Sub-role permission implementation

Source: Internet
Author: User

 

(1) subroles

Sub-roles include field values, fields, and data tables.The following describes the implementation of three types of sub-roles.

 

 

(2)Field ValueClass(Data row) Sub-Role Implementation

As shown in, this is a record of the subrole permissions of the field value class of subrole 2. Ritem is the "resource item" field. The encoding rules for the "resource item" of the field class are 1st characters in uppercase letters "V", indicating the resource type, which belongs to the first part.

The subsequent one or more uppercase letters indicate the data table simplified code, which is the second part. For example, if the 2nd bits of "vi12" and "vi17" are "I", the data table has a simple code I. The t_zk_resource resource table shows that it is a t_zk_project project table.

The last or multiple digits indicate the sequence number of the resource, which is the third part. For example, the numbers 12 and 17 of "vi12" and "vi17" indicate the project records with the Project ID of the t_zk_project project table being 12 and 17. For details, see.

 

Sub-role permission _ field value (Data row) _ permission diagram:

The implementation script is as follows:

(1) subrole permissions for the field value class

Select

Ritem ,--Resource item

Ritemlevel --Permission category (Prohibited/Permitted)

From t_zk_subrole_c

Where ritemtype ='Field Value 'and subroleid = *** order by ritem

Description: analyze the obtained ritem field to obtain the contained data table.CodeAnd the record ID of the data table;

 

(2) Name of the data table corresponding to the sub-role permission of the field value class

Select

Tablename ,--Data Table Name

Tablecname --Chinese name of the data table

From t_zk_resource where tableaname = '***'

Description: Based on the Data Table Code obtained in step 1, obtain the corresponding data table name from the t_zk_resource table;

 

(3) Based on the Data Table Name obtained in step 2 and the record ID obtained in step 1, a permission string for the Field Value Type of this Sub-role is formed. For example, if the Sub-role is 2, the data table name is t_zk_project, if the record IDs are 12 and 17, the field value permission string of subrole 2 is []. To grant subrole 2 users, we recommend that you obtain the scripts for Project access as follows:

Select * From t_zk_project where projectid in (12, 17) and admindivision =

The t_zk_project in the from clause in the preceding query statement script is the name of the data table, and "" In the WHERE clause is the field value permission string.

 

 

(3)FieldSub-Role Implementation

As shown in, this is a record of the field class sub-role permissions of sub-role 2. Ritem is the "resource item" field. The encoding rules for the "resource item" of the field class are 1st characters in uppercase letters "C", indicating the resource type, which belongs to the first part.

The subsequent one or more uppercase letters indicate the data table simplified code, which is the second part. For example, if the 2nd bits of "ci16" and "ci26" are "I", the data table has a simple code I. The t_zk_resource resource table shows that it is a t_zk_project project table.

The last or multiple digits indicate the sequence number of the resource, which is the third part. For example, the numbers 16 and 26 of "ci16" and "ci26" indicate the 16th fields and 26th fields in the t_zk_project project table, the t_zk_column field lists the "contract number" and "delete sign" fields.

As shown in the final figure, it is a specific field corresponding to "ci16" and "ci26" resource items.

 

Subrole permission _ field (data column) _ permission diagram:

The implementation script is as follows:

Select

B. tablename ,--Data Table Name

B. columnname ,--Field name

B. columnname ,--Chinese field name

B. columnaname ,--Field name

A. ritemlevel --Permission category (Prohibited/Permitted)

From t_zk_subrole_c A, t_zk_column B

Where a. ritem = B. columnaname and A. ritemtype ='Field 'and A. subroleid = ***

 

After you use the preceding script to obtain the field class permissions of the sub-role, all modules that query the table records must follow the permissions set by the sub-role to execute. For example, if role 2 prohibits access to the "contract number" and "delete sign" fields of the t_zk_project project table, the "Project Background Information" Page module cannot display the data of the two fields. However, the "Project Modification" Page module is not limited by the permissions of subrole 2.

Suggestion: use the "Project Background Information" Page module to implement the field-class permission control principle of sub-roles. The sub-role permissions of the field class are exclusive. For the same data table, either the "allow" permission is set or the "deny" permission is set. For a data table with the "allow" permission, access is prohibited if other fields are not set. For a data table with the "deny" permission, access is allowed if other fields are not set. For example, if sub-role 2 is set to prohibit permissions on ci16 and ci26, access is allowed for fields other than the two fields.

 

(4)Data TableSub-Role Implementation

As shown in, this is a record of permissions of data table-class sub-roles in subrole 2. Ritem is the "resource item" field. The encoding rules for the "resource item" of the field class are 1st characters in uppercase letters "T", indicating the resource type, which belongs to the first part.

The subsequent one or more uppercase letters indicate the data table simplified code, which is the second part. For example, the 2nd bits of "TQ" and "TR" are "Q" and "R" respectively. The two data tables are short codes, the t_zk_resource resource table shows the basic information History Table of t_zk_devicelog street lamp devices and the t_zk_componentlog street lamp device component information history table. For details, see.

 

Subrole permission _ data table _ permission diagram:

The implementation script is as follows:

(1) obtain the sub-role permissions of the data table class

Select

Ritem ,--Resource item

Ritemlevel --Permission category (Prohibited/Permitted)

From t_zk_subrole_c

Where ritemtype ='Data Table 'and subroleid = *** order by ritem

Description: analyze the obtained ritem field to obtain the included data table code;

 

(2) Name of the data table corresponding to the sub-role permission of the data table class

Select

A. ritem ,--Resource item

A. ritemlevel ,--Permission category (Prohibited/Permitted)

B. tablename ,--Data Table Name

B. tabelcname --Chinese name of the data table

From t_zk_subrole_c A, t_zk_resource B

Where substring (A. ritem, 2, Len (A. ritem)-1) = B. tableaname

And a. ritemtype ='Data Table 'and A. subroleid = ***

Order by A. ritem

 

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.