Introduction to Logic
In Decision-Making System, the permission carrier Dept. can be a tree structure with superior departments and subordinate departments. In the following text, it will be referred to as the permission carrier tree.
In Decision-Making System, the permission entity Directory can be a tree structure with superior directories and subordinate directories. In the following text, it will be referred to as the permission entity tree.
The order of the permissions for superior directories or subordinate directories given to the superior departments or subordinate departments will determine the effect of the permission.
Note: The permission configuration in this text refers to turning on or turning off the permissions, including View, Export, and so on.
1. For the tree structure, give permissions to the subordinate nodes and then the superior nodes. When the superior nodes have been given permissions, the permissions of the superior nodes will cover the same permissions of the subordinate nodes.
2. For the tree structure, give permissions to the superior nodes and then give different permissions to the subordinate nodes. The permissions of superior nodes and subordinate nodes will take effect independently.
Note
1. The principle of the subordinate Dept. is applicable to Role. Their permissions will be covered by the permissions of the superior nodes.
2. The principle is applicable to Permission Quick Configuration.
Superior Permission Covering Subordinate Permission
Logic: For the tree structure, give permissions to the subordinate nodes and then the superior nodes. When the superior nodes have been given permissions, the permissions of the superior nodes will cover the same permissions of the subordinate nodes.
Permission Carrier Tree
Logic: For the same permission entity (such as the same directory), give permissions to the subordinate department and then the superior department. When the superior department has been given permissions, the permissions of the superior department will cover the same permissions of the subordinate nodes.
Scenario:
Give View permission for the directory to Subordinate Department.
Give View and Export permissions for the directory to Superior Department.
Result:
When Superior Department has been given permissions, the permissions of Superior Department will cover the same permissions of the subordinate nodes.
The permissions of Superior Department are View and Export, so they will cover the View and Export permissions of Subordinate Department.
Permission Entity Tree
Logic: When the permission entity is a tree structure (such as the directory tree), give permissions to the subordinate nodes of the same permission carrier (such as Role) and then to the permissions of the superior nodes. When the superior nodes have been given permissions, the permissions of the superior nodes will cover the same permissions of the subordinate nodes.
Scenario:
Give View and Export permissions for Subordinate Directory 1 to Role A.
Give View permission for Superior Directory to Role A.
Result:
When Superior Directory has been given permissions, the permissions of Superior Directory will cover the same permissions of Subordinate Directory. For example, the View permission for Superior Directory will cover the View permission for Subordinate Directory.
When Superior Directory has not been given permissions, the permissions of Superior Directory cannot cover the permissions of Subordinate Directory. For example, the Export permission for Superior Directory will not cover the Export permission for Subordinate Directory 1.
If Superior Directory and Subordinate Directory’s View permission is covered, the Export permission cannot be covered. Therefore, Subordinate Directory 1's final permissions only include View and Export.
Parallel Permission Tree
Logic: For the permission carrier tree (superior and subordinate departments) and the permission entity tree (superior and subordinate directories), give permissions for the subordinate directory to the subordinate department and then give the permissions for the superior directory to the superior department. When the superior department has been given the permissions for the superior directory, the superior department's permissions for the superior directory will cover the subordinate department's same permissions for the subordinate directory.
Scenario:
Give View and Export permissions for Subordinate Directory to Subordinate Department.
Give View permission for Superior Directory to Superior Department.
Result:
When Superior Department has been given the permissions for Superior Directory, Superior Department’s permissions for Superior Directory will cover Subordinate Department's same permissions for Subordinate Directory. For example, the View permission for Superior Directory will cover the View permission for Subordinate Directory.
If you have not given permissions for Superior Directory to Superior Department, Superior Department's permissions cannot cover the permissions of Subordinate Directory. For example, Superior Directory's Export permission will not cover Subordinate Directory’s Export permission.
If the View permissions for Superior Directory and Subordinate Directory are covered, the Export permission cannot be covered. Therefore, Subordinate Directory 1's final permissions only include View and Export.
Cross-Permission Tree
Logic: For the permission carrier tree (superior and subordinate departments) and the permission entity tree (superior and subordinate directories), give permissions for the superior and subordinate directories to the subordinate department and then give permissions for the superior directory to the superior and subordinate departments. When the superior department has been given the permissions for the superior directory, the superior department's permissions for the superior directory will cover the subordinate department's same permissions for the superior and subordinate directories.
Scenario:
Give View permission for Superior Directory to Subordinate Department. Give View and Export permissions for Subordinate Directory to Subordinate Department.
Then, give View permission for Superior Directory to Superior Department.
Result:
When Superior Department has been given the permissions for Superior Directory, Superior Department's permissions for Superior Directory will cover Subordinate Department's same permissions for Superior Directory and Subordinate Directory. For example, the View permission for Superior Directory will cover the View permission for Superior Directory and Subordinate Directory.
If you have not given permissions for Superior Directory to Superior Department, Superior Department's permissions cannot cover the permissions of Superior Directory and Subordinate Directory. For example, Superior Department’s Export permission for Superior Directory will not cover Subordinate Department’s Export permission for Subordinate Directory and Superior Directory.
If the View permission for Superior Directory and Subordinate Directory is covered, the Export permission cannot be covered. Therefore, the final permission of Subordinate Department's Superior and Subordinate Directory is View and the final permissions for Subordinate Directory 1 are View and Export.
Subordinate Permission not Affecting Superior Permission
Logic: For the tree structure, give permissions to the superior nodes and then give different permissions to the subordinate nodes. Permissions for both the superior and subordinate nodes will take effect independently.
Permission Carrier Tree
Logic: For the same permission entity (such as the same data connection), give permissions to a superior department and then to a subordinate department. Superior department’s and subordinate department’s permissions will take effect independently.
Scenario:
Give View and Export permissions for the directory to Superior Department.
Then, give View permission for the directory to Subordinate Department.
Result:
Superior Department retains the View and Export permissions for the directory. Subordinate Department retains the Export permission for the directory.
Permission Entity Tree
Logic: When the permission entity is a tree structure (such as the directory tree), give permissions to the superior nodes of any permission carrier and then to the subordinate nodes. The permissions of the superior nodes will remain, and they will take effect independently.
Scenario:
Give the View permission for Superior Directory to Role A.
Then, give View and Export permissions for Subordinate Directory 1 to Role A.
Result:
Role A's View permission for Superior Directory and Role A's View and Export permissions for Subordinate Directory 1 will remain.
Parallel Permission Tree
Logic: For the permission carrier tree (superior and subordinate departments) and permission entity tree (superior and subordinate directories), give permissions for the superior directory to the superior department and then give permissions for the subordinate directory to the subordinate department.
When the superior department has been given the permissions for the superior directory, the superior department's permissions for the superior directory will cover the subordinate department's same permissions for the superior and subordinate directory. But the subordinate directory configured later will retain the subordinate department's settings.
Scenario:
Give View permission for Superior Directory to Superior Department.
Turn off Subordinate Department's View permission for Subordinate Directory 1, and turn on the Export permission for Subordinate Directory 2.
Result:
Superior Department's View permission for Superior Directory remains the same.
When Superior Department has been given the permissions for Superior Directory, the permissions for Superior Directory will cover the same permissions for Subordinate Directory. For example, the View permission for Superior Directory will cover the View permission for Subordinate Directory 1. Therefore, Superior Department has the View permission for Subordinate Directory.
Subordinate Directory 1 and Subordinate Directory 2 retain Subordinate Department's permissions. Subordinate Department has no permission for Subordinate Directory 1 but has the View and Export permissions for Subordinate Directory 2.
When Superior Department has been given the permissions for Superior Directory, Superior Department's permissions for Superior Directory will cover Subordinate Department's same permissions for Superior and Subordinate Directory. Subordinate Department has the View permission for Superior Directory and other Subordinate Directories.
Cross-Permission Tree
Logic: For the permission carrier tree (superior and subordinate departments) and permission entity tree (superior and subordinate directories), give permissions for the superior directory to the subordinate department and give permissions for the subordinate directory to the superior department.
According to the order of permission configuration, for the subordinate directory of the subordinate department, it is first covered by the subordinate department's permissions for the superior directory and then covered by the superior Department's permissions for the subordinate directory.
Scenario:
Give View permission for Superior Directory to Subordinate Department.
Then, give View and Export permissions for Subordinate Directory 1 to Superior Department.
Result:
For Subordinate Directory of Subordinate Department, it is first covered by Subordinate Department's permissions for the Superior Directory. In this case, Subordinate Department has the View permission for Subordinate Directory.
Then, it is covered by Superior Department's permissions for Subordinate Directory. Subordinate Department has the View and Export permissions for Subordinate Directory 1.
