Role Management
As previously mentioned, while an organizational structure may not be necessary for a project, role management is typically utilized. Besides, we apply the role-based access control (RBAC) mechanism to limit system access, making role management a must-have feature. Two different display modes are available for it: list mode and structure mode.
List Mode
Like user management, this mode has a central table listing all the role data. By default, a protected role named 系统管理员 exists in the table but cannot be deleted or deactivated, and its permissions cannot be modified. The default permission of this role is called 通配符权限, which means once a person has this role with this permission, they can have access to anywhere in FreeAuth.
To create a new role, click the button 创建角色 on the top-right of the table. A form will appear, prompting you to provide information about the new role.
If you already skip the organizational structure section since you have nothing to do with it in your system, you can only focus on the radio option 全局可选角色 in the form, which means any of the users in your system can be assigned this role. The native role 系统管理员 is precisely a great example of the global role.
However, what does the other radio option 指定组织类型下可选角色 mean? If you have established an organizational structure, as explained in the previous section, then you must have created some organizations and linked them with some users, which means users in your system have been grouped by organization type. Therefore, 指定组织类型下可选角色 means this role can only be assigned to the users who belong to an organization with a specific organization type.
To better understand 指定组织类型下可选角色 , let's create a new role with this type together. Firstly, select 指定组织类型下可选角色 in the form. Except for the name, code, and description of the role, there is a selector named 所属组织类型 for pointing to a particular organization type. For instance, if you select the option 供应商 we created in the previous section, only the users under an organization with the type 供应商 can be assigned this role. Let's make two roles with the type 供应商, namely 业务员 and 财务.
Therefore, when you try to assign roles to a user who is under the type 供应商, only 供应商's roles and global roles can be options. Roles under other organization types are not available.
In conclusion, the organization type is more like a container that holds a group of users, an organization structure, and a few roles.
Again, if your system doesn't involve the concept of organizational structure, you don't have to bother with which type to choose when creating e a role. Using 全局可选角色 is way enough.
Suppose you want to operate a piece of role data. Similarly, you can either click the last cell of the target role's row to expand the actions menu or click its name cell to enter its details page for further processes.
Structure Mode
To get a better view of the relationships among users, organizations, and roles under a specific organization type in your system, try using the structure mode.
To switch to this mode, click the icon behind the button 创建角色 on the top-right of the role table. Once you do, you will see a central panel with three parts:
- Organizational Structure Tree: It's just like the one in organization management.
- Role List: It lists all available roles that can be used under the selected organization type, including organization-specific and global roles.
- User Table: It displays all users who are related to any organization under the selected organization type.
Since we have established more data under the organization type
供应商, let's select the option供应商in the type selector on the top of the leftmost part.
As you can see from the image above, this mode makes it easier to check the relationship between users and roles with a specific organization type. To add multiple users to a role, click the icon after each role item in the middle part. To assign various roles to a user, click the icon ··· at the end of the user row, the dialog for binding will fade in.
Enter the keyword for the roles in the search box and select all the roles you want to assign. Once you have done this, save the form, and then you will see the role data get updated in the rightmost table.
As for other features, we encourage you to explore them yourself, as FreeAuth prioritizes consistency in user experience. It shouldn't be a challenge.
Bind/Unbind User
To manage the relationships between users and roles, you can make it on either the role details page or the user details page.
On the role details page, switch to the tab 关联主体. You can add users to the current role by clicking the blue button 添加主体 in the top right corner or remove a user from the current role by clicking 移除主体 in the action cell of the user's row.
On the user details page, switch to the tab 角色信息. You can change the current user's roles by clicking the bottom button 配置角色. Here, multiple roles can be selected and saved at a time.
If you need to remove a role from the current user, click the last cell, the action cell of its row. You will see the button 移除角色, which can be clicked to unbind the connection.
