[go: up one dir, main page]

CN118839379A - Service data authority management method and device, terminal equipment and storage medium - Google Patents

Service data authority management method and device, terminal equipment and storage medium Download PDF

Info

Publication number
CN118839379A
CN118839379A CN202411320902.3A CN202411320902A CN118839379A CN 118839379 A CN118839379 A CN 118839379A CN 202411320902 A CN202411320902 A CN 202411320902A CN 118839379 A CN118839379 A CN 118839379A
Authority
CN
China
Prior art keywords
metadata
information
data source
data
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202411320902.3A
Other languages
Chinese (zh)
Other versions
CN118839379B (en
Inventor
曾小易
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Jincheng Bank Ltd By Share Ltd
Original Assignee
Tianjin Jincheng Bank Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Jincheng Bank Ltd By Share Ltd filed Critical Tianjin Jincheng Bank Ltd By Share Ltd
Priority to CN202411320902.3A priority Critical patent/CN118839379B/en
Publication of CN118839379A publication Critical patent/CN118839379A/en
Application granted granted Critical
Publication of CN118839379B publication Critical patent/CN118839379B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本申请涉及数据管理技术领域,尤其涉及一种业务数据权限管理方法、装置、终端设备及存储介质。该方法包括:根据配置的每个数据源信息分别采集对应数据源业务系统中业务数据对应的元数据,得到元数据集合。根据选择的元数据粒度、业务线管理架构信息、组织管理结构信息,对元数据粒度对应的单位元数据标注所归属的业务类别,得到单位元数据的业务归属标签,并为单位元数据标注对应的业务数据权限管理人;根据用户选择的单位元数据配置其对应的业务数据的访问权限请求信息;根据访问权限请求信息,向单位元数据标注的业务数据权限管理人以及对应的数据源业务系统的权限管理单元,可以有效解决多个业务系统中业务数据权限管理问题等。

The present application relates to the field of data management technology, and in particular to a business data rights management method, apparatus, terminal device and storage medium. The method comprises: collecting metadata corresponding to business data in the corresponding data source business system according to each configured data source information, and obtaining a metadata set. According to the selected metadata granularity, business line management architecture information, and organizational management structure information, the business category to which the unit metadata corresponding to the metadata granularity belongs is annotated to obtain a business attribution label for the unit metadata, and the corresponding business data rights manager is annotated for the unit metadata; the access permission request information of the corresponding business data is configured according to the unit metadata selected by the user; according to the access permission request information, the business data rights manager annotated with the unit metadata and the rights management unit of the corresponding data source business system are sent to effectively solve the business data rights management problems in multiple business systems, etc.

Description

一种业务数据权限管理方法、装置、终端设备及存储介质A business data rights management method, device, terminal equipment and storage medium

技术领域Technical Field

本申请涉及数据管理技术领域,尤其涉及一种业务数据权限管理方法、装置、终端设备及存储介质。The present application relates to the field of data management technology, and in particular to a business data authority management method, apparatus, terminal device and storage medium.

背景技术Background Art

业务分析人员需要获取各个业务系统的业务数据,以用于分析业务情况。例如,业务分析人员需要提前根据业务种类收集对应业务数据的库、表的元数据,供业务分析人员一览该业务种类的数据结构情况,然后依据业务需求,根据元数据选择采集对应的目标业务数据。Business analysts need to obtain business data from various business systems to analyze business situations. For example, business analysts need to collect metadata of the corresponding business data libraries and tables in advance according to the business type, so that business analysts can have an overview of the data structure of the business type, and then select and collect the corresponding target business data based on the metadata according to business needs.

但是业务系统中包含的业务数据种类众多,而且各种业务数据的使用对象不同,可读取数据范围不同。总之,由于业务系统多且各个业务系统均有权限设置,所以业务分析人员很难逐个查看每个业务系统,并获取对应的业务数据。However, there are many types of business data contained in the business system, and the users of various business data are different, and the data range that can be read is different. In short, due to the large number of business systems and the permission settings of each business system, it is difficult for business analysts to check each business system one by one and obtain the corresponding business data.

由此现有技术中急需一种权限管理平台。Therefore, there is an urgent need for a rights management platform in the prior art.

发明内容Summary of the invention

有鉴于此,本申请实施例提供一种业务数据权限管理方法、装置、终端设备及存储介质,可以有效解决多个业务系统中业务数据权限管理问题等。In view of this, the embodiments of the present application provide a business data authority management method, apparatus, terminal device and storage medium, which can effectively solve business data authority management problems in multiple business systems.

第一方面,本申请实施例提供一种业务数据权限管理方法,包括:In a first aspect, an embodiment of the present application provides a business data rights management method, including:

接收用户配置的每个待采集元数据的数据源信息;Receive data source information of each metadata to be collected configured by the user;

获取每个所述数据源信息采集对应数据源业务系统中业务数据对应的元数据,得到元数据集合,所述元数据集合用于配置对应业务数据的访问权限;Obtain metadata corresponding to business data in the business system of the corresponding data source information collection for each of the data source information to obtain a metadata set, wherein the metadata set is used to configure access rights for the corresponding business data;

根据选择的元数据粒度、业务线管理架构信息、组织管理结构信息,对所述元数据粒度对应的单位元数据标注所归属的业务类别,得到所述单位元数据的业务归属标签,并为所述单位元数据标注对应的业务数据权限管理人;According to the selected metadata granularity, business line management architecture information, and organizational management structure information, the business category to which the unit metadata corresponding to the metadata granularity belongs is marked to obtain a business attribution label for the unit metadata, and the corresponding business data authority manager is marked for the unit metadata;

根据用户选择的所述单位元数据配置其对应的业务数据的访问权限请求信息;According to the unit metadata selected by the user, configure the access permission request information of the corresponding business data;

根据所述访问权限请求信息,向所述单位元数据标注的业务数据权限管理人以及对应的数据源业务系统的权限管理单元,获取对应的业务数据的访问权限。According to the access permission request information, the access permission of the corresponding business data is obtained from the business data permission manager annotated in the unit metadata and the permission management unit of the corresponding data source business system.

在一些实施例中,所述数据源信息包括:数据源ID、目标数据库类型、Java数据库连接、账号、密码和目标数据库名称;In some embodiments, the data source information includes: data source ID, target database type, Java database connection, account number, password and target database name;

所述接收用户配置的每个待采集元数据的数据源信息,根据每个所述数据源信息采集对应数据源业务系统中业务数据对应的元数据,得到元数据集合,包括:The receiving of data source information of each metadata to be collected configured by the user, and collecting metadata corresponding to the business data in the corresponding data source business system according to each data source information, to obtain a metadata set, includes:

接收用户通过配置页面配置的所述数据源信息;Receiving the data source information configured by the user through the configuration page;

根据每个所述数据源信息中的目标数据库类型,确定所述目标数据库类型对应的元数据采集方法;利用所述元数据采集方法根据所述Java数据库连接、所述账号和所述密码,访问对应的源数据系统并采集对应的元数据,并利用所述数据源ID标记所述元数据,得到所述元数据集合。According to the target database type in each of the data source information, determine the metadata collection method corresponding to the target database type; use the metadata collection method to access the corresponding source data system and collect the corresponding metadata according to the Java database connection, the account number and the password, and use the data source ID to mark the metadata to obtain the metadata set.

在一些实施例中,所述根据每个所述数据源信息中的目标数据库类型,确定所述目标数据库类型对应的元数据采集方法,包括:In some embodiments, determining the metadata collection method corresponding to the target database type according to the target database type in each data source information includes:

根据每个数据库类型构建每个对应的定时任务;Build each corresponding scheduled task according to each database type;

在执行每个所述定时任务时,扫描已配置好的所述数据源信息,并采用与所述数据库类型匹配的元数据采集方法进行采集元数据。When executing each of the scheduled tasks, the configured data source information is scanned, and metadata is collected using a metadata collection method that matches the database type.

在一些实施例中,所述访问权限请求信息包括:数据源id、数据库类型、用户信息、单位元数据、访问权限类型和权限有效期;In some embodiments, the access permission request information includes: data source ID, database type, user information, unit metadata, access permission type and permission validity period;

所述根据用户选择的所述单位元数据配置其对应的业务数据的访问权限请求信息,包括:The configuring the access permission request information of the corresponding business data according to the unit metadata selected by the user includes:

根据每个数据源ID将所述元数据集合中的每条单位元数据进行展示在元数据浏览页面上;Displaying each unit metadata in the metadata set on a metadata browsing page according to each data source ID;

接收用户在所述元数据浏览页面上选择的目标单位元数据,获取所述目标单位元数据对应的数据源id和数据库类型,以及获取根据所述目标单位元数据配置的访问权限类型、权限有效期以及用户信息,得到所述访问权限请求信息。Receive the target unit metadata selected by the user on the metadata browsing page, obtain the data source ID and database type corresponding to the target unit metadata, and obtain the access permission type, permission validity period and user information configured according to the target unit metadata to obtain the access permission request information.

在一些实施例中,所述访问权限请求信息还包括:是否删除标记;In some embodiments, the access permission request information further includes: whether to delete a mark;

所述方法还包括:采用定时同步任务扫描每个标准访问权限信息中的权限有效期是否到期,其中,所述标准访问权限信息为已经得到授权的所述访问权限请求信息;将根据所述权限有效期确定的已经到期的标准访问权限信息中的是否删除标记更新为是,并将对应的所述访问权限信息同步至对应的数据源业务系统的权限管理单元,以供所述权限管理单元删除所述标准访问权限信息;同时将本地存储的到期的所述标准访问权限信息进行删除。The method also includes: using a scheduled synchronization task to scan whether the validity period of the permission in each standard access permission information has expired, wherein the standard access permission information is the access permission request information that has been authorized; updating the deletion mark in the expired standard access permission information determined according to the validity period of the permission to yes, and synchronizing the corresponding access permission information to the permission management unit of the corresponding data source business system so that the permission management unit can delete the standard access permission information; and deleting the expired standard access permission information stored locally at the same time.

在一些实施例中,所述根据所述访问权限请求信息,向所述单位元数据标注的业务数据权限管理人以及对应的数据源业务系统的权限管理单元,获取对应的业务数据的访问权限,包括:In some embodiments, obtaining the access rights of the corresponding business data from the business data rights manager annotated by the unit metadata and the rights management unit of the corresponding data source business system according to the access rights request information includes:

将所述访问权限请求信息发送至所述元数据标注的业务数据权限管理人,在获取到所述业务数据权限管理人给与的授权通过信息时,标记所述访问权限请求信息为标准访问权限信息;Sending the access permission request information to the business data permission manager annotated by the metadata, and when obtaining authorization information given by the business data permission manager, marking the access permission request information as standard access permission information;

将授权后的所述标准访问权限信息采用对应数据库类型的授权申请方法注册到对应的数据源业务系统的权限管理单元,以在所述数据源业务系统的权限管理单元中开通对应的权限。The authorized standard access authority information is registered to the authority management unit of the corresponding data source business system using the authorization application method of the corresponding database type, so as to enable the corresponding authority in the authority management unit of the data source business system.

在一些实施例中,所述访问权限请求信息包括:是否同步标记;In some embodiments, the access permission request information includes: whether to synchronize flag;

所述在获取到所述业务数据权限管理人给与的授权信息时,标记所述访问权限请求信息为标准访问权限信息,包括:When the authorization information given by the business data authority manager is obtained, marking the access authority request information as standard access authority information includes:

若获取授权信息,则通过更新所述是否同步标记的状态为是的方式来标记所述访问权限请求信息为标准访问权限信息,否则保持所述是否同步标记的默认状态为否;If the authorization information is obtained, the access permission request information is marked as standard access permission information by updating the state of the synchronization mark to yes, otherwise the default state of the synchronization mark is kept as no;

所述方法还包括:采用定时同步任务扫描各标准访问权限信息中的是否同步标记,并将所述是否同步标记中状态为否对应的标准访问权限信息注册到对应的数据源业务系统的权限管理单元。The method further includes: using a scheduled synchronization task to scan synchronization marks in each standard access authority information, and registering the standard access authority information corresponding to a state of "no" in the synchronization mark into a corresponding authority management unit of a data source business system.

第二方面,本申请实施例提供一种业务数据权限管理装置,包括:In a second aspect, an embodiment of the present application provides a business data rights management device, including:

元数据采集模块,用于接收用户配置的每个待采集元数据的数据源信息,并根据每个所述数据源信息分别采集对应数据源业务系统中业务数据对应的元数据,得到元数据集合,其中,所述元数据集合用于配置对应业务数据的访问权限;The metadata collection module is used to receive the data source information of each metadata to be collected configured by the user, and collect the metadata corresponding to the business data in the corresponding data source business system according to each data source information to obtain a metadata set, wherein the metadata set is used to configure the access rights of the corresponding business data;

业务标注模块,用于根据选择的元数据粒度、业务线管理架构信息、组织管理结构信息,对所述元数据粒度对应的单位元数据标注所归属的业务类别,得到所述单位元数据的业务归属标签,并为所述单位元数据标注对应的业务数据权限管理人;A business marking module is used to mark the business category to which the unit metadata corresponding to the metadata granularity belongs according to the selected metadata granularity, business line management architecture information, and organizational management structure information, obtain the business attribution label of the unit metadata, and mark the corresponding business data authority manager for the unit metadata;

权限请求信息配置模块,用于根据用户选择的所述单位元数据配置其对应的业务数据的访问权限请求信息;A permission request information configuration module, used to configure the permission request information of the corresponding business data according to the unit metadata selected by the user;

访问权限获取模块,用于根据所述访问权限请求信息,向所述单位元数据标注的业务数据权限管理人以及对应的数据源业务系统的权限管理单元,获取对应的业务数据的访问权限。The access permission acquisition module is used to obtain the access permission of the corresponding business data from the business data permission manager annotated in the unit metadata and the permission management unit of the corresponding data source business system according to the access permission request information.

第三方面,本申请实施例提供一种终端设备,所述终端设备包括处理器和存储器,所述存储器存储有计算机程序,所述处理器用于执行所述计算机程序以实施本申请第一方面提供的一种业务数据权限管理方法。In a third aspect, an embodiment of the present application provides a terminal device, the terminal device comprising a processor and a memory, the memory storing a computer program, and the processor being used to execute the computer program to implement a business data authority management method provided in the first aspect of the present application.

第四方面,本申请实施例提供一种计算机可读存储介质,其存储有计算机程序,所述计算机程序在处理器上执行时,实施根据本申请第一方面提供的一种业务数据权限管理方法。In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium storing a computer program. When the computer program is executed on a processor, it implements a business data authority management method provided in the first aspect of the present application.

本申请的实施例具有如下有益效果:The embodiments of the present application have the following beneficial effects:

接收用户配置的每个待采集元数据的数据源信息,并根据每个所述数据源信息分别采集对应数据源业务系统中业务数据对应的元数据,得到元数据集合,其中,所述元数据集合用于配置对应业务数据的访问权限;根据选择的元数据粒度、业务线管理架构信息、组织管理结构信息,对所述元数据粒度对应的单位元数据标注所归属的业务类别,得到所述单位元数据的业务归属标签,并为所述单位元数据标注对应的业务数据权限管理人,由此可以实现业务分离。然后,根据用户选择的所述单位元数据配置其对应的业务数据的访问权限请求信息;根据所述访问权限请求信息,向所述单位元数据标注的业务数据权限管理人以及对应的数据源业务系统的权限管理单元,以获取对应的业务数据的对应访问权限。由此实现业务数据的权限管理。Receive the data source information of each metadata to be collected configured by the user, and collect the metadata corresponding to the business data in the corresponding data source business system according to each data source information, and obtain a metadata set, wherein the metadata set is used to configure the access rights of the corresponding business data; according to the selected metadata granularity, business line management architecture information, and organizational management structure information, annotate the business category to which the unit metadata corresponding to the metadata granularity belongs, obtain the business attribution label of the unit metadata, and annotate the corresponding business data authority manager for the unit metadata, thereby realizing business separation. Then, according to the unit metadata selected by the user, configure the access right request information of the corresponding business data; according to the access right request information, obtain the corresponding access right of the corresponding business data from the business data authority manager annotated by the unit metadata and the authority management unit of the corresponding data source business system. Thus, the authority management of the business data is realized.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本申请实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,应当理解,以下附图仅示出了本申请的某些实施例,因此不应被看作是对范围的限定,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他相关的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for use in the embodiments will be briefly introduced below. It should be understood that the following drawings only show certain embodiments of the present application and therefore should not be regarded as limiting the scope. For ordinary technicians in this field, other related drawings can be obtained based on these drawings without paying creative work.

图1示出了本申请实施例业务数据权限管理平台的一种框架图;FIG1 shows a framework diagram of a business data rights management platform according to an embodiment of the present application;

图2示出了本申请实施例的业务数据权限管理方法的一种流程图;FIG2 shows a flow chart of a method for managing business data rights according to an embodiment of the present application;

图3示出了本申请实施例的业务数据权限管理方法中配置页面的一种示意图;FIG3 shows a schematic diagram of a configuration page in a business data rights management method according to an embodiment of the present application;

图4示出了本申请实施例的业务数据权限管理方法中配置子页面的一种示意图;FIG4 shows a schematic diagram of configuring a sub-page in the business data authority management method according to an embodiment of the present application;

图5示出了本申请实施例的业务数据权限管理装置的一种结构示意图。FIG5 shows a schematic diagram of the structure of a business data rights management device according to an embodiment of the present application.

主要元件符号说明:Description of main component symbols:

110-业务线管理架构信息模块;120-组织管理结构信息模块;130-数据权限管理模块;410-元数据采集模块;420-业务标注模块;430-权限请求信息配置模块;440-访问权限获取模块。110 - business line management architecture information module; 120 - organization management structure information module; 130 - data authority management module; 410 - metadata collection module; 420 - business annotation module; 430 - authority request information configuration module; 440 - access authority acquisition module.

具体实施方式DETAILED DESCRIPTION

下面将结合本申请实施例中附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。The technical solutions in the embodiments of the present application will be described clearly and completely below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments are only part of the embodiments of the present application, rather than all of the embodiments.

通常在此处附图中描述和示出的本申请实施例的组件可以以各种不同的配置来布置和设计。因此,以下对在附图中提供的本申请的实施例的详细描述并非旨在限制要求保护的本申请的范围,而是仅仅表示本申请的选定实施例。基于本申请的实施例,本领域技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本申请保护的范围。The components of the embodiments of the present application generally described and shown in the drawings herein may be arranged and designed in various configurations. Therefore, the following detailed description of the embodiments of the present application provided in the drawings is not intended to limit the scope of the application claimed for protection, but merely represents the selected embodiments of the present application. Based on the embodiments of the present application, all other embodiments obtained by those skilled in the art without making creative work belong to the scope of protection of the present application.

在下文中,可在本申请的各种实施例中使用的术语“包括”、“具有”及其同源词仅意在表示特定特征、数字、步骤、操作、元件、组件或前述项的组合,并且不应被理解为首先排除一个或更多个其它特征、数字、步骤、操作、元件、组件或前述项的组合的存在或增加一个或更多个特征、数字、步骤、操作、元件、组件或前述项的组合的可能性。此外,术语“第一”、“第二”、“第三”等仅用于区分描述,而不能理解为指示或暗示相对重要性。Hereinafter, the terms "including", "having" and their cognates that can be used in various embodiments of the present application are intended only to indicate specific features, numbers, steps, operations, elements, components or a combination of the foregoing items, and should not be understood as first excluding the existence of one or more other features, numbers, steps, operations, elements, components or a combination of the foregoing items or increasing the possibility of one or more features, numbers, steps, operations, elements, components or a combination of the foregoing items. In addition, the terms "first", "second", "third" and the like are only used to distinguish descriptions and cannot be understood as indicating or implying relative importance.

除非另有限定,否则这里使用的所有术语(包括技术术语和科学术语)具有与本申请的各种实施例所属领域普通技术人员通常理解的含义相同的含义。所述术语(诸如在一般使用的词典中限定的术语)将被解释为具有与在相关技术领域中的语境含义相同的含义并且将不被解释为具有理想化的含义或过于正式的含义,除非在本申请的各种实施例中被清楚地限定。Unless otherwise defined, all terms (including technical terms and scientific terms) used herein have the same meanings as those generally understood by those skilled in the art to which the various embodiments of the present application belong. The terms (such as those defined in generally used dictionaries) will be interpreted as having the same meanings as the contextual meanings in the relevant technical field and will not be interpreted as having idealized meanings or overly formal meanings unless clearly defined in the various embodiments of the present application.

下面结合附图,对本申请的一些实施方式作详细说明。在不冲突的情况下,下述的实施例及实施例中的特征可以相互结合。In conjunction with the accompanying drawings, some embodiments of the present application are described in detail below. In the absence of conflict, the following embodiments and features in the embodiments can be combined with each other.

本申请提供一种业务数据权限管理平台,如图1所示,所述业务数据权限管理平台包括业务线管理架构信息模块110、组织管理结构信息模块120和数据权限管理模块130。其中,业务线管理架构信息模块110用于管理业务类型和对应负责的部门的映射关系,具体地,以层级树的结构呈现,并标记有归属部门。组织管理结构信息模块120用于管理部门负责人和对应的组织部门,具体地,以层级树的结构呈现,并标记有负责人。数据权限管理模块130用于实施本申请实施例的业务数据权限管理方法。该方法首先根据用户配置的数据源信息获取元数据;然后展示各个元数据,根据选择的元数据进行配置其对应的真正业务数据的访问权限请求信息。访问权限请求信息发送至对应的负责人,得到授权后,将得到的标准访问权限信息同步至对应的数据源业务系统。The present application provides a business data rights management platform, as shown in FIG1 , the business data rights management platform includes a business line management architecture information module 110, an organization management structure information module 120 and a data rights management module 130. Among them, the business line management architecture information module 110 is used to manage the mapping relationship between the business type and the corresponding responsible department, specifically, it is presented in a hierarchical tree structure and marked with the affiliated department. The organization management structure information module 120 is used to manage the department head and the corresponding organizational department, specifically, it is presented in a hierarchical tree structure and marked with the person in charge. The data rights management module 130 is used to implement the business data rights management method of the embodiment of the present application. The method first obtains metadata according to the data source information configured by the user; then displays each metadata, and configures the access permission request information of the corresponding real business data according to the selected metadata. The access permission request information is sent to the corresponding person in charge, and after authorization, the obtained standard access permission information is synchronized to the corresponding data source business system.

下面结合一些具体的实施例来对该业务数据权限管理方法进行说明。The business data rights management method is described below in conjunction with some specific embodiments.

图2示出了本申请实施例的业务数据权限管理方法的一种流程图。示范性地,该业务数据权限管理方法包括以下步骤:FIG2 shows a flow chart of a method for managing business data rights according to an embodiment of the present application. Exemplarily, the method for managing business data rights includes the following steps:

S110,接收用户配置的每个待采集元数据的数据源信息,并根据每个所述数据源信息分别采集对应数据源业务系统中业务数据对应的元数据,得到元数据集合。其中,所述元数据集合用于配置对应业务数据的访问权限。S110, receiving data source information of each metadata to be collected configured by the user, and collecting metadata corresponding to business data in the corresponding data source business system according to each data source information, to obtain a metadata set, wherein the metadata set is used to configure access rights for the corresponding business data.

进一步地,所述数据源信息包括:数据源ID、目标数据库类型、Java数据库连接、账号、密码和目标数据库名称。Furthermore, the data source information includes: data source ID, target database type, Java database connection, account number, password and target database name.

步骤S110中所述接收用户配置的每个待采集元数据的数据源信息,并根据每个所述数据源信息分别采集对应数据源业务系统中业务数据对应的元数据,得到元数据集合,包括:The step S110 receives the data source information of each metadata to be collected configured by the user, and collects metadata corresponding to the business data in the corresponding data source business system according to each data source information, to obtain a metadata set, including:

S111,接收用户通过配置页面配置的所述数据源信息,具体包括:S111, receiving the data source information configured by the user through the configuration page, specifically including:

在配置页面上自定义添加数据源jdbc连接(Java数据库连接),根据业务需求自定义数据源jdbc连接对应的业务数据范围,最后由数据源业务系统提供对应的元数据。配置页面自定义填充的数据源信息包括数据源ID、数据源名称、数据源类型、jdbc连接、账号、密码(密文展现)和数据库名称。其中,同一个数据源类型可以配置多个jdbc连接,例如有多个mysql业务系统,可以配置多个数据源。同时也可以删除配置的数据源。其中,JDBC是JavaDatabase Connectivity,也就是Java数据库连接。On the configuration page, you can customize the data source jdbc connection (Java database connection), customize the business data range corresponding to the data source jdbc connection according to business needs, and finally the data source business system provides the corresponding metadata. The data source information customized on the configuration page includes data source ID, data source name, data source type, jdbc connection, account, password (encrypted text display) and database name. Among them, the same data source type can be configured with multiple jdbc connections. For example, if there are multiple mysql business systems, you can configure multiple data sources. At the same time, you can also delete the configured data source. Among them, JDBC is JavaDatabase Connectivity, which is Java database connection.

数据源ID是唯一标识,贯穿整个元数据信息,根据数据源ID可以反查例如表或者字段出自哪个数据源(数据源业务系统),以及根据数据源ID可以获取对应元数据的更多的信息,例如,数据源名称、数据源类型以及数据源jdbc连接等。数据源类型包括mysql、doris、oracle、hive、greenplum和mongoDB。其中,配置数据库名称(非必须),适用只采用一个db元数据的情况,根据数据库名称可以直接查看采用了数据源业务系统中哪个db的元数据。配置数据库名称(非必须),适用只采用一个db元数据的情况,根据数据库名称可以直接查看采用了数据源业务系统中哪个db的元数据。如图3所示,可以通过配置页面上的“编辑”按钮进入如图4所示的配置子页面,以进行配置数据源类型、数据源名称、备注,以及连接信息中的驱动名、链接串、库名、账号、密码。The data source ID is a unique identifier that runs through the entire metadata information. According to the data source ID, you can reversely check which data source (data source business system) the table or field comes from, and according to the data source ID, you can obtain more information about the corresponding metadata, such as the data source name, data source type, and data source jdbc connection. Data source types include mysql, doris, oracle, hive, greenplum, and mongoDB. Among them, the configuration database name (optional) is applicable to the case where only one db metadata is used. According to the database name, you can directly check which db metadata in the data source business system is used. The configuration database name (optional) is applicable to the case where only one db metadata is used. According to the database name, you can directly check which db metadata in the data source business system is used. As shown in Figure 3, you can enter the configuration subpage shown in Figure 4 through the "Edit" button on the configuration page to configure the data source type, data source name, remarks, and the driver name, link string, library name, account, and password in the connection information.

S112,根据每个所述数据源信息中的目标数据库类型,确定所述目标数据库类型对应的元数据采集方法;利用所述元数据采集方法根据所述Java数据库连接、所述账号和所述密码,访问对应的源数据系统并采集对应的元数据,并利用所述数据源ID标记所述元数据,得到所述元数据集合。S112, according to the target database type in each of the data source information, determine the metadata collection method corresponding to the target database type; use the metadata collection method to access the corresponding source data system and collect the corresponding metadata according to the Java database connection, the account and the password, and use the data source ID to mark the metadata to obtain the metadata set.

进一步地,步骤S112中所述根据每个所述数据源信息中的目标数据库类型,确定所述目标数据库类型对应的元数据采集方法,包括:Furthermore, in step S112, determining the metadata collection method corresponding to the target database type according to the target database type in each of the data source information includes:

根据每个数据库类型构建每个对应的定时任务;Build each corresponding scheduled task according to each database type;

在执行每个所述定时任务时,扫描已配置好的所述数据源信息,并采用与所述数据库类型匹配的元数据采集方法进行采集元数据。When executing each of the scheduled tasks, the configured data source information is scanned, and metadata is collected using a metadata collection method that matches the database type.

示范性地,通过定时任务xxljob组件,每个数据库类型配置一个定时任务,然后扫描配置好的jdbc连接,其中,jdbc连接的用户会根据授权范围预设给定可采集到的元数据的范围,例如mysql的一个jdbc连接,只能采集A数据库下所有的表和字段信息。或者hive给定的jdbc连接可以采集所有数据库下的表和字段信息,采集的元数据的范围取决连接用户的授权范围。根据不同的数据源类型,预先内置好元数据采集方法进行采集元数据。例如mysql是通过information_schema库采集元信息,oracle是通过dba_tables等表信息获取。采集元数据对应的内容包含不限于数据库名称、表名、表说明、表类型、表行数、表容量以及表创建时间等等。表字段信息包括不限于字段名称、字段注释、字段类型、是否分区字段以及是否主键等信息。不同的数据源类型可能有些差异,尽量包括更多的字段兼容不同数据源类型的信息。For example, through the scheduled task xljob component, a scheduled task is configured for each database type, and then the configured jdbc connection is scanned. The user of the jdbc connection will preset the scope of metadata that can be collected according to the authorization scope. For example, a jdbc connection of mysql can only collect all table and field information under database A. Or the jdbc connection given by hive can collect table and field information under all databases, and the scope of the collected metadata depends on the authorization scope of the connection user. According to different data source types, metadata collection methods are pre-built in to collect metadata. For example, mysql collects metadata through the information_schema library, and oracle obtains metadata through table information such as dba_tables. The content corresponding to the collected metadata includes but is not limited to the database name, table name, table description, table type, table row number, table capacity, and table creation time, etc. Table field information includes but is not limited to field name, field comment, field type, whether it is a partition field, and whether it is a primary key. Different data source types may have some differences, and try to include more fields compatible with information of different data source types.

上述xxljob是一个分布式任务调度平台,其核心设计目标是开发迅速、学习简单、轻量级、易扩展。现已开放源代码并接入多家公司线上产品线,开箱即用。The above-mentioned xxljob is a distributed task scheduling platform, whose core design goal is to be fast to develop, easy to learn, lightweight, and easy to expand. It is now open source and connected to the online product lines of many companies, ready to use out of the box.

目前内置mysql,oracle,hive,doris等常用数据库类型对应的元数据采集方法。在新增数据库类型时,基于定时任务框架下,可扩展开发元数据采集方法即可。其中,采集的表和字段等元数据,采用统一的存储结构进行存储,如表元数据包括数据源类型、数据库名、表名、表注释、表类型、所属业务类型等,字段元数据包括数据源类型、数据库名、表名、字段名、字段说明、字段类型和是否是分区字段等,即不同的数据源类型采集到的元数据统一的数据结构存储,可以通过元数据管理页面一览元数据。Currently, metadata collection methods corresponding to common database types such as MySQL, Oracle, Hive, and Doris are built-in. When adding a new database type, the metadata collection method can be expanded and developed based on the scheduled task framework. Among them, the collected metadata such as tables and fields are stored in a unified storage structure. For example, table metadata includes data source type, database name, table name, table comment, table type, business type, etc., and field metadata includes data source type, database name, table name, field name, field description, field type, and whether it is a partition field, etc., that is, the metadata collected from different data source types are stored in a unified data structure, and the metadata can be viewed at a glance on the metadata management page.

S120,根据选择的元数据粒度、业务线管理架构信息、组织管理结构信息,对所述元数据粒度对应的单位元数据标注所归属的业务类别,得到所述单位元数据的业务归属标签,并为所述单位元数据标注对应的业务数据权限管理人。其中,单位元数据可以为表、库等粒度为单位。S120, according to the selected metadata granularity, business line management architecture information, and organizational management structure information, the business category to which the unit metadata corresponding to the metadata granularity belongs is marked, a business attribution label of the unit metadata is obtained, and the corresponding business data authority manager is marked for the unit metadata. The unit metadata may be based on a granularity such as a table or a library.

示范性地,采集的元数据以表为粒度,进行业务类别归属标记。平台设计有业务线管理架构信息模块110,以层级树的结构呈现,并标记有归属部门。同时平台设计有组织管理架构,以层级树的结构呈现,并标记有负责人。表只能属于一个业务类别。最终间接映射表的所属负责人,其他用户如果需要使用该表,则需要提出访问权限请求信息以申请访问权限,该负责人负责审批该访问权限请求。根据业务归属标签,也可以知道表所属部门。这个过程是结合来源的业务系统,人工标记的。Exemplarily, the collected metadata is tagged with business category at the table granularity. The platform is designed with a business line management architecture information module 110, which is presented in a hierarchical tree structure and marked with the department to which it belongs. At the same time, the platform is designed with an organizational management structure, which is presented in a hierarchical tree structure and marked with the person in charge. A table can only belong to one business category. The person in charge of the final indirect mapping table, if other users need to use the table, needs to submit access permission request information to apply for access permission, and the person in charge is responsible for approving the access permission request. Based on the business attribution label, you can also know the department to which the table belongs. This process is manually marked in combination with the source business system.

S130,根据用户选择的所述单位元数据配置其对应的业务数据的访问权限请求信息。S130: Configure access permission request information of the corresponding business data according to the unit metadata selected by the user.

进一步地,所述访问权限请求信息包括:数据源ID、数据库类型、用户信息、单位元数据、访问权限类型和权限有效期。Furthermore, the access permission request information includes: data source ID, database type, user information, unit metadata, access permission type and permission validity period.

示范性地,所述访问权限请求信息包括以下五种权限类型:Exemplarily, the access permission request information includes the following five permission types:

(一)数据源ID、数据库类型、用户、表、权限类型、权限有效期、是否同步标记(是否推送到数据源业务系统的权限管理单元的标记)和是否删除标记。(I) Data source ID, database type, user, table, permission type, permission validity period, synchronization flag (flag on whether to push to the permission management unit of the data source business system), and deletion flag.

(二)数据源ID、数据库类型、角色、表、权限类型、权限有效期、是否同步标记和是否删除标记。(ii) Data source ID, database type, role, table, permission type, permission validity period, synchronization flag, and deletion flag.

(三)数据源ID、数据库类型、用户、数据库、权限类型、权限有效期、是否同步标记和是否删除标记。(III) Data source ID, database type, user, database, permission type, permission validity period, synchronization flag, and deletion flag.

(四)数据源ID、数据库类型、角色、数据库、权限类型、权限有效期,是否同步标记和是否删除标记。(IV) Data source ID, database type, role, database, permission type, permission validity period, whether to synchronize and whether to delete.

(五)数据库类型、角色、用户、是否删除标记。(V) Database type, role, user, and whether to delete the database.

其中,权限类型包括读、写、创建和所有权限这些权限类型,也可按需开发扩展,本申请不作限制;权限有效期指用户申请的截止时间和当前时间的比较,是否超期;是否同步标记为是否同步到对应的数据源业务系统的权限管理单元的标记(Y表示已经同步,N没有同步);是否删除标记中采用逻辑标记删除而非物理删除,是为了保证权限关系在平台删除了,数据源业务系统的权限管理单元中也要同步删除,因为数据源业务系统的权限管理单元通常没有用户权限有效期的设置。Among them, the permission types include read, write, create and all permissions, which can also be developed and expanded as needed, and this application does not impose any restrictions; the validity period of the permission refers to the comparison between the deadline applied by the user and the current time to determine whether it has expired; the synchronization mark refers to whether it is synchronized to the permission management unit of the corresponding data source business system (Y means it has been synchronized, and N means it has not been synchronized); the deletion mark uses logical mark deletion rather than physical deletion to ensure that the permission relationship is deleted on the platform and is also deleted synchronously in the permission management unit of the data source business system, because the permission management unit of the data source business system usually does not have a setting for the user permission validity period.

所述根据用户选择的所述单位元数据配置其对应的业务数据的访问权限请求信息,包括:The configuring the access permission request information of the corresponding business data according to the unit metadata selected by the user includes:

根据每个数据源ID将所述元数据集合中的每条单位元数据进行展示在元数据浏览页面上;Displaying each unit metadata in the metadata set on a metadata browsing page according to each data source ID;

接收用户在所述元数据浏览页面上选择的目标单位元数据,获取所述目标单位元数据对应的数据源ID和数据库类型,以及获取根据所述目标单位元数据配置的访问权限类型、权限有效期以及用户信息,得到所述访问权限请求信息。Receive the target unit metadata selected by the user on the metadata browsing page, obtain the data source ID and database type corresponding to the target unit metadata, and obtain the access permission type, permission validity period and user information configured according to the target unit metadata to obtain the access permission request information.

S140,根据所述访问权限请求信息,向所述单位元数据标注的业务数据权限管理人以及对应的数据源业务系统的权限管理单元,获取对应的业务数据的对应访问权限。S140, obtaining corresponding access rights for corresponding business data from the business data authority manager annotated in the unit metadata and the authority management unit of the corresponding data source business system according to the access authority request information.

根据业务归属标签,从而知道表所属部门。这个过程是结合来源的业务系统,人工标记的。平台基于角色控制权限,业务人员根据授权角色范围可以确定元数据的可见性,如表信息,字段信息。但是并没有真正使用表的权限,例如查询表,需要根据可见的表的元信息,发起权限申请,会结合oa,最终会走到标记的部门负责人进行权限审批,审批通过后,会进行授权,从而业务用户才能真正使用表数据。According to the business attribution label, we can know the department to which the table belongs. This process is manually marked in combination with the source business system. The platform controls permissions based on roles. Business personnel can determine the visibility of metadata, such as table information and field information, according to the scope of authorized roles. However, there is no real permission to use the table. For example, to query a table, it is necessary to initiate a permission application based on the metadata of the visible table. It will be combined with OA and eventually go to the head of the marked department for permission approval. After approval, authorization will be carried out so that business users can actually use the table data.

进一步地,步骤S140中所述根据所述访问权限请求信息,向所述单位元数据标注的业务数据权限管理人以及对应的数据源业务系统的权限管理单元,获取对应的业务数据的对应访问权限,包括:Furthermore, in step S140, according to the access permission request information, obtaining corresponding access permissions for corresponding business data from the business data permission manager annotated by the unit metadata and the permission management unit of the corresponding data source business system includes:

将所述访问权限请求信息发送至所述元数据标注的业务数据权限管理人,在获取到所述业务数据权限管理人给与的授权通过信息时,标记所述访问权限请求信息为标准访问权限信息;Sending the access permission request information to the business data permission manager annotated by the metadata, and when obtaining authorization information given by the business data permission manager, marking the access permission request information as standard access permission information;

将授权后的所述标准访问权限信息采用对应数据库类型的授权申请方法注册到对应的数据源业务系统的权限管理单元,以在所述数据源业务系统的权限管理单元中开通对应的访问权限。The authorized standard access authority information is registered to the authority management unit of the corresponding data source business system using the authorization application method of the corresponding database type, so as to open the corresponding access authority in the authority management unit of the data source business system.

平台将获得授权后的每一条标准访问权限信息同步到数据源业务系统的权限管理单元。数据源业务系统的权限管理单元根据数据库类型区分,例如doris、mysql是基于角色控制的,hive是基于ranger控制的,每个授权方式不一样。平台根据标准访问权限信息的不同,提供封装好的授权申请方法进行注册,如doris是一套授权申请方法(注册方式),hive是一套授权申请方法(注册方式),但权限关系的输入格式如上述是统一的。如果增加了数据库类型,如mongoDB,平台开发增加一种mongoDB授权申请方法即可。The platform will synchronize each piece of standard access permission information after authorization to the permission management unit of the data source business system. The permission management unit of the data source business system is differentiated according to the database type. For example, doris and mysql are based on role control, and hive is based on ranger control. Each authorization method is different. The platform provides packaged authorization application methods for registration according to the different standard access permission information. For example, doris is a set of authorization application methods (registration methods), and hive is a set of authorization application methods (registration methods), but the input format of the permission relationship is unified as mentioned above. If a database type is added, such as mongoDB, the platform development can add a mongoDB authorization application method.

可以理解地,所述访问权限请求信息还包括:是否同步标记。所述在获取到所述业务数据权限管理人给与的授权信息时,标记所述访问权限请求信息为标准访问权限信息,包括:It is understandable that the access permission request information also includes: whether to synchronize. When the authorization information given by the business data permission manager is obtained, marking the access permission request information as standard access permission information includes:

若获取所述授权信息,则通过更新所述是否同步标记的状态为是的方式来标记所述访问权限请求信息为标准访问权限信息,否则保持所述是否同步标记的默认状态为否。If the authorization information is obtained, the access permission request information is marked as standard access permission information by updating the state of the synchronization flag to yes; otherwise, the default state of the synchronization flag is kept to be no.

所述方法包括:采用实时同步任务扫描各标准访问权限信息中的是否同步标记,并将所述是否同步标记中状态为否对应的标准访问权限信息注册到对应的数据源业务系统的权限管理单元。The method comprises: using a real-time synchronization task to scan synchronization marks in each standard access authority information, and registering the standard access authority information corresponding to the state of "no" in the synchronization mark into the authority management unit of the corresponding data source business system.

平台以表或者库为元数据粒度给用户或角色授权后,会根据库或表所属的数据库类型立即同步到数据源业务系统的权限管理单元(根据数据源ID获取jdbc链接,连接上权限管理单元进行注册,以开通权限管理单元内的相应权限),例如doris,hive。如果同步成功则修改同步权限标记为Y,表示已经同步到权限管理单元了,如果存在网络抖动等因素导致实时同步失败,但标记为仍为N,可通过定时的进行弥补,保证最终一致性。After the platform authorizes users or roles based on the metadata granularity of tables or libraries, it will immediately synchronize to the permission management unit of the data source business system according to the database type to which the library or table belongs (obtain the jdbc link according to the data source ID, connect to the permission management unit for registration, and activate the corresponding permissions in the permission management unit), such as doris, hive. If the synchronization is successful, the synchronization permission mark is modified to Y, indicating that it has been synchronized to the permission management unit. If there are factors such as network jitter that cause real-time synchronization to fail, but the mark is still N, it can be compensated by timing to ensure final consistency.

同步到权限管理单元是根据数据库类型,以决定调用平台内置的哪一个授权申请方法,所以增加新的数据库类型时,授权申请方法可扩展开发。The synchronization to the permission management unit is based on the database type to determine which authorization application method built into the platform is called, so when a new database type is added, the authorization application method can be expanded and developed.

本申请定时同步和实时同步时调用一致的授权申请方法,定时同步只是改成定时调用授权申请方法而已。根据数据库类型实时扫描标准访问权限信息,如果是否同步标记为是,则根据数据源ID反查连接,通过连接上数据源业务系统的权限管理单元,并把平台的未同步的标准访问权限信息同步到各个数据源业务系统的权限管理单元。This application calls the same authorization application method for scheduled synchronization and real-time synchronization. Scheduled synchronization is just a change to scheduled call of the authorization application method. Scan the standard access permission information in real time according to the database type. If the synchronization mark is yes, check the connection according to the data source ID, connect to the permission management unit of the data source business system, and synchronize the unsynchronized standard access permission information of the platform to the permission management unit of each data source business system.

在一种实施方式中,所述访问权限请求信息还包括:是否删除标记。In one implementation, the access permission request information further includes: whether to delete a mark.

所述方法还包括:采用定时同步任务扫描每个标准访问权限信息中的权限有效期是否到期,其中,所述标准访问权限信息为已经得到授权的所述访问权限请求信息;将根据所述权限有效期确定的已经到期的标准访问权限信息中的是否删除标记更新为是,并将对应的所述标准访问权限信息同步至对应的数据源业务系统的权限管理单元,以供所述权限管理单元删除所述标准访问权限信息;同时将本地存储的到期的标准访问权限信息进行删除。The method also includes: using a scheduled synchronization task to scan whether the validity period of the permission in each standard access permission information has expired, wherein the standard access permission information is the access permission request information that has been authorized; updating the deletion mark in the expired standard access permission information determined according to the validity period of the permission to yes, and synchronizing the corresponding standard access permission information to the permission management unit of the corresponding data source business system so that the permission management unit can delete the standard access permission information; and deleting the expired standard access permission information stored locally at the same time.

定时同步任务扫描用户的标准访问权限信息中的权限有效期,根据当前时间判断,如果到期了,会同步在数据源业务系统的权限管理单元进行删除。其中,平台上删除已有的授权,如果标记为逻辑删除,定时同步任务也需要将扫描出的删除信息同步到权限管理单元。The scheduled synchronization task scans the validity period of the user's standard access permission information, and judges based on the current time. If it expires, it will be deleted in the permission management unit of the data source business system. Among them, if the existing authorization is deleted on the platform and marked as logical deletion, the scheduled synchronization task also needs to synchronize the scanned deletion information to the permission management unit.

本申请元数据信息以表为粒度标记业务归属,从而进行权限隔离,满足业务对数据安全的要求。同时通过配置页面可以通过配置页面随时修改链接信息以及删除链接信息。支持多数据库类型,如mysql、oracle和hive等,同时支持扩展新增数据库类型。定时同步至数据源权限系统,同时可通过标记平台权限的逻辑删除方式,支持删除关系同步到数据源权限系统。The metadata information of this application uses tables as the granularity to mark the business ownership, so as to isolate permissions and meet the business's requirements for data security. At the same time, the link information can be modified and deleted at any time through the configuration page. It supports multiple database types, such as MySQL, Oracle, and Hive, and supports the expansion of new database types. It is synchronized to the data source permission system at a scheduled time, and can also support the synchronization of deletion relationships to the data source permission system by marking the logical deletion of platform permissions.

图5示出了本申请实施例的业务数据权限管理装置的一种结构示意图。示范性地,该业务数据权限管理装置包括:元数据采集模块410、业务标注模块420、权限请求信息配置模块430和访问权限获取模块440。5 shows a schematic diagram of the structure of a business data rights management device according to an embodiment of the present application. Exemplarily, the business data rights management device includes: a metadata collection module 410 , a business annotation module 420 , a rights request information configuration module 430 and an access rights acquisition module 440 .

元数据采集模块410,用于接收用户配置的每个待采集元数据的数据源信息,并根据每个所述数据源信息分别采集对应数据源业务系统中业务数据对应的元数据,得到元数据集合,其中,所述元数据集合用于配置对应业务数据的访问权限;The metadata collection module 410 is used to receive the data source information of each metadata to be collected configured by the user, and collect metadata corresponding to the business data in the corresponding data source business system according to each data source information to obtain a metadata set, wherein the metadata set is used to configure the access rights of the corresponding business data;

业务标注模块420,用于根据选择的元数据粒度、业务线管理架构信息、组织管理结构信息,对所述元数据粒度对应的单位元数据标注所归属的业务类别,得到所述单位元数据的业务归属标签,并为所述单位元数据标注对应的业务数据权限管理人;The business marking module 420 is used to mark the business category to which the unit metadata corresponding to the metadata granularity belongs according to the selected metadata granularity, the business line management architecture information, and the organizational management structure information, obtain the business attribution label of the unit metadata, and mark the corresponding business data authority manager for the unit metadata;

权限请求信息配置模块430,用于根据用户选择的所述单位元数据配置其对应的业务数据的访问权限请求信息;The permission request information configuration module 430 is used to configure the permission request information of the corresponding business data according to the unit metadata selected by the user;

访问权限获取模块440,用于根据所述访问权限请求信息,向所述单位元数据标注的业务数据权限管理人以及对应的数据源业务系统的权限管理单元,获取对应的业务数据的访问权限。The access permission obtaining module 440 is used to obtain the access permission of the corresponding business data from the business data permission manager annotated in the unit metadata and the permission management unit of the corresponding data source business system according to the access permission request information.

可以理解,本实施例的装置对应于上述实施例的业务数据权限管理方法,上述实施例中的可选项同样适用于本实施例,故在此不再重复描述。It can be understood that the device of this embodiment corresponds to the business data authority management method of the above embodiment, and the optional items in the above embodiment are also applicable to this embodiment, so they will not be described repeatedly here.

本申请还提供了一种终端设备,示范性地,该终端设备包括处理器和存储器,其中,存储器存储有计算机程序,处理器通过运行所述计算机程序,从而使终端设备执行上述的业务数据权限管理方法或者上述业务数据权限管理装置中的各个模块的功能。The present application also provides a terminal device. Exemplarily, the terminal device includes a processor and a memory, wherein the memory stores a computer program, and the processor runs the computer program to enable the terminal device to execute the functions of each module in the above-mentioned business data authority management method or the above-mentioned business data authority management device.

其中,处理器可以是一种具有信号的处理能力的集成电路芯片。处理器可以是通用处理器,包括中央处理器(Central Processing Unit,CPU)、图形处理器(GraphicsProcessing Unit,GPU)及网络处理器(Network Processor,NP)、数字信号处理器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件中的至少一种。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等,可以实现或者执行本申请实施例中的公开的各方法、步骤及逻辑框图。Among them, the processor can be an integrated circuit chip with signal processing capabilities. The processor can be a general-purpose processor, including a central processing unit (CPU), a graphics processing unit (GPU), a network processor (NP), a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field programmable gate array (FPGA) or at least one of other programmable logic devices, discrete gates or transistor logic devices, and discrete hardware components. The general-purpose processor can be a microprocessor or the processor can also be any conventional processor, etc., which can implement or execute the methods, steps and logic block diagrams disclosed in the embodiments of the present application.

存储器可以是,但不限于,随机存取存储器(Random Access Memory,RAM),只读存储器(Read Only Memory,ROM),可编程只读存储器(Programmable Read-Only Memory,PROM),可擦除只读存储器(Erasable Programmable Read-Only Memory,EPROM),电可擦除只读存储器(Electric Erasable Programmable Read-Only Memory,EEPROM)等。其中,存储器用于存储计算机程序,处理器在接收到执行指令后,可相应地执行所述计算机程序。The memory may be, but is not limited to, a random access memory (RAM), a read only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electric erasable programmable read-only memory (EEPROM), etc. The memory is used to store a computer program, and the processor may execute the computer program accordingly after receiving an execution instruction.

本申请还提供了一种计算机可读存储介质,用于储存上述终端设备中使用的所述计算机程序。例如,该计算机可读存储介质可包括但不限于为:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The present application also provides a computer-readable storage medium for storing the computer program used in the above terminal device. For example, the computer-readable storage medium may include but is not limited to: a USB flash drive, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and other media that can store program codes.

在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,也可以通过其它的方式实现。以上所描述的装置实施例仅仅是示意性的,例如,附图中的流程图和结构图显示了根据本申请的多个实施例的装置、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段或代码的一部分,所述模块、程序段或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在作为替换的实现方式中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,结构图和/或流程图中的每个方框、以及结构图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。In several embodiments provided in the present application, it should be understood that the disclosed devices and methods can also be implemented in other ways. The device embodiments described above are merely schematic. For example, the flowcharts and structure diagrams in the accompanying drawings show the possible architecture, functions and operations of the devices, methods and computer program products according to multiple embodiments of the present application. In this regard, each box in the flowchart or block diagram can represent a module, a program segment or a part of a code, and the module, a program segment or a part of a code contains one or more executable instructions for implementing the specified logical function. It should also be noted that in an alternative implementation, the functions marked in the box can also occur in a different order from the order marked in the accompanying drawings. For example, two consecutive boxes can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, depending on the functions involved. It should also be noted that each box in the structure diagram and/or the flow diagram, and the combination of boxes in the structure diagram and/or the flow diagram, can be implemented with a dedicated hardware-based system that performs a specified function or action, or can be implemented with a combination of dedicated hardware and computer instructions.

另外,在本申请各个实施例中的各功能模块或单元可以集成在一起形成一个独立的部分,也可以是各个模块单独存在,也可以两个或更多个模块集成形成一个独立的部分。In addition, the functional modules or units in the various embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.

所述功能如果以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是智能手机、个人计算机、服务器、或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。If the functions are implemented in the form of software function modules and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application, or the part that contributes to the prior art, or the part of the technical solution, can be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for enabling a computer device (which can be a smart phone, a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application.

以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。The above description is only a specific implementation manner of the present application, but the protection scope of the present application is not limited thereto. Any technician familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present application, which should be included in the protection scope of the present application.

Claims (10)

1. A business data rights management method, comprising:
receiving data source information of each metadata to be collected configured by a user, and respectively collecting metadata corresponding to service data in a corresponding data source service system according to each data source information to obtain a metadata set, wherein the metadata set is used for configuring access rights of the corresponding service data;
Marking the attributive service category of the unit metadata corresponding to the metadata granularity according to the selected metadata granularity, service line management architecture information and organization management structure information to obtain a service attribution label of the unit metadata, and marking the corresponding service data authority manager for the unit metadata;
configuring access right request information of corresponding service data according to the unit metadata selected by a user;
And according to the access right request information, a service data right manager marked by the unit metadata and a right management unit of a corresponding data source service system are provided for acquiring the corresponding access right of the corresponding service data.
2. The service data authority management method according to claim 1, wherein the data source information includes: data source ID, target database type, java database connection, account number, password and target database name;
The receiving the data source information of each metadata to be collected configured by the user, and respectively collecting metadata corresponding to service data in a corresponding data source service system according to each data source information to obtain a metadata set, including:
Receiving the data source information configured by a user through a configuration page;
determining a metadata acquisition method corresponding to the target database type according to the target database type in each data source information; and accessing a corresponding source data system and acquiring corresponding metadata by using the metadata acquisition method according to the Java database connection, the account number and the password, and marking the metadata by using the data source ID to obtain the metadata set.
3. The business data authority management method according to claim 2, wherein the determining the metadata collection method corresponding to the target database type according to the target database type in each data source information comprises:
constructing each corresponding timing task according to each database type;
And when each timing task is executed, scanning the configured data source information, and acquiring metadata by adopting a metadata acquisition method matched with the database type.
4. The service data authority management method according to claim 1, wherein the access authority request information includes: data source ID, database type, user information, unit metadata, access right type and right validity period;
the configuring the access right request information of the corresponding service data according to the unit metadata selected by the user comprises the following steps:
Displaying each piece of unit metadata in the metadata set on a metadata browsing page according to each data source ID;
And receiving target unit metadata selected by a user on the metadata browsing page, acquiring a data source id and a database type corresponding to the target unit metadata, and acquiring access right types, right validity periods and user information configured according to the target unit metadata to obtain the access right request information.
5. The service data authority management method according to claim 4, wherein the access authority request information further comprises: whether to delete the mark;
The method further comprises the steps of: scanning whether the authority validity period in each piece of standard access authority information is expired or not by adopting a timing synchronization task, wherein the standard access authority information is the access authority request information which is already authorized; updating whether a deletion mark in the standard access authority information which is determined according to the authority validity period and is expired to be yes, and synchronizing the corresponding standard access authority information to an authority management unit of a corresponding data source service system so that the authority management unit deletes the standard access authority information; and deleting the locally stored expired standard access right information.
6. The service data authority management method according to any one of claims 1 to 5, wherein the obtaining, according to the access authority request information, the corresponding access authority of the corresponding service data to the service data authority manager marked with the unit metadata and the authority management unit of the corresponding data source service system includes:
The access right request information is sent to a business data right manager marked by the metadata, and when the authorization information given by the business data right manager is obtained, the access right request information is marked as standard access right information;
registering the authorized standard access right information to the right management unit of the corresponding data source service system by adopting an authorization application method of a corresponding database type so as to open the corresponding access right in the right management unit of the data source service system.
7. The service data authority management method according to claim 6, wherein the access authority request information includes: whether to synchronize the mark;
When the authorization information given by the service data authority manager is obtained, marking the access authority request information as standard access authority information, including:
If the authorization information is acquired, marking the access right request information as standard access right information in a mode of updating whether the state of the synchronous mark is yes, otherwise, keeping the default state of the synchronous mark as no;
The method further comprises the steps of: and scanning whether synchronous marks in the standard access authority information are adopted by a timing synchronous task, and registering the standard access authority information which is in a state of no in the synchronous marks to an authority management unit of a corresponding data source service system.
8. A service data rights management unit, comprising:
The metadata acquisition module is used for receiving data source information of each metadata to be acquired configured by a user, and respectively acquiring metadata corresponding to service data in a corresponding data source service system according to each data source information to obtain a metadata set, wherein the metadata set is used for configuring access rights of the corresponding service data;
the service labeling module is used for labeling the unit metadata corresponding to the metadata granularity into the service category to which the unit metadata belongs according to the selected metadata granularity, service line management architecture information and organization management structure information, obtaining the service attribution label of the unit metadata, and labeling the unit metadata with the corresponding service data authority manager;
the authority request information configuration module is used for configuring access authority request information of corresponding service data according to the unit metadata selected by a user;
And the access right acquisition module is used for acquiring the access right of the corresponding service data from the service data right manager marked by the unit metadata and the right management unit of the corresponding data source service system according to the access right request information.
9. A terminal device, characterized in that it comprises a processor and a memory, the memory storing a computer program, the processor being adapted to execute the computer program to implement the service data rights management method of any of claims 1-7.
10. A computer readable storage medium, characterized in that it stores a computer program which, when executed on a processor, implements the business data rights management method according to any of claims 1-7.
CN202411320902.3A 2024-09-23 2024-09-23 A business data rights management method, device, terminal equipment and storage medium Active CN118839379B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411320902.3A CN118839379B (en) 2024-09-23 2024-09-23 A business data rights management method, device, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411320902.3A CN118839379B (en) 2024-09-23 2024-09-23 A business data rights management method, device, terminal equipment and storage medium

Publications (2)

Publication Number Publication Date
CN118839379A true CN118839379A (en) 2024-10-25
CN118839379B CN118839379B (en) 2025-01-28

Family

ID=93139123

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411320902.3A Active CN118839379B (en) 2024-09-23 2024-09-23 A business data rights management method, device, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN118839379B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119475300A (en) * 2025-01-15 2025-02-18 北京芯盾时代科技有限公司 A user data management system and method based on data analysis

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105912949A (en) * 2016-04-13 2016-08-31 北京京东尚科信息技术有限公司 Data permission management method, data permission management system and service management system
CN116611085A (en) * 2023-05-15 2023-08-18 杭州一骑轻尘信息技术有限公司 Authority management and control method and device, electronic equipment and storage medium
CN117194533A (en) * 2023-11-08 2023-12-08 中国电子科技集团公司第十五研究所 Metadata service release method and system
US11921869B1 (en) * 2019-12-06 2024-03-05 Seeq Corporation Authorization methods and systems for accessing multiple data sources

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105912949A (en) * 2016-04-13 2016-08-31 北京京东尚科信息技术有限公司 Data permission management method, data permission management system and service management system
US11921869B1 (en) * 2019-12-06 2024-03-05 Seeq Corporation Authorization methods and systems for accessing multiple data sources
CN116611085A (en) * 2023-05-15 2023-08-18 杭州一骑轻尘信息技术有限公司 Authority management and control method and device, electronic equipment and storage medium
CN117194533A (en) * 2023-11-08 2023-12-08 中国电子科技集团公司第十五研究所 Metadata service release method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李治安: "数据共享平台中的多维异构数据源管理系统设计与实现", 中国优秀硕士学位论文全文数据库信息科技辑, 15 April 2024 (2024-04-15) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119475300A (en) * 2025-01-15 2025-02-18 北京芯盾时代科技有限公司 A user data management system and method based on data analysis

Also Published As

Publication number Publication date
CN118839379B (en) 2025-01-28

Similar Documents

Publication Publication Date Title
US8336022B2 (en) Method and apparatus for creating a configurable browser-based forms application
US20240362190A1 (en) Data asset sharing
CN111881209A (en) Data synchronization method and device for heterogeneous database, electronic equipment and medium
US12306974B2 (en) Controlling access to electronic data assets
CN118839379A (en) Service data authority management method and device, terminal equipment and storage medium
CN102142014A (en) System and method for export and import of metadata located in metadata registries
US20200265928A1 (en) Management and tracking solution for specific patient consent attributes and permissions
CN111680087A (en) Master data model management platform and method
CN113806373A (en) Data processing method and device, electronic equipment and storage medium
WO2024007906A1 (en) Data processing method and apparatus, electronic device, and storage medium
CN112785248B (en) Human resource data cross-organization interaction method, device, equipment and storage medium
CN113806383A (en) Schedule real-time synchronization method and device
WO2015147583A1 (en) Strategy map management method and device, and recording medium for recording same
JP2016148907A (en) Attribute information management device, attribute information management method and computer program
JP2017021553A (en) Attribute information management apparatus, attribute information management method, and computer program
CN112765197A (en) Data query method and device, computer equipment and storage medium
CN111798317A (en) Multi-dimensional space block chain and data processing method based on block chain
CN112650532B (en) Method, system and medium for modifying source code file under multi-person mode
CN113256233A (en) Enterprise service request processing method and device
JP7249452B1 (en) CONTRACT CONCLUSION PROGRAM, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD
CN113393209B (en) Data accounting method, device, system, equipment and medium
CN115543969B (en) Data migration method, device, equipment and medium
CN110062020B (en) Identity management method and system
JP2007199763A (en) Information management method and information management system
JP2008287663A (en) Resource management device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant