RBAC Role-based Access Control
Summary
RBAC (Role-Based Access Control) is that users associate with privileges through roles. Simply put, a user has several roles, and each role has several permissions. In this way, the authorization model of "user-role-permission" is constructed. In this model, the relationship between users and roles, roles and privileges is generally many-to-many. (as shown below)
objective
In our oAuth2 system, we need to control all the resources of the system, including:
- Static resources (object resources): functional operations, data columns
- Dynamic resources (data resources): data
The purpose of the system is to control all object resources and data resources of the application system, such as function menu, interface button, column of data display, and operation of permission of various row-level data.
Object Relations
Jurisdiction
All privilege information of the system. The authority has the superior and subordinate relation, is a tree structure. For example:
- system management
- user management
- View Users
- New Users
- Modify Users
- delete user
- user management
user
The specific operator of the system can belong to one or more roles, and its relationship with roles is many-to-many.
role
In order to classify and manage many users with similar privileges, the concept of roles is defined, such as system administrator, administrator, user, visitor and so on. The role has a superior-subordinate relationship and can form a tree view. The authority of the parent role is a synthesis of the authority of itself and all its children. The user of the parent role and the group of the parent role are inferable.
Diagram
Module Diagram
Table structure
CREATE TABLE `tb_permission` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `parent_id` bigint(20) DEFAULT NULL COMMENT 'Parent privileges', `name` varchar(64) NOT NULL COMMENT 'Name of permission', `enname` varchar(64) NOT NULL COMMENT 'English Name of Rights', `url` varchar(255) NOT NULL COMMENT 'Authorization Path', `description` varchar(200) DEFAULT NULL COMMENT 'Remarks', `created` datetime NOT NULL, `updated` datetime NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=37 DEFAULT CHARSET=utf8 COMMENT='Permission table'; CREATE TABLE `tb_role` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `parent_id` bigint(20) DEFAULT NULL COMMENT 'Father role', `name` varchar(64) NOT NULL COMMENT 'Role Name', `enname` varchar(64) NOT NULL COMMENT 'English Name of Roles', `description` varchar(200) DEFAULT NULL COMMENT 'Remarks', `created` datetime NOT NULL, `updated` datetime NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=37 DEFAULT CHARSET=utf8 COMMENT='Role table'; CREATE TABLE `tb_role_permission` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `role_id` bigint(20) NOT NULL COMMENT 'role ID', `permission_id` bigint(20) NOT NULL COMMENT 'Jurisdiction ID', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=37 DEFAULT CHARSET=utf8 COMMENT='Role privilege table'; CREATE TABLE `tb_user` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `username` varchar(50) NOT NULL COMMENT 'User name', `password` varchar(64) NOT NULL COMMENT 'Password, Encrypted Storage', `phone` varchar(20) DEFAULT NULL COMMENT 'Registered Mobile Phone Number', `email` varchar(50) DEFAULT NULL COMMENT 'Registered mailbox', `created` datetime NOT NULL, `updated` datetime NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `username` (`username`) USING BTREE, UNIQUE KEY `phone` (`phone`) USING BTREE, UNIQUE KEY `email` (`email`) USING BTREE ) ENGINE=InnoDB AUTO_INCREMENT=37 DEFAULT CHARSET=utf8 COMMENT='User table'; CREATE TABLE `tb_user_role` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `user_id` bigint(20) NOT NULL COMMENT 'user ID', `role_id` bigint(20) NOT NULL COMMENT 'role ID', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=37 DEFAULT CHARSET=utf8 COMMENT='User role table';