基于角色的访问控制 MySql 实现
[英]Role Based Access Control MySql Implementation
问题描述
I'm about to develop a management web app with Laravel.
我即将使用 Laravel 开发一个管理 web 应用程序。
I need that my users have different roles with different permission.我需要我的用户具有不同权限的不同角色。
In details: some users can add customers, some users can write pieces of a paper related to the customer, some other users can just read that paper and some other users can read just some pieces of that paper.详细说明:一些用户可以添加客户,一些用户可以写一篇与客户相关的论文,一些其他用户可以阅读该论文,而其他一些用户只能阅读该论文的部分内容。
So I decided to use an RBAC approach in order to gain a certain flexibility.所以我决定使用 RBAC 方法以获得一定的灵活性。 I'll use this DB schema (just an example schema, but represent the needings of my application):我将使用这个 DB 模式(只是一个示例模式,但代表了我的应用程序的需求):
My answer is: since there is a direct relationship between users and paper, customer, attachs etc., how are RBAC rules expressed?我的回答是:既然用户和纸张、客户、附件等有直接关系,那么 RBAC 规则是如何表达的呢? I have to check user's permission in frontend when he request an operation or a resource?当他请求操作或资源时,我必须在前端检查用户的权限吗? Or there are ways to express this rules even at backend level?或者即使在后端也有办法表达这个规则? Maybe using some GRANT options?也许使用一些 GRANT 选项?
Hope sby can help.希望sby能帮上忙。 Thank you!谢谢!
1 个解决方案
解决方案1
2 已采纳 2019-11-02 14:07:16
I would recommend using one of the RBAC packages already available to you, there are a few out there but a couple noteworthy mentions include:我建议使用您已经可用的 RBAC 软件包之一,其中有一些,但值得一提的是:
You define roles such as User and Customer , permissions such as can-write-paper , can-read-paper and assign them to either roles or individual users depending on your use case.您定义诸如User和Customer之类的角色,诸如can-write-paper 、 can-read-paper类的权限,并根据您的用例将它们分配给角色或单个用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.