Recently encountered the allocation and management of permissions, the need to design a separate set of structures. In fact, there used to be a lot of this design and blog, in the garden to look for it will find the results of n pages.
Here also dare not say is a new idea, right when is their own summary and leave a footprint, easy to find.
GM has two concepts here:
1, in order to attract attention
See is universal on the point to see exactly, of course, the result is only a few, some people scold, some people, some people are not interested, someone replies to discuss.
2, the general scope
GM is not to say that generalized general, where all can be used, there must be adjustments or simply can not use the place, there is the rationality and scope of existence.
This paper divides authority management into the management of people, application and authority, and the corresponding relation of human, application and authority.
1, people
People, you can also change into groups, people joined the group after the group has the right to, but also to give people privileges.
2. Application
Can be divided according to the application, for example, personal office, administrative office and so on, can also be divided into small modules, such as personal Office task management, schedule management, administrative office in the notification management and news management.
3. Permission
The basic authority is generally to add, delete, change, check, and these kinds of evolution combination, of course, there are other permissions, can be regarded as and the four kinds of parallel relations. Permissions can also vary according to the application, such as the planned permissions for escalation, the closed and view, which requires the application and permissions of the linkage selection.
The sample interface is as follows, and I'm going to use table to express it.
People |
Application |
Permissions |
Have |
Tom |
Personal Office |
Increase |
Is |
Delete |
Whether |
Administrative office |
Modify |
Whether |
View |
Is |
When you choose, you can select the person or group, then select the application, and finally select the person in the application above the permissions. Record these correspondence and filter what you see and what you can do when the user accesses the application.
Basic idea, Environment everybody discusses. In fact, this is my boss proposed, and then combined with the previous permission system, I think this can still solve some common problems.