Permission Policy
Important Note
Permission Policy is the core mechanism for ensuring enterprise system security, implementing the "principle of least privilege" through precise resource access control rules. This system provides granular permission management to safeguard data security and compliant operations.
Core Capabilities
Four-Dimensional Policy Model
Policy Element Definitions
Element Type Description Example Resource Type Controlled object classification Menu/Button/API Operation Scope Allowed actions View/Edit/Delete/Export Effective Conditions Policy application scenarios Specified Application/Post-Authorization/Post-Approval Verification Mechanism Permission validation logic Role Matching/Tag Matching/Resource Verification
Predefined Policies
Predefined application permission policies significantly enhance system security management efficiency and compliance through standardized permission templates, while substantially reducing permission configuration complexity and implementation risks.
AngusGM
| Policy Role | Resource Scope | Operation Permissions | Restrictions |
|---|---|---|---|
| GM_GUEST | All functional modules | View only | No data modification permissions |
| GM_USER | Standard operation modules | Create/Edit/Query | Disable Delete/Reset/Identity Settings |
| GM_ADMIN | All functional modules | Full control (including system settings) | None |
Expense Center
| Policy Role | Resource Scope | Operation Permissions | Restrictions |
|---|---|---|---|
| EXPENSE_GUEST | Expense dashboard/reports | Data view | No transaction permissions |
| EXPENSE_USER | Standard expense operations | Order creation/query/submission | Disable recharge/withdrawal/password changes |
| EXPENSE_ADMIN | All functions | Test analysis/fund operations/settings | None |
Ticket System
| Policy Role | Resource Scope | Operation Permissions | Restrictions |
|---|---|---|---|
| WORKORDER_GUEST | Ticket list/details | View ticket status | No operation permissions |
| WORKORDER_USER | Assigned tickets | Create/process/close tickets | Only operate own tickets |
| WORKORDER_ADMIN | All tickets | Assign/transfer/priority adjustment | None |
AngusTester
| Policy Role | Resource Scope | Operation Permissions | Restrictions |
|---|---|---|---|
| ANGUSTESTER_GUEST | Test function modules | Function view | No configuration permissions |
| ANGUSTESTER_USER | All test functions | Case design/execution/report generation | Disable application settings |
| ANGUSTESTER_ADMIN | System + test functions | Environment configuration/authorization management/global settings | None |
Permission Policy Information
| Parameter | Field Name | Type | Required | Length Limit | Description |
|---|---|---|---|---|---|
| ID | id | bigint | Conditional | / | Unique identifier; System-generated; Required for modifications |
| Name | name | string | Yes | ≤32 | Policy display name, e.g., Configuration Management |
| Code | code | string | Yes | ≤80 | Policy unique code, supports: digits/uppercase/lowercase letters/:_- |
| Active Status | enabled | boolean | Yes | / | Policy activation status, default Enabled |
| Category | type | enum | Yes | ≤20 | Policy category |
| Default Policy | default0 | boolean | Yes | / | Whether as default policy, affects Default Permission Policy option |
| Authorization Stage | grantStage | enum | Yes | ≤20 | Authorization execution stage |
| Description | description | string | No | ≤200 | Policy description information |
| Application ID | appId | bigint | Yes | / | Associated application unique identifier |
| Application End | clientId | string | Read-only | / | Application endpoint |
| Tenant ID | tenantId | bigint | Read-only | / | Tenant ID |
| Creator | createdBy | bigint | Read-only | / | Policy creator ID |
| Creation Time | createdDate | datetime | Read-only | / | Policy creation time |
| Last Modified By | lastModifiedBy | bigint | Read-only | / | Last modifier ID |
| Last Modified Time | lastModifiedName | datetime | Read-only | / | Last modification time |