A Data Access Method Based on Data Isolation Model

Abstract

The invention provides a data access method based on a data isolation model. According to the method, the data isolation model is used for distinguishing service database ranges of all different levelorganizations, access characters of corresponding data access permissions are established for different data services, sub characters of the corresponding data access permissions are established fordifferent operation tasks, and an attribution relation between the sub characters and the access characters is used for establishing the data access permissions which belong to the sub characters; different requirements of all different level organizations in a multi-level organization level structure for data service management are met, data isolation among the service database ranges of different level organizations is guaranteed at the same time, the safety of access permission authorization among the service database ranges of different level organizations can also be guaranteed, the aimsof simplifying the access permission design and meeting the requirement of the access permission control safety are achieved, and the better safety guarantee is provided for execution of operation tasks under different data services.

Description

technical field [0001] The invention relates to the technical field of big data information security management, in particular to a data access method based on a data isolation model. Background technique [0002] At present, the deep integration of new generation information technology and manufacturing industry is triggering a new round of industrial transformation. my country's manufacturing industry should focus on intelligent manufacturing based on "Internet + manufacturing", improve the level of comprehensive integration, and follow the development path of ecological civilization. The rapid development of Internet-based information technology has greatly accelerated the informatization process of manufacturing enterprises. Construction waste recycling aims to transform construction waste and other waste resources into renewable resources through targeted and harmless disposal, and further process them into a variety of end products, creating a new circular economic mo...

AI Technical Summary

Problems solved by technology

[0004] However, the existing role-based access control model (that is, the RBAC model) is not well applicable to the needs of group companies for data business management

Since group companies often have a multi-level organizational structure, there is not only a relationship between the upper and lower levels of the organization in the organizational structure, but also the emphasis on independence and relevance between different levels of organizations, so different There are also belonging and crossing relationships between business database scopes in hierarchical organizations, but independent and isolated access rights restriction requirements are required, which makes the rights management of the ERP system (Enterprise Resource Planning, Enterprise Resource Planning) complex and dynamic In the existing RBAC model, the control of access rights is static, that is, the access rights of each role in the scope of the business database are statically set. If the existing RBAC model is directly applied to the group Under the company's ERP system, it is easy to cause the roles whose access rights are statically controlled to be difficult to adapt to the access rights requirements of the business databases of different levels of organizations, resulting in rigid access mechanisms or insufficient granularity of permissions (that is, the minimum range of access rights is not enough); and if In order to meet the different needs of different levels of organizations for data business management, a large number of roles need to be constructed under the existing RBAC model, and the data access rights of many roles will overlap, which not only makes the workload of role creation huge , and it is easy to cause errors in role assignment and improper assignment of data access rights due to cross-problems of data access rights among different roles, which is not conducive to effective control of data isolation and access authorization security

Images