在RBAC权限设计中,角色和用户之间的关系是多对多还是一对多?一个用户能否拥有多个角色,如果两者都正确,那么在实际开发中哪种关系更为常用?
多对多,
一个用户经常会被赋予多个角色,角色间经常存在交集,但我们实际使用中,不用管交集的部分,只用取并集。
一个角色经常有多个用户。举例:以部门为角色,如研发角色,运维角色,测试角色,往往会授权给多个用户。
常见类似的情形还有:资产。
最复杂的情况就是,角色,用户,资产,用户组,资产组的复杂组合。要理清这些逻辑,其实可以参考下各大公有云中的角色权限相关。如:
#创建数据
CREATE DATABASE rbac;
USER rbac;
#部门表
CREATE TABLE sys_dept(
id INT PRIMARY KEY AUTO_INCREMENT,
dname VARCHAR(32)
);
#用户表
CREATE TABLE sys_user(
id INT PRIMARY KEY AUTO_INCREMENT,
telephone VARCHAR(11),
PASSWORD VARCHAR(20),
realname VARCHAR(32),
birthday DATE,
headimg VARCHAR(100),
available INT(1),
did INT,
FOREIGN KEY(did)REFERENCES sys_dept(id)
);
#角色表
CREATE TABLE sys_role(
id INT PRIMARY KEY AUTO_INCREMENT,
rolename VARCHAR(32)
);
#用户角色中间表
CREATE TABLE sys_user_role(
id INT PRIMARY KEY AUTO_INCREMENT,
uid INT,
rid INT,
FOREIGN KEY (uid)REFERENCES sys_user(id),
FOREIGN KEY(rid)REFERENCES sys_role(id)
);
#权限表
CREATE TABLE sys_permission(
id INT (11) PRIMARY KEY AUTO_INCREMENT,
pid INT(11)DEFAULT NULL,
TYPE VARCHAR(20)DEFAULT NULL,
percode VARCHAR(20) DEFAULT NULL,
NAIE VARCHAR(50)DEFAULT NULL,
icon VARCHAR(100)DEFAULT NULL,
href VARCHAR(200)DEFAULT NULL,
OPEN INT DEFAULT 1
);
#角色权限中间表
CREATE TABLE sys_role_permission(
id INT PRIMARY KEY AUTO_INCREMENT,
rid INT,
perid INT,
FOREIGN KEY(rid) REFERENCES sys_role(id),
FOREIGN KEY(perid) REFERENCES sys_permission(id)
);
#添加部门测试数据
INSERT INTO sys_dept(dname)VALUES('技术部');
INSERT INTO sys_dept(dname)VALUES('市场部');
INSERT INTO sys_dept(dname)VALUES('销售部');
#添加员工测试数据
INSERT INTO
sys_user(telephone,PASSWORD,realname,birthday,headimg,available,did)VALUES('13324537956','123456','giles','1980-09-09','static/upload/giles.jpg',1,1);
INSERT INTO
sys_user(telephone,PASSWORD,realname,birthday,headimg,available,did)VALUES('13324537952','123456','peter','1980-08-09','static/upload/peter.jpg',1,2);
#添加角色测试数据
INSERT INTO sys_role(rolename)VALUES('管理员');
INSERT INTO sys_role(rolename)VALUES('技术专员');
INSERT INTO sys_role(rolename)VALUES('市场专员');
#添加加权限测试数据
INSERT INTO sys_permission(pid,TYPE,NAME,icon,OPEN)VALUES(0,'menu','权限管理系统','',1);
INSERT INTO sys_permission(pid,TYPE,NAME,icon,OPEN)VALUES(1,'menu','用户管理',':',1);
INSERT INTO sys_permission(pid,TYPE,NAME,icon,OPEN)VALUES(1,'menu','角色管理',':',1);
INSERT INTO sys_permission(pid,TYPE,NAME,icon,OPEN)VALUES(1,'menu','权限管理',':',1);
INSERT INTO sys_permission(pid,TYPE,percode,NAME,icon,OPEN)VALUES(2,'permission','user:select','查询',':',1);
INSERT INTO sys_permission(pid,TYPE,percode,NAME,icon,OPEN)VALUES(2,'permission','user:add','增加',':',1);
INSERT INTO sys_permission(pid,TYPE,percode,NAME,icon,OPEN)VALUES(2,'permission','user:delete','删除',':',1);
INSERT INTO sys_permission(pid,TYPE,percode,NAME,icon,OPEN)VALUES(2,'permission','user:delete','修改',':',1);
#添加用户角色中间表
INSERT INTO sys_user_role(uid,rid)VALUES (1,1);
INSERT INTO sys_user_role(uid,rid)VALUES(2,2);
#添加角色权限中间表
INSERT INTO sys_role_permission (rid,perid)VALUES(1,1);
INSERT INTO sys_role_permission (rid,perid)VALUES(1,2);
INSERT INTO sys_role_permission (rid,perid)VALUES(1,3);
INSERT INTO sys_role_permission (rid,perid)VALUES(1,4);
INSERT INTO sys_role_permission (rid,perid)VALUES(1,5);
INSERT INTO sys_role_permission (rid,perid)VALUES(1,6);
INSERT INTO sys_role_permission (rid,perid)VALUES(1,7);
INSERT INTO sys_role_permission (rid,perid)VALUES(1,8);
INSERT INTO sys_role_permission (rid,perid)VALUES(2,1);
INSERT INTO sys_role_permission (rid,perid)VALUES(2,2);
INSERT INTO sys_role_permission (rid,perid)VALUES(2,3);
INSERT INTO sys_role_permission (rid,perid)VALUES(2,4);
INSERT INTO sys_role_permission (rid,perid)VALUES(2,5);
INSERT INTO sys_role_permission (rid,perid)VALUES(2,6);
COMMIT;