Home > Others

Security service design considerations

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
We have already completed the information of the users in security. Now we need to think about how to design the permissions in security services, you need to analyze the permissions that need to be addressed and the original ideas for solving the problem. Record the issues related to permission control. Some resources have been referenced and understood before. There are two types of permission control:
First, business processing control: It mainly controls the services that the current user can process and what functions the system can perform.
Second, business scope control: It mainly controls the ability of the current user to process the business within that range when executing the business. The range here refers to the business data range (the row range of the data table) and the business data attribute range (the column range of the data table ).
Here is a simple example of the order sales process for processing the order sales software:
Create a sales order (Business Department)-> verify the product price (product department)-> Develop a collection plan (Finance Department)-> arrange the production plan (Production Department)-> Develop a Delivery Plan (Shipping Department) -> approval Order (general manager)-> execution-> ....
In this simple process-based business, business processing capabilities can be used to establish sales orders, verify product prices, and other business node capabilities. Here, permission control is used to control business processing, if an order with a sales amount greater than Yuan must be verified by the product department director, the order is under business control. If you need to query product information in real time, and the product resources may include cost information, this information cannot be understood by the sales staff, it also includes some other information about this product. This information may have different permission requirements for different people. How can this complex permission control be met.
I want to design such a set of permission control that meets the requirements. First, we need to separate the content requirements to be controlled from a specific business process and analyze them from the perspective.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More