This article relates to a method and implementation of an object-oriented model for permission management. By analyzing each of the elements of each visit, a model formed by abstracting each element is analyzed, and can be used to implement permission access control. Forgive me for the "four-dimensional permission management model" "Access Control Matrix (ACM)" This is a difficult name, how much is it too much, but I have only such a knowledge in half a year.
1. Access Control Matrix (ACM)
Note: Any operation in the use case of system users generate value is controlled in the following four dimensions:
l Operator: Operator Permission Control):
The subject operates in a certain operation. Divided into: users, roles, units
l OperateMethod (Operation Method Permission Control):
The function of the operation is determined, such as reading, writing, check, delete, etc.
l Object (Operation Object Permission Control):
Operational objects, usually a business object, such as a form
l Object.fields (Operation Object Property "
Business requires an option-sensitive object property item, such as a data item, a simple control on the form, etc.
2, the composition of four-dimensional data in the ACM
Operator: Operator, set control projects based on the needs of the business, mainly divided into three types from users, roles, and units. Depending on the needs of the business, you can control the role of Operator or the order of operation or integration of operation rules;
OPERATE METHOD: Operation method, depending on the object of the business operation, it may be a business operation or the underlying Crud operation;
Object: Operation object, the object of the current operation, can be: business object, such as project, form;
Object Fields: Operation Object Properties, requires data items for objects that are bound to permissions. Such as: form field, form control, etc.
3, the principle is briefed
The scope of ACM effects in permission management and access control. An ACM is a rule matrix consisting of several elements of a certain operational behavior of a number of control systems. Imagine a scenario when an action is performed, inevitably have the following elements: operator, operation method, operation object. All ACMs specify the conditions of each element that must be met once. Such as: ACM is as follows: "Li Jingqiang", "Modification", "User Information". On behalf of: "Li Keqiang can modify user information." Of course, this is a simple example. In fact, the situation is much more complicated than this example. The first thing to solve is an instance location problem of operating objects. That is, when the following access control appears: "Li Jingqiang can modify the name in user information, but cannot modify the ID number in user information." Obviously, the existing three-dimensional ACM can no longer meet the requirements.
The operating objects in the ACM becomes an object because it has the following two features: First, the object is the package, and the other is the abstraction of the object itself. The data is encapsulated simplified data processing, abstract, which makes the object more uniform, and the number can be controlled. However, such packaging and abstraction undoubtedly shield the permission sensitivity of the object member when the business requires permission to control the level of the object. There are two ways to solve:
Method 1: An object-sensitive member of the subject is also abstracted in the ACM
Operator Operate Method Object
---------------------------------
Li Haoqiang revised user information Li Weiqiang to modify user information. Name
Li Haoqiang revised prohibition of user information. ID number
Method 2: Add the fourth dimension of the ACM - Object.fields to operate.
Operator OperateMethod Object Object.fields
------------------------------------
Li Haoqiang revised user information -
Li Haoqiang revised user information name
Li Haoqiang revised the ban (only "reading") user information ID number
Thick looks, it seems that method 1 is more versatile. However, considering the relationship between Object.fields and Object, and its impact on OperateMethod, the problem is not so simple. The reason is that Object is an abstraction of the business object. Its corresponding operation (OperateMethod dimensions) are often business functions; and the operations corresponding to Object.fields often only "modify" and "read", or similar Data operation (DataOperate), the remaining operation control is often determined by the method of its Object. Such as: We cannot delete your name independently of user information, but can only "modify" and "read". When we want to delete a name, it is often deleted a user.
Object Object.fields Corresponding Action Category Business Operate Data Operate The Common Operation is a function. Such as: Crud and the object-related business operations typically only "modify" and "read" control
All, the operation objects and operation methods corresponding to the access control of Object and Object.fields are completely different, and the access scenario corresponding to the Object and Object.fields in the business system is completely different. In consideration of privilege merge, permission interference, better design should be considered four-dimensional, or to understand: Universal ACM is divided into two three-dimensional ACM, ie double-level ACM. Control Object.fields access, respectively: Access to Object.fields:
Object ACM and FIELDSACM
4, troubleshoot
4.1 Permissions merge
Dual ACM can be consolidated with good control. When accessing ObjectAcm, when accessing objectAcm, the ObjectACM and FieldsACM merges the ObjectACM and FieldsACM to obtain the final access control.
4.2 Permissions Interference
Control the permissions interference through ObjectACM and FieldsACM. ObjectACM is the main ACM, and it is not used when an ACM is forbidden to access FieldsAcm. (When considering Operator, OperateMethod, the rights interference situation is more complicated, will be discussed below)
4.3 Dimension Management
The premise of ACM implementation is the unified management of each dimension. For example, the operator should be able to manage, when the ACM determines the Operator element, can accurately determine the corresponding user, unit, role according to the Operator element. The consolidated management of the operator is very direct, and there are more organization management and user management systems in the business system. The unified management of operational methods and operational objects is not in a general business system. To achieve accurate access control, all operational objects and operational method items must be managed. 5, model test
Test the four-dimensional permissions management model is applicability.
Test 1
Description: The implementation of simple functional rights management of business systems, namely: functional access control.
A business system is often manifested as a function of a number of organized classification (usually a hierarch group) on the UI layer (usually a hierarchical menu group), requiring the corresponding function access item entry based on the current system user's permissions. Here, ACM is completely competent:
Operator OperateMethod Object Object.fields User / Depart / Role Access * Function A Entrance (Menu Item) - ... ... ...
*: For functional operation portal itself, only "Access" is a method.
Outside the privilege interferometry in this dimension of the operator, there will be no other issues.
Test 2:
Description: The implementation of the permissions management of the business system for the simple management of the information (business object), namely: Access control of the business object.
Example 1: User management, such as any business system, the user itself is a business object. When an operator operates the "User" object in the system, the access control module will "allow" or "prohibited" according to its authority.
Operator OperateMethod Object Object.fields User / Depart / Role Modify User ("User" Business Object) - User / Depart / Role Read USER ("User" Business Object) - ... ... ... ...
Example 2: For example, a defined "report" in a report management system is also a typical business object. Different from common business objects, "Report" has its own "submission", "into the historic library", in addition to common CRUD operations, namely: business operation.
Operator OperateMethod Object Object.fields User / Depart / Role Modify ReportSheet - User / Depart / Role Read ReportSheet ("Report" Business Object) - ... ... ... User / Depart / Role Submit Reportsheet (" Report "Business Object) - USER / Depart / Role into the History Reportsheet (" Report "Business Object) - ... ... ...
*: More operations of business objects is Business Operate
With the four-dimensional ACM, avoid the sub-objects of Object.fields as Object, thereby simplifying the model when handling permissions interferometry.
Test 3:
The same report management system has been defined in the system, each "report" is processed as a "artifact". This "report" is similar to the Intelligent Document with MS Office 2003: Each "Data Cell" or simple control in the Report is required to be sensitive.
Operator OperateMethod Object Object.fields User / Depart / Role Modify ReportSheet ("Report" Business Objects) Cell A USER / Depart / Role Read ReportSheet ("Report" Business Objects) Cell B ... ... User / Depart / Role Activate ReportSheet ("Report" Business Objects) Button 1 User / Depart / Role Activates ReportSheet ("Report" Business Objects) Buttons 2 ... ... *: Object.fields Corresponding Action is Data Operate: For cells, data items It is "Modify", "Read"; for the simple control, "visible", "activation".
**: The Object dimension at this time is weakened and becomes the index item of Object.fields.
Since the ACM of Object is separate, it is easy to process the permissions interference. Such as: Depending on the business needs, Usera has read permissions to ReportSheeta, but is not readable for Fieldsa in ReportSheeta. At this time, the algorithm is used to consolidate according to ObjectACM and FieldsACM. You do not have to treat Field as a member of Object to access control, do not use Field as the child object of Object.
6, practice guidance
In fact, the four scenes used here are basically covered by the access control of the report system. Next, this is used as a business specimen, briefly describes how to implement an access control of ACM in a specific business system.
Access control class
The first idea is to set a universal ACM in a business system. This is an idea of natural, because there are many common rules to determine the operation, access verification rules, etc., which control different objects, so use the object-oriented method, you can package the ACM verification rules, operation, etc. to the object, easy to business Widely reuse in the system.
Here, this object contains access control operations, the class of verification rules, called: Access Control class AccessController.
Figure 1: Modules with access control requirements in the system call AccessController class
The above model is very simple, operability is good. However, it is clear that the verification rules required by each module have the same verification call interface, but their verification rules are different. If you want to pack these rules in the same class, use the change in parameters to control the call of the verification rule instance, it is obvious to confront "combined explosion". Each additional modules with access control requirements, or each of the ACCESSCONTROLLER will increase a group of methods, and the relevant control parameters may also have change, and "Category" and "long methods", system The particle size distribution is uneven.
Improvement of interface design. We don't know that there will be several access control verification business rules in a business system, which is divided into different access control modules, and as the system's upgrade or demand changes, it is possible to add new verification rules. This problem can be improved to a certain extent.
Figure 2: Using the implementation class to implement the IACCESSCONTROLLER interface,
Each implementation class has the same call format, different rules
The improved model allows the development group to prepare different verification rules according to the requirements of specific access control, but the code shape of the verification process is also versatile. As shown in Figure 2, each access control implementation class has an IsValidate function, accepts "operator", "Operation Method", "Operation Operation Object" as parameters, and verifies the legality of the operation.
Tip details are that the parameters accepted by the IsValidate function are also interfaces, namely:
Public Bool IsValidate (IOPERATOR, // Operator Interface IOPERATEMETHOD, // Operator Interface IaccessObject) // Operation Object Interface *: Can consider using abstract classes (Abstract Class), etc., but the principle is consistent, all To delay the implementation part to achieve good scalability.
In order to match such a model, each element ("Operator", "Operation Method", "Operation Operation Object") is required to interface, in the framework. At the time of implementation, the corresponding interface is implemented according to the business needs, and then the parameter is incorporated into the access control verification function.
The above is just a preliminary idea, and the specific implementation form is to be determined.
7, summary
The above analysis is only used as discussion. Complete self-pastime, hehe!
Appendix A:
Corresponding to Section 5, the model tests each scene, using the graded ACM to realize the sequence diagram of business needs, for reference only:
Test 1:
Operating process objects, exciting access to the business system components, which can be understood as the GUI user interface, and simple control.
Test 2:
Follow the above timing chart, imitate the real situation: FunctionA is access to a reportsheet. At this time, FunctionA is an operation control process object to access ReportSheeta.
Test 3:
Access to the Fielda in ReportSheeta, using Functiona to determine the handling permissions interferometry, and then access ReportSheeta and Fielda.
- END -
Beegee: A Sector Manager I have worked in a product development (actually product manager) telling me that I can leave the project group. Half a year ago, he commissioned me to design the permission management module in his product. So, I used my barren brain to think about some programs. It's hard to see, I support me to achieve my design, of course, I have added a lot of things I don't like. Now, because of some reasons I have to leave this product group, this manager is not ready to make more investment in this module, so I think I can get my thoughts to my blog, It is self-recreation. ^ _ ^, I also hope to help other programmers improve their own design, and they are full of teaching materials! A total of two articles: 1. "ACM 4D permission management model
"(This article) 2." Summary of authority management and access control "
Other related original:
"Separation Permissions Management and Access Control
"
"Talking about the object model and implementation of authority management
"