SecurityStrategySchema模板说明

更新时间:
复制 MD 格式

StrategySchema 是安全管控策略的模板定义,由产品经理根据产品发展进行系统配置。它定义了一个策略模块包含哪些管控项(Controller),以及每个管控项的显示名称、值类型、各版本的默认值等元信息。

SecurityStrategySchema 模板说明


一、StrategySchema 是什么

StrategySchema 是安全管控策略的模板定义,由产品经理根据产品发展进行系统配置。它定义了一个策略模块包含哪些管控项(Controller),以及每个管控项的显示名称、值类型、各版本的默认值等元信息。

核心关系:

  • StrategySchema(模板) → 定义"有哪些管控项"

  • 策略(SecurityStrategy) → 用户基于模板创建的实例,包含用户对每个管控项的具体配置值


二、StrategySchema结构说明

2.1 Schema 结构

一个完整的 StrategySchema 包含以下字段:

{
"name": "DataQuerySecurityStrategySchema",
"displayName": "数据分析",
"displayNameEn": "Data Query",
"systemPolicyName": "SYSTEM_GENERATE_DEFAULT_DATA_QUERY",
"systemPolicyDisplayName": "数据分析默认策略",
"controlModule": "DataQuery",
"controlSubModule": null,
"controlDwScope": "Tenant",
"controllers": [ ... ]
}

2.2 顶层字段说明

字段

类型

必填

说明

示例

name

String

Schema 唯一标识

DataQuerySecurityStrategySchema

displayName

String

策略展示名称(中文)

数据分析

displayNameEn

String

可选

策略英文名称(英文)

Data Analysis

systemPolicyName

String

系统默认策略的标识名

SYSTEM_GENERATE_DEFAULT_DATA_QUERY

systemPolicyDisplayName

String

系统默认策略的展示名

Default system generate data query policy

controlModule

String

管控模块标识(如 DataQueryDataStudio

DataQuery

controlSubModule

String/Null

可选

管控子模块标识,无则为 null

null"MyCatalog"

controlDwScope

String

策略范围:Tenant(租户级)或 Workspace(工作空间级)

Tenant

controllers

Array

管控项列表(见下方详细说明)

[...]

2.3 Controller(管控项)字段说明

每个 Controller 定义一个具体的管控配置项:

{
"controller": "maxLimitOfSingleDownload",
"displayName": "查询结果-单次下载记录值上限",
"displayNameEn": "Query Results - Single Download Record Limit",
"enable": true,
"controllerValueType": "Long",
"basicEditionDefaultValue": "0",
"standardEditionDefaultValue": "200000",
"professionalEditionDefaultValue": "2000000",
"enterpriseEditionDefaultValue": "5000000",
"basicEditionIntervalValue": ["0", "0"],
"standardEditionIntervalValue": ["0", "200000"],
"professionalEditionIntervalValue": ["0", "2000000"],
"enterpriseEditionIntervalValue": ["0", "5000000"]
}

字段

类型

必填

说明

controller

String

管控项唯一标识(英文驼峰),同一 Schema 内不可重复

displayName

String

管控项展示名称(中文)

displayNameEn

String

可选

管控项英文名称(英文)

enable

Boolean

是否启用该管控项

controllerValueType

String

值类型:BooleanLongIntegerString

basicEditionDefaultValue

String

基础版默认值

standardEditionDefaultValue

String

标准版默认值

professionalEditionDefaultValue

String

专业版默认值

enterpriseEditionDefaultValue

String

企业版默认值

basicEditionIntervalValue

Array

可选

基础版合法值区间 [min, max],仅区间型管控项需要

standardEditionIntervalValue

Array

可选

标准版合法值区间

professionalEditionIntervalValue

Array

可选

专业版合法值区间

enterpriseEditionIntervalValue

Array

可选

企业版合法值区间

subControllers

Array

可选

子管控项列表(依赖父管控项生效)

二、系统已支持StrategySchema模板

DataQuerySecurityStrategySchema —— 数据分析查询结果管控

{
  "name": "DataQuerySecurityStrategySchema",
  "displayName": "数据分析",
  "displayNameEn": "Data Query",
  "systemPolicyName": "SYSTEM_GENERATE_DEFAULT_DATA_QUERY",
  "systemPolicyDisplayName": "Default system generate data query policy",
  "controlModule": "DataQuery",
  "controlSubModule": null,
  "controlDwScope": "Tenant",
  "controllers": [
    {
      "controller": "viewCount",
      "displayName": "查询结果-单次展示记录值上限",
      "displayNameEn": "Query Results - Single Display Record Limit",
      "enable": true,
      "controllerValueType": "Integer",
      "basicEditionDefaultValue": "10000",
      "standardEditionDefaultValue": "10000",
      "professionalEditionDefaultValue": "10000",
      "enterpriseEditionDefaultValue": "10000",
      "basicEditionIntervalValue": ["0", "10000"],
      "standardEditionIntervalValue": ["0", "10000"],
      "professionalEditionIntervalValue": ["0", "10000"],
      "enterpriseEditionIntervalValue": ["0", "10000"]
    },
    {
      "controller": "allowCopy",
      "displayName": "查询结果-是否允许复制",
      "displayNameEn": "Query Results - Allow Copy",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "copyCount",
      "displayName": "查询结果-单次复制记录值上限",
      "displayNameEn": "Query Results - Single Copy Record Limit",
      "enable": true,
      "controllerValueType": "Integer",
      "basicEditionDefaultValue": "10000",
      "standardEditionDefaultValue": "10000",
      "professionalEditionDefaultValue": "10000",
      "enterpriseEditionDefaultValue": "10000",
      "basicEditionIntervalValue": ["0", "10000"],
      "standardEditionIntervalValue": ["0", "10000"],
      "professionalEditionIntervalValue": ["0", "10000"],
      "enterpriseEditionIntervalValue": ["0", "10000"]
    },
    {
      "controller": "allowDownload",
      "displayName": "查询结果-是否允许下载",
      "displayNameEn": "Query Results - Allow Download",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "false",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "downloadCount",
      "displayName": "查询结果-单次下载记录值上限",
      "displayNameEn": "Query Results - Single Download Record Limit",
      "enable": true,
      "controllerValueType": "Integer",
      "basicEditionDefaultValue": "0",
      "standardEditionDefaultValue": "200000",
      "professionalEditionDefaultValue": "2000000",
      "enterpriseEditionDefaultValue": "5000000",
      "basicEditionIntervalValue": ["0", "0"],
      "standardEditionIntervalValue": ["0", "200000"],
      "professionalEditionIntervalValue": ["0", "2000000"],
      "enterpriseEditionIntervalValue": ["0", "5000000"]
    },
    {
      "controller": "allowExport",
      "displayName": "查询结果-是否允许导出至电子表格",
      "displayNameEn": "Query Results - Allow Export to Spreadsheet",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "allowDimTableShare",
      "displayName": "数据分析维表-是否允许维表分享",
      "displayNameEn": "Dimension Table - Allow Sharing",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "allowExcelDownload",
      "displayName": "数据分析电子表格-是否允许电子表格下载",
      "displayNameEn": "Spreadsheet - Allow Download",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "allowExcelShare",
      "displayName": "数据分析电子表格-是否允许电子表格分享",
      "displayNameEn": "Spreadsheet - Allow Sharing",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "allowExcelCopy",
      "displayName": "数据分析电子表格-是否允许电子表格复制",
      "displayNameEn": "Spreadsheet - Allow Copy",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "excelCopyLimit",
      "displayName": "数据分析电子表格-单次复制记录值上限",
      "displayNameEn": "Spreadsheet - Single Copy Record Limit",
      "enable": true,
      "controllerValueType": "Integer",
      "basicEditionDefaultValue": "10000",
      "standardEditionDefaultValue": "10000",
      "professionalEditionDefaultValue": "10000",
      "enterpriseEditionDefaultValue": "10000"
    },
    {
      "controller": "allowCardShare",
      "displayName": "卡片-是否允许卡片分享",
      "displayNameEn": "Card - Allow Sharing",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "allowCardDownload",
      "displayName": "卡片-是否允许卡片下载",
      "displayNameEn": "Card - Allow Download",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "allowReportShare",
      "displayName": "报告-是否允许报告分享",
      "displayNameEn": "Report - Allow Sharing",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "allowReportDownload",
      "displayName": "报告-是否允许报告下载",
      "displayNameEn": "Report - Allow Download",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "watermark",
      "displayName": "水印表达式",
      "displayNameEn": "Watermark Expression",
      "enable": true,
      "controllerValueType": "String",
      "basicEditionDefaultValue": "",
      "standardEditionDefaultValue": "",
      "professionalEditionDefaultValue": "",
      "enterpriseEditionDefaultValue": ""
    },
    {
      "controller": "allowSave",
      "displayName": "是否允许保存",
      "displayNameEn": "Allow Save",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    }
  ]
}

DataStudioSecurityStrategySchema —— 数据开发查询结果管控

{
  "name": "DataStudioSecurityStrategySchema",
  "displayName": "数据开发",
  "displayNameEn": "Data Studio",
  "systemPolicyName": "SYSTEM_GENERATE_DEFAULT_DATA_STUDIO",
  "systemPolicyDisplayName": "Default system generate data studio policy",
  "controlModule": "DataStudio",
  "controlSubModule": null,
  "controlDwScope": "Workspace",
  "controllers": [
    {
      "controller": "maxLimitOfSingleQuery",
      "displayName": "查询结果-单次展示记录值上限",
      "displayNameEn": "Query Results - Single Display Record Limit",
      "enable": true,
      "controllerValueType": "Long",
      "basicEditionDefaultValue": "10000",
      "standardEditionDefaultValue": "10000",
      "professionalEditionDefaultValue": "10000",
      "enterpriseEditionDefaultValue": "10000"
    },
    {
      "controller": "maxLimitOfSingleCopy",
      "displayName": "查询结果-单次复制记录值上限",
      "displayNameEn": "Query Results - Single Copy Record Limit",
      "enable": true,
      "controllerValueType": "Long",
      "basicEditionDefaultValue": "10000",
      "standardEditionDefaultValue": "10000",
      "professionalEditionDefaultValue": "10000",
      "enterpriseEditionDefaultValue": "10000"
    },
    {
      "controller": "maxLimitOfSingleDownload",
      "displayName": "查询结果-单次下载记录值上限",
      "displayNameEn": "Query Results - Single Download Record Limit",
      "enable": true,
      "controllerValueType": "Long",
      "basicEditionDefaultValue": "0",
      "standardEditionDefaultValue": "200000",
      "professionalEditionDefaultValue": "2000000",
      "enterpriseEditionDefaultValue": "5000000",
      "basicEditionIntervalValue": ["0", "0"],
      "standardEditionIntervalValue": ["0", "200000"],
      "professionalEditionIntervalValue": ["0", "2000000"],
      "enterpriseEditionIntervalValue": ["0", "5000000"]
    },
    {
      "controller": "allowExportExcel",
      "displayName": "查询结果-是否允许导出至电子表格",
      "displayNameEn": "Query Results - Allow Export to Spreadsheet",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "allowExtensionInServerIDE",
      "displayName": "个人开发者环境—允许使用扩展",
      "displayNameEn": "Personal Dev Environment - Allow Extensions",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "allowTerminalInServerIDE",
      "displayName": "个人开发者环境—允许使用终端",
      "displayNameEn": "Personal Dev Environment - Allow Terminal",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    },
    {
      "controller": "allowDownloadMountedWorkspaceFile",
      "displayName": "个人开发者环境-允许下载个人开发环境实例挂载目录中的文件",
      "displayNameEn": "Personal Dev Environment - Allow Downloading Mounted Workspace Files",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    }
  ]
}

DataStudioMyCatalogSecurityStrategySchema —— 数据开发个人目录下载结果管控

{
  "name": "DataStudioMyCatalogSecurityStrategySchema",
  "displayName": "数据开发 > 个人目录",
  "displayNameEn": "Data Studio > My Catalog",
  "systemPolicyName": "SYSTEM_GENERATE_DEFAULT_DATA_STUDIO_MY_CATALOG",
  "systemPolicyDisplayName": "Default system generate my catalog policy in data studio",
  "controlModule": "DataStudio",
  "controlSubModule": "MyCatalog",
  "controlDwScope": "Tenant",
  "controllers": [
    {
      "controller": "allowDownloadInMyCatalog",
      "displayName": "允许文件下载",
      "displayNameEn": "Allow File Download",
      "enable": true,
      "controllerValueType": "Boolean",
      "basicEditionDefaultValue": "true",
      "standardEditionDefaultValue": "true",
      "professionalEditionDefaultValue": "true",
      "enterpriseEditionDefaultValue": "true"
    }
  ]
}