Member-only story
How to Design a Permission System, You Can Do this
Permission system can be simply understood as power restriction, that is, different people have different powers, and what they see and can use may be different. Corresponding to a system a user may have different data permissions and operation permissions.
There are mainly two mainstream permission models:
- ACL Model: Access Control List
- RBAC model: Role-based access control
1. ACL model: access control list
, ACL is the earliest and most basic access control mechanism. It is an object-based control model, and ACL is also used in other models. To solve the problem of configuring users with the same authority one by one, the user group method was also adopted later.
Principle: Each object has a list, which records which subjects can do what behaviors to this object, which is very simple.
For example: when user A wants to edit an article, ACL will first check whether there is user A in the control list of the article editing function.
Another example is: Members of different levels can use different functions in the product.
Disadvantages: When the number of subjects is large, the configuration and maintenance work…
