Business systems implementation in the user rights management - design articles

May 26 posted in Development (RSS), comments.

Business systems implementation in the user rights management - design articles

B / S system permissions than the C / S of the more important, C / S system of special because of the client, so the user's permission to visit can detect the client through the implementation or Detect client + server implementation, and B / S, the browser for each computer are in place, if not a complete set up permissions Detect, then an "unlawful user" is possible through the browser will be able to easily access to the B / S all the features of the system . Thus B / S operating systems have one or more required permissions system to achieve access to testing, so that authorized users can use the normal legal function has authorized, and for those unauthorized "unlawful user" will be their root and branch "out." Let us know the following about how to design to meet the majority of B / S system, access control functionality to the user permissions system.

Needs statements

Different duty personnel, the authority for the system should be different. Excellent business systems, which are the most basic functions.

Can "group" for distribution rights. For a large enterprise business systems, if requested by the administrator of its employees under the authority of the distribution system, then, is time-consuming and not enough things convenient. Therefore, the proposed system of "group" concept of operation will be the same authority to allocate personnel to the same group, then the distribution group permissions.

Competence management system should be scalable. It should be able to add to any function with a rights management system. Components are the same as can be continuously re-use, rather than develop a management system for each, it is necessary part of rights management for re-development.

Business system to meet the functional competence. Traditional business systems, there are two kinds of rights management, one of which is the functional competence of management, while the other is the management of resources, competence, in different systems, the functional competence can be reusable resources authority can not.
About design

With the NoahWeb action programming concepts, at the design stage, system designers do not need to consider the design of program structure, but from the process flow, as well as start to start the database structure. In order to achieve the needs of the design of the database and can be important, whether it is "group" concept of operations, or set of rights management system reusability, is to design the database.

We first analyze the database structure:

First of all, action table (hereinafter referred to as "permission form"), gorupmanager table (hereinafter referred to as the "Management Group Table"), as well as the master table (hereinafter referred to as "the staff table"), are three entities table, and they followed the Record "competence" of the information, "Management Group" information and "official" information. The following chart:

These three form the relationship between the many-to-many, a number of rights may also belong to the Management Group, a management group may also contain a number of permissions at the same time. The same token, one may simultaneously belong to multiple management groups, and a management group may also contain a number of staff at the same time. The following chart:

Between Table 3 because of this many-to-many relationship exists, then the interaction between them, it is best to use two forms to complete. Table 2 which plays the role of mapping, namely, "actiongroup" form (hereinafter referred to as "rights mapping table") and "mastergroup" form (hereinafter referred to as "mapping table staff"), which mapped the permissions table and management groups, Interaction between. Mapping table which the staff and management groups, the interaction between. The following chart:

In addition, a form required to control the system run-time permission to the left menu column, or "sub-column table permissions", the following chart:

According to the above analysis, we carried out the database structure design, the following chart:

In order to be able to carry out a good analysis, we will split open database structure, the three entities, the role of form is very clear, and now we look at the role of Map 2.

One authority map maps are as follows:

First of all, to learn about our competence and management of group mapping table privileges table table, as well as related fields between.

Red circle in the picture, look at the associated gorupid field, this correlation in the actual performance of the database is as follows:

As indicated in the figures, the management group table "super administrator" groupid for the one, then the permissions groupid mapping table for the powers that is one "super administrator" permissions.

Groupid field associated use is found in order to be able to implement a management group which has the authority. However, the details of these rights is linked by the action field of inquiry.

action field in the database associated with the performance of the following plans:

Through this association, only inquiries to the authority of those rights mapping table for more information. Taken together, we know can be a management team which has the authority to implement, as well as detailed information on these rights are.

Perhaps you might ask, why not use it actionid associated field? Since:

Id permissions field in the table after a number of database operations may occur after the change.
Mapping table permissions only a Record Management Group permissions can be implemented.
Once the authority to change the id in the table, then the permissions record mapping table will be changed.
The implementation of a management group permissions can be bound to go wrong, it is not hope.
Taking into account the above situation, so the field should be associated with the use of action because:

Permissions at the table, id probably change, and the action field is in any case can not be changed.
Map of authority records will not change field action.
The implementation of a management group can not go wrong permissions on the.
Map two officers as follows:

To learn about our staff and management of group mapping table table table, as well as between the field staff related to the following chart:

Some pictures of the red circle, look at the groupid field related to this correlation in the performance of the database is as follows:

Figure, a "super administrator" group groupid for one, we look at the staff table mapping, admin Super belong to the Administrators group, and the administrator belong to the Super Administrator group, but also belong to the Administrators group.

Means the use of this correlation is found for a management group of staff who is. And above, the detailed information are on id field (mapping table staff are masterid field) related to the query.

id field (mapping table staff are masterid field) associated in the form of the database is as follows:

At the same time one may belong to more than "management team", Figure Medium, administrator at the same time belong to both the "management team." Therefore, the mapping table in the staff about the records administrator will be two.

Inquiries related to this approach to the management team of personnel who have detailed information. Taken together, we can know that a management group of staff who, as well as the detailed information.

Combined with the above-mentioned privileges and powers of table mapping table, the demand on the implementation of the "group" operation, the following chart:

In fact, management groups, the Group only records basic information such as name, group id and so on. As a group, detailed information, as well as the group's permission to carry out detailed information, are recorded in the staff table and permissions table. Table 2 Mapping of a real record of what personnel group, which can implement permissions. Through the mapping table between the two, three entities of the interaction between the table was able to achieve in order to achieve the requirements mentioned in the "group" operator.

Take another look at our authority and jurisdiction table column interaction tables. Between the two fields associated table is as follows:

Table 2 uses the fields associated actioncolumnid, this correlation in the performance of the database is as follows:

As shown, through this association, we can see very clear the authority permissions table columns which belong to.

Now, the database structure has been very clear, the distribution of functions and powers "group" operations have been achieved. Here again our analysis of the demand referred to rights management system on the reusability of the problem.

Why use this database to build up the design of the system can reuse it?

Record three entities form a system of three decisive elements. "Competence", "group" and "person." Three elements which can add each other will not be affected. Whether it is the type of operational system, the three decisive element will not be changed, which means the structure will not change, and change only the data.
Record 2 mapping table with the relationship between the three elements. However, these relations is artificially created, the necessary changes in time, only records in the database operations, without changes to the structure.
Permissions Record column table using the system shown in columns. Whether you want to add columns, modify column or column reduced, it is merely recording it.
To sum up, this design of the database, the system is completely reusable and can stand by the "change" the test of time.

Summary:

The focus of this system lies in the fact that three entities form a firm grasp of the core components of the system, and the two mapping tables to map out the perfect form three interactions between entities. The difficulty lies in understanding the work of mapping table, which records the relationship and achieve a "group" concept of operations. The overall system design is based on the MIS in different systems "reuse" to meet the needs of different system permissions set.

Appendix:

Rights management system of the field data sheet design

Here take a look at our Rights Management System database table design, is divided into six tables, the following chart:

action table:

Record the action table, all of the action system, as well as the relevant action described.

actioncolumn table:

Record actioncolumn table column of the action, the system is running, the left menu bar provides a few different functions, each piece is a column, add a column for each of the table will add a record, with corresponding to the left menu bar will also be added machine a column.

actiongroup table:

Record actiongroup table where the group action.

groupmanager table:

Record groupmanager table associated with management of group information, each adding a management group, will be here to add a record.

mastergroup table:

Record mastergroup table where the management of the administrator group, probably because of an administrator at the same time belong to the same number of groups, so the table about a manager of a number of records possible.

master table:

master table records all the information the administrator, each to add a manager, the table will add a record.