问题
In ASP.NET Boilerplate, why does it has roles and permissions to control authorization? Which is the difference between both?
回答1:
1. Why does ABP have roles and permissions to control authorization? What is the difference between the two?
Having both roles and permissions allows flexibility and ease for admins to control authorization.
The difference is that authorization only depends on permissions, not roles.
From https://aspnetboilerplate.com/Pages/Documents/Zero/Role-Management:
Roles are used to group permissions. When a user has a role, then he/she will have all the permissions of that role. A user can have multiple roles. The permissions of this user will be a merge of all the permissions of all assigned roles.
For example, a site moderator can be allowed to add, edit and delete any posts, including the ones written by others. A site moderator can add, edit and delete comments as well. If there are several site moderators, then a role can be easily assigned instead of individual permissions to each user.
2. Does a permission necessarily belong to a role? And does a role necessarily need permissions?
No, a permission can be assigned directly to a user.
No, a role does not need permissions. A role with no permissions is like a position (e.g. employee).
From https://aspnetboilerplate.com/Pages/Documents/Zero/Permission-Management:
Role Permissions
If we grant a permission to a role, all the users that have this role are authorized for the permission (unless explicitly prohibited for a specific user).
User Permissions
While the role-based permission management can be enough for most applications, we may need to control the permissions per user. When we define a permission setting for a user, it overrides the permission setting defined for the roles of the user.
In addition, there are also Organization Unit Roles (not documented yet). That is, a role can be assigned to an organization unit and users in that organization unit are considered to have that role.
回答2:
Role: a group of permissions.
来源:https://stackoverflow.com/questions/56998725/what-is-the-difference-between-roles-and-permissions-in-asp-net-boilerplate-temp