Authorization · Case Studies · Software · Solutions

Authorization with User Role and Associate Permissions

I saw many application apply authorization by the way: create many type of user, verify the user type when the feature is executed.

What happen if application have a new user type ? Go through all of the features and edit source code to update the list of valid user type.

How can we make the life more simple? Create user type and associate feature permission with each type. So we have:

  1. User Type 1
    • Feature A: Enable
    • Feature B: Disable
    • Feature C: Enable
  2. User Type 2
    • Feature A: Disable
    • Feature B: Enable
    • Feature C: Enable

Application will verify the user have permission on that feature via the list of permission. Application can add new whatever user type and just config for the permission only without modify any old code.