面向企业的层级授权的数据库设计

Design on Hierarchy-oriented Security Database

系统权限的设计一直是企业数据库设计的核心,往往需要占用较长的开发时间,而且很难重用。为了缩短开发周期,提高可重用性。本文介绍了一种非传统的,基于层次的权限设计框架。并且将这种设计与传统的基于关联表的设计进行了比较。本文所描述的权限设计是一种类似Windows操作系统文件夹式授权方式。一个用户一旦具有了上层实体的权限,无须显式授权即可自动地,默认地拥有对下级实体的权限。本文还对此类授权方式的未来发展趋势进行了探讨。

The design of system access right on database level is always the core of the enterprise information system.It always takes up more than half the design time to develop.This article introduces a non-traditional,hierarchy-oriented security framework,and makes an in-depth comparison with the traditional security design.This design principle is more similar to Windows OS.In Windows OS,once a user obtains the access right to a folder,he can naturally obtain the access right to its sub-folders.This article also makes a brief research on the future development of this kind of security framework.