Differences and connections between users, user groups, and roles

Source: Internet
Author: User
1. User: The final operator and the ultimate beneficiary of permissions. The permission control is actually the permission of the user, not the permission of the role or user group.
2. User Group usergroup: relatively vertical. For example, the user group of the purchasing department is actually composed of the sales personnel of the purchasing department (currently defined as users) and has a clear relationship between the upper and lower levels. The purchasing department can only view documents belonging to the purchasing department, the sales department can only view documents belonging to the sales department, which has a strong nature of departments (groups). However, even though sales personnel in the purchasing department belong to the same department, they do not necessarily have the same permissions, for example, the permissions of managers and general sales personnel must be different.
3. Role role: a user group has a vertical top-down nature, while the role range does not carry such a strong vertical relationship, but has a relatively obvious horizontal (Cross) nature; for example, we now define a role: Manager, which includes managers of various departments, not just the manager of the purchasing department or the sales department, obviously, this 'manager' role has the permissions of managers of all departments at the same time. That is to say, if managers of all departments are only in this 'manager' role, the Sourcing Department Manager not only has the operation permissions of the purchasing department manager, at the same time, the permissions granted to managers of other departments are the same. However, this will inevitably lead to congestion or confusion of permissions. The first object mentioned above: users can be used. When several department managers belong to the same role as the 'manager', you can only assign different permissions to each department manager (the identity is user) authorization is performed separately. Of course, you can also confirm the user's final permissions based on the association or rejection between the user's user group and role.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.