[英]Role Based Access Control MySql Implementation
I'm about to develop a management web app with Laravel.我即将使用 Laravel 开发一个管理 web 应用程序。
I need that my users have different roles with different permission.我需要我的用户具有不同权限的不同角色。
In details: some users can add customers, some users can write pieces of a paper related to the customer, some other users can just read that paper and some other users can read just some pieces of that paper.详细说明:一些用户可以添加客户,一些用户可以写一篇与客户相关的论文,一些其他用户可以阅读该论文,而其他一些用户只能阅读该论文的部分内容。
So I decided to use an RBAC approach in order to gain a certain flexibility.所以我决定使用 RBAC 方法以获得一定的灵活性。 I'll use this DB schema (just an example schema, but represent the needings of my application):
我将使用这个 DB 模式(只是一个示例模式,但代表了我的应用程序的需求):
My answer is: since there is a direct relationship between users and paper, customer, attachs etc., how are RBAC rules expressed?我的回答是:既然用户和纸张、客户、附件等有直接关系,那么 RBAC 规则是如何表达的呢? I have to check user's permission in frontend when he request an operation or a resource?
当他请求操作或资源时,我必须在前端检查用户的权限吗? Or there are ways to express this rules even at backend level?
或者即使在后端也有办法表达这个规则? Maybe using some GRANT options?
也许使用一些 GRANT 选项?
Hope sby can help.希望sby能帮上忙。 Thank you!
谢谢!
I would recommend using one of the RBAC packages already available to you, there are a few out there but a couple noteworthy mentions include:我建议使用您已经可用的 RBAC 软件包之一,其中有一些,但值得一提的是:
You define roles such as User
and Customer
, permissions such as can-write-paper
, can-read-paper
and assign them to either roles or individual users depending on your use case.您定义诸如
User
和Customer
之类的角色,诸如can-write-paper
、 can-read-paper
类的权限,并根据您的用例将它们分配给角色或单个用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.