A kind of method and system in the long-range number library of accessTechnical field
The present invention relates to a kind of management methods of remote data base, more particularly to one kind, and there is higher-security remotely to count librariesAccess method and system.
Background technique
With the development of internet industry, remote data base, especially cloud database have become common data storageMode.Remote data base is the installation database in remote server, and user terminal accesses to database by internet.CloudDatabase is a kind of special remote data base, is deployed in a virtual computation environmental, and, deployment low with use cost is heldEasily, the features such as automated back-up, can carry out it is simple, facilitate drive data management.
But network security has become the focus that entire internet industry is paid close attention to, for remote data base,Ensure that system data receives protection, do not wreck due to accidental or malice the reason of, change, reveal, is very crucial.
Summary of the invention
For the safety problem of remote data base, this application provides a kind of method and systems for accessing remote data base.
First aspect of the present invention provides a kind of method for accessing remote data base, comprising:
For teledata lab setting functional module, functional module is formed into one or more producing line trees;For user terminal configurationIt may have access to the character data permission of remote data base producing line tree, configure one or more role's operating rights for user terminal, and beEvery kind of role's operating right setting may have access to or the functional module of editor;
When user logs in, user terminal verifies the character data permission of login user;If it is determined that the character data permission is notAny producing line tree of remote data base can be accessed, then user terminal terminates the login of the user;If it is determined that the character data permissionBeing able to access that the producing line tree of remote data base, then user terminal verification is allocated to the functional module of role's operating right of the user,It sends and instructs to remote data base, call the function mould for being allocated to role's operating right in remote data base on producing line treeBlock.
The second aspect of the present invention provides a kind of system for accessing remote data base, comprising: user terminal, character data permissionConfiguration module, role's operating right configuration module, functional module configuration module, character data authorization check module, role's operationAuthorization check module, communication module, wherein
Functional module configuration module is teledata lab setting functional module, and functional module is formed one or more producing linesTree;Character data permission configuration module user terminal configures the character data permission that may have access to remote data base producing line tree;Role behaviourMaking permission configuration module is that user terminal configures one or more role's operating rights, and can visit for every kind of role's operating right settingThe functional module asked or edited;
Character data authorization check module verifies the character data permission of login user when user logs in;
The verification of role's operating right correction verification module is allocated to the functional module of role's operating right of the user;
Communication module sends to remote data base and instructs, and calls in remote data base and is allocated to role behaviour on producing line treeMake the functional module of permission.
In an advantageous embodiment, user terminal judges that role's operating right of the user is a kind of or a variety of, ifIt is a kind of role's operating right, then sends and instruct to remote data base, calls in remote data base and be allocated to this on producing line treeThe functional module of role's operating right, if it is various rolls operating right, then user terminal will be allocated to various rolls operationThe functional module of module takes maximum intersection, sends and instructs to remote data base, calls the configuration in remote data base on producing line treeTo the intersection of the functional module of the various rolls operating right.
In an advantageous embodiment, user terminal judge the character data permission of login user be it is a kind of or a variety of, such asFruit is judged as a variety of, then successively verifies each character data permission of login user, and finds out the maximum character data power of permissionLimit, and judge that the maximum character data permission of the permission is any products-tree for accessing enough wide remote databases, if it can,Then verify role's operating right of the user.
In an advantageous embodiment, user terminal judge the character data permission of login user be it is a kind of or a variety of, such asFruit is judged as a variety of, then successively verifies each character data permission of login user, and finds out and be able to access that in remote data baseAll character data permissions of one or more producing line trees, and then judge role's operating right of all data permissions.
In an advantageous embodiment, whether remote data base checks producing line tree after the instruction for receiving user terminal transmissionThe functional module in need transferred is preset, if presetting the functional module in need transferred, is called for user terminal.
It is highly preferred that if the producing line tree Non-precondition functional module in need transferred, verifying role's operating right isIt is no to be able to access that or edit the functional module, if it is then user terminal transfers the functional module from remote data base, forFamily accesses or is edited on producing line tree.
In an advantageous embodiment, the system of the access remote data base further includes producing line tree building module, userAfter transferring functional module in remote data base, user constructs module by producing line tree and the functional module is edited into producing line tree at endOn.
In an advantageous embodiment, remote data base checks login user after the instruction for receiving user terminal transmissionCharacter data permission, if it is determined that the character data permission cannot access the producing line tree of remote data base, then remote data base toThe instruction that the transmission of user forbids user to log in;If it is determined that the character data permission is able to access that the producing line of remote data baseTree, then allow user terminal calling functional modules.
In an advantageous embodiment, remote data base is after the instruction for receiving user terminal transmission, or is judging the angleAfter color data permission is able to access that the producing line tree of remote data base, role's operating right of the user is checked, if it is a kind of angleColor permission then allows to be allocated to the functional module of role's operating right described in user terminal calling, operates if it is various rollsPermission, then the functional module for being allocated to the various rolls operation module is taken maximum intersection by database, and user terminal is allowed to callThe intersection of the functional module for being allocated to the various rolls operating right.
In an advantageous embodiment, the system of the access remote data base further includes for being arranged in remote data baseSecond role data permission correction verification module, remote data base receive user terminal transmission instruction after, second role data powerLimit the character data permission that correction verification module checks login user.
In an advantageous embodiment, the system of the access remote data base further includes for being arranged in remote data baseSecond role operating right correction verification module, journey database or judging the role after the instruction for receiving user terminal transmissionAfter data permission is able to access that the producing line tree of remote data base, second role operating right correction verification module checks the role of the userOperating right
The method and system of access remote data base provided by the present invention, configures multiple function moulds for remote data baseBlock, role's operating right and the data permission difference of user, then can only transfer the functional module with its permission match, not have powerThe user's of limit can not access or operate related function module, so that it is guaranteed that Information Security.
Detailed description of the invention
Fig. 1 is that remote data base method flow schematic diagram is accessed in an embodiment of the present invention;
Fig. 2 is to access remote data base method flow schematic diagram in another embodiment of the present invention;
Fig. 3 is to access remote data base method flow schematic diagram in the third embodiment of the invention.
Specific embodiment
Embodiment 1
Present embodiments provide a kind of system for accessing remote data base, comprising: user terminal, character data authority configuration mouldBlock, role's operating right configuration module, functional module configuration module, character data authorization check module, role's operating right schoolTest module, communication module.
Referring to Fig.1, the method for the present embodiment access remote data base is as follows:
For teledata lab setting functional module, functional module is formed into one or more producing line trees;For user terminal configurationIt may have access to the character data permission of remote data base producing line tree, configure one or more role's operating rights for user terminal, and beEvery kind of role's operating right setting may have access to or the functional module of editor;
When user logs in, user terminal verifies the character data permission of login user;If it is determined that the character data permission is notAny producing line tree of remote data base can be accessed, then user terminal terminates the login of the user;If it is determined that the character data permissionBeing able to access that the producing line tree of remote data base, then user terminal verification is allocated to the functional module of role's operating right of the user,It sends and instructs to remote data base, call the function mould for being allocated to role's operating right in remote data base on producing line treeBlock.
Wherein, user terminal judge the character data permission of login user be it is a kind of or a variety of, if it is determined that a variety of, thenEach character data permission of login user is successively verified, and finds out the maximum character data permission of permission, and judge the permissionMaximum character data permission is any products-tree for accessing enough wide remote databases, if it is then verifying the user'sRole's operating right.Alternatively, user terminal judge login user character data permission be it is a kind of or a variety of, if it is determined that moreKind, then each character data permission of login user is successively verified, and find out and be able to access that one or more in remote data baseAll character data permissions of producing line tree, and then judge role's operating right of all data permissions.
Embodiment 2
Referring to Fig. 2, the method that the present embodiment accesses remote data base is as follows:
For teledata lab setting functional module, functional module is formed into one or more producing line trees;For user terminal configurationIt may have access to the character data permission of remote data base producing line tree, configure one or more role's operating rights for user terminal, and beEvery kind of role's operating right setting may have access to or the functional module of editor;
When user logs in, user terminal verifies the character data permission of login user;If it is determined that the character data permission is notAny producing line tree of remote data base can be accessed, then user terminal terminates the login of the user;If it is determined that the character data permissionIt is able to access that the producing line tree of remote data base, then user terminal verification is allocated to the functional module of role's operating right of the user.
Wherein, user terminal judge role's operating right of the user be it is a kind of or a variety of, if it is a kind of role operatePermission then sends to remote data base and instructs, and calls in remote data base the role's operating right that is allocated on producing line treeFunctional module, if it is various rolls operating right, then user terminal will be allocated to the functional module of the various rolls operation moduleMaximum intersection is taken, sends and instructs to remote data base, calls in remote data base and is allocated to various rolls behaviour on producing line treeMake the intersection of the functional module of permission.
Remote data base checks whether producing line tree presets the function in need of transferring after the instruction for receiving user terminal transmissionModule is called if presetting the functional module in need transferred for user terminal.It is transferred if producing line tree Non-precondition is in needFunctional module, then verify whether role's operating right is able to access that or edits the functional module, if it is then user terminal fromThe functional module is transferred in remote data base, accesses for user or is edited on producing line tree.
Embodiment 2
Referring to Fig. 2, the method that the present embodiment accesses remote data base is as follows:
For teledata lab setting functional module, functional module is formed into one or more producing line trees;For user terminal configurationIt may have access to the character data permission of remote data base producing line tree, configure one or more role's operating rights for user terminal, and beEvery kind of role's operating right setting may have access to or the functional module of editor;
When user logs in, user terminal verifies the character data permission of login user;If it is determined that the character data permission is notAny producing line tree of remote data base can be accessed, then user terminal terminates the login of the user;If it is determined that the character data permissionIt is able to access that the producing line tree of remote data base, then user terminal verification is allocated to the functional module of role's operating right of the user;User terminal judge role's operating right of the user be it is a kind of or a variety of, if it is a kind of role's operating right, then Xiang YuanchengDatabase sends instruction, calls the functional module for being allocated to role's operating right in remote data base on producing line tree, ifIt is various rolls operating right, then the functional module for being allocated to the various rolls operation module is taken maximum intersection by user terminal, toRemote data base sends instruction, calls the function mould for being allocated to the various rolls operating right in remote data base on producing line treeThe intersection of block;
Remote data base checks the character data permission of login user, if sentenced after the instruction for receiving user terminal transmissionThe character data permission of breaking cannot access the producing line tree of remote data base, then transmission of the remote data base to user forbids user to step onThe instruction of record;If it is determined that the character data permission is able to access that the producing line tree of remote data base, then user terminal is allowed to call functionIt can module.
Wherein, remote data base is after the instruction for receiving user terminal transmission, or is judging that the character data permission canAfter the producing line tree for accessing remote data base, checks role's operating right of the user, if it is a kind of role-security, then allow to useThe functional module of role's operating right is allocated to described in the calling of family end, if it is various rolls operating right, then database willThe functional module for being allocated to the various rolls operation module takes maximum intersection, and allows to be allocated to this described in user terminal calling a variety ofThe intersection of the functional module of role's operating right.
Specific embodiments of the present invention are described in detail above, but it is merely an example, the present invention is simultaneously unlimitedIt is formed on particular embodiments described above.To those skilled in the art, any couple of present invention carries out equivalent modifications andSubstitution is also all among scope of the invention.Therefore, without departing from the spirit and scope of the invention made by equal transformation andModification, all should be contained within the scope of the invention.