11.21 How are functional permissions transmitted and inherited in enterprise organizations?

When the system was just created, it was completely empty. The IBeamMDAA system automatically creates a system administrator, and the Administrator represents a top-level organization. The system administrator cannot delete the system administrator, the user name is admin and the default password is 123456. The Administrator is a privileged user and has all permissions.

When discussing the transfer of permissions of an organizational unit, we first need to have an organizational unit concept in mind, as shown in the following assumptions:

 

When the system was just established, the Administrator assigned permissions to operators and subsidiaries on behalf of top-level organizations. The possible authorization scope is shown in:

 

As shown in,Branch1The maximum permission isSetAOrganizations at all levels can only manage the permissions of operators and lower-level organizations of their respective levels. The permissions are limited to those of their respective levels,Branch1The permission range isSetB.

If a permission is temporarily namedPermission1 is givenBranch1,Branch1SetPermission1Zhang San, an operator of the current level, and a subordinate organizationMolecular companies1Which of the following operations can be performed?Permission1Functions,Molecular companies1You can also operate or assignMolecular companies1Operators and subordinate organizations.

After a period of time,Top organizationsSetPermission1SlaveSetB,Branch1And the permission configurations of lower-level organizations are not modified,Branch1Automatically unavailable to operators and subordinate organizationsPermission1.

After a period of time,Top organizationsAddPermission1GrantBranch1, Branch1And the permission configurations of lower-level organizations are not modified,Branch1The operators and subordinate organizations have recovered.Permission1.

Regardless of the depth of the tree structure of the organization, the rules are observed.

We can sum up a sentence to describe such a rule:The higher-level institution has some permissions. The lower-level institution does not necessarily have the permissions that the higher-level institution does not have. The lower-level institution absolutely does not have the permissions..