Simple design of system permissions and system permission Design

Simple design of system permissions and system permission Design

Design Concept

(1) User table

Permissions vary depending on the login user. The user table is relatively simple. The simple table design is as follows:

[User_no] [nvarchar] (20) not null, // user ID, primary key [user_name] [nvarchar] (20) NULL, [user_password] [nvarchar] (20) NULL,

(2) Permission list

Set all permissions, such as ADD, modify, and query.

 

    [action_id] [nvarchar](20) NULL,    [action_name] [nvarchar](20) NULL

(3) menu

The system functions exist in the Database. Some functions are obtained and displayed based on the permissions. The table is designed as follows:

 

[Function_id] [nvarchar] (20) not null, // function id [function_brother_id] [int] not null, // for different pages with the same function [function_name] [nvarchar] (50) NULL, [function_url] [nvarchar] (500) NULL, [function_level] [int] NULL, [function_sort] [int] NULL, [function_action] [nvarchar] (100) NULL, [function_parent_id] [nvarchar] (20) NULL, [function_inmenu] [bit] NULL, // whether it is in the menu

Why is there [function_brother_id]? One function in a menu may have multiple pages. For example, a user page may be called user information in the function, but multiple pages are involved. Each page requires permissions.
[Function_inmenu] is used to determine which page (only one) is linked to the menu in the same function ).

[Function_action] grants permissions to each function based on the permission list.

(4) Permission Group

Our permissions are differentiated by group. Which of the following functions are available for a user in a group, and which permissions are available for each function. This is the core of our system permissions, but it is relatively simple.

    [group_id] [nvarchar](20) NOT NULL,    [group_name] [nvarchar](50) NULL,

The basic information of the permission group is stored here. By default, system administrators and general users are used.

(5) user permission Group

Set the group in which the user is located. Our current system is designed to allow a user to have multiple groups, but I think it is okay for a user to set a group. If a user is not set to a group, the default value is normal.

    [group_id] [nvarchar](20) NULL,    [user_no] [nvarchar](20) NOT NULL,

(6) group functions

Set the functions in each group and the permissions of each function.

Note: The permissions in the menu are different from those in the list. A function may have the query and deletion permissions, but this function in this group only has the query permission.

This permission must be in all the permissions of this function.

 

    [group_id] [nvarchar](20) NOT NULL,    [function_id] [nvarchar](20) NOT NULL,    [group_action] [nvarchar](100) NULL,

 

The table design is OK, which is relatively simple.

 

 

 

Procedure

(1) Login

When the verification is passed,

> Obtain the group corresponding to this user from the user permission table based on the user ID.

> Find the corresponding functions in the menu according to all functions of the group. Here, you can combine xml to form a function list,

In this way, you can implement some functions in the menu, while some do not have the permission, you can also find the permissions of this function (such as only the query permission, or new permissions)

Processing when entering the page

If this page function is not available in the group function, access is denied even if you directly enter the connection.

Find the function id on the page, and find the permissions of the group to which the login belongs. Hide and display the page elements based on the permissions. (If you do not have the new permissions, hide the new button)

In this way, the permissions of the login user, the permissions for accessing the page and the permissions for some operations on the page are realized.