问题描述
我想对存储在我的 MySQL 数据库中的数据实施列级和行级访问控制.我在我的服务器上使用 NodeJS,有什么办法呢?我看到 SAP Hana 允许这样做,但想保留 MySQL.
I want to implement column level and row level access control on data stored in my MySQL database. I am using NodeJS on my server, what's the way to go for this ? I see SAP Hana allows that but want to keep MySQL.
推荐答案
您可以采取三种方法:
- 在应用内完成
- 在应用程序和数据库之间,在数据库代理内进行
- 在数据库中进行
第一个选项实际上并不符合行级访问控制的要求,因为应用程序逻辑负责过滤/屏蔽.(过滤是行级访问控制,而屏蔽是单元级).
The first option wouldn't really qualify as row-level access control since the application logic is the one responsible for the filtering / masking. (Filtering is row-level access control whereas masking is cell-level).
第二种选择,即使用代理,这种方法越来越多地被采用.有专门的解决方案,例如:
The second option, using a proxy, is an approach that is increasingly being taken. There are dedicated solutions such as:
- 绿色SQL
- Informatica DDM 和
- 公理数据访问过滤器.
这些解决方案通常会拦截 SQL 流量并对其进行修改,以便仅返回经过授权的数据.这称为动态数据屏蔽.在维基百科上有更多解释.
These solutions typically intercept the SQL traffic and modify it such that only authorized data is returned. This is called dynamic data masking. It is explained a little bit more on Wikipedia.
第三个选项是使用数据库的本机功能.例如,Oracle 有一种叫做虚拟专用数据库 (VPD) 的东西,它可以让您配置高级行过滤功能.
The third option is to use the database's native capabilities. For instance Oracle has something called Virtual Private Database (VPD) which lets you configure advanced row filtering capabilities.
就您的情况 (MySQL) 而言,有一种叫做细粒度访问控制 (FGAC) 的东西.此处有一篇关于该主题的精彩文章.在 Google 上搜索更多资源.
In your case (MySQL), there is something called fine-grained access control (FGAC). There is a great article on the topic here. Google that term for more resources.
这篇关于MYSQL 访问控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!