved, a complex authorization process needs to be performed among the enterprises, and if too many enterprises are involved, the authorization speed is slow, and further, the processing efficiency of the business is affected.
Disclosure of Invention
In view of this, an object of the present application is to provide a method, an apparatus, an electronic device, and a storage medium for determining a data authorization form, which can adjust a data authorization form between an authority distribution enterprise and an enterprise to be authorized in real time, and further, can allocate a more appropriate data authorization form for the enterprise to be authorized, thereby facilitating to increase a data sharing rate between enterprises.
The embodiment of the application provides a method for determining a data authorization form, which comprises the following steps:
responding to a data authorization instruction of an authority distribution enterprise, and determining a data authorization mode between the authority distribution enterprise and an enterprise to be authorized;
if the data authorization mode is an independent authorization mode, acquiring the data query quantity and the newly-added working condition data quantity of the enterprise to be authorized in a first preset time period;
determining a data authorization form distributed to the enterprise to be authorized based on the data query amount and the newly increased working condition data amount;
acquiring data analysis quantity and data attenuation time of the enterprise to be authorized and real-time working condition data quantity of the enterprise to be authorized in a second preset time period according to a preset time period;
and adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data attenuation time and the real-time working condition data amount.
Further, determining a data authorization mode between the authority distribution enterprise and the enterprise to be authorized by the following steps:
determining whether a shared data storage space exists between the authority allocation enterprise and the enterprise to be authorized;
If so, determining a data authorization mode between the authority distribution enterprise and the enterprise to be authorized as a general packet authorization mode;
if not, determining that the data authorization mode between the authority distribution enterprise and the enterprise to be authorized is an independent authorization mode.
Further, the determining, based on the data query amount and the newly added operating condition data amount, a data authorization form allocated to the enterprise to be authorized includes:
when the data query quantity is larger than the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a write-in authorization form;
and when the data query quantity is less than or equal to the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a reading authorization form.
Further, the adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data decay time and the real-time working condition data amount includes:
when the product of the data analysis amount and the data decay time is smaller than the real-time working condition data amount, adjusting the data authorization form to the reading authorization form;
And when the product of the data analysis amount and the data decay time is greater than or equal to the real-time working condition data amount, adjusting the data authorization form to the write authorization form.
Further, when the data authorization pattern is a total packet authorization pattern, the determining method further includes:
responding to a data query instruction of a data query enterprise, and determining a data storage space to which the data query enterprise belongs;
and acquiring corresponding query data from the data storage space to which the data query enterprise belongs according to the instruction of the data query instruction.
Further, when the data authorization mode is the independent authorization mode and the data authorization form is the write authorization form, the determining method further includes:
establishing an industrial chain platform between a data writing enterprise and a data reading enterprise;
and uploading the data write-in enterprise to write-in data in a data storage space to which the data write-in enterprise belongs through the industrial chain platform, and synchronizing the write-in data to a data storage space to which the data read enterprise belongs.
Further, when the data authorization mode is the independent authorization mode and the data authorization form is the read authorization form, the determining method further includes:
Responding to a data query instruction of a data acquisition enterprise, and verifying the enterprise identity of the data acquisition enterprise;
and when the data acquisition enterprise passes the verification, acquiring corresponding query data from the data storage space to which the enterprise to be acquired belongs according to the indication of the data query instruction.
An embodiment of the present application further provides a device for determining a data authorization form, where the device for determining a data authorization form includes:
the mode determining module is used for responding to a data authorization instruction of an authority distribution enterprise and determining a data authorization mode between the authority distribution enterprise and an enterprise to be authorized;
the first acquisition module is used for acquiring the data query volume and the newly-added working condition data volume of the enterprise to be authorized within a first preset time period if the data authorization mode is the independent authorization mode;
the form determination module is used for determining a data authorization form distributed to the enterprise to be authorized based on the data query quantity and the newly increased working condition data quantity;
the second acquisition module is used for acquiring the data analysis amount and the data attenuation time of the enterprise to be authorized and the real-time working condition data amount of the enterprise to be authorized in a second preset time period according to a preset time period;
And the form adjusting module is used for adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data decay time and the real-time working condition data amount.
Further, the mode determination module is configured to determine a data authorization mode between the permission distribution enterprise and the enterprise to be authorized by:
determining whether a shared data storage space exists between the authority distribution enterprise and the enterprise to be authorized;
if so, determining a data authorization mode between the authority distribution enterprise and the enterprise to be authorized as a general packet authorization mode;
if not, determining that the data authorization mode between the authority distribution enterprise and the enterprise to be authorized is an independent authorization mode.
Further, when the form determination module is configured to determine the data authorization form allocated to the enterprise to be authorized based on the data query amount and the newly added operating condition data amount, the form determination module is configured to:
when the data query quantity is larger than the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a write-in authorization form;
and when the data query quantity is less than or equal to the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a reading authorization form.
Further, when the form adjustment module is configured to adjust the data authorization form of the enterprise to be authorized based on the data analysis amount, the data decay time, and the real-time working condition data amount, the form adjustment module is configured to:
when the product of the data analysis amount and the data decay time is smaller than the real-time working condition data amount, adjusting the data authorization form to the reading authorization form;
and when the product of the data analysis amount and the data decay time is greater than or equal to the real-time working condition data amount, adjusting the data authorization form to the write authorization form.
Further, when the data authorization mode is the total packet authorization mode, the determining apparatus further includes a first query module, where the first query module is configured to:
responding to a data query instruction of a data query enterprise, and determining a data storage space to which the data query enterprise belongs;
and acquiring corresponding query data from the data storage space to which the data query enterprise belongs according to the instruction of the data query instruction.
Further, when the data authorization mode is the independent authorization mode and the data authorization form is the write authorization form, the determining device further includes a second query module, and the second query module is configured to:
Establishing an industrial chain platform between a data writing enterprise and a data reading enterprise;
and uploading the data writing enterprise to the writing data in the data storage space of the data writing enterprise through the industrial chain platform, and synchronizing the data to the data storage space of the data reading enterprise.
Further, when the data authorization mode is the independent authorization mode and the data authorization form is the read authorization form, the determining apparatus further includes a third query module, configured to:
responding to a data query instruction of a data acquisition enterprise, and verifying the enterprise identity of the data acquisition enterprise;
and when the data acquisition enterprise passes the verification, acquiring corresponding query data from the data storage space to which the enterprise to be acquired belongs according to the indication of the data query instruction.
An embodiment of the present application further provides an electronic device, including: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating over the bus when the electronic device is operating, the machine-readable instructions when executed by the processor performing the steps of the method of determining a form of data authorization as described above.
Embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the steps of the method for determining a data authorization form as described above.
The method, the device, the electronic equipment and the storage medium for determining the data authorization form respond to a data authorization instruction of an authority distribution enterprise, and determine a data authorization mode between the authority distribution enterprise and an enterprise to be authorized; if the data authorization mode is an independent authorization mode, acquiring the data query quantity and the newly-added working condition data quantity of the enterprise to be authorized in a first preset time period; determining a data authorization form distributed to the enterprise to be authorized based on the data query amount and the newly increased working condition data amount; acquiring data analysis quantity and data attenuation time of the enterprise to be authorized and real-time working condition data quantity of the enterprise to be authorized in a second preset time period according to a preset time period; and adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data attenuation time and the real-time working condition data amount. Therefore, the data authorization form between the authority distribution enterprise and the enterprise to be authorized can be adjusted in real time, and then a more appropriate data authorization form can be distributed to the enterprise to be authorized, so that the data sharing rate between the enterprises can be improved.
In order to make the aforementioned objects, features and advantages of the present application comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a flowchart of a method for determining a data authorization form according to an embodiment of the present application;
FIG. 2 is a flow chart of another method for determining a data authorization form provided by an embodiment of the present application;
FIG. 3 is a schematic diagram of an authorization form assignment flow;
fig. 4 is a schematic structural diagram of a device for determining a data authorization form according to an embodiment of the present application;
fig. 5 is a second schematic structural diagram of a device for determining a data authorization type according to an embodiment of the present application;
FIG. 6 is a diagram of a data authorization system architecture;
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, as generally described and illustrated in the figures herein, could be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, as presented in the figures, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. Every other embodiment that one skilled in the art can obtain without inventive effort based on the embodiments of the present application falls within the scope of protection of the present application.
Research shows that for each enterprise, the data of the enterprise is usually stored in a storage space independently owned by the enterprise, when requirements such as data joint analysis, authorization, access control and the like among multiple enterprises are involved, a complex authorization process needs to be carried out among the enterprises, and if the involved enterprises are excessive, the authorization speed is slow, so that the processing efficiency of the business is influenced.
Based on this, the embodiment of the application provides a method for determining a data authorization form, which can allocate a more appropriate data authorization form to an enterprise to be authorized, and is helpful for improving the data sharing rate between enterprises.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for determining a data authorization form according to an embodiment of the present disclosure. As shown in fig. 1, a method for determining a data authorization form provided in an embodiment of the present application includes:
s101, responding to a data authorization instruction of an authority distribution enterprise, and determining a data authorization mode between the authority distribution enterprise and an enterprise to be authorized.
In this step, when the authority distribution enterprise authorizes the enterprise to be authorized in a cross-enterprise manner, a data authorization model between the authority distribution enterprise and the enterprise to be authorized is determined, where the data authorization model includes any one of a total package authorization mode and an independent authorization mode, and the independent authorization mode includes a write authorization form and a read authorization form, which are two data authorization forms.
S102, if the data authorization mode is an independent authorization mode, acquiring the data query quantity and the newly-added working condition data quantity of the enterprise to be authorized in a first preset time period.
In this step, if it is determined that the data authorization mode between the enterprises to be authorized is the independent authorization mode, the data query volume and the newly-added working condition data volume of the enterprises to be authorized within a first preset time period are obtained.
The data query quantity refers to the queried quantity of data information uploaded/written into a storage space by the enterprise to be authorized in a preset time period; the newly-added working condition data volume refers to the quantity of data information uploaded/written into the storage space by the enterprises to be authorized in a first preset time period.
The first preset time period may be a previous time period from the current time.
S103, determining a data authorization form distributed to the enterprise to be authorized based on the data query amount and the newly added working condition data amount.
In this step, after the data query quantity and the newly added working condition data quantity between the authority distribution enterprise and the enterprise to be authorized are acquired, a data authorization form suitable for being distributed to the enterprise to be authorized is determined based on the acquired data query quantity and the newly added working condition data quantity.
Therefore, the data query quantity and the newly-added working condition data quantity between the authority distribution enterprise and the enterprise to be authorized can be comprehensively considered, and the data authorization form more suitable for the enterprise to be authorized is determined.
And S104, acquiring the data analysis amount and the data attenuation time of the enterprises to be authorized and the real-time working condition data amount between the enterprises to be authorized in a second preset time period according to a preset time period.
In the step, according to a preset time period, acquiring self data analysis amount and data attenuation time preset by the enterprise to be authorized during registration, and simultaneously acquiring real-time working condition data amount of the enterprise to be authorized in a second preset time period.
And S105, adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data decay time and the real-time working condition data amount.
In this step, after the data analysis amount, the data decay time, and the real-time working condition data amount between the authority distribution enterprise and the enterprise to be authorized are obtained, the data authorization form of the enterprise to be authorized is adjusted based on the data analysis amount, the data decay time, and the real-time working condition data amount, for example, the data authorization form of the enterprise to be authorized can be adjusted from a write authorization form to a read authorization form according to the above information; or the data authorization form of the enterprise to be authorized is adjusted from the reading authorization form to the writing authorization form.
Therefore, the data authorization form of the enterprise to be authorized can be periodically adjusted according to the information such as the data amount (including the data analysis amount and the real-time working condition data amount) between the enterprise to be authorized and the enterprise to be authorized, and therefore each enterprise to be authorized can have a more adaptive data authorization form.
The method for determining the data authorization form, provided by the embodiment of the application, is used for determining the data authorization mode of the enterprise to be authorized in response to the data authorization instruction of the authority allocation enterprise; if the data authorization mode is an independent authorization mode, acquiring the data query quantity and the newly-added working condition data quantity of the enterprise to be authorized within a first preset time period; determining a data authorization form distributed to the enterprise to be authorized based on the data query quantity and the newly increased working condition data quantity; acquiring data analysis amount and data attenuation time of the enterprise to be authorized and real-time working condition data amount of the enterprise to be authorized in a second preset time period according to a preset time period; and adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data attenuation time and the real-time working condition data amount. Therefore, the data authorization form between the authority distribution enterprise and the enterprise to be authorized can be adjusted in real time, and a more appropriate data authorization form can be distributed to the enterprise to be authorized, so that the data sharing rate between the enterprises is improved.
Referring to fig. 2, fig. 2 is a flowchart of another method for determining a data authorization form according to an embodiment of the present application. As shown in fig. 2, a method for determining a data authorization form provided in an embodiment of the present application includes:
s201, responding to a data authorization instruction of an authority distribution enterprise, and determining a data authorization mode between the authority distribution enterprise and an enterprise to be authorized.
S202, if the data authorization mode is an independent authorization mode, acquiring the data query quantity and the newly-added working condition data quantity of the enterprise to be authorized in a first preset time period.
S203, when the data query quantity is larger than the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a write authorization form.
In the step, the obtained data query quantity and the newly added working condition data quantity are compared, and when the data query quantity is larger than the newly added working condition data quantity, the data authorization form distributed to the enterprise to be authorized is determined to be a write authorization form.
And S204, when the data query quantity is less than or equal to the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a reading authorization form.
In the step, the obtained data query quantity and the newly added working condition data quantity are compared, and when the data query quantity is smaller than or equal to the newly added working condition data quantity, the data authorization form distributed to the enterprise to be authorized is determined to be a write authorization form.
S205, acquiring the data analysis amount and the data attenuation time of the enterprise to be authorized and the real-time working condition data amount of the enterprise to be authorized in a second preset time period according to a preset time period.
S206, adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data decay time and the real-time working condition data amount.
The descriptions of S201 to S202 and S205 to S206 may refer to the descriptions of S101 to S102 and S104 to S105, and the same technical effects can be achieved, which is not described in detail herein.
Further, determining a data authorization mode between the authority distribution enterprise and the enterprise to be authorized by the following steps: determining whether a shared data storage space exists between the authority allocation enterprise and the enterprise to be authorized; if so, determining that a data authorization mode between the authority distribution enterprise and the enterprise to be authorized is a general packet authorization mode; if not, determining that the data authorization mode between the authority distribution enterprise and the enterprise to be authorized is an independent authorization mode.
In this step, it is determined whether a shared data storage space exists between the authority distribution enterprise and the enterprise to be authorized, where the data storage space is applied by the authority distribution enterprise or the enterprise to be authorized during registration.
And if a shared data storage space exists between the authority distribution enterprise and the enterprise to be authorized, determining that a data authorization mode between the authority distribution enterprise and the enterprise to be authorized is a general packet authorization mode.
Here, the total package authorization schema is an authorization policy performed for the total package enterprise. Taking an authority distribution enterprise as a general packet enterprise and an enterprise to be authorized as an execution enterprise as an example, the general packet enterprise refers to a leader enterprise in charge of a project, the project comprises a plurality of subdivision projects, the general packet enterprise correspondingly distributes the plurality of subdivision projects to different execution enterprises, and the general packet enterprise has the authority to manage the execution enterprises in the project. If the total package enterprise subscribes to a data storage space, the data information of the total package enterprise and the executive enterprise are all located in the data storage space.
In summary, the total package authorization mode requires that the data information of the total package enterprise and the execution enterprise is stored in a shared data storage space, so that the total package enterprise can perform flexible global statistics and collaboration on each execution enterprise, and flexibly allocate the data authorization form of each execution enterprise.
And if the shared data storage space does not exist between the authority distribution enterprise and the enterprise to be authorized, determining that the data authorization mode between the authority distribution enterprise and the enterprise to be authorized is an independent authorization mode.
At this time, the data information of the authority allocation enterprise and the data information of the enterprise to be authorized are respectively stored in the data storage spaces to which the authority allocation enterprise and the enterprise to be authorized belong.
Further, step S206 includes: when the product of the data analysis amount and the data decay time is smaller than the real-time working condition data amount, adjusting the data authorization form to the reading authorization form; and when the product of the data analysis amount and the data decay time is greater than or equal to the real-time working condition data amount, adjusting the data authorization form to the write authorization form.
In this step, when the product of the obtained data analysis amount and the data decay time is smaller than the obtained real-time working condition data amount, the data authorization form of the enterprise to be authorized is adjusted to the read authorization form, and if the original data authorization form of the enterprise to be authorized is the read authorization form, the data authorization form of the enterprise to be authorized does not need to be adjusted.
When the product of the obtained data analysis amount and the data attenuation time is larger than or equal to the obtained real-time working condition data amount, the data authorization form of the enterprise to be authorized is adjusted to the write authorization form, and if the original data authorization form of the enterprise to be authorized is the write authorization form, the data authorization form of the enterprise to be authorized does not need to be adjusted.
Further, when the data authorization pattern is a total packet authorization pattern, the determining method further includes: responding to a data query instruction of a data query enterprise, and determining a data storage space to which the data query enterprise belongs; and acquiring corresponding query data from the data storage space to which the data query enterprise belongs according to the instruction of the data query instruction.
In this step, when the data authorization mode between two or more enterprises is the general packet authorization mode, and if data acquisition is required between two or more enterprises, the data storage space to which the data query enterprise belongs is determined in response to the data query instruction of the data query enterprise querying the data. And acquiring data which the data query enterprise wants to query from the data storage space to which the data query enterprise belongs according to the indication of the data query instruction.
Further, when the data authorization mode is the independent authorization mode and the data authorization form is the write authorization form, the determining method further includes: establishing an industrial chain platform between a data writing enterprise and a data reading enterprise; and uploading the data writing enterprise to the writing data in the data storage space of the data writing enterprise through the industrial chain platform, and synchronizing the data to the data storage space of the data reading enterprise.
In the step, when a data authorization mode between two or more enterprises is an independent authorization mode and the data authorization mode is a write-in authorization mode, if data acquisition is required between the two or more enterprises, determining a data write-in enterprise and a data read enterprise, and establishing an industrial chain platform between the data write-in enterprise and the data read enterprise; and synchronizing the write-in data uploaded to the data storage space to which the data write-in enterprise belongs by the data write-in enterprise to the data storage space to which the data reading enterprise belongs through the established industrial chain platform, wherein at the moment, the data reading enterprise can read the data information uploaded by the data write-in enterprise.
Further, when the data authorization mode is the independent authorization mode and the data authorization form is the read authorization form, the determining method further includes: responding to a data query instruction of a data acquisition enterprise, and verifying the enterprise identity of the data acquisition enterprise; and when the data acquisition enterprise passes the verification, acquiring corresponding query data from the data storage space to which the enterprise to be acquired belongs according to the indication of the data query instruction.
In this step, when the data authorization mode between two or more enterprises is an independent authorization mode and the data authorization mode is a read authorization mode, if data acquisition is required between two or more enterprises, the enterprise identity of the data acquisition enterprise is verified in response to a data query instruction sent by the data acquisition enterprise, specifically, enterprise information and the like of the data acquisition enterprise can be acquired, whether the data acquisition enterprise has the authority to acquire the data information of the enterprise to be acquired is determined, if the data acquisition enterprise passes the verification, that is, the data acquisition enterprise has the authority to acquire the data information of the enterprise to be acquired, and corresponding query data which the data acquisition enterprise wants to acquire is acquired from the data storage space to which the enterprise to be acquired belongs is acquired according to the instruction of the data query instruction.
Illustratively, as shown in fig. 3, fig. 3 is a schematic diagram of an authorization form distribution process.
Step 301: responding to a data authorization instruction of the authority distribution enterprise, and starting to distribute authorization forms;
step 302: determining whether a shared data storage space exists between the authority distribution enterprise and the enterprise to be authorized, if so, executing step 303; if not, go to step 304;
step 303: determining a data authorization mode between an authority distribution enterprise and an enterprise to be authorized as a general packet authorization mode;
step 304: determining the relation between the data query quantity of an enterprise to be authorized and the newly-added working condition data quantity; when the data query quantity is larger than the newly-added working condition data quantity, executing a step 305; otherwise, go to step 306;
step 305: determining a data authorization form between the authority distribution enterprise and the enterprise to be authorized as a write authorization form;
step 306: determining a data authorization form between the authority distribution enterprise and the enterprise to be authorized as a reading authorization form;
step 307: and acquiring the data analysis amount and the data attenuation time of the enterprise to be authorized and the real-time working condition data amount of the enterprise to be authorized in a second preset time period, and adjusting the data authorization form of the enterprise to be authorized.
The method for determining the data authorization form, provided by the embodiment of the application, is used for determining a data authorization mode between an authority distribution enterprise and an enterprise to be authorized in response to a data authorization instruction of the authority distribution enterprise; if the data authorization mode is an independent authorization mode, acquiring the data query quantity and the newly-added working condition data quantity of the enterprise to be authorized in a first preset time period; when the data query quantity is larger than the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a write-in authorization form; when the data query quantity is smaller than or equal to the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a reading authorization form; acquiring data analysis quantity and data attenuation time of the enterprise to be authorized and real-time working condition data quantity of the enterprise to be authorized in a second preset time period according to a preset time period; and adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data attenuation time and the real-time working condition data amount. Therefore, the data authorization form between the authority distribution enterprise and the enterprise to be authorized can be adjusted in real time, and then a more appropriate data authorization form can be distributed to the enterprise to be authorized, so that the data sharing rate between the enterprises can be improved.
Referring to fig. 4 and 5, fig. 4 is a first schematic structural diagram of a device for determining a data authorization form provided in an embodiment of the present application, and fig. 5 is a second schematic structural diagram of the device for determining a data authorization form provided in the embodiment of the present application. As shown in fig. 4, the determining means 400 includes:
the mode determining module 410 is configured to determine a data authorization mode between an authority distribution enterprise and an enterprise to be authorized in response to a data authorization instruction of the authority distribution enterprise;
a first obtaining module 420, configured to obtain, if the data authorization mode is an independent authorization mode, a data query volume and a newly-added working condition data volume of the enterprise to be authorized within a first preset time period;
the form determining module 430 is configured to determine, based on the data query quantity and the newly-added working condition data quantity, a data authorization form allocated to the enterprise to be authorized;
the second obtaining module 440 is configured to obtain, according to a preset time period, a data analysis amount and a data decay time of the enterprise to be authorized, and a real-time working condition data amount of the enterprise to be authorized in a second preset time period;
and a form adjusting module 450, configured to adjust a data authorization form of the enterprise to be authorized based on the data analysis amount, the data decay time, and the real-time working condition data amount.
Further, as shown in fig. 5, when the data authorization mode is the total packet authorization mode, the determining apparatus further includes a first query module 460, where the first query module 460 is configured to:
responding to a data query instruction of a data query enterprise, and determining a data storage space to which the data query enterprise belongs;
and acquiring corresponding query data from the data storage space to which the data query enterprise belongs according to the instruction of the data query instruction.
Further, as shown in fig. 5, when the data authorization mode is the independent authorization mode and the data authorization form is the write authorization form, the determining apparatus 400 further includes a second querying module 470, where the second querying module 470 is configured to:
establishing an industrial chain platform between a data writing enterprise and a data reading enterprise;
and uploading the data write-in enterprise to write-in data in a data storage space to which the data write-in enterprise belongs through the industrial chain platform, and synchronizing the write-in data to a data storage space to which the data read enterprise belongs.
Further, as shown in fig. 5, when the data authorization mode is the independent authorization mode and the data authorization form is the read authorization form, the determining apparatus 400 further includes a third query module 480, where the third query module 480 is configured to:
Responding to a data query instruction of a data acquisition enterprise, and verifying the enterprise identity of the data acquisition enterprise;
and when the data acquisition enterprise passes the verification, acquiring corresponding query data from the data storage space to which the enterprise to be acquired belongs according to the indication of the data query instruction.
Further, the pattern determination module 410 is configured to determine a data authorization pattern between the rights assignment enterprise and the enterprise to be authorized by:
determining whether a shared data storage space exists between the authority distribution enterprise and the enterprise to be authorized;
if so, determining a data authorization mode between the authority distribution enterprise and the enterprise to be authorized as a general packet authorization mode;
if not, determining that the data authorization mode between the authority distribution enterprise and the enterprise to be authorized is an independent authorization mode.
Further, when the form determining module 430 is configured to determine the data authorization form allocated to the enterprise to be authorized based on the data query amount and the new operating condition data amount, the form determining module 430 is configured to:
when the data query quantity is larger than the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a write-in authorization form;
And when the data query quantity is less than or equal to the newly-increased working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a reading authorization form.
Further, when the form adjusting module 450 is configured to adjust the data authorization form of the enterprise to be authorized based on the data analysis amount, the data decay time, and the real-time working condition data amount, the form adjusting module 450 is configured to:
when the product of the data analysis amount and the data decay time is smaller than the real-time working condition data amount, adjusting the data authorization form into the reading authorization form;
and when the product of the data analysis amount and the data decay time is greater than or equal to the real-time working condition data amount, adjusting the data authorization form to the write authorization form.
The device for determining the data authorization form, provided by the embodiment of the application, responds to a data authorization instruction of an authority distribution enterprise, and determines a data authorization mode between the authority distribution enterprise and an enterprise to be authorized; if the data authorization mode is an independent authorization mode, acquiring the data query quantity and the newly-added working condition data quantity of the enterprise to be authorized in a first preset time period; determining a data authorization form distributed to the enterprise to be authorized based on the data query quantity and the newly increased working condition data quantity; acquiring data analysis quantity and data attenuation time of the enterprise to be authorized and real-time working condition data quantity of the enterprise to be authorized in a second preset time period according to a preset time period; and adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data attenuation time and the real-time working condition data amount. Therefore, the data authorization form between the authority distribution enterprise and the enterprise to be authorized can be adjusted in real time, and then a more appropriate data authorization form can be distributed to the enterprise to be authorized, so that the data sharing rate between the enterprises can be improved.
Further, as shown in fig. 6, fig. 6 is a schematic diagram of a data authorization system architecture. The data authorization system comprises at least one authority distribution enterprise, an application used by the authority distribution enterprise, at least one enterprise to be authorized and a data authorization form determining device;
the method comprises the steps that the authority distribution enterprise uploads self data to a determining device through application, when data authorization is needed between the authority distribution enterprise and an enterprise to be authorized, the determining device can distribute a proper data authorization mode and/or a proper data authorization form to the enterprise to be authorized according to data query quantity and newly-added working condition data quantity of the enterprise to be authorized, and specifically, firstly, whether the enterprise to be authorized is suitable for a total package authorization mode or an independent authorization mode is determined; secondly, when the data authorization mode of the enterprise to be authorized is an independent authorization form, determining whether the data authorization form of the enterprise to be authorized is a write authorization form or a read authorization form; and when the data authorization mode of the enterprise to be authorized is the independent authorization mode, the data authorization mode of the enterprise to be authorized can be adjusted in real time through the mode adjusting module in the determining device.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 7, the electronic device 700 includes a processor 710, a memory 720, and a bus 730.
The memory 720 stores machine-readable instructions executable by the processor 710, when the electronic device 700 runs, the processor 710 and the memory 720 communicate through the bus 730, and when the machine-readable instructions are executed by the processor 710, the steps of the method for determining a data authorization form in the method embodiments shown in fig. 1 and fig. 2 may be executed.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the step of determining the data authorization form in the method embodiments shown in fig. 1 and fig. 2 may be executed.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be through some communication interfaces, indirect coupling or communication connection between devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in software functional units and sold or used as a stand-alone product, may be stored in a non-transitory computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used to illustrate the technical solutions of the present application, but not to limit the technical solutions, and the scope of the present application is not limited to the above-mentioned embodiments, although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: those skilled in the art can still make modifications or changes to the embodiments described in the foregoing embodiments, or make equivalent substitutions for some features, within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present application and are intended to be covered by the appended claims. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (9)

1. A method for determining a form of data authorization, the method comprising:
responding to a data authorization instruction of a permission distribution enterprise, and determining a data authorization mode between the permission distribution enterprise and an enterprise to be authorized;
if the data authorization mode is an independent authorization mode, acquiring the data query quantity and the newly-added working condition data quantity of the enterprise to be authorized within a first preset time period;
Determining a data authorization form distributed to the enterprise to be authorized based on the data query quantity and the newly increased working condition data quantity; wherein the data authorization forms comprise a write authorization form and a read authorization form;
acquiring data analysis quantity and data attenuation time of the enterprise to be authorized and real-time working condition data quantity of the enterprise to be authorized in a second preset time period according to a preset time period;
adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data attenuation time and the real-time working condition data amount;
wherein a data authorization schema between the rights assignment enterprise and the enterprise to be authorized is determined by:
determining whether a shared data storage space exists between the authority allocation enterprise and the enterprise to be authorized;
if so, determining that a data authorization mode between the authority distribution enterprise and the enterprise to be authorized is a general packet authorization mode;
if not, determining that the data authorization mode between the authority distribution enterprise and the enterprise to be authorized is an independent authorization mode.
2. The determination method according to claim 1, wherein the determining, based on the data query quantity and the newly added operating condition data quantity, a data authorization form assigned to the enterprise to be authorized comprises:
When the data query quantity is larger than the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a write-in authorization form;
and when the data query quantity is less than or equal to the newly-added working condition data quantity, determining that the data authorization form distributed to the enterprise to be authorized is a reading authorization form.
3. The determination method according to claim 2, wherein the adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data decay time and the real-time working condition data amount comprises:
when the product of the data analysis amount and the data decay time is smaller than the real-time working condition data amount, adjusting the data authorization form to the reading authorization form;
and when the product of the data analysis amount and the data decay time is greater than or equal to the real-time working condition data amount, adjusting the data authorization form to the write authorization form.
4. The method of claim 1, wherein when the data authorization pattern is a general packet authorization pattern, the method further comprises:
responding to a data query instruction of a data query enterprise, and determining a data storage space to which the data query enterprise belongs;
And acquiring corresponding query data from the data storage space to which the data query enterprise belongs according to the instruction of the data query instruction.
5. The method of claim 2, wherein when the data authorization schema is an independent authorization schema and the data authorization form is a write authorization form, the method further comprises:
establishing an industrial chain platform between a data writing enterprise and a data reading enterprise;
and uploading the data writing enterprise to the writing data in the data storage space of the data writing enterprise through the industrial chain platform, and synchronizing the data to the data storage space of the data reading enterprise.
6. The method of claim 2, wherein when the data authorization schema is a standalone authorization schema and the data authorization form is a read authorization form, the method further comprises:
responding to a data query instruction of a data acquisition enterprise, and verifying the enterprise identity of the data acquisition enterprise;
and when the data acquisition enterprise passes the verification, acquiring corresponding query data from the data storage space to which the enterprise to be acquired belongs according to the indication of the data query instruction.
7. An apparatus for determining a form of data authorization, the apparatus comprising:
the mode determining module is used for responding to a data authorization instruction of an authority distribution enterprise and determining a data authorization mode between the authority distribution enterprise and an enterprise to be authorized;
the first acquisition module is used for acquiring the data query volume and the newly-added working condition data volume of the enterprise to be authorized within a first preset time period if the data authorization mode is an independent authorization mode;
the form determination module is used for determining a data authorization form distributed to the enterprise to be authorized based on the data query quantity and the newly increased working condition data quantity; wherein the data authorization forms comprise a write authorization form and a read authorization form;
the second acquisition module is used for acquiring the data analysis amount and the data attenuation time of the enterprise to be authorized and the real-time working condition data amount of the enterprise to be authorized in a second preset time period according to a preset time period;
the form adjusting module is used for adjusting the data authorization form of the enterprise to be authorized based on the data analysis amount, the data decay time and the real-time working condition data amount;
The mode determination module is used for determining the data authorization mode between the authority distribution enterprise and the enterprise to be authorized by the following steps:
determining whether a shared data storage space exists between the authority distribution enterprise and the enterprise to be authorized;
if so, determining a data authorization mode between the authority distribution enterprise and the enterprise to be authorized as a general packet authorization mode;
if not, determining that the data authorization mode between the authority distribution enterprise and the enterprise to be authorized is an independent authorization mode.
8. An electronic device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating over the bus when the electronic device is operating, the machine-readable instructions when executed by the processor performing the steps of the method of determining a form of data authorization according to any of claims 1 to 6.
9. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, performs the steps of the method for determining a form of data authorization according to any one of claims 1 to 6.
CN202110702170.4A 2021-06-24 2021-06-24 Method and device for determining data authorization form, electronic equipment and storage medium Active CN113438232B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110702170.4A CN113438232B (en) 2021-06-24 2021-06-24 Method and device for determining data authorization form, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110702170.4A CN113438232B (en) 2021-06-24 2021-06-24 Method and device for determining data authorization form, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113438232A CN113438232A (en) 2021-09-24
CN113438232B true CN113438232B (en) 2022-06-28

Family

ID=77753787

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110702170.4A Active CN113438232B (en) 2021-06-24 2021-06-24 Method and device for determining data authorization form, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113438232B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685291A (en) * 2013-12-20 2014-03-26 代玉松 Data authorization certification system and method among enterprises based on cloud service
CN110247927A (en) * 2019-06-28 2019-09-17 北京金山云网络技术有限公司 A kind of right management method and device of cloud computing resources

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108319507A (en) * 2017-01-17 2018-07-24 阿里巴巴集团控股有限公司 The acquisition methods and device of group information, interactive system
US11632373B2 (en) * 2019-06-18 2023-04-18 Microsoft Technology Licensing, Llc Activity based authorization for accessing and operating enterprise infrastructure
US11206249B2 (en) * 2019-07-26 2021-12-21 International Business Machines Corporation Enterprise workspaces

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685291A (en) * 2013-12-20 2014-03-26 代玉松 Data authorization certification system and method among enterprises based on cloud service
CN110247927A (en) * 2019-06-28 2019-09-17 北京金山云网络技术有限公司 A kind of right management method and device of cloud computing resources

Also Published As

Publication number Publication date
CN113438232A (en) 2021-09-24

Similar Documents

Publication Publication Date Title
CN112346859B (en) Resource scheduling method and device, electronic equipment and storage medium
CN111131063B (en) Flow control method, related device, equipment and storage medium
US9600343B2 (en) System and method for analyzing computing system resources
CN110597858A (en) Task data processing method, device, computer equipment and storage medium
US9588813B1 (en) Determining cost of service call
US8910128B2 (en) Methods and apparatus for application performance and capacity analysis
CN103593246A (en) Communication method between virtual machine and host machine, host machine and virtual machine system
US10579567B2 (en) Queue depth management for host systems accessing a peripheral component interconnect express (PCIe) device via a PCIe switch
US20130282354A1 (en) Generating load scenarios based on real user behavior
CN114185675A (en) Resource management method, device, electronic device and storage medium
CN109240914B (en) Monitoring management method for security test task and terminal equipment
CN113438232B (en) Method and device for determining data authorization form, electronic equipment and storage medium
US10365952B2 (en) Load distribution system, apparatus, and method
CN114124937A (en) Automatic distributed cloud storage scheduling interaction method, device and equipment
US10963303B2 (en) Independent storage and processing of data with centralized event control
CN118394468A (en) Task scheduling method, system and computing device
CN104394232A (en) Independent management and concentrated management method of cloud equipment
CN112685778A (en) Data storage method and device
CN117112268A (en) Memory sharing management method and system
CN105930216A (en) Automatic scheduling method and system for electronic signature system and server
US20160139940A1 (en) Systems and methods for creating virtual machine
CN117093375A (en) Server scheduling method, device, equipment and storage medium
CN104657534B (en) For reporting the method and system of the actual kinetic energy of multi-part finite element analysis model
EP3166027A1 (en) Method and apparatus for determining hot page in database
CN120104325A (en) Resource processing method and device of cloud service platform and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant