Design ideas on permission design

Source: Internet
Author: User
Design concept of backend permissions management permissions are assigned to a single user without a unified user group. Assign permissions to nodes, that is, assign permissions to each operation. How to do this design. I don't know which hero has a good idea, or the demo, background module, and module has the permission to add, delete, modify, and query. if there is no user group, each user can only assign detailed permissions, however, it is best to set the permission level to obtain the background permissions.
Management permissions are assigned to a single user without a unified user group.
Assign permissions to nodes, that is, assign permissions to each operation.
How to do this design.
I don't know which hero has a good idea or a demo.

------ Solution --------------------
The backend module has the add, delete, modify, and query permissions. if you do not have a user group, you can only assign detailed permissions to each user. However, it is best to set the permission level to better manage permissions.
------ Solution --------------------
Attach a permission field to the user table.
------ Solution --------------------
Discussion

Reference:

Attach a permission field to the user table.

The stored values in this permission field must correspond to the data in the permission table, right?
Only display methods if you have any permissions
What are the fields in the permission table?
Do you need a permission description field and a rescue method field?
How many fields are used?

------ Solution --------------------
If the permissions are not grouped or graded,

You need to estimate the number of specific permission nodes first,

If the number is large, the future management will be complicated.
------ Solution --------------------
First, you must have a role. The role grants several operation permissions. A permission table is also available. The permission values of the permission table are stored in integers and parsed into binary digits. each digit represents an operation permission. This allows you to flexibly distribute global permissions.
------ Solution --------------------
You can also create a table. Direct Storage
User permissions
------ Solution --------------------
Create a table with corresponding user permissions
------ Solution --------------------
You can use arrays for background permissions, and put a method name for function calling in an array,
------ Solution --------------------
Refer to the RBAC permission control function of ThinkPHP.
------ Solution --------------------
Let me talk about it.
1. design a resource table resource (that is, a permission resource. each action that requires permission control is a resource. generally, resources are differentiated by URLs)
2. design the user table (this is not enough)
3. determine the relationship between users and resources
A single user can have multiple resources, and a single resource can also use multiple users. Therefore, this is a typical m2m relationship and a third table needs to be designed to maintain their relationship, so the user_resource table appears.
4. verify permissions
When a request comes over, parse the url, find the corresponding resource, and then look for the user_resource table to see if the user has the permission for this resource. Next you know

To add a user group, this is easy.
1. design the user group table role
2. design user_role (needless to say, the user and user group are in the same m2m relationship)
3. design role_resource (the relationship between user groups and resources is also m2m)
4. you should understand the user group permission judgment.

------ Solution --------------------
The comparison of the permission tree can be simple.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.