StrategySchema 是安全管控策略的模板定义,由产品经理根据产品发展进行系统配置。它定义了一个策略模块包含哪些管控项(Controller),以及每个管控项的显示名称、值类型、各版本的默认值等元信息。
SecurityStrategySchema 模板说明
一、StrategySchema 是什么
StrategySchema 是安全管控策略的模板定义,由产品经理根据产品发展进行系统配置。它定义了一个策略模块包含哪些管控项(Controller),以及每个管控项的显示名称、值类型、各版本的默认值等元信息。
核心关系:
StrategySchema(模板) → 定义"有哪些管控项"
策略(SecurityStrategy) → 用户基于模板创建的实例,包含用户对每个管控项的具体配置值
二、StrategySchema结构说明
2.1 Schema 结构
一个完整的 StrategySchema 包含以下字段:
{
"name": "DataQuerySecurityStrategySchema",
"displayName": "数据分析",
"displayNameEn": "Data Query",
"systemPolicyName": "SYSTEM_GENERATE_DEFAULT_DATA_QUERY",
"systemPolicyDisplayName": "数据分析默认策略",
"controlModule": "DataQuery",
"controlSubModule": null,
"controlDwScope": "Tenant",
"controllers": [ ... ]
}
2.2 顶层字段说明
字段 | 类型 | 必填 | 说明 | 示例 |
| String | ✅ | Schema 唯一标识 |
|
| String | ✅ | 策略展示名称(中文) |
|
| String | 可选 | 策略英文名称(英文) |
|
| String | ✅ | 系统默认策略的标识名 |
|
| String | ✅ | 系统默认策略的展示名 |
|
| String | ✅ | 管控模块标识(如 |
|
| String/Null | 可选 | 管控子模块标识,无则为 null |
|
| String | ✅ | 策略范围: |
|
| Array | ✅ | 管控项列表(见下方详细说明) |
|
2.3 Controller(管控项)字段说明
每个 Controller 定义一个具体的管控配置项:
{
"controller": "maxLimitOfSingleDownload",
"displayName": "查询结果-单次下载记录值上限",
"displayNameEn": "Query Results - Single Download Record Limit",
"enable": true,
"controllerValueType": "Long",
"basicEditionDefaultValue": "0",
"standardEditionDefaultValue": "200000",
"professionalEditionDefaultValue": "2000000",
"enterpriseEditionDefaultValue": "5000000",
"basicEditionIntervalValue": ["0", "0"],
"standardEditionIntervalValue": ["0", "200000"],
"professionalEditionIntervalValue": ["0", "2000000"],
"enterpriseEditionIntervalValue": ["0", "5000000"]
}
字段 | 类型 | 必填 | 说明 |
| String | ✅ | 管控项唯一标识(英文驼峰),同一 Schema 内不可重复 |
| String | ✅ | 管控项展示名称(中文) |
| String | 可选 | 管控项英文名称(英文) |
| Boolean | ✅ | 是否启用该管控项 |
| String | ✅ | 值类型: |
| String | ✅ | 基础版默认值 |
| String | ✅ | 标准版默认值 |
| String | ✅ | 专业版默认值 |
| String | ✅ | 企业版默认值 |
| Array | 可选 | 基础版合法值区间 |
| Array | 可选 | 标准版合法值区间 |
| Array | 可选 | 专业版合法值区间 |
| Array | 可选 | 企业版合法值区间 |
| Array | 可选 | 子管控项列表(依赖父管控项生效) |
二、系统已支持StrategySchema模板
DataQuerySecurityStrategySchema —— 数据分析查询结果管控
{
"name": "DataQuerySecurityStrategySchema",
"displayName": "数据分析",
"displayNameEn": "Data Query",
"systemPolicyName": "SYSTEM_GENERATE_DEFAULT_DATA_QUERY",
"systemPolicyDisplayName": "Default system generate data query policy",
"controlModule": "DataQuery",
"controlSubModule": null,
"controlDwScope": "Tenant",
"controllers": [
{
"controller": "viewCount",
"displayName": "查询结果-单次展示记录值上限",
"displayNameEn": "Query Results - Single Display Record Limit",
"enable": true,
"controllerValueType": "Integer",
"basicEditionDefaultValue": "10000",
"standardEditionDefaultValue": "10000",
"professionalEditionDefaultValue": "10000",
"enterpriseEditionDefaultValue": "10000",
"basicEditionIntervalValue": ["0", "10000"],
"standardEditionIntervalValue": ["0", "10000"],
"professionalEditionIntervalValue": ["0", "10000"],
"enterpriseEditionIntervalValue": ["0", "10000"]
},
{
"controller": "allowCopy",
"displayName": "查询结果-是否允许复制",
"displayNameEn": "Query Results - Allow Copy",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "copyCount",
"displayName": "查询结果-单次复制记录值上限",
"displayNameEn": "Query Results - Single Copy Record Limit",
"enable": true,
"controllerValueType": "Integer",
"basicEditionDefaultValue": "10000",
"standardEditionDefaultValue": "10000",
"professionalEditionDefaultValue": "10000",
"enterpriseEditionDefaultValue": "10000",
"basicEditionIntervalValue": ["0", "10000"],
"standardEditionIntervalValue": ["0", "10000"],
"professionalEditionIntervalValue": ["0", "10000"],
"enterpriseEditionIntervalValue": ["0", "10000"]
},
{
"controller": "allowDownload",
"displayName": "查询结果-是否允许下载",
"displayNameEn": "Query Results - Allow Download",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "false",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "downloadCount",
"displayName": "查询结果-单次下载记录值上限",
"displayNameEn": "Query Results - Single Download Record Limit",
"enable": true,
"controllerValueType": "Integer",
"basicEditionDefaultValue": "0",
"standardEditionDefaultValue": "200000",
"professionalEditionDefaultValue": "2000000",
"enterpriseEditionDefaultValue": "5000000",
"basicEditionIntervalValue": ["0", "0"],
"standardEditionIntervalValue": ["0", "200000"],
"professionalEditionIntervalValue": ["0", "2000000"],
"enterpriseEditionIntervalValue": ["0", "5000000"]
},
{
"controller": "allowExport",
"displayName": "查询结果-是否允许导出至电子表格",
"displayNameEn": "Query Results - Allow Export to Spreadsheet",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "allowDimTableShare",
"displayName": "数据分析维表-是否允许维表分享",
"displayNameEn": "Dimension Table - Allow Sharing",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "allowExcelDownload",
"displayName": "数据分析电子表格-是否允许电子表格下载",
"displayNameEn": "Spreadsheet - Allow Download",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "allowExcelShare",
"displayName": "数据分析电子表格-是否允许电子表格分享",
"displayNameEn": "Spreadsheet - Allow Sharing",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "allowExcelCopy",
"displayName": "数据分析电子表格-是否允许电子表格复制",
"displayNameEn": "Spreadsheet - Allow Copy",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "excelCopyLimit",
"displayName": "数据分析电子表格-单次复制记录值上限",
"displayNameEn": "Spreadsheet - Single Copy Record Limit",
"enable": true,
"controllerValueType": "Integer",
"basicEditionDefaultValue": "10000",
"standardEditionDefaultValue": "10000",
"professionalEditionDefaultValue": "10000",
"enterpriseEditionDefaultValue": "10000"
},
{
"controller": "allowCardShare",
"displayName": "卡片-是否允许卡片分享",
"displayNameEn": "Card - Allow Sharing",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "allowCardDownload",
"displayName": "卡片-是否允许卡片下载",
"displayNameEn": "Card - Allow Download",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "allowReportShare",
"displayName": "报告-是否允许报告分享",
"displayNameEn": "Report - Allow Sharing",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "allowReportDownload",
"displayName": "报告-是否允许报告下载",
"displayNameEn": "Report - Allow Download",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "watermark",
"displayName": "水印表达式",
"displayNameEn": "Watermark Expression",
"enable": true,
"controllerValueType": "String",
"basicEditionDefaultValue": "",
"standardEditionDefaultValue": "",
"professionalEditionDefaultValue": "",
"enterpriseEditionDefaultValue": ""
},
{
"controller": "allowSave",
"displayName": "是否允许保存",
"displayNameEn": "Allow Save",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
}
]
}
DataStudioSecurityStrategySchema —— 数据开发查询结果管控
{
"name": "DataStudioSecurityStrategySchema",
"displayName": "数据开发",
"displayNameEn": "Data Studio",
"systemPolicyName": "SYSTEM_GENERATE_DEFAULT_DATA_STUDIO",
"systemPolicyDisplayName": "Default system generate data studio policy",
"controlModule": "DataStudio",
"controlSubModule": null,
"controlDwScope": "Workspace",
"controllers": [
{
"controller": "maxLimitOfSingleQuery",
"displayName": "查询结果-单次展示记录值上限",
"displayNameEn": "Query Results - Single Display Record Limit",
"enable": true,
"controllerValueType": "Long",
"basicEditionDefaultValue": "10000",
"standardEditionDefaultValue": "10000",
"professionalEditionDefaultValue": "10000",
"enterpriseEditionDefaultValue": "10000"
},
{
"controller": "maxLimitOfSingleCopy",
"displayName": "查询结果-单次复制记录值上限",
"displayNameEn": "Query Results - Single Copy Record Limit",
"enable": true,
"controllerValueType": "Long",
"basicEditionDefaultValue": "10000",
"standardEditionDefaultValue": "10000",
"professionalEditionDefaultValue": "10000",
"enterpriseEditionDefaultValue": "10000"
},
{
"controller": "maxLimitOfSingleDownload",
"displayName": "查询结果-单次下载记录值上限",
"displayNameEn": "Query Results - Single Download Record Limit",
"enable": true,
"controllerValueType": "Long",
"basicEditionDefaultValue": "0",
"standardEditionDefaultValue": "200000",
"professionalEditionDefaultValue": "2000000",
"enterpriseEditionDefaultValue": "5000000",
"basicEditionIntervalValue": ["0", "0"],
"standardEditionIntervalValue": ["0", "200000"],
"professionalEditionIntervalValue": ["0", "2000000"],
"enterpriseEditionIntervalValue": ["0", "5000000"]
},
{
"controller": "allowExportExcel",
"displayName": "查询结果-是否允许导出至电子表格",
"displayNameEn": "Query Results - Allow Export to Spreadsheet",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "allowExtensionInServerIDE",
"displayName": "个人开发者环境—允许使用扩展",
"displayNameEn": "Personal Dev Environment - Allow Extensions",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "allowTerminalInServerIDE",
"displayName": "个人开发者环境—允许使用终端",
"displayNameEn": "Personal Dev Environment - Allow Terminal",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
},
{
"controller": "allowDownloadMountedWorkspaceFile",
"displayName": "个人开发者环境-允许下载个人开发环境实例挂载目录中的文件",
"displayNameEn": "Personal Dev Environment - Allow Downloading Mounted Workspace Files",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
}
]
}
DataStudioMyCatalogSecurityStrategySchema —— 数据开发个人目录下载结果管控
{
"name": "DataStudioMyCatalogSecurityStrategySchema",
"displayName": "数据开发 > 个人目录",
"displayNameEn": "Data Studio > My Catalog",
"systemPolicyName": "SYSTEM_GENERATE_DEFAULT_DATA_STUDIO_MY_CATALOG",
"systemPolicyDisplayName": "Default system generate my catalog policy in data studio",
"controlModule": "DataStudio",
"controlSubModule": "MyCatalog",
"controlDwScope": "Tenant",
"controllers": [
{
"controller": "allowDownloadInMyCatalog",
"displayName": "允许文件下载",
"displayNameEn": "Allow File Download",
"enable": true,
"controllerValueType": "Boolean",
"basicEditionDefaultValue": "true",
"standardEditionDefaultValue": "true",
"professionalEditionDefaultValue": "true",
"enterpriseEditionDefaultValue": "true"
}
]
}