Business system user rights management – design articles
?? Permissions in the B / S system is even more important than in the C / S, C / S system has a special client, so access to the user’s permissions detection by client or by the client + server detection, and B / S, the browser each computer are in place, If you do not build a complete permission detection, unauthorized users are likely to be able to easily through the browser access to all the features of the B / S system . B / S business systems need to have one or more rights system to achieve access detection, so that authorized users can legitimate use authorized, unauthorized unauthorized users will completely shut out. ” Here let us look at how the permissions system designed to meet most of the B / S system permissions control user features.
Statement of need
-
Different responsibilities of personnel for the operating system privileges should be different. Excellent business system, which is the most basic functions.
-
Group to assign permissions. If you ask the administrator for a large enterprise business systems, distribution system operating authority for its employees one by one, it is time-consuming and not convenient enough. Therefore, the system put forward the concept of group permission incorporated into the same group, and then assign permissions that group.
-
Rights management system should be scalable. It should be added to any rights management system. Like components can be continuously reused, rather than for each to develop a management system, it is necessary for the management component of re-development.
-
Meet the functional competence of the business system. Traditional business systems, there are two rights management, one of which is the functional competence of management, and another is the management of the resource permissions, functional competence can be reused between different systems, and resource permissions can not.
About Design
?? With NoahWeb action programming philosophy at the design stage, system designers need to consider the design of the structure of the program, but from the program flow and structure of the database to start with. In order to achieve the demand, the design of the database can be described as important, whether it is the concept of “group” operation, reuse or Entire rights management system, in that the design of the database.
Let’s analyze the structure of the database:
?? First of all, action table (hereinafter referred to as “permissions table), gorupmanager table (hereinafter referred to as” management group table “), as well as the master table (hereinafter referred to as” staff table “) of three entities, which in turn records “authorized” message, “Management Group” and “officer”. As shown below:
?? The relationship between these three tables is a many-to-many, a permission may belong to more than one management group, a management group may contain multiple permissions at the same time. By the same token, a person may belong to more than one management group, a management group may contain more than one person at the same time. As shown below:
?? Since there is a many-to-many relationship between the tables, the interaction between them, it is best to use the other two tables to complete. Two tables play a role mapping are “ActionGroup” table (hereinafter referred to as “permission mapping table”) and “mastergroup” table (hereinafter referred to as the “personnel mapping table), the former mapping the authority table and the management group table The interaction between. The latter mapping the interaction between the staff table set of tables. As shown below:
?? In addition, you need a table to control permissions columns while the system is running in the left menu, or “permissions column table, as shown:
?? Based on the above analysis, the database structure design, as shown below:
?? Order to be able to carry out the analysis, we will split the database structure diagram open, the three entities table has been very clear, and now we look at the role of two mapping table.
Permission mapping table as shown below:
?? First, we take a look at the the between fields associated with the the permissions mapping table management group tables and permissions table.
?? Red circle in the picture, look at gorupid field associated with this association in a real database performance as shown below:
?? As shown in the figure, the management group table “super administrator” groupid, then the permissions mapping table groupid permissions of a “super administrator” have permissions.
?? Use the groupid field related, is to be found in a management group can execute permissions. Detailed information about these permissions are the action field associated with the query to.
?? The action field associated with the performance in the database as shown below:
?? This association only query to the the permissions mapping table among those permissions. Taken together, we know that a management group can execute permissions which these rights in detail.
?? Perhaps you might ask, why not use actionid field associated with it? Since:
-
Id field in the permissions table may change after several database operations.
-
Permission mapping table only records a management group can execute permissions.
-
Once id change the permissions table, then the record will change the permissions mapping table.
-
A management group can execute permissions is bound to go wrong, which is highly undesirable.
?? Taking into account the above situation, so it should be using the action field associated, because:
-
In the permissions table, id may change the action field is in any case it is impossible to change the.
-
Permission mapping table records the action field will not change.
-
A management group can execute permissions would not be wrong.
The two mapping table as shown below:
?? We take a look at the field associated personnel mapping table management group table and personnel between the tables as shown below:
?? The red circle in the pictures, look at the the groupid field associated with, the performance of this association in the database as shown below:
?? Figure, “super administrator” group groupid 1, we look at the personnel mapping table, admin belonging to the super administrator group, administrator super administrator group also belong to the Administrators group.
?? The use of this association is to be found anyone in a management group. And above-detailed information is associated with the query to rely on the id field (personnel mapping table is masterid field).
?? id field (personnel mapping table is masterid field) associated in the database in the form of the following diagram:
?? One person may belong to more than one management group, as shown, administrator belongs to both the management group. So, in the staff mapping table records administrator will be two.
?? Way associated with this query to the management group For more information. Taken together, we can know anyone in a management group, as well as detailed information about this person.
?? Combination of the above mentioned permissions table and permissions mapping table, on the realization of the demand “group” operation, as shown below:
?? In fact, the management group table only record set of basic information such as name, group id. As for the detailed information of the personnel in a group, and the group is able to perform more information about permissions, are recorded in the the personnel tables and permissions table. The two mapping table is really a record of a group which people can do what permissions. By the convergence of two mapping table, the interaction between the three entities can be achieved, thus completing the requirements mentioned group operating.
?? Let us look at the interaction between the permissions column table with permissions table. Associated with the fields between the two tables as shown below:
?? The two tables the actioncolumnid field associated with the performance of this association in the database as shown below:
?? As shown, through this association, we can very clearly see the permissions in the permissions table which columns.
?? Now, the database structure has been very clear, and the ability to assign permissions and group operation has been achieved. Now let us analyze the problems mentioned in the demand for rights management system reusability.
?? Why use this database designed to build up the system can be reused?
-
The three entities statement recorded in the three decisive elements in the system. “Permission”, “Group” and “people.” These three elements can be added, affecting each other. Whether that type of business systems, these three decisive elements will not change, which means the structure will not change, and become just data.
-
Two mapping table records the relationship between the three elements. But these relationships is artificially created, it needs to be changed, only the records in the database to operate, no need to change the structure.
-
The permissions columns in the table records the display sub-system uses bar. Whether you want to add a column, modify the column or decrease the column, it is only operational records only.
?? In summary, this design database, the system is completely reusable and withstand “Change” test.
Summary:
?? The focus of this system is that the three entities statement firmly grasp the core components of the system, two perfect mapping table to map out the interaction between the three entities form. The difficulty lies in understanding the mapping table, which records the relationship and the realization of the “group” concept of operations. The overall design of the system is in line with the different MIS system “reuse” to meet different system function permission settings.
Appendix:
Rights management system design of the field data sheet
?? Let us look at the rights management system database table design, is divided into six tables, as shown below:
action table:
?? The action table records all the action, and action description.
Table of actioncolumn:
?? the record action the actioncolumn table columns, while the system is running, the menu bar on the left provides a few different functions, each piece is a columns, each adding a columns, records will be added in the table, as opposed corresponding left menu bar will also be added the machine a column.
Table of actiongroup:
?? actiongroup table records where the action group.
table groupmanager:
?? recorded in the groupmanager table management information about the groups, and per add a management group, and the record will be added.
mastergroup table:
?? the mastergroup table records management group where the administrator, an administrator may belong to multiple groups at the same time with the table on a one administrator records may be multiple.
master table:
?? The master table records the information of all administrators, each add an administrator, the table will add a record.
