RBAC-based model of common rights management system design (transfer)

2011-04-15  来源:本站原创  分类:Database  人气:101 

RBAC-based model of common rights management system design

Keywords: design ideas

General data rights management system design (a)

Introduction:
This article provides an integrated data access permissions and capabilities the solution to meet the multi-level organization of centralized management of access control. This method is RBAC (role-based access control methods) to further expand and extend that functionality on the basis of increasing data access rights management, data access and function rights focus.

Explained:
Function authority: the question of what can do, such as increased sales orders;
Data access: Where can I do the problems, such as look at Beijing Haidian Branch Sales seating of the sales orders;

Terms:
Resources: the resources of the system, mainly all kinds of business objects, such as sales orders, payment vouchers, etc.;
Type of operation: access to resources may be methods, such as add, delete, modify, etc.;
Function: the operation of the resource, the resource group with the type of binary operation, such as increased sales orders, sales orders and other changes;
Data type: Business systems commonly used data types of permissions, such as companies, departments, projects, individuals, etc.;
Data objects: a specific business object, such as Company A, B department, etc., including all rights relating to the data object value;
Permissions: You can use the feature role, the role of sub-functions of data access permissions and roles;
Role: a specific set of permissions;
User: the main activities involved in the system, such as people, systems.

General data rights management system design (II)

Method Description:
In practice, data access control is generally relatively fixed, such as for companies, departments, individuals, customers, suppliers, etc., that generally the data access type for the specified data object under some of the data.

This method, the data access permission depends on the function, is the functional competence of the further description, explain the role of the functions specified point in the data control.
The method used "is not clearly defined as effective" principle, if the data access function is not defined, then the role has all permissions for this function. If you define the function of certain types of data access, the user only has the data specified under this type of data access.

More convoluted passage, for example the following practical examples.

Sales department of a company in Beijing, Shanghai and Guangzhou Sales Department sales three sales, and now need to define several roles:
Sales Director - Sales Department can look at all the sales orders;
Beijing Sales Manager - Sales Department of Beijing can look at all the sales orders;
Shanghai Sales Manager - Shanghai Sales Department can look at all the sales orders;
Sales Manager Guangzhou - Guangzhou Sales Department can only look at all the sales orders;

The role is defined as follows:

-------------------------------------------------- -----------------
The role of functional data type data object name
-------------------------------------------------- -----------------
Sales Director, Beijing Sales Manager, look at look at the sales order sales order department Beijing Shanghai sales manager, look at the sales order department, Shanghai and Guangzhou sales manager look at the sales order department in Guangzhou
-------------------------------------------------- -----------------

The above definition, the sales director only defines the functional competence, but does not define data access, the sales director to look at all the sales orders; sales manager, respectively, while a few other features of the data defined in this permission, we can only look at specific departments sales orders.

In practice, the department will always be a group leader can look at this group of sales orders for all personnel to deal with the situation, and in some cases, some people only look at my sales orders, these special circumstances in the instructions can not be solved, in the design and implementation for processing.

Beijing Sales Representative - Sales of Beijing can look at all my sales orders;
Beijing sales representative look at the sales order department Beijing
Personal

General data rights management system design (c) - Database Design

Let's take a look at the traditional role-based rights management system, as shown below, the most simple role-based access management by the system features, roles, system users, roles and user roles of five parts.

RBAC-based model of common rights management system design (transfer)

Figure 1: Role-based database structure

For the data access control in the design of role-based rights management to expand, as shown below:

RBAC-based model of common rights management system design (transfer)

Figure 2: Common data access management system database design

Compare two maps, we can see, the main changes between them are:

1, increase system resources, information and operation type information, the system resources for the tree structure, such as sales module, sales orders, etc.; type of operation records of possible operations such as add, delete, modify, view, query, system resources and functions combination of the type of operation, operation of resources is a system function.

2, data object types and add two table data objects, data object type recording system the need to control the type of object, such as department, warehouse, employees, customers, suppliers, etc.; record the data object instances of object types of objects, such as Beijing Sales Department, Shanghai Sales Department, Joe Smith, John Doe, and so on. (Independent of the benefits of saving will be mentioned later)

3, increase system resources associated with the data object type table (many), this table is the configuration tables, a resource may need to control points, such as sales orders associated with the department may be related to the types of sub-sectoral allocation of authority; sales orders associated with the customer may be related to the customer to assign permissions and so on.

4, increase the data objects associated with the role of authority, this table is truly the ultimate location of data rights management.

With this design, can be minimized to reduce the existing authority to change the system, and can be very flexible to increase control of the data points. In product design software to use, the flexibility to meet customer needs.

Transfer: http://gmf.iteye.com/blog/317088

相关文章
  • RBAC-based model of common rights management system design (transfer) 2011-04-15

    RBAC-based model of common rights management system design Keywords: design ideas General data rights management system design (a) Introduction: This article provides an integrated data access permissions and capabilities the solution to meet the mul

  • Universal Rights Management System articles 2010-11-14

    The first two articles, the design of many of my friends raised an objection that is too complicated, of course, the actual permissions on various systems management module is not designed to be so complex as this, I did before the system in by only

  • General rights management system 2010-07-19

    There is a saying: "The traditional business system, there are two kinds of rights management, one is the functional competence of management, while the other is the resource management authority in different systems, functional competence can be reu

  • Open-source organization rights management system (including the AJAX application framework to achieve EOS) (Updated 071,016) 2009-11-17

    Open-source organization rights management system (including the AJAX application framework to achieve EOS) (Updated 071,016) Release Date :2007-10-16 00:00:00 Author: goCom Source: goComDevCenter Language: English Reading Views: 28186 times ========

  • Rights management system open source organizations (including the AJAX application framework to achieve EOS) (updated 071016) 2010-03-12

    Rights management system open source organizations (including the AJAX application framework to achieve EOS) (updated 071016) Published :2007-10-16 00:00:00 author: goCom Source: goComDevCenter Language: English Reading Views: 28186 times ===========

  • Achieve business user rights management system 2010-10-07

    Has learned that the user rights management system is very depressed, ah, always understanding, clouds clouds Finally, one or two, or from the Internet search system on the user rights, in great detail, the time to look slowly, understanding or good

  • Document Management System Design and Analysis of Teaching 2010-12-08

    Document Management System Design and Analysis of Teaching l Project Background Requirements Information technology today, a fully functional learning management system is not essential to a school. Ergonomic design, easy administrators, teachers, te

  • Barcode-based college textbook management system design and application 2008-05-24

    Abstract: In order to improve the management of university textbooks confusion and complex situations, to improve materials management efficiency to explain the barcode-based college textbook WEB system management applications. System uses the Code39

  • Rights Management System 2009-08-14

    Preface: Authority is often an extremely complex issue, but can also be expressed as a simple expression of this logic: to determine "Who of What (Which) to carry out the operation of How" is the logical expression is true. For different applica

  • Senior Rights Management System 2009-07-04

    In any system design is the most basic rights of things, a good permissions system, developers can enhance the development progress; but they can provide users with perfect scalability rights management, rather than a simple custom permissions. In th

  • (New first post) Springside3 + Jquery + easyUI-based rights management system developed 2010-10-29

    JavaEye diving in many years, posting the first time today, give us a show about to produce their own stuff, welcome to Paizhuan! Use of technology: 1. Technology platform: Springside3 + Jquery + easyUI 2.Server: Tomcat6 (development phase) 3. Databa

  • Rights Management to design a 2009-06-25

    Permission application design We are in the development of the system often encounter the need for access control systems, and varying levels of access control have different design. 1. The design of role-based permissions This program is the most co

  • Content management system design and selection 2009-09-19

    Reprint Address: http://www.chedong.com/tech/cms.html Abstract: Content Management System Overview Content Management System Selection Advertising Management System Selection Forum / Community System Selection WYSIWYG Editor Selection Image upload an

  • Openi BI platform based on open source data warehouse system design and development 2010-10-08

    Now we compare the recognized business intelligence system is divided into reporting, OLAP, data warehousing, data mining, and five large ad hoc query, business intelligence system itself is only a relatively new concept, perhaps with the development

  • ORACLE rights management system 2010-11-12

    Oracle 9i the default user and password three sys / change_on_install (network administrator) must connect to the database with the user to add [as sysdba] system / manager (local administrator) scott / tiger (user) Oracle 10 When installed, users sy

  • rails3beta4 + devise + cancan to create rights management system (1) 2010-07-14

    In preparation for the subsequent project, first brought practice very hand. rails environment set up not repeat, the first New Project rails new passport -d=postgresql Configure postgresql account password rake db:create Start rails, see http://loca

  • rails3beta4 + devise + cancan build Rights Management System (1) 2010-07-14

    In preparation for the subsequent project, first brought practice very hand. rails environment set up not repeat, the first New Project rails new passport -d=postgresql Configure postgresql account password rake db:create Start rails, see http://loca

  • Rights management database design 2011-05-19

    use [master] go - Check database [RBAC] exists, if there is then deleted (only for testing, otherwise the data will be lost.) - Search from the sysdatabase to see that if the [RBAC] database exist. - If exists then drop it else create it. if exists (

  • Rights Management Design II 2009-06-25

    Business system user rights management - design articles    B / S system permissions than the C / S of the more important, C / S system as a special client, so the user's permission to visit can be detected or by the client to achieve the client + se

  • Library management system database table structure (a) 2010-10-18

    I.1 Description This is done by using a database modeling tool PowerDesign export documentation, library management system is the ER model description. Figure library management system design requirements That is, at least three entities, each entity