权限设计 [英] Permissions Design

查看:100
本文介绍了权限设计的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有了,需要对权限的设置内容的应用程序(即会员/非会员)

I have an application that has content that needs to be setup for permissions (i.e. member/non-member)

我的角色/认证设置就好了,那不是我的问题。我的问题是问基本上存储权限对每个对象的最佳途径。本质上有客人和成员的角色,而简单的允许,拒绝为每个对象的权限。

I have roles/authentication setup just fine, that is not my issue. My question is basically asking the best way to store permissions for each object. Essentially there is "Guest" and "Member" roles, and simple "Allow" "Deny" permissions for each object.

任何想法?该方案是用写在ASP.NET MVC C#,LINQ和MS-SQL 2005。

Any ideas? The program is written in ASP.NET MVC using C#, LINQ, and MS-SQL 2005.

推荐答案

如果你想保护的资产(文件,数据库行,领域实体,文档等),而不是应用程序的功能用户能力,基于角色的安全性不适合很好。

If you want to protect assets (files, database rows, Domain Entities, documents, etc.) instead of application features or user abilities, role-based security doesn't fit very well.

一个更好的模型是使用访问控制列表(ACL)的就像你从NTFS知道。你几乎自己说的,因为你需要每个对象为每个用户或角色分配上的特殊权限。这是一个ACL做什么。

A better model is to use Access Control Lists (ACLs) like you know from NTFS. You almost said it yourself because you need to assign particular permissions on each object for each user or role. That's what an ACL does.

如果您需要保护的是最终在SQL Server行对象,您将需要定义自定义表为您的ACL,因为SQL Server有行级权限的支持。

If you need to protect objects that are ultimately rows in SQL Server, you will need to define custom tables for your ACLs, since SQL Server has no support for row-level permissions.

,你必须实现你的数据访问组件必要的安全检查。

Based on the data in those ACLs, you must implement the necessary security checks in your Data Access Components.

下面是一些链接到相关的SO答案:

Here are some links to related SO answers:

这篇关于权限设计的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
ASP .NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆