Design pattern for permissions

Question

4.67/5 (3 votes)

See more:

Hi,
I'm going to develop a web application that will take care of permissions,
it means that there is an administrator that have all permissions in the site, an unregisterd user that have some permissions, retgisterd user and so on..
My question is what is the design pattern that corresponding to the situation??
Thank you.

Posted 18-Apr-11 10:21am

asaffff496818

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Pete O'Hanlon · Accepted Answer · 2011-04-18T10:36:00

Solution 1

You can potentially model this with the Actor Role pattern. You can find more information here[^].

Posted 18-Apr-11 10:36am

Pete O'Hanlon

Updated 18-Apr-11 11:00am

v2

Comments

Sander Rossel 18-Apr-11 16:57pm

Oops, that link appears to be broken :(
I was actually quite interested in it as well ;)

Pete O'Hanlon 18-Apr-11 17:01pm

There. The editor seems to have borked it - it's sorted now.

Sander Rossel 18-Apr-11 17:09pm

Nice one :)

Espen Harlinn 18-Apr-11 18:17pm

Liked it too, my 5

Sergey Alexandrovich Kryukov 19-Apr-11 0:58am

Good known formal approach, my 5, too.
But look at my answer as well: I point out what to start with, practically. I think it's pretty interesting, too, based on my experience.
--SA

Sergey Alexandrovich Kryukov · Accepted Answer · 2011-04-18T18:56:00

Solution 2

Pete offers you a robust analysis method — use it.

I will give you only one idea, but it should help you to avoid one common fallacy.
Here is the fallacy: people tend to start this designs from inventing the roles they envision: administrator, engineer, manager, operator… You already started, it looks like.

Don't do it! These concrete roles may or may not be used in future. They should be more flexible than that.

Start with your application functions — they are the most stable as they reflect your application-specific functionality your application is centered around. Identify more or less independent groups activities, so withing the group one activity is impossible without the other one. The role would be a mapping of an actor onto a subset of the groups of activity.

Note, you don't even have to create the roles — your customer can do it based on the structure of their organization. Give them a meta-data tool to create them! They will have fun clicking the activities and adding them to the role they want to invent. For you it will be easy enough; and you will avoid artificial decisions.

Good luck,

—SA

Posted 18-Apr-11 18:56pm

Sergey Alexandrovich Kryukov

Comments

asaffff496818 19-Apr-11 3:53am

You mean that I should develop the application without taking paying attention to the roles??
and then what?

Sergey Alexandrovich Kryukov 19-Apr-11 4:09am

It's not about the order of development, this is about the analysis. But yes, develop application without restriction first, by design it keeping the groups or functionality with different permission in mind. When you have application working, start adding limitations per functional group. Again, introduce permission but consider leaving the roles to the customer.

This is what happens on the user side: By default, all is permitted after installation, then the admin makes a role with maximum permissions and add all other roles.

--SA

asaffff496818 19-Apr-11 4:59am

Thank you very much... if you have some guide or tutorial about how to make it step by step or just something more detailed it can help very much.
And again thank you.

Sergey Alexandrovich Kryukov 19-Apr-11 12:46pm

I don't know such thing, maybe because this is mostly application-specific. For the method, I would use the Solution by Pete (maybe he knows some other sources to read; they are certainly available).

Are you going to formally accept my Solution?
Thank you.
--SA

BobJanova 19-Apr-11 5:16am

Excellent answer.

I actually had exactly this experience with a web app I wrote. I began by providing what could be termed 'roles' (in forum terms it is known as a 'mask' but essentially the same thing), and access to various parts of the app based on role level. In the end it became too inflexible and I rebuilt the access control with flags for various groups of tasks, and each role becomes simply a collection of flag values.

Sergey Alexandrovich Kryukov 19-Apr-11 12:47pm

Thank you, Bob.
This looks like a natural situation. The approach "start from the function" always helps, as well as separation-of-concerns thinking.
--SA