One of the very important problems in information software is the presence of users with different roles with different functions and access levels. For example, think of an organization with a structure (hierarchy) as shown below:
[Organization Role ] [Organization ID]
CEO org01
Financial Assistant org0101
personnel 1
Software Assistant org0102
personnel 2
Commercial Assistant org0103
personnel 3
Imagine that this organization has a system that manages information about a person. The rule for displaying information about persons in this system is that each user can see information about the faces of organizations to which he has access; For example, "user1" has access to "Financial Assistant" and "Levels of Commercial Assistant", so he can only see information about Personnel 1 and "Personnel". Similarly, "user2" has access only to the level of "Commercial Assistant", so he can only see information about personnel 3. Therefore, each of the users of this system has a certain access level. Now we will consider that in this system each user sees only information about the personnel to which he has access after entering the system.The table structure of this system is as follows:
[Organization]
id
code
name
[Employee]
id
first_name
last_name
organization_id
[User]
id
user_name
password
[UserOrganization]
user_id
organization_id
:
select *
from employee e
where e.organization_id in
(select uo.organization_id
from user_organization uo
where uo.user_id=:authenticatedUserId)
, :
e.organization_id in
(select uo.organization_id
from user_organization uo
where uo.user_id=:authenticatedUserId)
" (Row Level Security).
, , , , , . (). , "" . , , , enablefilter .
@Filters( {
@Filter(name="EmployeeAuthorize", condition="(organization_id in (select uo.organization_id from user_organization uo where uo.user_id=:authenticatedUserId) ) ")
} )
, ? , spring?
PS: , , , ().