Search

CN-122020705-A - Multi-field hierarchical processing method, device, equipment and medium

CN122020705ACN 122020705 ACN122020705 ACN 122020705ACN-122020705-A

Abstract

The application provides a multi-field hierarchical processing method, device, equipment and medium, wherein the method comprises the steps of marking a plurality of fields in a business data warehouse with data elements to obtain a plurality of data elements; generating a data element relation graph according to the incidence relation among a plurality of data elements and the sensitivity level hierarchical strategy relation among the data elements with incidence relation, acquiring a plurality of query fields in a target query request, determining the target sensitivity level of the plurality of query fields according to the relation of the target data elements corresponding to the plurality of query fields in the data element relation graph, and carrying out target processing on the plurality of query fields according to the target sensitivity level of the plurality of query fields. Therefore, potential association among a plurality of query fields in the target query request can be accurately captured, and the target sensitivity level of each query field can be flexibly determined according to the potential association, so that each query field can be processed in a targeted manner, the sensitivity problem caused by field association is solved, and the safety of data is ensured.

Inventors

  • WANG BO
  • Yan Longpeng
  • MOU XUANLI

Assignees

  • 杭州数美科技有限公司

Dates

Publication Date
20260512
Application Date
20251231

Claims (10)

  1. 1. A method for hierarchical processing of multiple fields, comprising: Marking a plurality of fields in a business data warehouse to obtain a plurality of data elements, wherein a corresponding relation exists between the fields and the data elements; Generating a data element relation graph according to the incidence relation among the plurality of data elements and the sensitivity level grading strategy relation among the data elements with the incidence relation, wherein the sensitivity level grading strategy relation is used for indicating the change condition of the sensitivity level of a target field corresponding to the data elements with the incidence relation under the condition that the target field is jointly inquired, any node in the data element relation graph is used for indicating any data element, and a relation edge among the nodes is used for indicating the sensitivity level grading strategy relation between the two corresponding data elements; acquiring a plurality of query fields in a target query request, and determining target sensitivity levels of the plurality of query fields according to the relation of target data elements corresponding to the plurality of query fields in the data element relation diagram; and performing target processing on the plurality of query fields according to the target sensitivity level of the plurality of query fields.
  2. 2. The method according to claim 1, wherein the generating a data element relation graph according to the association relation among the plurality of data elements and the sensitivity level hierarchical policy relation among the data elements with the association relation comprises: Determining at least one data element entity according to the plurality of data elements, wherein any data element entity comprises a main data element or comprises a main data element and attribute data elements with association relation with the main data element; And generating the data element relation graph according to the incidence relation between the main data elements in the at least one data element entity and the sensitivity level grading strategy relation between the main data elements with incidence relation and the main data elements, and/or the incidence relation between the main data elements and the attribute data elements in the at least one data element entity and the sensitivity level grading strategy relation between the main data elements with incidence relation and the attribute data elements.
  3. 3. The method according to claim 2, wherein determining the target sensitivity level of the plurality of query fields according to the relationships of the target data elements corresponding to the plurality of query fields in the data element relationship graph comprises: determining whether a main data element exists in the target data elements corresponding to the query fields according to node information of the target data elements corresponding to the query fields in the data element relation diagram; if the original sensitivity level of the plurality of query fields does not exist, determining the original sensitivity level of the plurality of query fields as a target sensitivity level of the plurality of query fields; If the data element exists, determining a target sensitivity level of a first query field according to an original sensitivity level of the first query field corresponding to the existing main data element, and determining a target sensitivity level of a second query field according to the original sensitivity level of the second query field corresponding to the attribute data element and the position relation of the attribute data element and the existing main data element in the data element relation diagram aiming at any attribute data element in the target data elements corresponding to the plurality of query fields.
  4. 4. A method according to claim 3, wherein the determining the target sensitivity level of the second query field according to the original sensitivity level of the second query field corresponding to the attribute data element and the positional relationship between the attribute data element and the existing main data element in the data element relationship graph includes: determining whether the attribute data element and the existing main data element are reachable according to the position relation of the attribute data element and the existing main data element in the data element relation diagram; If not, determining the original sensitivity level of the second query field as the target sensitivity level of the second query field; if the data element is reachable, determining a reachable path between the attribute data element and the existing main data element according to the position relation of the attribute data element and the existing main data element in the data element relation diagram; And determining the target sensitivity level of the second query field according to the original sensitivity level of the second query field and the sensitivity level grading strategy relation indicated by at least one relation edge in the reachable path.
  5. 5. The method of claim 4, wherein the determining the target sensitivity level of the second query field based on the original sensitivity level of the second query field and the sensitivity level hierarchical policy relationship indicated by the at least one relationship edge in the reachable path comprises: determining the sensitivity level change quantity corresponding to at least one relation edge according to the sensitivity level grading strategy relation indicated by the at least one relation edge in the reachable path; and determining the target sensitivity level of the second query field according to the sensitivity level variation corresponding to the at least one relation edge and the original sensitivity level of the second query field.
  6. 6. The method of claim 4, wherein the reachable paths are multiple, wherein determining the target sensitivity level of the second query field based on the original sensitivity level of the second query field and the sensitivity level hierarchical policy relationship indicated by at least one relationship edge in the reachable paths comprises: for any reachable path, determining candidate sensitivity levels of the second query field corresponding to the reachable path according to the original sensitivity level of the second query field and the sensitivity level hierarchical strategy relationship indicated by at least one relationship edge in the reachable path; And determining the highest sensitivity level in the candidate sensitivity levels of the second query field corresponding to the plurality of reachable paths as the target sensitivity level of the second query field.
  7. 7. The method of claim 3, wherein the plurality of existing master data elements, the determining the target sensitivity level of the second query field according to the original sensitivity level of the second query field corresponding to the attribute data element and the positional relationship between the attribute data element and the existing master data element in the data element relationship graph, comprises: Determining a central main data element from the plurality of existing main data elements according to the original sensitivity level of the first query field corresponding to the plurality of existing main data elements; And determining the target sensitivity level of the second query field according to the original sensitivity level of the second query field corresponding to the attribute data element and the position relation of the attribute data element and the central main data element in the data element relation diagram.
  8. 8. The method according to any one of claims 1-7, wherein the marking the plurality of fields in the business data warehouse with data elements to obtain a plurality of data elements comprises: And marking fields with the same data characteristics in the service data warehouse as the same data elements, and marking fields with different data characteristics in the service data warehouse as different data elements to obtain the plurality of data elements.
  9. 9. The method of any of claims 1-7, wherein the targeting the plurality of query fields according to a target sensitivity level of the plurality of query fields comprises at least one of: According to the target sensitivity level of the query fields, access authority control is carried out on the query fields respectively; Respectively encrypting data of the plurality of query fields according to the target sensitivity level of the plurality of query fields; And respectively carrying out desensitization display on the plurality of query fields according to the target sensitivity level of the plurality of query fields.
  10. 10. A multi-field hierarchical processing device, comprising: The system comprises an acquisition module, a data element marking module and a data element marking module, wherein the acquisition module is used for marking a plurality of fields in a business data warehouse so as to acquire a plurality of data elements, and a corresponding relation exists between the fields and the data elements; The generation module is used for generating a data element relation graph according to the incidence relation among the plurality of data elements and the sensitivity level grading strategy relation among the data elements with the incidence relation, wherein the sensitivity level grading strategy relation is used for indicating the change condition of the sensitivity level of a target field corresponding to the data element with the incidence relation under the condition that the target field is jointly inquired, any node in the data element relation graph is used for indicating any data element, and the relation edge among the nodes is used for indicating the sensitivity level grading strategy relation between the corresponding two data elements; the determining module is used for acquiring a plurality of query fields in the target query request, and determining target sensitivity levels of the plurality of query fields according to the relation of target data elements corresponding to the plurality of query fields in the data element relation diagram; And the processing module is used for carrying out target processing on the plurality of query fields according to the target sensitivity level of the plurality of query fields.

Description

Multi-field hierarchical processing method, device, equipment and medium Technical Field The present application relates to the field of data processing technologies, and in particular, to a method, an apparatus, a device, and a medium for hierarchical processing of multiple fields. Background In the related art, the hierarchical protection measure of sensitive data is to perform hierarchical processing on single fields, and once the hierarchical processing is completed, the sensitive level of the single fields is fixed and does not change. This way of fixedly grading only a single field has significant limitations in dealing with the sensitivity problem that arises from field joining (i.e., a field does not have sensitivity when it exists alone, but sensitivity is greatly improved when it occurs with other specific fields). Disclosure of Invention The object of the present application is to solve at least to some extent one of the above technical problems. Therefore, the application provides a multi-field grading processing method, device, equipment and medium, so as to break through the limitation of single-field fixed grading, solve the sensitivity problem caused by field combination and ensure the safety of data. An embodiment of a first aspect of the present application provides a multi-field hierarchical processing method, including: Marking a plurality of fields in a business data warehouse to obtain a plurality of data elements, wherein a corresponding relation exists between the fields and the data elements; Generating a data element relation graph according to the incidence relation among the plurality of data elements and the sensitivity level grading strategy relation among the data elements with the incidence relation, wherein the sensitivity level grading strategy relation is used for indicating the change condition of the sensitivity level of a target field corresponding to the data elements with the incidence relation under the condition that the target field is jointly inquired, any node in the data element relation graph is used for indicating any data element, and a relation edge among the nodes is used for indicating the sensitivity level grading strategy relation between the two corresponding data elements; acquiring a plurality of query fields in a target query request, and determining target sensitivity levels of the plurality of query fields according to the relation of target data elements corresponding to the plurality of query fields in the data element relation diagram; and performing target processing on the plurality of query fields according to the target sensitivity level of the plurality of query fields. An embodiment of a second aspect of the present application provides a multi-field hierarchical processing device, including: The system comprises an acquisition module, a data element marking module and a data element marking module, wherein the acquisition module is used for marking a plurality of fields in a business data warehouse so as to acquire a plurality of data elements, and a corresponding relation exists between the fields and the data elements; The generation module is used for generating a data element relation graph according to the incidence relation among the plurality of data elements and the sensitivity level grading strategy relation among the data elements with the incidence relation, wherein the sensitivity level grading strategy relation is used for indicating the change condition of the sensitivity level of a target field corresponding to the data element with the incidence relation under the condition that the target field is jointly inquired, any node in the data element relation graph is used for indicating any data element, and the relation edge among the nodes is used for indicating the sensitivity level grading strategy relation between the corresponding two data elements; the determining module is used for acquiring a plurality of query fields in the target query request, and determining target sensitivity levels of the plurality of query fields according to the relation of target data elements corresponding to the plurality of query fields in the data element relation diagram; And the processing module is used for carrying out target processing on the plurality of query fields according to the target sensitivity level of the plurality of query fields. An embodiment of the third aspect of the present application proposes an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, said processor implementing the multi-field hierarchical processing method according to the first aspect when executing said program. An embodiment of a fourth aspect of the present application proposes a non-transitory computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, implements a multi-field hierarchical processing method as