Role-Based Permissions for Hierarchy-Based Relationships

摘要

Some embodiments provide a program that receives, from an application, a role-based permission (RBP) request specifying an RBP, a first user, and a second user. The RBP specifies a set of actions, a first set of users authorized to perform the set of actions, a second set of users on which the first set of users is authorized to perform the set of actions, and a relationship condition. When the relationship condition specifies a hierarchy-based relationship, the program determines valid users in the second set of users according to a hierarchy of users. When the relationship condition specifies a non-hierarchy-based relationship, the program determines valid users in the second set of users according to a relationship not based on the hierarchy of users. The program determines whether the first user is authorized to perform the set of actions on the second user based on the determined valid users.