How Kevin changed the worldHow Kevin changed the world

yesterday

Background product manager in the design of the system, with business and user volume up after. Will consider the system’s role and authority design. In this way, the classic Role and permission design: RBAC, role-based Access Control (ROLE-based Access Control) to share the recent implementation of system design cases.


Based on this set of role and permission design will be divided into: RBAC 0\RBAC 1\RBAC 2 role and permission design classification. Although there will be coefficient differentiation of 1, 2 and 3, it will still be based on the basic theoretical model. Basically, RBAC 0 model is enough to use, but the efficiency is lower than that of 1 and 2.


I shared a specific prototype design before, which was built using such a model. The address of this article is here


The background design | roles and permissions


In addition to prototype design, the role and permission design model is also quite important, so today I will share the ROLE and permission RBAC model with you. The life of a curmudgeon is based on an analysis of the RBAC model.




What is the RBAC model

As mentioned earlier, the full name of the RBAC model. In fact, the core is the account, role, authority link design.



Based on the appeal, we can quickly determine the role behind the user’s access to the BACKGROUND system of B/S structure through different accounts, and what permissions this role has to access module 1 and resource 2…..



If the user does not have the permission to use the module, the user cannot use the module. Instead, it’s ready to use. The appeal process guarantees the user access.


This is also the RBAC model based on roles and permissions. But it should be mentioned that in addition to different operation permissions, permissions and role design also need to consider data permissions. As for data permissions, we need to define clearly what it is.



Is it database based add, delete, change, check? Or ownership of the data? For example, customers of the sales management platform can be viewed by the sales manager of the department. But sales managers in other departments are not allowed to see it. However, the rights to add users are available to both sales specialists and sales managers.



Multiple roles and multiple users


After explaining the RBAC model, I believe the roles are clearly defined. So what’s the multi-role versus multi-user scenario?


Simply put, a user uses the system based on an account, and the user logs in to use the system with the account. In RBAC model, it is based on multiple accounts and multiple roles to establish permission management.



For example, in a store system, how many roles might be covered in the system? Let’s do a quick example



Different roles lead to different permissions and functional modules they need in their work. For this reason, the mapping of our roles requires positions or roles that actually exist in life and can be created in the system.


However, in some cases, such as our super administrator and administrator, there is no actual position mapping for such roles, so we need to set the default “super account” in the system. They have such permissions and roles and do not need to be added or created.




Data access


Given the model design for RBAC, how do we consider data permissions? Is there an account that has the default maximum data permissions for the super administrator?


The answer is yes, for the highest level roles, the system should give default global permissions and data. Although roles are created with different permissions, super administrators should not be created globally in the system.


Who can create a super administrator but a system developer?


For this reason, the “super user” at the top of the data permissions is the default we need to give when we set up the system. The other characters can be created by configuration, but you can also give them the highest permissions.


Assign all pages and buttons to a role that is also the super administrator. But his data permissions are not, and data permissions only follow the system’s default super administrator. The roles created in the system will still follow the data logic created by the roles. (This logic requires design from the product manager)


This role belongs to that account, and how much data of this account can be checked only in this account.



Well, today’s share is here, I will insist on two new posts a week ~




-End-



A recent project




Product landing meticulous work, standard copy

Background products, 1 case | column is activated

Learn to “guide”, let demand quickly landing

Another way to deal with price reduction, product PK demand side

Life is inseparable from the product manager

What do product assistant (specialist), product manager, senior product manager, product director look like?

Who was the product manager 10 years ago?




In addition I personally initiated the second phase of the “product manager Kevin to bring new | 30 days of training camp,” launched I summarized the community product, the background, basic skill product manager, the registration is limited 30 people. If you scan the code after signing up. I’ll pull you in on the 28th for training camp. If you need to participate, please complete a simple questionnaire before registration. Below the questionnaire link


Kevin took new | product manager boot camp the second phase of the recruitment