Permission Design
Conventions
Yearning has used the permission group to authorize permissions,and the permissions are delegated to the data source.
In Yearning, users are first divided into three categories in the form of roles: users / administrators / executives. The administrator / executive role is a visible management page role, and the user is a non-visible management page role. Classify users before the fine-grained permission division through the role Yearning. Prevent administrative permissions from appearing in the fine-grained permissions of users
The corresponding ddl / dml / query data source can be configured according to the actual needs of each user. Each type of authority is independent of each other and does not interfere with each other.
Yearning does not have initial super administrator rights
When using Yearning for the first time, the super administrator does not have the corresponding fine-grained permissions, so you need to configure it yourself. New users also do not have any permissions. Any operation must be performed after granting corresponding permissions. So please grant user permissions before use!
The permission division mode based on the permission group can improve the permission reuse and reduce the repeated authorization operation. However, it should be noted that due to the different roles, the page displayed by the administrator and the user will be different. Therefore, when the permission group given to the user contains administrator permissions, the user will not change the role because of the administrator permissions. As an administrator. So ask the super administrator to reasonably divide the permission groups. Ensure that users in the same role can only get the permission groups that the role should have.
Set user permissions
The super administrator can create the corresponding permission group on the permission group page, and grant related permission to the permission group.
The super administrator selects the user in the user permissions page and grants permissions (a single user can grant multiple permission groups and automatically deduplicates when the permission group permissions are duplicated)