Research On Fine-grained Access Control Method For Data Platform

With the development of computer technology,data has become the core competitiveness of enterprises.In order to create more value from data,enterprises set about building data platform,providing the data sharing,data processing and other service for user and data manager.When data is accessed on the platform,how to ensure the security of the data becomes an urgent problem to be solved.Access control is one of the important means to ensure data security.In the access control method,the protected object usually is the whole data table,and there are few access control methods that are detailed to the range of data table rows and columns.In the access control method where the protected objects are data table rows and data table columns,it is the most common practice to combine the view with coarse-grained access control.The main research work of this paper is to propose a hybrid model that can be used for fine-grained access control to enable centralized management of permissions.In order to achieve fine-grained access control,this paper conducts research work from the design model and the optimization model.A hybrid model for fine-grained access control is designed,and the scheme of access configuration is given.The specific research contents are as follows:The hybrid model design part of fine-grained access control is mainly the definition of the model.The design is directed to the three types of permission configuration and authentication methods of ARRAY,SET and TREE.The overall framework and implementation mechanism of the model are defined,and the division of labor and output of each module for authentication are given.For the problem of interval range judgment in the permission configuration acting on the data table row,the interval decision tree structure is used to store the permission configuration items.In the establishment of the interval decision tree,make full use of node attributes and branch relationships,and perform partial pruning operations according to the constraints during the establishment process,so that the decision interval tree satisfies the range interval distribution and can realize the permission configuration scope coverage.The authentication search part mainly uses the parent-child relationship of the tree to complete the permission matching.In the method of generating permission configuration based on FP-Growth,FP-Growth algorithm is mainly used to obtain frequent items and association relations of data,and the idea of transforming them into enumerable permission configuration items is given.By calculating the correspondence and frequency of data items for the acquired frequent items,the permission configuration acting on the data table columns is obtained according to the frequency of use of the data items.By filtering the strong association relationship,the data items that are more closely related in the association relationship and the corresponding data item values are obtained,and converted into the permission configuration that acts on the rows of the data table.The model described in this article has been tested and verified by experiments.The results show that business requirements can be met and the performance consumption is below the threshold.The method of using data mining to generate permission configuration is feasible.The model has passed the test and acceptance of the Blue-king Data Platform.