Extended point of RBAC model

Source: Internet
Author: User

The permission model is often involved in project development. The rbac3 model is a popular design scheme, and there are many problems in the garden.ArticleI won't write more here. In order to make the permission system more universal and reduce repeated effort by developers during project development, I want to implement a general permission system that provides convenient interfaces and extensions.ProgramStaff use. There are many open-source systems on the Internet. After reading a few systems, I want to propose some extension points for the common rbac3 model. I don't know if it is feasible. Please give me some advice!

1. User Group authorization function.

2. Role type function. This function is not very important. To create a type table, each role can belong to a role type, which is easy to express and hierarchical. This function is mainly used to display the presentation layer. 3. Role priority function. You can define a priority table to give each role a priority level. when processing a role's request, the table is sorted into a linked list based on the role's priority level, the role requests in the linked list can be dynamically adjusted based on different priorities. When the system processes a role request, each time a role request is obtained from the first of the team, the first pointer of the team is directed to the next role request.

4. Role lifecycle function. This function can specify the role's survival time, which can be specified by the user or determined based on a certain condition. 5. The role dynamically changes the permission Function Based on the responsibility chain. In a chain of responsibility, a client program sends a request, which is passed along the chain of responsibility. each node in the chain will process the request in sequence. If the node cannot process the request, the request is forwarded to the next node of the responsible chain. Alternatively, each node in the responsible chain processes the request. In the process of processing, the role permissions dynamically change as needed. 6. The role dynamically changes permissions based on the status. There may be multiple states in an application. For example, in a word processing program, when the state of a file is read-only and the state of a file is readable and writable, its functions are different, then, the role needs to dynamically change the permission set based on this state change to meet the requirements of this application. Program Implementation (there should be a vulnerability and you have not figured it out yet, please correct): After the client starts the program, it loads the core state of the permission framework into the memory and generates only one instance to save memory. In the core, each user's session is maintained. Its content includes the role type, role priority level, role lifecycle, program status, permission table, and permission table. The permission table varies according to other conditions, each time you use a resource, you need to access the permission table in the permission framework. When the program status changes, the program needs to notify the framework. Based on this change, the framework then reads the information of different permissions from the database based on other information, and role type, role priority, role life cycle, etc.) change the permission table, then the user can read the permission table to achieve different permissions. Read Permission: Use the attribute function in. Net to read permissions, or Configure permissions based on XML. Two read permission methods are available for users to choose from. The read engine reads the features or configuration files in the customer program, obtains the structure framework of the customer program, and generates permission information according to the structure framework and writes it into the database.

Implementation points: Use Web Services to provide services so that homogeneous or heterogeneous systems can use permission systems. The interface of the permission framework must make the client program easy to call, and the core program of the framework must be streamlined and efficient. The core program is actually used to pin the UI Layer and business layer, this is implemented using the AOP mode.

The above points are coming up in a hurry. I do not have a deep understanding of the rbac3 model, so there should be many vulnerabilities. Please ask your friends to make a brick. I am doing a good job of improvement. Thank you :)

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.