| 摘要 |
A method and a system access data of a database in a MES system by a client application where the database access is required to satisfy a set of custom data protection rules depending on a set of user credentials. The method includes providing, at developing time a secure access layer for enabling the client application to access data to/from the database in a protected manner taking into account the set of custom data protection rules; and at runtime or engineering time by the client application, requesting, through a given authenticated user, data access to/from the database by sending to the secure access layer a given data access descriptor and the given user credentials of the given authenticated user. By the secure access layer, the received data access descriptor is processed to generate a given SQL statement for data access. |
| 主权项 |
1. A method for accessing data of a database in a manufacturing execution system (MES), the data of the database being accessed by a client application having an authenticated user, where a database access is required to satisfy a set of custom data protection rules depending on a set of user credentials, which comprises the steps of:
during developing time, providing a secure access layer for enabling the client application to access the data to/from the database in a protected manner taking into account the set of custom data protection rules; during runtime or engineering time performing the steps of:
requesting, via the client application, through a given authenticated user, data access to/from the database by sending to the secure access layer a given data access descriptor and the given user credentials of the given authenticated user;processing, via the secure access layer, the given data access descriptor so as to generate a corresponding given SQL statement for data access;processing, via the secure access layer, the set of custom data protection rules together with the given user credentials so as to generate given SQL “where” clauses;extending, via the secure access layer, the corresponding given access SQL statement with the given SQL “where” clauses so as to generate a given secure access SQL statement;accessing, via the secure access layer, the database by executing the given secure access SQL statement;returning, via the database, to the secure access layer given results of an execution of the given secure access SQL statement; andprocessing, via the secure access layer, the given results so as to generate a corresponding resulting logical representation to be sent to the client application. |
