Algorithm skills for applying system permission Representation

An alternative solution to application software system permission issues

Permission management is a very troublesome problem.
For example, there are n modules in a system. Each module has the permissions such as adding, deleting, modifying, full control, and list.
There are n users. The problem is that we usually create a data table to indicate permission allocation. The general form of this data table is
User ID, deletion, modification, full control
3 0 1 1 3

In this case, there is no problem. suddenly one day, you need a new permission, such as running. At this time, the problem arises. You have to change the data table and add corresponding fields,

The logic in the program is also faulty.

Of course, there are also smarter brothers who use another design method, that is, the design of contained permissions. Similar to Windows systems, each permission will contain the previous permission, for example
Reading is the most basic. Running includes reading, the list includes running, modifying the include list, and so on. It is represented by a number.
Read 1
List 2
Run 3
Modify 4
Delete 5
....
In this way, the expansion problem of the first method is solved. When there is a new permission, you can specify a new weight for it in the application, in actual judgment permissions, for example

To determine whether there is any modification right, you can compare whether the user permission value is greater than or equal to 4.
It sounds good. It seems that the problem has been solved. However, if you think about it again, no, this design does make the permissions more scalable. However, it also reduces the flexibility of the permission system. Why? Assume that

A user, I want to read and modify two permissions for him, instead of running and list permissions for him. What should I do now? This design is a hierarchical permission with its own high-to-low permissions. Therefore,

This free combination cannot be implemented at all.

Is there really no way?
No!
Each type of permission is equivalent to a switch, that is, a bit. If we use one bit to represent these permissions, then the entire permission system, it's just a bit sequence, that is

It's just 011010 of the binary, so the problem can be solved.
Let's assume that:

The first digit indicates reading
The second digit indicates running.
The third digit indicates modification.
The fourth digit indicates deletion.
......
Similarly, if we want to assign the operation and modification permissions to a user, and do not grant other permissions, the permission string can be expressed as: 0110. In this way, using a combination of multiple digits, I

They solve the flexible combination of permissions (bit combination is a common solution. In fact, it is just a data structure, and we call it Union ?)
What about the other? How to expand? Expansion is easier. When a new permission is added, you can add one bit at a high level.
How can I determine whether a permission exists? We can take a value directly, and judge it based on its 0 value.
Finally, in C/C ++/C #, you can do better, that is, define an enumeration type, for example:
Enum rights
{
Read,
List,
Exec,
Write,
Delete
}

The advantage is that the permission can be referenced by a name.
When determining the permission, you can use bitwise AND. For example, the user permission is 100001.
The operation requires 1000 Permissions
The result of bitwise AND is 00000000. Obviously, you do not have this permission.
Rn & R = rn indicates that the user has this permission.
Required permissions & User Permissions = required permissions comply with this condition, indicating that you have permissions
The write is abstract, but I believe that friends with experience in design can understand it at a glance.
I was forced by customer changes when I recently designed a system. Later, inspired by the article on Sorting 1 million phone numbers in the first chapter of <programming Pearl>
The union structure in BW: C # was canceled -:(