What Is Permission? Uncovering the Core of Access Control
This article explains the fundamental nature of permissions as limited authorized access to protected resources, defines what constitutes a resource in software, outlines permission classifications by method and layer, describes the control model using receptor‑ligand analogy, and summarizes the three core components of a permission system.
1. The Essence of Permission
Permission management starts by clarifying the essence of permission: permission is a limited authorized access to protected resources.
Understanding this makes permission management possible.
Permission comprises two aspects: protected resources and limited authorized access.
Thus, discussing permission requires defining resources.
2. Concept of Resources
Resources are abstract; in computing, they refer to objects, functions, files, networks, etc., such as buttons, menus, pages, even database fields.
2.1 Resource Identification
When many resources exist, hard‑coding identifiers and organizing them simplifies management.
2.2 Limited Resources
Only protected, limited resources need protection; public unlimited resources (e.g., sunlight) are generally not protected, though scarcity can change that.
Because resources are limited, they must be protected and accessed only with authorization.
3. Concept of Permission
3.1 Permission Classification
By authorization method: department permission, personnel permission, role permission.
By software layer: functional permission, business permission, data permission.
Functional permission covers pages, menus, buttons (view layer). Business permission governs a set of business processes. Data permission controls which data objects can be accessed, often at the database level.
3.2 Permission Control Model
Permission consists of a receptor on the resource and a ligand (access key) held by the accessor; only when they bind does access succeed, analogous to a lock and key.
The accessor (owner or delegated agent) must hold the secret key to exercise permission.
Key terms: accessor, resource, secret key.
3.3 Permission Authorization
Roles are collections of permissions; authorizing by role simplifies management, though department or individual authorizations are also possible, making the system complex.
Summary
The permission system comprises three parts: (1) the resources used by the system (menus, buttons, pages, data, etc.); (2) identification and grouping of protected resources; (3) authorization of those resources by role, department, or individual.
Author: 深蓝医生 Source: http://www.cnblogs.com/bluedoctor/p/8073466.html
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
21CTO
21CTO (21CTO.com) offers developers community, training, and services, making it your go‑to learning and service platform.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.