Security System Design

New requirements

Yesterday, we found that the security center we developed was no longer able to meet the security access needs of external systems. This is basically the case. Currently, the company needs to develop a feedback center, there is a quick feedback function. One of the requirements is to send the quick feedback notification to the corresponding handler in the form of an email to inform them that the new feedback information has arrived, hurry up.

The previously designed security model is as follows:

A user has one or more security roles. A security role includes a group of activity authorization, and each activity authorization includes a group of authorization restrictions.

The definition part is that a business activity includes a group of activity restrictions.

In the process of solving Security Authorization problems, this method first obtains whether activity authorization supports activity, queries activity restrictions, and returns the results to the caller, two problems need to be addressed.

User authorization check: When a user includes multiple security roles, the authorization information of these security roles must be merged. Here, the Denial-of-priority principle is used. As long as authorization is available and not denied, authorization is included. If no authorization is granted or one of the authorizations is denied, the authorization fails. Here, it is relatively simple to process merging.

Authorization restrictions: When a user includes multiple security roles, the authorization constraints must be merged, and the merging policy must be considered here. For example, the limit on the Review amount is that the amount of a large merge value is small. If this is an instance of a certain field, the merge here is to add the primary keys according to certain rules. During the processing, I define this merge as a merging policy interface, which basically solves this problem by implementing different interfaces.

 

Current model Problems

However, when a previous requirement emerged, I found that I was about to be finished, and there was no way to get people who could handle the feedback. When processing the feedback information, we will impose restrictions based on the feedback type and country feedback, such as quality problems. For China and Japan, Zhang San from the technical department will handle the problem; for business problems, China, li Si of the business department handles Japanese products. The above model is doomed to this need.

In addition, I found that multiple business activities require the same activity restrictions. For example, Li Si of the business department handles business problems related to China and Japan. Here there are two business activities: submitting orders and querying customers. Both of them can only process content related to China and Japan. If the above model is used, the corresponding processing must be performed in two places, and if there are 10 related businesses here, it is necessary to set up 10 times when Li Si reallocates the Administration Country and Germany.

In addition, the current company basically handles sales in this way. If all the information is set in the role, it will certainly lead to explosive growth of role information.

 

Model Improvement

In order to meet the security requirements mentioned above and solve the problems in the current model, here I separately extract activity authorization as "data rules ", at the same time, set the activity restrictions of business activities to "associations ". Move the authorization restriction settings under the user according to the authorization. The modified security model is as follows:

 

In this way, when a user requires an activity authorization, the user's activity authorization information is first queried. If the user permits the correlation between the business activities and data constraints, obtain the value of related data constraints. At the same time, this model also reduces the problem of merging data constraints.

Problems to be Solved

At the same time, if you need to obtain relevant users, you also need to consider the data filtering problem and only return the users you know. I have not figured out this problem yet.

The above model basically implements functional permissions and data permissions constraints. For specific applications, I also need to modify the entire security center according to the new model.

The model here is the core security content formed after unnecessary content is subtracted from the actual application.

I hope you can give me more comments if you have any suggestions. I welcome your criticism and correction.