Business system user rights management - design articles
B / S system permissions than the C / S of the more important, C / S system as a special client, so the user's permission to visit can be detected or by the client to achieve the client + server detection to achieve, and B / S, the browser for each computer are in place, if not complete authority to establish a detection, then an "unlawful user" is likely through a browser will be able to easily access to the B / S all the features of the system . Thus B / S operating systems require one or more permissions system to achieve access to testing, so that authorized users can use the normal legal function has authorized, and for those unauthorized "unlawful user" will be their root and branch "out." Let us below to find out how to design to meet the majority of B / S system, access control functionality to the user permissions system.
Needs statements
On the design
Programming with the concept of action NoahWeb, at the design stage, system designers do not need to consider the design of program structure, but from the process database structure, as well as the beginning of the process to start. In order to achieve the needs of the design of the database is extremely important, whether it is "group" concept of operations, or set of rights management system reusability, is to design the database.
We first analyze the database structure:
First of all, action table (hereinafter referred to as "permission form"), gorupmanager table (hereinafter referred to as the "Management Group Table"), as well as the master table (hereinafter referred to as "the staff table"), is a table of three entities, which followed record "competence" of the information, "Management Group" information and "personnel" information. The following chart:
These three form the relationship between the many-to-many, a permission may also belong to more than one management group, a management group may also contain a number of powers at the same time. The same token, one may belong to more than one management group at the same time, and a management group may also contain a number of staff at the same time. The following chart:
As this table between the three many-to-many relationship, then the interaction between them, it is best to use two forms to complete. Table 2 which plays the role of mapping, namely, "actiongroup" form (hereinafter referred to as "rights mapping table") and "mastergroup" form (hereinafter referred to as "mapping table staff"), which mapped the permissions table and management groups, Interaction between. Mapping table which the staff and management groups, the interaction between. The following chart:
In addition, the need for a table to control the system run-time permission to the menu on the left column, or "sub-column table permissions", the following chart:
According to the above analysis, we carried out the database structure design, the following chart:
Click here to view the rights management system design data table field
In order to be able to carry out a good analysis, we will split open database structure, the three entities, the role of form is very clear, and now we look at the role of Map 2.
Map a rights plan is as follows:
First of all, we come to understand the mapping table and management rights groups, as well as the competence of the field between the associated table.
Red circle in the picture, look at the associated gorupid field, this correlation in the actual performance of the database is as follows:
As indicated in the figures, the management group table "super administrator" and groupid to 1, then the permissions groupid mapping table for the powers that is, a "super administrator" permissions.
Groupid associated the use of field is to be found in the implementation of a management group to which the authority. However, the details of these rights is linked by the action field of inquiry.
action field in the database associated with the performance of the following plans:
Through this association, only inquiries to the authority of those rights mapping table for more information. Taken together, we know a management team can perform what authority, as well as detailed information on these rights are.
Perhaps you might ask, why not use it actionid associated field? Because:
Taking into account the above circumstances, so the field should be associated with the use of action because:
Map 2 staff as follows:
To learn about our staff and management of group mapping table table table, as well as between the field staff related to the following chart:
Some pictures of the red circle, look at the groupid field related to this correlation in the performance of the database is as follows:
Figure, a "super administrator" groupid group 1, we look at the staff table mapping, admin Super Administrators group belongs to, and are super-administrator group administrator, but also belong to the Administrators group.
Means the use of this association is to be found in a management group of staff who is. And above, as detailed information on field id (staff mapping table is masterid field) related to the query.
id field (mapping table staff is masterid field) associated in the form of the database is as follows:
At the same time one may belong to more than one "management group" in the figure, administrator at the same time belonging to the two "management team." Therefore, the mapping table in terms of personnel records on the administrator will be two.
Inquiries related to this approach to the management team of personnel which the detailed information. Taken together, we can know that a management group of staff who, as well as detailed information on the staff.
Combined with the above-mentioned privileges and powers of table mapping table, it needs to achieve the "group" operation, the following chart:
In fact, the Management Unit table only records the group's basic information, such as name, group id and so on. As a group, detailed information, as well as the group's permission to carry out detailed information, are recorded in the staff table and permissions table. Table 2 Mapping the real record of what a group of personnel, which authority to implement. Through the mapping table between the two, three forms of interaction between entities only be achieved, thus completing the requirements mentioned in the "group" operator.
Let us look at the permissions table with columns of the interaction between the permissions table. Between the two fields associated table is as follows:
Table 2 uses the fields associated actioncolumnid, this correlation in the performance of the database is as follows:
As shown, through this association, we can see very clear the authority permissions table which column belongs to.
Now, the database structure has been very clear, and the functional distribution of competencies and "group" operations have been achieved. The following analysis, we again demand that the rights management system on the issue of reuse.
Why use this database to build up the design of the system can reuse it?
To sum up, this design of the database, the system is completely reusable and can stand by the "change" the test of time.
Summary:
The focus of this system lies in the fact that three entities form a firm grasp of the core components of the system, and the two mapping tables to map out a perfect three of the interaction between the entities table. The difficulty lies in understanding the work of mapping table, which records the relationship and the realization of the "group" concept of operations. The system is based on the overall design of the MIS can be provided in different systems "reuse" to meet the needs of different system permissions set.
Appendix:
Rights management system of the field data sheet design
Let us look at the rights management system database table design, is divided into six tables, the following chart:
action table, the system records all the action, as well as the action description.
actioncolumn action record table of the column, the system is running, the left menu bar provides a few different functions, each piece is a column, add a column for each of the table will add a record, with corresponding to the left menu bar will also be added machine a column.
actiongroup table records where the action group.
Table groupmanager recorded information management team, each to add a management group, will be here to add a record.
mastergroup table records where the administrator of the management team, as an administrator may belong to multiple groups at the same time, so the table, a manager on a number of records may be.
master table records all the information the administrator, each to add a manager, the table will add a record.
B / S system permissions than the C / S of the more important, C / S system as a special client, so the user's permission to visit can be detected or by the client to achieve the client + server detection to achieve, and B / S, the browser for each computer are in place, if not complete authority to establish a detection, then an "unlawful user" is likely through a browser will be able to easily access to the B / S all the features of the system . Thus B / S operating systems require one or more permissions system to achieve access to testing, so that authorized users can use the normal legal function has authorized, and for those unauthorized "unlawful user" will be their root and branch "out." Let us below to find out how to design to meet the majority of B / S system, access control functionality to the user permissions system.
Needs statements
- Different functions of the staff, the authority for the system should be different. Excellent business systems, this is the most basic functions.
- Can "group" in the allocation of authority. For a large enterprise business systems, if requested by the administrator for its employees permission to operate the distribution system, then it is time-consuming and not convenient things. Therefore, the proposed system of "group" concept of operation will be the same authority to allocate personnel to the same group, and then the distribution of the group.
- Competence management system should be scalable. It should be added to any function with a rights management system. Components like the same could be constantly re-use, rather than develop a management system for each, it is necessary part of rights management for re-development.
- Business system to meet the functional competence. Traditional business systems, there are two kinds of rights management, one of which is the functional competence of management, while the other is the management of resources, competence, in different systems, the functional competence can be reusable resources authority can not.
On the design
Programming with the concept of action NoahWeb, at the design stage, system designers do not need to consider the design of program structure, but from the process database structure, as well as the beginning of the process to start. In order to achieve the needs of the design of the database is extremely important, whether it is "group" concept of operations, or set of rights management system reusability, is to design the database.
We first analyze the database structure:
First of all, action table (hereinafter referred to as "permission form"), gorupmanager table (hereinafter referred to as the "Management Group Table"), as well as the master table (hereinafter referred to as "the staff table"), is a table of three entities, which followed record "competence" of the information, "Management Group" information and "personnel" information. The following chart:
These three form the relationship between the many-to-many, a permission may also belong to more than one management group, a management group may also contain a number of powers at the same time. The same token, one may belong to more than one management group at the same time, and a management group may also contain a number of staff at the same time. The following chart:
As this table between the three many-to-many relationship, then the interaction between them, it is best to use two forms to complete. Table 2 which plays the role of mapping, namely, "actiongroup" form (hereinafter referred to as "rights mapping table") and "mastergroup" form (hereinafter referred to as "mapping table staff"), which mapped the permissions table and management groups, Interaction between. Mapping table which the staff and management groups, the interaction between. The following chart:
In addition, the need for a table to control the system run-time permission to the menu on the left column, or "sub-column table permissions", the following chart:
According to the above analysis, we carried out the database structure design, the following chart:
Click here to view the rights management system design data table field
In order to be able to carry out a good analysis, we will split open database structure, the three entities, the role of form is very clear, and now we look at the role of Map 2.
Map a rights plan is as follows:
First of all, we come to understand the mapping table and management rights groups, as well as the competence of the field between the associated table.
Red circle in the picture, look at the associated gorupid field, this correlation in the actual performance of the database is as follows:
As indicated in the figures, the management group table "super administrator" and groupid to 1, then the permissions groupid mapping table for the powers that is, a "super administrator" permissions.
Groupid associated the use of field is to be found in the implementation of a management group to which the authority. However, the details of these rights is linked by the action field of inquiry.
action field in the database associated with the performance of the following plans:
Through this association, only inquiries to the authority of those rights mapping table for more information. Taken together, we know a management team can perform what authority, as well as detailed information on these rights are.
Perhaps you might ask, why not use it actionid associated field? Because:
- Permissions table id field after a number of database operations may occur after the change.
- Mapping table permissions only record of a management team can execute permissions.
- Once the authority to change the id in the table, then the permissions record mapping table will be changed.
- The implementation of a management group permissions can be bound to go wrong, it is not hope.
Taking into account the above circumstances, so the field should be associated with the use of action because:
- In the permissions table, id may change, and the action field is in any case can not be changed.
- Map of authority records will not change field action.
- The implementation of a management group can not go wrong permissions on the.
Map 2 staff as follows:
To learn about our staff and management of group mapping table table table, as well as between the field staff related to the following chart:
Some pictures of the red circle, look at the groupid field related to this correlation in the performance of the database is as follows:
Figure, a "super administrator" groupid group 1, we look at the staff table mapping, admin Super Administrators group belongs to, and are super-administrator group administrator, but also belong to the Administrators group.
Means the use of this association is to be found in a management group of staff who is. And above, as detailed information on field id (staff mapping table is masterid field) related to the query.
id field (mapping table staff is masterid field) associated in the form of the database is as follows:
At the same time one may belong to more than one "management group" in the figure, administrator at the same time belonging to the two "management team." Therefore, the mapping table in terms of personnel records on the administrator will be two.
Inquiries related to this approach to the management team of personnel which the detailed information. Taken together, we can know that a management group of staff who, as well as detailed information on the staff.
Combined with the above-mentioned privileges and powers of table mapping table, it needs to achieve the "group" operation, the following chart:
In fact, the Management Unit table only records the group's basic information, such as name, group id and so on. As a group, detailed information, as well as the group's permission to carry out detailed information, are recorded in the staff table and permissions table. Table 2 Mapping the real record of what a group of personnel, which authority to implement. Through the mapping table between the two, three forms of interaction between entities only be achieved, thus completing the requirements mentioned in the "group" operator.
Let us look at the permissions table with columns of the interaction between the permissions table. Between the two fields associated table is as follows:
Table 2 uses the fields associated actioncolumnid, this correlation in the performance of the database is as follows:
As shown, through this association, we can see very clear the authority permissions table which column belongs to.
Now, the database structure has been very clear, and the functional distribution of competencies and "group" operations have been achieved. The following analysis, we again demand that the rights management system on the issue of reuse.
Why use this database to build up the design of the system can reuse it?
- Records of three entities form a system of three decisive elements. "Competence", "group" and "people." Three elements which can add each other will not be affected. Whether it is the type of operational system, the three decisive element will not be changed, which means the structure will not change, and change only the data.
- 2 mapping table records the relationship between the three elements. However, these relations is artificially created when the need for change, only records in the database operations, without changes to the structure.
- Permissions column table records displayed when the system uses the sub-field. Whether you want to add columns, modify column or column reduced, it is merely recording it.
To sum up, this design of the database, the system is completely reusable and can stand by the "change" the test of time.
Summary:
The focus of this system lies in the fact that three entities form a firm grasp of the core components of the system, and the two mapping tables to map out a perfect three of the interaction between the entities table. The difficulty lies in understanding the work of mapping table, which records the relationship and the realization of the "group" concept of operations. The system is based on the overall design of the MIS can be provided in different systems "reuse" to meet the needs of different system permissions set.
Appendix:
Rights management system of the field data sheet design
Let us look at the rights management system database table design, is divided into six tables, the following chart:
action table:
action table, the system records all the action, as well as the action description.
actioncolumn table:
actioncolumn action record table of the column, the system is running, the left menu bar provides a few different functions, each piece is a column, add a column for each of the table will add a record, with corresponding to the left menu bar will also be added machine a column.
actiongroup table:
actiongroup table records where the action group.
groupmanager table:
Table groupmanager recorded information management team, each to add a management group, will be here to add a record.
mastergroup table:
mastergroup table records where the administrator of the management team, as an administrator may belong to multiple groups at the same time, so the table, a manager on a number of records may be.
master table:
master table records all the information the administrator, each to add a manager, the table will add a record.