Home > Others

Permission system with RBAC and ACL mixed (II.)--RBAC-based system permissions

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

http://fightplane.iteye.com/blog/1278464

1. Concept note

A System-level permissions : From a role perspective, the permissions are not specific to any actual resource. such as "whether the user can modify the title" This permission, not for any particular title. Permissions are given to a particular role. Using RBAC model to realize

B Object-level permissions : from the object instance's perspective. For example, for a particular title, edit the permissions on the title. Implemented with ACL model.

Then determine whether the user can modify the title of a bar to determine the following order:
1) Whether the role that the user belongs to has the "Modify title" permission
2) Whether the user or user group is in the ACL list of a header

2. Table structure description for RBAC permissions section

1) system permissions (Permission)

System Permissions List

Name

Defined

Description

Id

bigint

Primary key, System permission ID

Name

varchar

Name

2) roles (role)

Role table

Name

Defined

Description

Id

bigint

Primary key, role ID

Name

varchar

Name

3) Authorization (authorities)

Grant multiple system-level permissions to a role

Name

Defined

Description

Id

bigint

Primary key, ID
Roleid

bigint

Role ID
PermissionID

bigint

Permission ID

4) User group members (memeberships)

User groups and members of user groups

name

definition

Description

ID

bigint

primary key, user ID

GroupID

bigint

User Group ID

UserID

bigint user ID
r Oleid

bigint

role ID


3. Description of the relationship in the RBAC permissions section

Users and Roles: Users and roles are many-to-many relationships. However, when a user is granted a role, the user group is the unit. For example, user A may be the "administrator" role in user Group 1, but in user Group 2 it may be a "normal user" role. This division is more common in business systems. Of course, specific to a user, the role of which user group to make judgments, is determined by the business.

roles and system-level permissions : is a one-to-many relationship. To be done by authorization. Of course, before authorization, you need to inject the necessary system and permissions into the database permission table.

Permission system with RBAC and ACL mixed (II.)--RBAC-based system permissions

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
rbac role based access control rbac android modify system settings permission rbac framework android modify system settings permission rbac model rbac solutions

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More