RBAC (Control de acceso basado en roles, control de acceso basado en roles) significa que los usuarios están asociados con roles y permisos. En pocas palabras, un usuario tiene varios roles y cada rol tiene varios permisos. De esta manera, se construye un modelo de autorización de "permiso de función de usuario". En este modelo, existe una relación de varios a varios entre usuarios y roles, y entre roles y permisos.
Por lo tanto, generalmente partimos del modelo de privilegio de rol de usuario y construimos una tabla de asociación basada en la relación correspondiente para establecer la relación entre la tabla y la tabla.
Y hay 10 tablas en este sistema de gestión de empleados:
Tablas básicas: tabla de usuario, tabla de roles, tabla de autoridad, tabla de recursos, tabla de proxy (puede autorizar temporalmente su autoridad a la persona que lo representa), tabla de departamento.
Las tablas de mapeo creadas según la relación de asociación: tabla de roles de usuario, tabla de permisos de roles, tabla de permisos de departamentos, tabla de agentes de usuario.
Un usuario puede usar múltiples roles o múltiples permisos, todos ellos están en una relación de muchos a muchos, y los permisos pueden verse como permisos operativos sobre recursos.
En este sistema, podemos utilizar claves primarias y claves externas para autorizar usuarios y todo el departamento a través de tablas de asociación.
Todos usamos la tabla de mapeo para mantener la relación entre ellos.
A continuación se muestra el diagrama EER de este sistema:
Podemos ver que lo más básico son las tablas de usuario, rol, permisos y luego a través de la tabla de mapeo asociada a la clave externa para establecer una conexión, que también es la más básica. Y también podemos ampliar la relación de la mesa y establecer una conexión según las necesidades del sistema, como departamento y delegación.
secuencia de comandos sql
-- MySQL dump 10.13 Distrib 5.7.12, for Win64 (x86_64)
--
-- Host: localhost Database: user_management
-- ------------------------------------------------------
-- Server version 5.7.14-log
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Table structure for table `delegation`
--
DROP TABLE IF EXISTS `delegation`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `delegation` (
`delegation_id` int(11) NOT NULL,
`delegation_user_id` int(11) DEFAULT NULL,
`startDate` date DEFAULT NULL,
`endDate` date DEFAULT NULL,
PRIMARY KEY (`delegation_id`),
KEY `delegation_user_id` (`delegation_user_id`),
CONSTRAINT `delegation_ibfk_1` FOREIGN KEY (`delegation_user_id`) REFERENCES `user` (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `delegation`
--
LOCK TABLES `delegation` WRITE;
/*!40000 ALTER TABLE `delegation` DISABLE KEYS */;
/*!40000 ALTER TABLE `delegation` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `department`
--
DROP TABLE IF EXISTS `department`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `department` (
`department_id` int(11) NOT NULL,
`department_name` varchar(30) DEFAULT NULL,
PRIMARY KEY (`department_id`),
UNIQUE KEY `department_id_UNIQUE` (`department_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `department`
--
LOCK TABLES `department` WRITE;
/*!40000 ALTER TABLE `department` DISABLE KEYS */;
INSERT INTO `department` VALUES (1,'研发部');
/*!40000 ALTER TABLE `department` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `department_permission`
--
DROP TABLE IF EXISTS `department_permission`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `department_permission` (
`department_id` int(11) DEFAULT NULL,
`permission_id` int(11) DEFAULT NULL,
KEY `department_id` (`department_id`),
KEY `permission_id` (`permission_id`),
CONSTRAINT `department_permission_ibfk_1` FOREIGN KEY (`department_id`) REFERENCES `department` (`department_id`),
CONSTRAINT `department_permission_ibfk_2` FOREIGN KEY (`permission_id`) REFERENCES `permission` (`permission_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `department_permission`
--
LOCK TABLES `department_permission` WRITE;
/*!40000 ALTER TABLE `department_permission` DISABLE KEYS */;
/*!40000 ALTER TABLE `department_permission` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `permission`
--
DROP TABLE IF EXISTS `permission`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `permission` (
`permission_id` int(11) NOT NULL,
`resource_id` int(11) DEFAULT NULL,
PRIMARY KEY (`permission_id`),
KEY `resource_id` (`resource_id`),
CONSTRAINT `permission_ibfk_1` FOREIGN KEY (`resource_id`) REFERENCES `resource` (`resource_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `permission`
--
LOCK TABLES `permission` WRITE;
/*!40000 ALTER TABLE `permission` DISABLE KEYS */;
/*!40000 ALTER TABLE `permission` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `resource`
--
DROP TABLE IF EXISTS `resource`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `resource` (
`resource_id` int(11) NOT NULL,
`resource_name` varchar(25) DEFAULT NULL,
`resource_crud` int(11) DEFAULT NULL,
PRIMARY KEY (`resource_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `resource`
--
LOCK TABLES `resource` WRITE;
/*!40000 ALTER TABLE `resource` DISABLE KEYS */;
/*!40000 ALTER TABLE `resource` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `role`
--
DROP TABLE IF EXISTS `role`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `role` (
`role_id` int(11) NOT NULL,
`role_name` varchar(20) DEFAULT NULL,
PRIMARY KEY (`role_id`),
UNIQUE KEY `role_id_UNIQUE` (`role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `role`
--
LOCK TABLES `role` WRITE;
/*!40000 ALTER TABLE `role` DISABLE KEYS */;
INSERT INTO `role` VALUES (1,'总经理');
/*!40000 ALTER TABLE `role` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `role_permission`
--
DROP TABLE IF EXISTS `role_permission`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `role_permission` (
`role_id` int(11) DEFAULT NULL,
`permission_id` int(11) DEFAULT NULL,
KEY `role_id` (`role_id`),
KEY `permission_id` (`permission_id`),
CONSTRAINT `role_permission_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `role` (`role_id`),
CONSTRAINT `role_permission_ibfk_2` FOREIGN KEY (`permission_id`) REFERENCES `permission` (`permission_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `role_permission`
--
LOCK TABLES `role_permission` WRITE;
/*!40000 ALTER TABLE `role_permission` DISABLE KEYS */;
/*!40000 ALTER TABLE `role_permission` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `user`
--
DROP TABLE IF EXISTS `user`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user` (
`user_id` int(11) NOT NULL,
`user_name` varchar(40) DEFAULT NULL,
`user_gender` varchar(8) DEFAULT NULL,
`user_email` varchar(30) DEFAULT NULL,
`user_phone` varchar(20) DEFAULT NULL,
`user_address` varchar(45) DEFAULT NULL,
`user_birthday` date DEFAULT NULL,
`department_id` int(11) DEFAULT NULL,
PRIMARY KEY (`user_id`),
UNIQUE KEY `use_idr_UNIQUE` (`user_id`),
KEY `department_id` (`department_id`),
CONSTRAINT `user_ibfk_1` FOREIGN KEY (`department_id`) REFERENCES `department` (`department_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `user`
--
LOCK TABLES `user` WRITE;
/*!40000 ALTER TABLE `user` DISABLE KEYS */;
INSERT INTO `user` VALUES (101,'mike','male','[email protected]','183xxxxxxxx','chengdu','2017-01-19',1),(102,'mao','female','[email protected]','183xxxxxx','chengdu','2017-01-20',1),(103,'huang','male','[email protected]','183xxxxxxxx','chengdu','2017-01-24',NULL);
/*!40000 ALTER TABLE `user` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `user_delegation`
--
DROP TABLE IF EXISTS `user_delegation`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_delegation` (
`user_id` int(11) DEFAULT NULL,
`delegation_id` int(11) DEFAULT NULL,
KEY `user_id` (`user_id`),
KEY `delegation_id` (`delegation_id`),
CONSTRAINT `user_delegation_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `user` (`user_id`),
CONSTRAINT `user_delegation_ibfk_2` FOREIGN KEY (`delegation_id`) REFERENCES `delegation` (`delegation_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `user_delegation`
--
LOCK TABLES `user_delegation` WRITE;
/*!40000 ALTER TABLE `user_delegation` DISABLE KEYS */;
/*!40000 ALTER TABLE `user_delegation` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `user_department`
--
DROP TABLE IF EXISTS `user_department`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_department` (
`user_id` int(11) DEFAULT NULL,
`department_id` int(11) DEFAULT NULL,
KEY `user_id` (`user_id`),
KEY `department_id` (`department_id`),
CONSTRAINT `user_department_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `user` (`user_id`),
CONSTRAINT `user_department_ibfk_2` FOREIGN KEY (`department_id`) REFERENCES `department` (`department_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `user_department`
--
LOCK TABLES `user_department` WRITE;
/*!40000 ALTER TABLE `user_department` DISABLE KEYS */;
/*!40000 ALTER TABLE `user_department` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `user_role`
--
DROP TABLE IF EXISTS `user_role`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_role` (
`user_id` int(11) DEFAULT NULL,
`role_id` int(11) DEFAULT NULL,
KEY `user_id` (`user_id`),
KEY `role_id` (`role_id`),
CONSTRAINT `user_role_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `user` (`user_id`),
CONSTRAINT `user_role_ibfk_2` FOREIGN KEY (`role_id`) REFERENCES `role` (`role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `user_role`
--
LOCK TABLES `user_role` WRITE;
/*!40000 ALTER TABLE `user_role` DISABLE KEYS */;
/*!40000 ALTER TABLE `user_role` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2017-02-15 16:44:55