阅读说明：本技术 一种用于资源保障投入的数据访问控制方法、装置和电子设备 (Data access control method and device for resource guarantee investment and electronic equipment ) 是由 徐国兴 周玖安 于 2021-08-19 设计创作，主要内容包括：本发明提供了一种数据访问控制方法、装置和计算机设备,该方法包括：接收客户端的输入操作和/或拖拽操作,提取节点数据；基于所述节点数据以及所述节点数据之间边数据,生成多维数组结构的多个任务流,并将所述多个任务流存储到数据库；在接收到用户的数据访问请求时,进行访问权限认证；对通过所述访问权限认证的数据访问请求,确定与该数据访问请求相对应的可调用的任务流；根据所确定的任务流,允许所述用户对所述数据库中的相应数据进行访问。本发明能够更安全、更有效控制数据访问,进而能够有效解决任务流中复杂工作流的流程控制困难问题,能够防止闭环数据的产生,还能够有效杜绝任务死循环等类似问题。(The invention provides a data access control method, a data access control device and computer equipment, wherein the method comprises the following steps: receiving input operation and/or dragging operation of a client, and extracting node data; generating a plurality of task flows of a multi-dimensional array structure based on the node data and the edge data between the node data, and storing the task flows into a database; when a data access request of a user is received, access authority authentication is carried out; for the data access request passing the access authority authentication, determining a task flow which can be called and corresponds to the data access request; and allowing the user to access corresponding data in the database according to the determined task flow. The invention can control data access more safely and effectively, further can effectively solve the problem of difficult process control of complex workflow in the task flow, can prevent closed-loop data from being generated, and can effectively avoid the problems of task endless loop and the like.)

1. A data access control method for an internet resource service, comprising:

receiving input operation and/or dragging operation of a client, and extracting node data;

generating a plurality of task flows of a multi-dimensional array structure based on the node data and the edge data between the node data, and storing the task flows into a database;

when a data access request of a user is received, access authority authentication is carried out;

for the data access request passing the access authority authentication, determining a task flow which can be called and corresponds to the data access request;

and allowing the user to access corresponding data in the database according to the determined task flow.

2. The data access control method for internet resource service of claim 1, wherein the extracting node data comprises:

extracting at least the following two kinds of node data: time variable corresponding to internet resource service, task node or task monitoring and whether the task is a synchronous task, role characteristics with different authorities and whether the task is a newly added data source;

and carrying out main node identification and branch node identification on each node data.

3. The data access control method for internet resource services according to claim 1 or 2, wherein the generating the plurality of task flows of the multidimensional array structure based on the node data and the edge data between the node data comprises:

and determining edge data between every two adjacent nodes according to the extracted at least two types of node data, and performing edge identification on all the obtained edge data to generate a directed acyclic graph of the multi-dimensional array structure, wherein the edge data is used for representing the mutual relation or the dependency relation between the main node and the branch nodes.

4. The data access control method for internet resource service of claim 3, wherein the determining the task flow that can be invoked corresponding to the data access request for the data access request authenticated by the access right comprises:

and selecting the task flow with the shortest calling time from the plurality of task flows which can be called, and executing a data calling process.

5. The method as claimed in claim 1 or 4, further comprising synchronizing the newly generated task flows to all task flow lists in real time before storing the task flows in the database, so as to update the calling sequence and execution time of each task flow.

6. The data access control method for internet resource service according to claim 1 or 4, wherein the performing access right authentication upon receiving the data access request of the user comprises:

identifying user identification information in the data access request, and automatically judging whether the user is a user in a user list with authority;

when the user is judged to be a user in a user list with the authority, the access authority authentication is determined to be passed; and when the user is judged not to be the user in the user list with the authority, determining that the access authority authentication is not passed.

7. The data access control method for internet resource services of claim 5, further comprising:

and configuring the calling priority of the task flow according to the internet resource service type to determine a calling sequence, wherein the internet resource service type comprises resource guarantee input service, resource allocation service, resource raising service and resource mutual assistance service.

8. A data access control device for an internet resource service, comprising:

the receiving processing module is used for receiving input operation and/or dragging operation of the client and extracting node data;

the generating and processing module is used for generating a plurality of task flows of a multi-dimensional array structure based on the node data and the edge data between the node data and storing the task flows into a database;

the authentication module is used for authenticating the access authority when receiving a data access request of a user;

the determining module is used for determining the task flow which can be called and corresponds to the data access request for the data access request which passes the access authority authentication;

and the access processing module is used for allowing the user to access corresponding data in the database according to the determined task flow.

9. The data access control device for internet resource service of claim 8, further comprising an extraction module, wherein the extraction module is configured to extract at least two node data:

time variable corresponding to internet resource service, task node or task monitoring and whether the task is a synchronous task, role characteristics with different authorities and whether the task is a newly added data source;

and carrying out main node identification and branch node identification on each node data.

10. The data access control device for internet resource service according to claim 8 or 9, further comprising a generation module, configured to determine, according to the extracted at least two types of node data, edge data between every two adjacent nodes, and perform edge identification on all the obtained edge data to generate a directed acyclic graph of a multidimensional array structure, where the edge data is used to characterize an interrelation or a dependency between a main node and a branch node.

Technical Field

The invention relates to the field of computer information processing, in particular to a data access control method and device for resource guarantee investment and electronic equipment.

Background

The conventional mysql client can only designate to log in a certain database in a command line mode, and needs to carry a database corresponding to the database password in the parameter. However, as the department business grows and the databases increase, the database login password and the host name of the corresponding database are searched for each time the database is logged in, and then the client logs in by using the mysql command, so that the user is quite troublesome to access specific data. In addition, with the addition of a new database, the synchronization of database information among departments is also very complicated.

The existing data integration extraction modes are various, the implementation technologies are different, unified integrated management and control are lacked, data synchronization realized by different technologies is not easy to coordinate, a data link is long, association dependence is not uniform, and the synchronization program alarming and data problem determination searching are relatively complex. In database data management, because of the problems of unreasonable authority distribution and the like in the authority management aspect, developers or service personnel can easily delete data or a database by mistake due to misoperation, and therefore the risk of losing a certain amount of data is improved. In addition, the existing task flow has the problems of difficult flow control of complex workflow, task endless loop caused by the generation of closed-loop data and the like.

Therefore, it is necessary to provide a more secure data access control method.

Disclosure of Invention

The method aims to solve the problems that access authority distribution is unreasonable, safety performance of user access data is low, data processing efficiency in a data calling process is low, flow control of complex workflow in the existing task flow is difficult, and task endless loop and the like caused by closed-loop data are generated.

The invention provides a data access control method for internet resource service, which comprises the following steps: receiving input operation and/or dragging operation of a client, and extracting node data; generating a plurality of task flows of a multi-dimensional array structure based on the node data and the edge data between the node data, and storing the task flows into a database; when a data access request of a user is received, access authority authentication is carried out; for the data access request passing the access authority authentication, determining a task flow which can be called and corresponds to the data access request; and allowing the user to access corresponding data in the database according to the determined task flow.

Preferably, the extracting node data comprises: extracting at least the following two kinds of node data: time variable corresponding to internet resource service, task node or task monitoring and whether the task is a synchronous task, role characteristics with different authorities and whether the task is a newly added data source; and carrying out main node identification and branch node identification on each node data.

Preferably, the generating the plurality of task flows of the multidimensional array structure based on the node data and the edge data between the node data includes: and determining edge data between every two adjacent nodes according to the extracted at least two types of node data, and performing edge identification on all the obtained edge data to generate a directed acyclic graph of the multi-dimensional array structure, wherein the edge data is used for representing the mutual relation or the dependency relation between the main node and the branch nodes.

Preferably, the determining, for a data access request authenticated by the access right, a task flow that can be invoked corresponding to the data access request includes: and selecting the task flow with the shortest calling time from the plurality of task flows which can be called, and executing a data calling process.

Preferably, before storing the plurality of task flows in the database, the method further includes synchronizing the newly generated plurality of task flows in all task flow lists in real time to update the calling sequence and the execution time of each task flow.

Preferably, the performing access right authentication when receiving a data access request of a user includes: identifying user identification information in the data access request, and automatically judging whether the user is a user in a user list with authority; when the user is judged to be a user in a user list with the authority, the access authority authentication is determined to be passed; and when the user is judged not to be the user in the user list with the authority, determining that the access authority authentication is not passed.

Preferably, the method further comprises the following steps: and configuring the calling priority of the task flow according to the internet resource service type to determine a calling sequence, wherein the internet resource service type comprises resource guarantee input service, resource allocation service, resource raising service and resource mutual assistance service.

Further, a second aspect of the present invention provides a data access control apparatus for an internet resource service, comprising: the receiving processing module is used for receiving input operation and/or dragging operation of the client and extracting node data; the generating and processing module is used for generating a plurality of task flows of a multi-dimensional array structure based on the node data and the edge data between the node data and storing the task flows into a database; the authentication module is used for authenticating the access authority when receiving a data access request of a user; the determining module is used for determining the task flow which can be called and corresponds to the data access request for the data access request which passes the access authority authentication; and the access processing module is used for allowing the user to access corresponding data in the database according to the determined task flow.

Preferably, the data access control device further comprises an extraction module, and the extraction module is configured to extract at least the following two types of node data: time variable corresponding to internet resource service, task node or task monitoring and whether the task is a synchronous task, role characteristics with different authorities and whether the task is a newly added data source; and carrying out main node identification and branch node identification on each node data.

Preferably, the data access control device further includes a generation module, where the generation module is configured to determine edge data between every two adjacent nodes according to the extracted at least two types of node data, and perform edge identification on all the obtained edge data to generate a directed acyclic graph of the multidimensional array structure, where the edge data is used to represent an interrelation or a dependency between a main node and a branch node.

Furthermore, a third aspect of the present invention provides a computer device comprising a processor and a memory for storing a computer executable program, which when executed by the processor performs the data access control method according to the first aspect of the present invention.

Furthermore, a fourth aspect of the present invention provides a computer program product storing a computer-executable program which, when executed, implements the data access control method according to the first aspect of the present invention.

Advantageous effects

Compared with the prior art, the method and the device have the advantages that the input operation and/or the dragging operation of the client are received, the node data are extracted, the multiple task flows of the multi-dimensional array structure are generated through the node data and the side data among the node data, the multiple task flows are stored in the database, the task flows can be effectively formed into a data structure of a DAG format, the execution process of the task flows in the calling process can be effectively improved, and the data processing capacity can be improved; when a data access request of a user is received, access authority authentication is carried out, and more effective authority management can be realized; by determining the data access request passing the access authority authentication, the task flow which can be called and corresponds to the data access request can be controlled more safely and effectively, the problem of flow control of complex workflow in the task flow can be solved effectively, closed-loop data can be prevented from being generated, and the similar problems of task endless loop and the like can be avoided effectively.

Furthermore, by generating a plurality of task flows with a multidimensional array structure and using a data structure with a DAG format to store data so as to construct the data access control device, the multifunctional comprehensive performance of the data access control device and an internet resource service platform can be improved, and the data development efficiency and the data security can be improved.

Drawings

In order to make the technical problems solved by the present invention, the technical means adopted and the technical effects obtained more clear, the following will describe in detail the embodiments of the present invention with reference to the accompanying drawings. It should be noted, however, that the drawings described below are only illustrations of exemplary embodiments of the invention, from which other embodiments can be derived by those skilled in the art without inventive faculty.

Fig. 1 is a flowchart of an example of a data access control method for an internet resource service according to embodiment 1 of the present invention.

Fig. 2 is a schematic diagram of an example of a data processing interface in the data access control method for an internet resource service according to embodiment 1 of the present invention.

Fig. 3 is a schematic diagram of an example of a DAG graph in the data access control method for an internet resource service according to embodiment 1 of the present invention.

Fig. 4 is a flowchart of still another example of a data access control method for an internet resource service according to embodiment 1 of the present invention.

Fig. 5 is a schematic diagram of an example of a data access control apparatus for an internet resource service according to embodiment 2 of the present invention.

Fig. 6 is a schematic diagram of another example of a data access control apparatus for an internet resource service according to embodiment 2 of the present invention.

Fig. 7 is a schematic diagram of still another example of a data access control apparatus for an internet resource service according to embodiment 2 of the present invention.

Fig. 8 is a block diagram of an exemplary embodiment of a computer device according to the present invention.

Fig. 9 is a block diagram of an exemplary embodiment of a computer program product according to the present invention.

Detailed Description

Exemplary embodiments of the present invention will now be described more fully with reference to the accompanying drawings. The exemplary embodiments, however, may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. The same reference numerals denote the same or similar elements, components, or parts in the drawings, and thus their repetitive description will be omitted.

Features, structures, characteristics or other details described in a particular embodiment do not preclude the fact that the features, structures, characteristics or other details may be combined in a suitable manner in one or more other embodiments in accordance with the technical idea of the invention.

In describing particular embodiments, the present invention has been described with reference to features, structures, characteristics or other details that are within the purview of one skilled in the art to provide a thorough understanding of the embodiments. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific features, structures, characteristics, or other details.

The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.

The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.

It will be understood that, although the terms first, second, third, etc. may be used herein to describe various elements, components, or sections, these terms should not be construed as limiting. These phrases are used to distinguish one from another. For example, a first device may also be referred to as a second device without departing from the spirit of the present invention.

The term "and/or" and/or "includes any and all combinations of one or more of the associated listed items.

In order to access a database more quickly and effectively and improve the safety of data management and access, the invention provides a data access control method for internet resource service, which extracts node data by receiving input operation and/or drag operation of a client, generates a plurality of task flows of a multidimensional array structure by the node data and edge data between the node data, and stores the task flows into the database, thereby effectively improving the execution process of each task flow in the calling process and improving the data processing capacity; when a data access request of a user is received, access authority authentication is carried out, and more effective authority management can be realized; by determining the data access request passing the access authority authentication, the task flow which can be called and corresponds to the data access request can be controlled more safely and effectively, the problem of flow control of complex workflow in the task flow can be solved effectively, closed-loop data can be prevented from being generated, and the similar problems of task endless loop and the like can be avoided effectively.

Example 1

Hereinafter, an embodiment of a data access control method for an internet resource service of the present invention will be described with reference to fig. 1 to 4.

Fig. 1 is a flowchart of a data access control method for an internet resource service according to the present invention. As shown in fig. 1, the data access control method includes the following steps.

And step S101, receiving input operation and/or dragging operation of a client, and extracting node data.

Step S102, based on the node data and the edge data between the node data, generating a plurality of task flows of a multi-dimensional array structure, and storing the plurality of task flows into a database.

Step S103, when receiving the data access request of the user, the access authority authentication is carried out.

And step S104, determining the task flow which can be called and corresponds to the data access request for the data access request which passes the access authority authentication.

And step S105, allowing the user to access corresponding data in the database according to the determined task flow.

In the present invention, the internet resource service includes a service resource that provides, for example, shopping, riding, maps, takeouts, shared vehicles, and the like in response to an application from the user equipment to the internet resource service platform. For example, the internet resource service includes a resource usage service, a resource allocation service, a resource raising service, a resource guarantee service or a mutual aid service, a group buying and taking service, and the like. Where resources refer to any available substances, information, time, information resources including computing resources and various types of data resources. The data resources include various private data in various domains. The following takes data related to internet resource securing services as an example to specifically describe the method of the present invention.

First, in step S101, an input operation and/or a drag operation of the client is received, and node data is extracted.

For an internet resource service platform, a client is developed by combining JavaScript language with SVG, and a server is developed by PHP language to realize a DAG (Directed Acyclic Graph) structure.

Specifically, the internet resource service platform comprises a data query module, a data development module, a data monitoring module and a data management module. For example, the internet resource service platform comprises one or more service terminals in a multi-service line, and the internet resource service platform supports a MySQL database, a Hive database and the like.

In one embodiment, a user (i.e., a client), such as a developer, performs an input operation and/or a drag operation on an editable interface of an internet resource service platform, which receives the input operation and/or the drag operation of the developer (i.e., the client).

For example, a developer enters "data source type" and/or "data source name" for a query on a data processing interface.

For another example, a data manager clicks a corresponding data processing interface (for example, an editable interface corresponding to system variable management, a workflow list, data source management, an instance list, resource management, and the like), jumps to the corresponding interface, and performs an input operation, for example, inputting "data source type", "data source name", "port", "database name", "user name", "operation information", and the like, to create each data source, which may be specifically shown in fig. 2.

For example, data management personnel drag and manipulate data related to system variables, operation and maintenance management, rights management, data source management, task flow management, and the like of different service types to form a data structure diagram, which may be specifically referred to in fig. 3. Therefore, data is stored through the data structure diagram, and the data processing efficiency can be improved.

For another example, the user such as the operation and maintenance staff moves the position of the data by dragging the corresponding data, and deletes the data or adds the data.

Further, the node data is extracted from a data structure diagram formed by input operation and/or drag operation of the client.

Specifically, at least the following two kinds of node data are extracted: time variables corresponding to internet resource services, task node or task monitoring, whether the task node or task is a synchronous task, role characteristics with different authorities, and whether the task node or task is a newly added data source.

As a specific embodiment, for example, a time variable (i.e., a system variable) corresponding to an internet resource service, task monitoring, role features having different permissions, and whether it is a newly added data source are extracted as node data.

Specifically, for example, the data structure diagram of a plurality of branches including a main node and a branch node is formed by gradually branching and expanding outwards from a central node (for example, a data integration central node), and see fig. 3 specifically.

Further, main node identification and branch node identification are carried out on each node data. For example, the master node identification includes a number identification associated with a system variable, an operation and maintenance management, a privilege role (or basic role), a data source management, a task (or synchronization task), and the like. The branch node identifiers include numbering identifiers related to dates, synchronous operation, super administrators, workgroups, developers, scheduling configurations, and the like.

Optionally, during the process of node data extraction, main node identification and branch node identification are performed.

Therefore, by receiving the input operation and/or the drag operation of the client, the user operation can be visualized, and by extracting the node data to form a data structure diagram of a plurality of branches (or multidimensional arrays) including the main node and the branch nodes, the data structure can be realized, and a more effective data storage format can be realized to improve the data processing efficiency.

It should be noted that the above description is only given by way of example, and the present invention is not limited thereto.

Next, in step S102, a plurality of task flows of a multidimensional array structure are generated based on the node data and the edge data between the node data, and the task flows are stored in a database.

Specifically, according to at least two extracted node data, edge data between every two adjacent nodes is determined, and edge identification is performed on all the obtained edge data to generate a directed acyclic graph (i.e., DAG graph) with a multidimensional array structure, for example, the edge identification includes system variables, operation and maintenance management, authority roles (or basic roles), data source management, tasks (or synchronous tasks), task instances, synchronous task lists, real-time task lists, hypervisors, work rentals, developers, data source lists, newly added data sources, basic attributes, pipeline control, node scheduling configuration attributes, and the like, which is specifically shown in fig. 3.

More specifically, the edge data is used to characterize the interrelationships or dependencies between the main nodes and the branch nodes.

Further, according to the node data, the edge data between the node data having the interrelation or the dependency relationship, and the directed acyclic graph (i.e., the DAG graph), a plurality of task flows of the multidimensional array structure are generated, where each task flow includes a flow node corresponding to the master node and the branch node and its related node data, the edge data, and a task parameter (e.g., whether it is a synchronous task, a task execution time, etc.). In other words, the task flow is used for being called when the user accesses the corresponding database in the internet resource service platform, and the user access to the database and the data thereof can be effectively controlled.

Specifically, each task flow is realized through a flow canvas, the flow canvas of each task is a DAG graph formed by dragging by a user (for example, operation and maintenance personnel, and the like), the back end extracts node data of a main node and a branch node according to related data dragged by the user, identifies a unique (or globally unique) identity ID (namely a node ID) for each node data, generates edge data information (a flow tree for workflow execution) of a multi-dimensional array structure according to the related data dragged by the user and the generated node ID, and stores the data information after format conversion (for example, conversion into a json object) in a corresponding database for calling.

It should be noted that the task flow is mainly flow node data of the task flow stored in a data structure in a DAG format by applying a DAG graph (also referred to as a DAG network graph in the present invention). For example, JavaScript + php is used to simultaneously implement data processing and storage of the directed acyclic graph at the front end and the back end. And determining the dependency relationship (namely edge data) between every two adjacent flow nodes in turn according to the DAG graph. Since the DAG graph has topological ordering, and if from vertex V in the DAG graph_i～V_j(corresponding to the flow node above) has a path, then the current node (current vertex) V can be determined in the topological ordering_{When in use}A path to a task flow of data to be invoked.

Optionally, all interrelations or dependencies (i.e. edge data) are numbered for distinction, storage and invocation (identity ID or node ID).

Specifically, each task flow includes a plurality of associated serial number identifiers, or serial number identifier strings of multiple levels of nodes, for example, the serial number identifier strings are SZ000000 (serial number identifier of data integration center node) -Sa001 × 8Y1 (serial number identifier of data source management node) -Sab13 × 40 (serial number identifier of data source list) -SabL56 × 889 (serial number identifier of specific data of internet resource provisioning service), and the like, and the serial number identifier strings include three levels of nodes, where the first level of nodes are data integration center nodes, the second level of nodes are data source management nodes, the third level of nodes are data source list, and the fourth level of nodes are specific data of internet resource provisioning service.

Further, the generated plurality of task flows are stored in a corresponding database of the internet service platform.

In another embodiment, as shown in fig. 4, before storing the plurality of task flows in the database, the following step S201 is further included: and synchronizing the newly generated task flows into all task flow lists in real time so as to update the calling sequence and the execution time of each task flow.

Alternatively, the call sequence and execution time of each task flow may be updated in real time, or updated according to a specific time interval.

Therefore, a plurality of task flows with a multidimensional array structure are generated through the node data and the edge data between the node data, each task flow can be effectively formed into a data structure with a DAG format, the execution process of each task flow in the calling process can be effectively improved, and the data processing capacity can be improved. In addition, the method can effectively solve the problem of flow control of complex workflow in the task flow, can prevent closed-loop data from being generated, and can effectively avoid the similar problems of task endless loop and the like.

It should be noted that the above description is only given by way of example, and the present invention is not limited thereto.

Next, an application process of the generated task flow will be explained in conjunction with an example.

In step S103, when a data access request from a user is received, access authority authentication is performed.

For example, in an application example in which a user accesses a database of the internet resource service platform using a MySQL client, the user inputs a data access request at the client, and the internet resource service platform receives the data access request of the user.

Specifically, the data access request comprises user request information and user identity information, wherein the user request information comprises request data information for accessing one or more databases, names of the one or more databases, and callable ports; the user identity information includes a user account number, a user identity number or a user mobile phone number, and user equipment identification information (e.g., a user equipment identification code, a user equipment model or name), and the like.

As a specific implementation manner, the internet resource service platform performs access authority authentication when receiving a data access request of a user.

Specifically, user identification information or user equipment identification information in the data access request is identified.

Further, whether the user is a user in a user list with authority is automatically judged according to the identified user identification information and/or the user equipment identification information.

Optionally, according to the internet resource service type, the data source type, the authority level and other influencing factors, configuring a user list with different authorities, and updating the user list in real time and synchronously.

Specifically, whether the user is a user in a user list with authority is automatically judged according to the identified user identification information and/or user equipment identification information.

Further, when the user is judged to be a user in the user list with the authority, the access authority authentication is determined to be passed.

And when the user is judged not to be the user in the user list with the authority, determining that the access authority authentication is not passed.

It should be noted that the above description is only given by way of example, and the present invention is not limited thereto.

Next, in step S104, for the data access request authenticated by the access authority, the task flow that can be invoked corresponding to the data access request is determined.

Specifically, for the data access request which passes the access authority authentication, determining a plurality of task flows which can be invoked according to the access data type, the user identification information and/or the user equipment identification information in the identified data access request and the access time.

More specifically, the access data type includes related data corresponding to an internet resource service type.

Further, the task flow with the shortest calling time is selected from the plurality of task flows which can be called, and a data calling process is executed.

Specifically, the selecting the task flow with the shortest invocation time includes determining the task flow with the shortest invocation time.

More specifically, topology sequencing is performed on the DAG graph obtained in step S103, and a linear order between nodes is determined; for each callable task stream, fetching vertices (i.e., nodes) V in the topological order_iTo and node V_iPerforming one-pass relaxation processing on adjacent vertexes (namely nodes) (namely performing one-pass relaxation processing on the determined callable task flow); calculating dis [ V ]_n]＝min{dist[u]+w[u][V_n]U can reach V_nAnd n is a positive integer }, so as to determine the task flow with the shortest calling time.

Optionally, a node V is configured for being a starting point_iOr node V as an end point_jAnd updating the corresponding task flow path according to the updating time.

In one embodiment, the computed dis [ V ] of each callable task stream is determined based on the identified access data type and access time in the data access request_n]To determine the task flow with the shortest invocation time.

In another embodiment, the task flow with the shortest calling time is determined according to the calling sequence and the executing time of each task flow in all the task flow lists at present and the access data type and the access time in the identified data access request.

In still another embodiment, when the number of the task flows having the shortest call time is plural, one task flow is selected from the plural task flows according to the call priority of each task flow.

For example, the invocation priority of the task flow is configured for determining the invocation order according to the internet resource service types, which include resource guarantee investment service, resource allocation service, resource raising service and resource mutual aid service. For example, a call priority related to the resource provisioning engagement service is configured as a first priority, a call priority related to the resource interworking service is configured as a second priority, a call priority related to the resource staging service is configured as a third priority, and a call priority related to the resource allocation service is configured as a fourth priority.

It should be noted that the above description is only given by way of example, and the present invention is not limited thereto.

In step S105, the user is allowed to access the corresponding data in the database according to the determined task flow.

Specifically, according to the task flow with the shortest calling time, the user is provided with the calling port of the corresponding database, so that the user is allowed to access the corresponding data in the corresponding database. Wherein the callable port is a call port corresponding to the respective database.

For example, user 1 requests access to data a in database A, provides a callable port D8 to the user's client according to the determined task flow R1, and executes the task flow R1 to perform a data call or data access process.

In another embodiment, the number of access users, access time, access right allocation and the like of each database are configured and specific detailed information is recorded to form a structured data table. Therefore, data structuring can be realized, and quick query of data or a database is facilitated.

In another embodiment, in the case that a new data source is detected, the new data source is numbered and named, and a new data source is created and added to, for example, a hash list, and stored in the corresponding database in the format of the hash list. Therefore, the data structure is further optimized, the quick query of data or a database is facilitated, the flexibility and the safety of the query are improved, the problems of data loss or data deletion and the like caused by misoperation are avoided, the safety of data management and data access is improved, and the effectiveness of data access control is improved.

Further, under the condition that the newly added data are detected, the newly added data are synchronized to the corresponding database in real time.

It should be noted that the above description is only given by way of example, and the present invention is not limited thereto.

In another embodiment, according to the analysis result of the data access request of the current user, a plurality of task flows which can be called are determined, and then the access authority authentication of the current user is performed.

Therefore, according to the determined task flow, the user is allowed to access the corresponding data in the database, data access can be controlled more safely and effectively, and more effective authority management can be achieved.

It should be noted that the above description is only given by way of example, and the present invention is not limited thereto.

Those skilled in the art will appreciate that all or part of the steps to implement the above-described embodiments are implemented as programs (computer programs) executed by a computer data processing apparatus. When the computer program is executed, the method provided by the invention can be realized. Furthermore, the computer program may be stored in a computer readable storage medium, which may be a readable storage medium such as a magnetic disk, an optical disk, a ROM, a RAM, or a storage array composed of a plurality of storage media, such as a magnetic disk or a magnetic tape storage array. The storage medium is not limited to centralized storage, but may be distributed storage, such as cloud storage based on cloud computing.

Compared with the prior art, the method and the device have the advantages that the input operation and/or the dragging operation of the client are received, the node data are extracted, the multiple task flows of the multi-dimensional array structure are generated through the node data and the side data among the node data, the multiple task flows are stored in the database, the task flows can be effectively formed into a data structure of a DAG format, the execution process of the task flows in the calling process can be effectively improved, and the data processing capacity can be improved; when a data access request of a user is received, access authority authentication is carried out, and more effective authority management can be realized; by determining the data access request passing the access authority authentication, the task flow which can be called and corresponds to the data access request can be controlled more safely and effectively, the problem of flow control of complex workflow in the task flow can be solved effectively, closed-loop data can be prevented from being generated, and the similar problems of task endless loop and the like can be avoided effectively.

Example 2

Embodiments of the apparatus of the present invention are described below, which may be used to perform method embodiments of the present invention. The details described in the device embodiments of the invention should be regarded as complementary to the above-described method embodiments; reference is made to the above-described method embodiments for details not disclosed in the apparatus embodiments of the invention.

Referring to fig. 3, 5, 6 and 7, the present invention also provides a data access control apparatus 400 for an internet resource service, the data access control apparatus 400 including: a receiving processing module 401, configured to receive an input operation and/or a drag operation of a client, and extract node data; a generating and processing module 402, configured to generate a plurality of task flows of a multidimensional array structure based on the node data and the edge data between the node data, and store the task flows in a database; an authentication module 403, configured to perform access right authentication when receiving a data access request of a user; a determining module 404, configured to determine, for a data access request authenticated by the access right, an invokable task stream corresponding to the data access request; an access processing module 405, configured to allow the user to access corresponding data in the database according to the determined task flow.

As shown in fig. 6, in another embodiment, the data access control apparatus 400 further includes an extraction module 501, i.e., the reception processing module 401 in fig. 5 is divided into the reception processing module 401 and the extraction module. The extracting module 501 is configured to extract at least the following two types of node data: time variable corresponding to internet resource service, task node or task monitoring and whether the task is a synchronous task, role characteristics with different authorities and whether the task is a newly added data source; and carrying out main node identification and branch node identification on each node data.

In another embodiment, as shown in fig. 7, the data access control apparatus 400 further includes a storage module 601, i.e. the generation processing module 402 in fig. 5 is divided into the generation processing module 402 and the storage module 601. The storage module 601 is configured to determine edge data between every two adjacent nodes according to the extracted at least two types of node data, and perform edge identification on all the obtained edge data to generate a directed acyclic graph with a multidimensional array structure, where the edge data is used to represent an interrelation or a dependency between a main node and a branch node.

Specifically, according to at least two extracted node data, edge data between every two adjacent nodes is determined, and edge identification is performed on all the obtained edge data to generate a directed acyclic graph (i.e., DAG graph) with a multidimensional array structure, for example, the edge identification includes system variables, operation and maintenance management, authority roles (or basic roles), data source management, tasks (or synchronous tasks), task instances, synchronous task lists, real-time task lists, hypervisors, work rentals, developers, data source lists, newly added data sources, basic attributes, pipeline control, node scheduling configuration attributes, and the like, which is specifically shown in fig. 3.

Further, according to the node data, the edge data between the node data having the interrelation or the dependency relationship, and the directed acyclic graph (i.e., the DAG graph), a plurality of task flows of the multidimensional array structure are generated, where each task flow includes a flow node corresponding to the master node and the branch node and its related node data, the edge data, and a task parameter (e.g., whether it is a synchronous task, a task execution time, etc.). In other words, the task flow is used for being called when the user accesses the corresponding database in the internet resource service platform, and the user access to the database and the data thereof can be effectively controlled.

Specifically, each task flow is realized through a flow canvas, the flow canvas of each task is a DAG graph formed by dragging by a user (for example, operation and maintenance personnel, and the like), the back end extracts node data of a main node and a branch node according to related data dragged by the user, identifies a unique (or globally unique) identity ID (namely a node ID) for each node data, generates edge data information (a flow tree for workflow execution) of a multi-dimensional array structure according to the related data dragged by the user and the generated node ID, and stores the data information after format conversion (for example, conversion into a json object) in a corresponding database for calling.

It should be noted that the task flow is mainly flow node data of the task flow stored in a data structure in a DAG format by applying a DAG graph (also referred to as a DAG network graph in the present invention). For example, JavaScript + php is used to simultaneously implement data processing and storage of the directed acyclic graph at the front end and the back end. And determining the dependency relationship (namely edge data) between every two adjacent flow nodes in turn according to the DAG graph. Since the DAG graph has topological ordering, and if from vertex V in the DAG graph_i～V_j(corresponding to the flow node above) has a path, then the current node (current vertex) V can be determined in the topological ordering_{When in use}A path to a task flow of data to be invoked.

Optionally, all interrelations or dependencies (i.e. edge data) are numbered for distinction, storage and invocation (identity ID or node ID).

Further, the generated plurality of task flows are stored in a corresponding database of the internet service platform.

Thus, by creating a plurality of task flows having a multidimensional array structure and storing data using a data structure having a DAG format to construct a data access control device, the data access control device and internet resource services can be improved.

In another embodiment, before storing the plurality of task flows in the database, the method further includes synchronizing the newly generated plurality of task flows in all task flow lists in real time to update the calling sequence and the execution time of each task flow. For example, the invocation priority of the task flow is configured for determining the invocation order according to the internet resource service types, which include resource guarantee investment service, resource allocation service, resource raising service and resource mutual aid service.

Specifically, the performing access right authentication when receiving a data access request of a user includes: identifying user identification information in the data access request, and automatically judging whether the user is a user in a user list with authority; when the user is judged to be a user in a user list with the authority, the access authority authentication is determined to be passed; and when the user is judged not to be the user in the user list with the authority, determining that the access authority authentication is not passed.

Specifically, the determining, for a data access request authenticated by the access right, an invokable task flow corresponding to the data access request includes: and selecting the task flow with the shortest calling time from the plurality of task flows which can be called, and executing a data calling process. And selecting the task flow with the shortest calling time comprises determining the task flow with the shortest calling time.

More specifically, carrying out topological ordering on the obtained DAG graph, and determining a linear order among nodes; for each callable task stream, fetching vertices (i.e., nodes) V in the topological order_iTo and node V_iPerforming one-pass relaxation processing on adjacent vertexes (namely nodes) (namely performing one-pass relaxation processing on the determined callable task flow); calculating dis [ V ]_n]＝min{dist[u]+w[u][V_n]U can reach V_nAnd n is a positive integer }, so as to determine the task flow with the shortest calling time.

Optionally, a node V is configured for being a starting point_iOr node V as an end point_jAnd updating the corresponding task flow path according to the updating time.

In one embodiment, the computed dis [ V ] of each callable task stream is determined based on the identified access data type and access time in the data access request_n]To determine the task flow with the shortest invocation time.

In another embodiment, the task flow with the shortest calling time is determined according to the calling sequence and the executing time of each task flow in all the task flow lists at present and the access data type and the access time in the identified data access request.

In still another embodiment, when the number of the task flows having the shortest call time is plural, one task flow is selected from the plural task flows according to the call priority of each task flow.

In another embodiment, the data access control device further includes multiple functions of table query, hierarchy query, blood relationship graph, data synchronization, cluster monitoring, base table management, and process authority management, so that data development efficiency and data security can be improved for improving safer and more effective data calling.

In embodiment 2, the same portions as those in embodiment 1 are not described.

Those skilled in the art will appreciate that the modules in the above-described embodiments of the apparatus may be distributed as described in the apparatus, and may be correspondingly modified and distributed in one or more apparatuses other than the above-described embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.

Compared with the prior art, the method and the device have the advantages that the input operation and/or the dragging operation of the client are received, the node data are extracted, the multiple task flows of the multi-dimensional array structure are generated through the node data and the side data among the node data, the multiple task flows are stored in the database, the task flows can be effectively formed into a data structure of a DAG format, the execution process of the task flows in the calling process can be effectively improved, and the data processing capacity can be improved; when a data access request of a user is received, access authority authentication is carried out, and more effective authority management can be realized; by determining the data access request passing the access authority authentication, the task flow which can be called and corresponds to the data access request can be controlled more safely and effectively, the problem of flow control of complex workflow in the task flow can be solved effectively, closed-loop data can be prevented from being generated, and the similar problems of task endless loop and the like can be avoided effectively.

Furthermore, by generating a plurality of task flows with a multidimensional array structure and using a data structure with a DAG format to store data so as to construct the data access control device, the multifunctional comprehensive performance of the data access control device and an internet resource service platform can be improved, and the data development efficiency and the data security can be improved.

Example 3

In the following, embodiments of the electronic device of the present invention are described, which may be regarded as specific physical implementations for the above-described embodiments of the method and apparatus of the present invention. Details described in the embodiments of the electronic device of the invention should be considered supplementary to the embodiments of the method or apparatus described above; for details which are not disclosed in embodiments of the electronic device of the invention, reference may be made to the above-described embodiments of the method or the apparatus.

Fig. 8 is a block diagram of an exemplary embodiment of a computer device according to the present invention. A computer apparatus 200 according to this embodiment of the present invention is described below with reference to fig. 8. The computer device 200 shown in fig. 8 is only an example and should not bring any limitation to the function and the scope of use of the embodiments of the present invention.

As shown in FIG. 8, computer device 200 is in the form of a general purpose computing device. The components of computer device 200 may include, but are not limited to: at least one processing unit 210, at least one storage unit 220, a bus 230 connecting different device components (including the storage unit 220 and the processing unit 210), a display unit 240, and the like.

Wherein the storage unit stores program code executable by the processing unit 210 to cause the processing unit 210 to perform steps according to various exemplary embodiments of the present invention described in the processing method section of the above-mentioned computer apparatus of the present specification. For example, the processing unit 210 may perform the steps as shown in fig. 1.

The memory unit 220 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)2201 and/or a cache memory unit 2202, and may further include a read only memory unit (ROM) 2203.

The storage unit 220 may also include a program/utility 2204 having a set (at least one) of program modules 2205, such program modules 2205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

Bus 230 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The computer device 200 may also communicate with one or more external devices 300 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the computer device 200, and/or with any devices (e.g., router, modem, etc.) that enable the computer device 200 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 250. Also, computer device 200 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) through network adapter 260. Network adapter 260 may communicate with other modules of computer device 200 via bus 230. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the computer device 200, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments of the present invention described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a computer-readable storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, or a network device, etc.) execute the above-mentioned method according to the present invention. Which when executed by a data processing device, enables the computer program product to carry out the above-mentioned method of the invention.

Fig. 9 is a block diagram of an exemplary embodiment of a computer program product according to the present invention.

As shown in fig. 9, the computer program may be stored on one or more computer program products. The computer program product may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer program product include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The computer program product may comprise a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. The computer program product may send, propagate, or transport the program for use by or in connection with the instruction execution apparatus or device. Program code embodied on the computer program product may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

In summary, the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components in embodiments in accordance with the invention may be implemented in practice using a general purpose data processing device such as a microprocessor or a Digital Signal Processor (DSP). The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such a program implementing the invention may be stored on a computer program product or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.

While the foregoing embodiments have described the objects, aspects and advantages of the present invention in further detail, it should be understood that the present invention is not inherently related to any particular computer, virtual machine or electronic device, and various general-purpose machines may be used to implement the present invention. The invention is not to be considered as limited to the specific embodiments thereof, but is to be understood as being modified in all respects, all changes and equivalents that come within the spirit and scope of the invention.