When using ASP, JavaScript and Oracle development a set of tax system's background management software, we successfully realize security policies based on user groups and users, and have achieved better results in flexibility and security. We will introduce users' security policies in B / S in B / S to everyone in four aspects of storage structure, menu management, permission assignment, and security check.
1 Storage Structure Storage Structure For this system, the structure of the database table is mainly composed of the following tables:
A. Menu table (CDB)
Field name
Field description
Types of
Note
CDBH
Menu number
Number (3)
Non-empty main key
FCDBH
Parent menu
Number (3)
CDMC
Menu name
VARCHAR2 (40)
Qxws
Permission bit
Number (2)
Rklj
Inlet path
Varchar2 (50)
XGWJ
Related documents
VARCHAR (200)
Sfqy
Whether to enable
Char (1)
DEFAULT 1
B. User Group (YHZB)
Field name
Field description
Types of
Note
SSDW
Belong to the unit
Char (4)
Non-empty main key
Yhzbh
User group number
Char (4)
Non-empty main key
Yhzmc
name
VARCHAR2 (40)
Yhzqx
Authority
Char (100)
Yhgs
User number
Number (3)
DEFAULT 0
Sfqy
Whether to enable
Char (1)
DEFAULT 1
C. User table (YHB)
Field name
Field description
Types of
Note
SSDW
Belong to the unit
Char (4)
Non-empty main key
Yhbh
user ID
Char (4)
Non-empty main key
Ssyhz
user group
Char (4)
DLM
Login name
VARCHAR2 (25)
DLMM
login password
VARCHAR2 (40)
YHXM
username
VARCHAR (20)
YHQX
User rights
Char (100)
Sfqy
Whether to enable
Char (1)
DEFAULT 1
The storage of permissions is "bit" mode. According to the system scale, we estimate that the system's menu items will not exceed 100, and 100-bit storage is defined as authority. Such as the user permission field in the user table, if the user does not have this permission in the first bit, the first bit is "0", that is, if the user has this permission in the first bit, the first bit is "1" ".
Menu tables are used to store all menu items in the system. By the provided editing method, you can add modifications to the menu items in the menu table to make the foundation for flexibility. According to the corresponding relationship between the menu number and the parent menu number, according to the recursive principle, it is easy to implement the multi-level menu, the parent menu number of the top menu is 0. The permission bit is a key field in the menu table, which indicates that the menu is located in the permissions, and if the menu number is 10 menu items, the permissions of the user 10 bits are "1", indicating the power of the menu item using the menu number 10, but there is no.
The user group list is used to store all user groups in the system, and they can be flexibly edited by the provided editing methods. The key field is a string of the user group permission to store the permissions of the user group.
The user table can be edited by the user's table to store all users in the system. The key field is a string of 100 digits, and stores the user's permissions. This permissions are inherited from the user group to which the user belongs is created, and the user's permissions can be modified separately when establishing a user.
Other fields will be mentioned in later introductions that don't make a detailed description there.