[go: up one dir, main page]

WO2018126380A1 - Database access control system - Google Patents

Database access control system Download PDF

Info

Publication number
WO2018126380A1
WO2018126380A1 PCT/CN2017/070237 CN2017070237W WO2018126380A1 WO 2018126380 A1 WO2018126380 A1 WO 2018126380A1 CN 2017070237 W CN2017070237 W CN 2017070237W WO 2018126380 A1 WO2018126380 A1 WO 2018126380A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
module
information
database
user
Prior art date
Application number
PCT/CN2017/070237
Other languages
French (fr)
Chinese (zh)
Inventor
王志全
Original Assignee
深圳市前海中康汇融信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市前海中康汇融信息技术有限公司 filed Critical 深圳市前海中康汇融信息技术有限公司
Priority to PCT/CN2017/070237 priority Critical patent/WO2018126380A1/en
Publication of WO2018126380A1 publication Critical patent/WO2018126380A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to the field of database access control, and in particular to a database access control system based on user rights.
  • Database is an important part of modern computer applications, and it is a tool for people to effectively store, share and process data.
  • the database access technology abstracts the process of communicating with the outside of the database, and simplifies the process of the client accessing the database by providing an access interface.
  • the data in the database may be more confidential. If the user's access to the database is not managed effectively, and the user is allowed to obtain the desired data at will, the security of the database is not guaranteed.
  • the present invention provides a database access control system, including: a transceiver module configured to receive access request information of a user and send access result information to the user, wherein the access request information includes a user's account, password, and a target resource; an access permission module configured to store a plurality of access rights information corresponding to a plurality of users, wherein the plurality of access rights information are stored in the form of a permission list of roles and resource rights; a matching module coupled to the Transceiver module and the access The privilege module is configured to match the access request information in the transceiver module with the access privilege information in the access privilege module, and generate a matching result; the processing module is coupled to the matching module, configured to be configured according to the Matching the result to obtain the target resource in the database, and correspondingly sending the access result information to the transceiver module.
  • a transceiver module configured to receive access request information of a user and send access result information to the user, wherein the access request information includes a user's account, password, and
  • the processing module is configured to: if the matching result indicates that the access request information matches the access right information, acquire the target resource, and send the access that includes the target resource related information correspondingly The result information is sent to the transceiver module.
  • the transceiver module includes: a receiving unit configured to receive the access request information of the user, where the access request information includes an account, a password, and a target resource of the user; and a sending unit configured to The user sends the access result information, wherein the access result information includes information related to the target resource.
  • the database access control system further includes: a server coupled to the access permission module, configured to back up multiple access rights information corresponding to multiple users online.
  • the database access control system further includes: a data storage module coupled to the processing module, configured to include a plurality of database resources of the target resource, the plurality of database resources forming a resource tree.
  • the processing module is configured to: obtain the target resource from the resource tree search according to a domain name or a keyword.
  • the plurality of access rights information includes administrator rights information, and if the matching result indicates that the user is an administrator, the user has access rights to all database resources.
  • the plurality of access rights information includes creator rights information, and if the matching result indicates that the user is a creator, the user has modification and access rights to all database resources.
  • the database access control system of the embodiment of the present invention can efficiently and quickly access target resources in the database, and perform access control according to the user's authority, thereby effectively securing the database.
  • FIG. 1 is a block diagram of a database access control system in accordance with an embodiment of the present invention.
  • FIG. 2 is a block diagram of a database access control system in accordance with another embodiment of the present invention.
  • FIG. 3 is a block diagram of a database access control system in accordance with yet another embodiment of the present invention.
  • the database access control system 100 can include a transceiver module 102, a matching module 104, an access authority module 106, and a processing module 108.
  • the transceiver module 102 can be configured to receive the user's access request information and send the access result information to the user, wherein the access request information includes the user's account, password, and target resources.
  • the transceiver module 102 may include: a receiving unit configured to receive the access request information of the user, where the access request information includes an account, a password, and a target resource of the user; and a sending unit configured to Transmitting the access result information to the user, wherein the access result information includes information related to the target resource.
  • the access rights module 106 can be configured to store a plurality of access rights information corresponding to a plurality of users, wherein the plurality of access rights information is stored in the form of a rights list of roles and resource rights.
  • the plurality of access rights information may include administrator rights information, and if the matching result indicates that the user is an administrator, the user has access rights to all database resources.
  • the plurality of access rights information includes creator rights information, and if the matching result indicates that the user is a creator, the user has modification and access rights to all database resources.
  • the matching module 104 is coupled to the transceiver module 102 and the access rights module 106, and is configurable to access the access request information in the transceiver module 102 and the access rights module 106.
  • the permission information matches and produces a matching result (for example, the match is successful or the match is unsuccessful).
  • the processing module 108 is coupled to the matching module 104, configured to acquire the target resource in the database according to the matching result, and send the access result information to the transceiver module 102 correspondingly.
  • processing module 108 may be configured to: if the matching result indicates that the access request information matches the access right information, acquire the target resource, and correspondingly send the information including the target resource related information
  • the access result information is described to the transceiver module 102.
  • FIG. 2 is a block diagram of a database access control system 200 in accordance with another embodiment of the present invention.
  • the database access control system 200 of FIG. 2 is similar to the database access control system 100 of FIG. 1 except for the user 210 and the server 220. For the sake of simplicity, similar parts are not described here.
  • Server 220 may be coupled to the access rights module 106 and configured to back up multiple access rights information corresponding to a plurality of users (eg, user 210) online.
  • FIG. 3 is a block diagram of a database access control system 300 in accordance with yet another embodiment of the present invention.
  • the database access control system 300 of FIG. 3 is similar to the database access control system 100 of FIG. 1 except for the data storage module 310. For the sake of simplicity, similar parts are not described here.
  • Data storage module 310 can be coupled to the processing module 108, configured to include a plurality of database resources of the target resource, the plurality of database resources forming a resource tree.
  • the processing module 108 can be configured to: obtain the target resource from the resource tree search according to a domain name or a keyword.
  • the database access control system of the embodiment of the present invention can efficiently and quickly access target resources in the database, and perform access control according to the user's authority, thereby effectively securing the database.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

A database access control system (100), comprising: a transceiving module (102) configured to receive access request information of a user and send access result information to the user, wherein the access request information comprises a user account, password, and target resource; an access permission module (106) configured to store multiple access permission information items corresponding to multiple users, wherein the multiple access permission information items are stored in a form of a permission list of roles and resource permissions; a matching module (104) coupled to the transceiving module (102) and access permission module (106), and configured to match the access request information in the transceiving module (102) against the access permission information items in the access permission module (106) to generate a matching result; and a processing module (108) coupled to the matching module (104) and configured to acquire, according to the matching result, the target resource in the database, and send corresponding access result information to the transceiving module (102). The database access control system (100) of the present invention can effectively protect access security of a database.

Description

数据库访问控制系统Database access control system 技术领域Technical field
本发明涉及数据库访问控制领域,并且特别涉及一种基于用户权限的数据库访问控制系统。The present invention relates to the field of database access control, and in particular to a database access control system based on user rights.
背景技术Background technique
数据库是现代计算机应用的一个重要组成部分,是人们有效地进行数据存储、共享和处理的工具。Database is an important part of modern computer applications, and it is a tool for people to effectively store, share and process data.
数据库访问技术将数据库外部与其通信的过程抽象化,通过提供访问接口,简化了客户端访问数据库的过程。The database access technology abstracts the process of communicating with the outside of the database, and simplifies the process of the client accessing the database by providing an access interface.
然而,数据库中的数据可能是比较机密的。如果不对用户访问数据库的权限进行有效管理,而允许用户随意获取想要的数据,则数据库的安全得不到保障。However, the data in the database may be more confidential. If the user's access to the database is not managed effectively, and the user is allowed to obtain the desired data at will, the security of the database is not guaranteed.
因此,需要一种改进的基于用户权限的数据库访问控制系统。Therefore, there is a need for an improved database access control system based on user rights.
发明内容Summary of the invention
本发明的目的在于提供一种改进的数据库访问控制系统。It is an object of the present invention to provide an improved database access control system.
为实现本目的,本发明提供一种数据库访问控制系统,包括:收发模块,配置为接收用户的访问请求信息并且向用户发送访问结果信息,其中所述访问请求信息包括用户的账户、密码、和目标资源;访问权限模块,配置为存储对应于多个用户的多个访问权限信息,其中所述多个访问权限信息是以角色和资源权限的权限列表的形式来存储;匹配模块,耦合于所述收发模块和所述访问 权限模块,配置为将所述收发模块中的所述访问请求信息与所述访问权限模块中的访问权限信息匹配,并产生匹配结果;处理模块,耦合于所述匹配模块,配置为根据所述匹配结果来获取所述数据库中的所述目标资源,并相应发送所述访问结果信息给所述收发模块。To achieve the purpose, the present invention provides a database access control system, including: a transceiver module configured to receive access request information of a user and send access result information to the user, wherein the access request information includes a user's account, password, and a target resource; an access permission module configured to store a plurality of access rights information corresponding to a plurality of users, wherein the plurality of access rights information are stored in the form of a permission list of roles and resource rights; a matching module coupled to the Transceiver module and the access The privilege module is configured to match the access request information in the transceiver module with the access privilege information in the access privilege module, and generate a matching result; the processing module is coupled to the matching module, configured to be configured according to the Matching the result to obtain the target resource in the database, and correspondingly sending the access result information to the transceiver module.
优选地,所述处理模块配置为:如果所述匹配结果指示所述访问请求信息与所述访问权限信息匹配,则获取所述目标资源,并相应发送包含所述目标资源相关信息的所述访问结果信息给所述收发模块。Preferably, the processing module is configured to: if the matching result indicates that the access request information matches the access right information, acquire the target resource, and send the access that includes the target resource related information correspondingly The result information is sent to the transceiver module.
优选地,所述收发模块包括:接收单元,配置为接收所述用户的所述访问请求信息,其中所述访问请求信息包括用户的账户、密码、和目标资源;以及发送单元,配置为向所述用户发送所述访问结果信息,其中所述访问结果信息包括与所述目标资源相关的信息。Preferably, the transceiver module includes: a receiving unit configured to receive the access request information of the user, where the access request information includes an account, a password, and a target resource of the user; and a sending unit configured to The user sends the access result information, wherein the access result information includes information related to the target resource.
优选地,所述数据库访问控制系统还包括:服务器,耦合于所述访问权限模块,配置为在线备份对应于多个用户的多个访问权限信息。Preferably, the database access control system further includes: a server coupled to the access permission module, configured to back up multiple access rights information corresponding to multiple users online.
优选地,所述数据库访问控制系统还包括:数据存储模块,耦合于所述处理模块,配置为包括所述目标资源的多个数据库资源,所述多个数据库资源形成资源树。Preferably, the database access control system further includes: a data storage module coupled to the processing module, configured to include a plurality of database resources of the target resource, the plurality of database resources forming a resource tree.
优选地,所述处理模块配置为:按照域名或关键词从所述资源树搜索获取所述目标资源。Preferably, the processing module is configured to: obtain the target resource from the resource tree search according to a domain name or a keyword.
优选地,所述多个访问权限信息包括管理员权限信息,如果所述匹配结果指示所述用户为管理员,则所述用户具有对所有数据库资源的访问权限。Preferably, the plurality of access rights information includes administrator rights information, and if the matching result indicates that the user is an administrator, the user has access rights to all database resources.
优选地,所述多个访问权限信息包括创建者权限信息,如果所述匹配结果指示所述用户为创建者,则所述用户具有对所有数据库资源的修改和访问权限。Preferably, the plurality of access rights information includes creator rights information, and if the matching result indicates that the user is a creator, the user has modification and access rights to all database resources.
有利地,利用本发明实施例的数据库访问控制系统,能够高效快捷访问数据库中的目标资源,并且根据用户的权限来进行访问控制,有效保障了数据库的安全性。 Advantageously, the database access control system of the embodiment of the present invention can efficiently and quickly access target resources in the database, and perform access control according to the user's authority, thereby effectively securing the database.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图1所示是根据本发明实施例的数据库访问控制系统的框图。1 is a block diagram of a database access control system in accordance with an embodiment of the present invention.
图2所示是根据本发明另一实施例的数据库访问控制系统的框图。2 is a block diagram of a database access control system in accordance with another embodiment of the present invention.
图3所示是根据本发明又一实施例的数据库访问控制系统的框图。3 is a block diagram of a database access control system in accordance with yet another embodiment of the present invention.
具体实施方式detailed description
为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
图1所示是根据本发明实施例的数据库访问控制系统100的框图。如图1所示,数据库访问控制系统100可包括:收发模块102、匹配模块104、访问权限模块106、以及处理模块108。1 is a block diagram of a database access control system 100 in accordance with an embodiment of the present invention. As shown in FIG. 1, the database access control system 100 can include a transceiver module 102, a matching module 104, an access authority module 106, and a processing module 108.
在一个实施例中,收发模块102可配置为接收用户的访问请求信息并且向用户发送访问结果信息,其中所述访问请求信息包括用户的账户、密码、和目标资源。In one embodiment, the transceiver module 102 can be configured to receive the user's access request information and send the access result information to the user, wherein the access request information includes the user's account, password, and target resources.
进一步地,所述收发模块102可包括:接收单元,配置为接收所述用户的所述访问请求信息,其中所述访问请求信息包括用户的账户、密码、和目标资源;以及发送单元,配置为向所述用户发送所述访问结果信息,其中所述访问结果信息包括与所述目标资源相关的信息。Further, the transceiver module 102 may include: a receiving unit configured to receive the access request information of the user, where the access request information includes an account, a password, and a target resource of the user; and a sending unit configured to Transmitting the access result information to the user, wherein the access result information includes information related to the target resource.
在一个实施例中,访问权限模块106可配置为存储对应于多个用户的多个访问权限信息,其中所述多个访问权限信息是以角色和资源权限的权限列表的形式来存储。 In one embodiment, the access rights module 106 can be configured to store a plurality of access rights information corresponding to a plurality of users, wherein the plurality of access rights information is stored in the form of a rights list of roles and resource rights.
所述多个访问权限信息可包括管理员权限信息,如果所述匹配结果指示所述用户为管理员,则所述用户具有对所有数据库资源的访问权限。The plurality of access rights information may include administrator rights information, and if the matching result indicates that the user is an administrator, the user has access rights to all database resources.
此外,所述多个访问权限信息包括创建者权限信息,如果所述匹配结果指示所述用户为创建者,则所述用户具有对所有数据库资源的修改和访问权限。In addition, the plurality of access rights information includes creator rights information, and if the matching result indicates that the user is a creator, the user has modification and access rights to all database resources.
在一个实施例中,匹配模块104耦合于所述收发模块102和所述访问权限模块106,可配置为将所述收发模块102中的所述访问请求信息与所述访问权限模块106中的访问权限信息匹配,并产生匹配结果(例如,匹配成功或匹配不成功)。In one embodiment, the matching module 104 is coupled to the transceiver module 102 and the access rights module 106, and is configurable to access the access request information in the transceiver module 102 and the access rights module 106. The permission information matches and produces a matching result (for example, the match is successful or the match is unsuccessful).
在一个实施例中,处理模块108耦合于所述匹配模块104,配置为根据所述匹配结果来获取所述数据库中的所述目标资源,并相应发送所述访问结果信息给所述收发模块102。In an embodiment, the processing module 108 is coupled to the matching module 104, configured to acquire the target resource in the database according to the matching result, and send the access result information to the transceiver module 102 correspondingly. .
进一步地,所述处理模块108可配置为:如果所述匹配结果指示所述访问请求信息与所述访问权限信息匹配,则获取所述目标资源,并相应发送包含所述目标资源相关信息的所述访问结果信息给所述收发模块102。Further, the processing module 108 may be configured to: if the matching result indicates that the access request information matches the access right information, acquire the target resource, and correspondingly send the information including the target resource related information The access result information is described to the transceiver module 102.
图2所示是根据本发明另一实施例的数据库访问控制系统200的框图。除了用户210和服务器220之外,图2中的数据库访问控制系统200类似于图1中的数据库访问控制系统100。为简约起见,相似部分不另赘述。2 is a block diagram of a database access control system 200 in accordance with another embodiment of the present invention. The database access control system 200 of FIG. 2 is similar to the database access control system 100 of FIG. 1 except for the user 210 and the server 220. For the sake of simplicity, similar parts are not described here.
服务器220可耦合于所述访问权限模块106,配置为在线备份对应于多个用户(例如,用户210)的多个访问权限信息。 Server 220 may be coupled to the access rights module 106 and configured to back up multiple access rights information corresponding to a plurality of users (eg, user 210) online.
图3所示是根据本发明又一实施例的数据库访问控制系统300的框图。除了数据存储模块310之外,图3中的数据库访问控制系统300类似于图1中的数据库访问控制系统100。为简约起见,相似部分不另赘述。3 is a block diagram of a database access control system 300 in accordance with yet another embodiment of the present invention. The database access control system 300 of FIG. 3 is similar to the database access control system 100 of FIG. 1 except for the data storage module 310. For the sake of simplicity, similar parts are not described here.
数据存储模块310可耦合于所述处理模块108,配置为包括所述目标资源的多个数据库资源,所述多个数据库资源形成资源树。 Data storage module 310 can be coupled to the processing module 108, configured to include a plurality of database resources of the target resource, the plurality of database resources forming a resource tree.
对应地,所述处理模块108可配置为:按照域名或关键词从所述资源树搜索获取所述目标资源。 Correspondingly, the processing module 108 can be configured to: obtain the target resource from the resource tree search according to a domain name or a keyword.
有利地,利用本发明实施例的数据库访问控制系统,能够高效快捷访问数据库中的目标资源,并且根据用户的权限来进行访问控制,有效保障了数据库的安全性。Advantageously, the database access control system of the embodiment of the present invention can efficiently and quickly access target resources in the database, and perform access control according to the user's authority, thereby effectively securing the database.
以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。 The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. Within the scope.

Claims (8)

  1. 一种数据库访问控制系统,包括:A database access control system comprising:
    收发模块,配置为接收用户的访问请求信息并且向用户发送访问结果信息,其中所述访问请求信息包括用户的账户、密码、和目标资源;The transceiver module is configured to receive the access request information of the user and send the access result information to the user, where the access request information includes the account, the password, and the target resource of the user;
    访问权限模块,配置为存储对应于多个用户的多个访问权限信息,其中所述多个访问权限信息是以角色和资源权限的权限列表的形式来存储;The access permission module is configured to store a plurality of access rights information corresponding to the plurality of users, wherein the plurality of access rights information are stored in the form of a permission list of roles and resource rights;
    匹配模块,耦合于所述收发模块和所述访问权限模块,配置为将所述收发模块中的所述访问请求信息与所述访问权限模块中的访问权限信息匹配,并产生匹配结果;a matching module, coupled to the transceiver module and the access permission module, configured to match the access request information in the transceiver module with access permission information in the access permission module, and generate a matching result;
    处理模块,耦合于所述匹配模块,配置为根据所述匹配结果来获取所述数据库中的所述目标资源,并相应发送所述访问结果信息给所述收发模块。The processing module is coupled to the matching module, configured to acquire the target resource in the database according to the matching result, and correspondingly send the access result information to the transceiver module.
  2. 如权利要求1所述的数据库访问控制系统,其特征在于,所述处理模块配置为:如果所述匹配结果指示所述访问请求信息与所述访问权限信息匹配,则获取所述目标资源,并相应发送包含所述目标资源相关信息的所述访问结果信息给所述收发模块。The database access control system according to claim 1, wherein the processing module is configured to: if the matching result indicates that the access request information matches the access right information, acquire the target resource, and And transmitting, by the transceiver module, the access result information that includes the target resource related information.
  3. 如权利要求1所述的数据库访问控制系统,其特征在于,所述收发模块包括:The database access control system according to claim 1, wherein the transceiver module comprises:
    接收单元,配置为接收所述用户的所述访问请求信息,其中所述访问请求信息包括用户的账户、密码、和目标资源;以及a receiving unit, configured to receive the access request information of the user, where the access request information includes an account, a password, and a target resource of the user;
    发送单元,配置为向所述用户发送所述访问结果信息,其中所述访问结果信息包括与所述目标资源相关的信息。And a sending unit, configured to send the access result information to the user, where the access result information includes information related to the target resource.
  4. 如权利要求1所述的数据库访问控制系统,还包括:The database access control system of claim 1 further comprising:
    服务器,耦合于所述访问权限模块,配置为在线备份对应于多个用户的多 个访问权限信息。a server, coupled to the access permission module, configured to perform online backup corresponding to multiple users Access rights information.
  5. 如权利要求1所述的数据库访问控制系统,还包括:The database access control system of claim 1 further comprising:
    数据存储模块,耦合于所述处理模块,配置为包括所述目标资源的多个数据库资源,所述多个数据库资源形成资源树。And a data storage module coupled to the processing module, configured to include a plurality of database resources of the target resource, where the plurality of database resources form a resource tree.
  6. 如权利要求5所述的数据库访问控制系统,其特征在于,所述处理模块配置为:按照域名或关键词从所述资源树搜索获取所述目标资源。The database access control system according to claim 5, wherein the processing module is configured to: obtain the target resource from the resource tree search according to a domain name or a keyword.
  7. 如权利要求1所述的数据库访问控制系统,其特征在于,所述多个访问权限信息包括管理员权限信息,如果所述匹配结果指示所述用户为管理员,则所述用户具有对所有数据库资源的访问权限。The database access control system according to claim 1, wherein the plurality of access authority information comprises administrator authority information, and if the matching result indicates that the user is an administrator, the user has all databases. Access to resources.
  8. 如权利要求1所述的数据库访问控制系统,其特征在于,所述多个访问权限信息包括创建者权限信息,如果所述匹配结果指示所述用户为创建者,则所述用户具有对所有数据库资源的修改和访问权限。 The database access control system according to claim 1, wherein said plurality of access authority information includes creator authority information, and if said matching result indicates that said user is a creator, said user has access to all databases Resource modification and access rights.
PCT/CN2017/070237 2017-01-05 2017-01-05 Database access control system WO2018126380A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/070237 WO2018126380A1 (en) 2017-01-05 2017-01-05 Database access control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/070237 WO2018126380A1 (en) 2017-01-05 2017-01-05 Database access control system

Publications (1)

Publication Number Publication Date
WO2018126380A1 true WO2018126380A1 (en) 2018-07-12

Family

ID=62788908

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/070237 WO2018126380A1 (en) 2017-01-05 2017-01-05 Database access control system

Country Status (1)

Country Link
WO (1) WO2018126380A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111427618A (en) * 2020-02-18 2020-07-17 国网辽宁省电力有限公司信息通信分公司 Information resource dual-system fusion method
CN111859328A (en) * 2020-07-30 2020-10-30 中国民航信息网络股份有限公司 Authority control method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101034990A (en) * 2007-02-14 2007-09-12 华为技术有限公司 Right management method and device
CN101064609A (en) * 2007-05-25 2007-10-31 上海众恒信息产业有限公司 Method and apparatus for controlling access of information system
CN101588242A (en) * 2008-05-19 2009-11-25 北京亿企通信息技术有限公司 Method and system for realizing authority management
US8402514B1 (en) * 2006-11-17 2013-03-19 Network Appliance, Inc. Hierarchy-aware role-based access control
CN104216907A (en) * 2013-06-02 2014-12-17 上海贝尔股份有限公司 Method, device and system for providing database access control
CN104484617A (en) * 2014-12-05 2015-04-01 中国航空工业集团公司第六三一研究所 Database access control method on basis of multi-strategy integration

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8402514B1 (en) * 2006-11-17 2013-03-19 Network Appliance, Inc. Hierarchy-aware role-based access control
CN101034990A (en) * 2007-02-14 2007-09-12 华为技术有限公司 Right management method and device
CN101064609A (en) * 2007-05-25 2007-10-31 上海众恒信息产业有限公司 Method and apparatus for controlling access of information system
CN101588242A (en) * 2008-05-19 2009-11-25 北京亿企通信息技术有限公司 Method and system for realizing authority management
CN104216907A (en) * 2013-06-02 2014-12-17 上海贝尔股份有限公司 Method, device and system for providing database access control
CN104484617A (en) * 2014-12-05 2015-04-01 中国航空工业集团公司第六三一研究所 Database access control method on basis of multi-strategy integration

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111427618A (en) * 2020-02-18 2020-07-17 国网辽宁省电力有限公司信息通信分公司 Information resource dual-system fusion method
CN111859328A (en) * 2020-07-30 2020-10-30 中国民航信息网络股份有限公司 Authority control method and system

Similar Documents

Publication Publication Date Title
CN111488598B (en) Access control method, device, computer equipment and storage medium
EP2731041B1 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
US20220286448A1 (en) Access to data stored in a cloud
US9558366B2 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
US20180285591A1 (en) Document redaction with data isolation
US20150271267A1 (en) Content-oriented federated object store
US11658982B2 (en) Efficient authentication in a file system with multiple security groups
US20160028699A1 (en) Encrypted network storage space
CN103095720B (en) A kind of method for managing security of cloud storage system of dialogue-based management server
US20140189346A1 (en) License server manager
CN108062485A (en) A kind of fuzzy keyword searching method of multi-service oriented device multi-user
CN105516059B (en) A kind of resource access control method and device
US10635828B2 (en) Tokenized links with granular permissions
CN109831435B (en) Database operation method, system, proxy server and storage medium
US20170262546A1 (en) Key search token for encrypted data
US10650153B2 (en) Electronic document access validation
US9223949B1 (en) Secure transformable password generation
US11410173B1 (en) Tokenization web services
WO2023179750A1 (en) Data processing method, system, device, and storage medium
US9621349B2 (en) Apparatus, method and computer-readable medium for user authentication
WO2018126380A1 (en) Database access control system
WO2018126387A1 (en) Database sharing management system
WO2018126388A1 (en) Database sharing management method
US9183403B2 (en) Key retrieval
WO2018126381A1 (en) Database access control method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17890619

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 06.11.19.

122 Ep: pct application non-entry in european phase

Ref document number: 17890619

Country of ref document: EP

Kind code of ref document: A1