A Veteran Programmer’s Simple RBAC Permission System Design

Background

Today the company needs a back‑office management system. To give newcomers practice, the design task was assigned to a programmer described as a “veteran”.

What is Permission

Permission is treated as a collection of resources in the software system, covering page navigation, operation rights, and CRUD actions on data. The article shows an example diagram illustrating pages such as menu management, role management, user management, system settings, log management, banner management, article management, and notification management, and explains that access to these pages and the visibility or clickability of buttons constitute permissions.

Database Design

The design uses five tables: User, Role, MenuPermission, UserRole (association), and RoleMenuPermission (association). The article includes a diagram of the schema.

RBAC

The table structure and PDM reveal a classic Role‑Based Access Control (RBAC) model. RBAC assigns permissions to roles, and roles to users, thereby granting permissions indirectly. When multiple users share the same permissions, assigning permissions through roles allows a single change to a role’s permissions to affect all associated users, reducing the chance of permission‑related bugs. The article notes that this design is sufficient for a typical back‑office management system and mentions that RBAC can be further refined in future posts.