Organizational structure and permission Model Design

In an enterprise application system, the organizational structure model and permissions are the basis of the application system. Users, departments, user groups, and their relationships are managed, and system permissions are set, there are various application system requirements in the enterprise. The unified organizational structure and permission model design provides a unified user and permission management mode for the enterprise application system, avoid repeated logins, repeated authorization, and truly achieve SSO for the enterprise. In the IT planning perspective, enterprises can avoid the emergence of information islands and generate value for information.

The enterprise application system contains objects such as system, user, department, role (user group), Operation item, permission, permission range, permission content, and system administrator. The relationships are as follows:

The organizational structure and permission model are mainly divided into two parts:

1. Static Enterprise Organizational Structure Model

Users, departments, user department relationships, and condition personnel are static data in the enterprise application system. These data are relatively static data compared with various enterprise application systems, as the basic data of multiple enterprise application system permission models, it is also the basic data for Unified Enterprise login.

Department: basic information of the Enterprise Department, including the relevant attributes of the department and parent-child relationship;

Users: including users, accounts, passwords, and related attributes;

User department relationship: ownership of users and departments;

Condition personnel: Define a group of users based on the Logical Relationship settings of the Department or user.

2. Enterprise Application System Dynamic Expansion Data Model

An enterprise may have multiple application systems. Each system may have different roles, operation items (permission entities), and different permission granularity requirements, dynamic scaling data models include systems, user groups, operation items, and permissions.

System: the application system is defined as the application scope of permissions;

User Group: it can be viewed as a role in each system and belongs to a specific system. Each system has different definitions and composition of roles, the user group includes a combination of departments, users, and condition personnel;

Operation item: it can be seen as an authorized entity in each system and a specific system. Each system has different granularity and control point requirements for permission control, the operation item is a specific control point in the system. It can be a menu or a special authorization;

Permission: The system sets the permissions of the authorized object (department, user, user group) and the permission scope and content for specific operation items. For example, it is global, within a department, or in a local organization.

Through the development and implementation of a unified organizational structure and permission model, enterprises can implement a unified authorization model for each application system to reduce the phenomenon of multiple system permission models and user confusion. users log on to the system, the permissions for the current login system are calculated in a unified manner to avoid repeated development, greatly reducing the development cost.