Location>code7788 >text

Permission system: an article to understand the functional permissions, data permissions

Popularity:307 ℃/2024-11-10 18:08:27

Hello, I'm Master Tang~

In a permissions system, permissions are usually divided into two main categories: functional permissions and data permissions. These two types of permissions complement each other, and together they determine what operations a user can perform and what information he or she can access in the system.

functional privilege

1. What are the functional rights

When logging into a system, why are some function buttons grayed out and some pages not even visible at all? This is exactly where function permissions come into play behind the scenes.

Functional permissions determine which functional modules, which pages a user can access, and which specific operations he or she can perform in the system.

As an example, operators of online shopping malls usually need to manage products, process orders and plan events. Therefore, they need to have access to the product management, order management and activity management modules. When the operators log in the system, they can see these modules and perform operations such as adding, modifying and deleting.

Finance staff, on the other hand, are mainly concerned with the flow of funds and financial statements. They can only access the financial management module and have no access to the merchandise, order and activity modules.

Functional privileges are usually assigned based on employees' job responsibilities and work requirements. Reasonable setting of functional rights not only prevents the risk of misuse or unauthorized operation, but also allows employees to focus on their own work and improve efficiency.

2. Classification of functional rights

Functional permissions can be subdivided from coarse to fine according to the granularity of the operation into four layers: modules, pages, buttons and fields. This hierarchical management makes permission assignment more flexible and precise.

1) Module Permissions

Module permissions control user access to business functionality. For example, when an operator is given access to the "Product Management" module, he or she can access the product list page, view product details, and perform operations such as adding or deleting products.

2) Page Permissions

Page permissions are restrictions on access to specific functional pages. For example, a user with the "Product List" page permission can view the product list and perform all actions on the page (such as adding and deleting products).

3) Button Permissions

Button permissions are more granular and directly control specific action buttons. For example, a user may have the "Add Product" button permission on the "Product Details" page, but not the "Delete Product" button permission.

4) Field Permissions

Field permissions are the most granular permissions management. For example, on the "Product Details" page, an ordinary user may only be able to view the "Product Price" field, while an administrator may be able to edit the field or export related data.

The hierarchical structure of functional permissions (modules, pages, buttons, fields) allows enterprises to flexibly assign permissions, which not only safeguards the security of the system, but also improves the efficiency of employees. By reasonably configuring functional permissions, companies can not only avoid the risk of overstepping their authority, but also optimize the experience of their employees, allowing everyone to focus on their own scope of responsibility.

data privilege

1. What are data rights?

Why do two users in the same system with the same functional privileges see different ranges of data?

This may be caused by their different "data rights". Data permissions are based on functional permissions and further limit the scope of data that users can access to ensure the accuracy and security of data usage.

For example, a merchant chain has multiple stores. Store manager A of Shanghai store and store manager B of Hangzhou store both have POS management privileges, but due to the restriction of data privileges, store manager A can only access the data of Shanghai store, while store manager B can only access the data of Hangzhou store. This fine-grained permission management not only improves data security, but also meets the actual needs of organizational management.

The setting of data permissions is usually related to organizational structure, job level, business rules, etc. For example, salespeople can only view their own performance to avoid internal strife caused by performance comparison, while department leaders can view the data of the entire department to facilitate management and decision-making.

By flexibly assigning data rights, enterprises can effectively reduce the risk of data leakage, while providing managers with a global view to help optimize business decisions.

2. Granularity of data permissions

The granularity of data permissions determines the extent to which users can access data. This granularity is usually based on dimensions such as geography, department, store, project or customer level. Proper granularity can ensure data security while meeting business needs.

In the case of a chain of merchants, for example, as shown in Figure 8-4, companies usually divide the scope of data rights according to the management level:

  • store level: Store Manager A is authorized to manage Store A. He can only view the business data (e.g., orders, purchase orders, stock-in/stock-out orders, etc.) of Store A.
  • regional level: Operations Manager B, who is authorized to manage Region A, is able to view data for all stores under Region A, including subsequent additions.
  • Branch level: General Manager C is authorized to manage Branch A. He has access to the data of all the stores under Branch A.
  • headquarters level: Headquarters administrators have global access to all store business data.

In this hierarchical architecture, stores are the basic data authorization unit, while regions, branches and headquarters form a collection of authority that expands step by step. This fine granularity not only ensures the security of sensitive information, but also meets the management needs of complex business scenarios.

Data permissions can not only reduce the risk of information leakage through fine-grained scope control, but also enhance the global perspective of managers and optimize the operational efficiency of the enterprise.

This article has been featured on, my tech site: Inside there are, algorithm Leetcode detailed explanation, interviews eight stock text, BAT interview questions, resume templates, architecture design, and other experience sharing.