Role Union
Role Union is a permission management mode. According to system settings, system developers can choose to use Independent roles, Allow roles union, or Roles union only, to meet different permission requirements.
Independent roles
By default, the system uses independent roles. Users must switch between the roles they possess individually.
Allow roles union
System developers can enable Allow roles union, allowing users to simultaneously have permissions of all assigned roles while still permitting users to switch roles individually.
Roles union only
Users are enforced to only use Role Union and cannot switch roles individually.
Rules for Role Union
Role union grants the maximum permissions across all roles. Below are the explanations for resolving permission conflicts when roles have different settings on the same permission.
Operation Permission Merge
Example:
Role1 is configured to Allows to configure interface and Role2 is configured to Allows to install, activate, disable plugins
When logging in with the Full Permissions role, the user will have both permissions simultaneously.
Data Scope Merge
Data Rows
Scenario 1: Multiple roles setting conditions on the same field
Role A filter: Age < 30
| UserID | Name | Age |
|---|---|---|
| 1 | Jack | 23 |
| 2 | Lily | 29 |
Role B filter: Age > 25
| UserID | Name | Age |
|---|---|---|
| 2 | Lily | 29 |
| 3 | Sam | 32 |
After merging:
| UserID | Name | Age |
|---|---|---|
| 1 | Jack | 23 |
| 2 | Lily | 29 |
| 3 | Sam | 32 |
Scenario 2: Different roles setting conditions on different fields
Role A filter: Age < 30
| UserID | Name | Age |
|---|---|---|
| 1 | Jack | 23 |
| 2 | Lily | 29 |
Role B filter: Name contains "Ja"
| UserID | Name | Age |
|---|---|---|
| 1 | Jack | 23 |
| 3 | Jasmin | 27 |
After merging:
| UserID | Name | Age |
|---|---|---|
| 1 | Jack | 23 |
| 2 | Lily | 29 |
| 3 | Jasmin | 27 |
Data Columns
Role A visible columns: Name, Age
| UserID | Name | Age |
|---|---|---|
| 1 | Jack | 23 |
| 2 | Lily | 29 |
Role B visible columns: Name, Sex
| UserID | Name | Sex |
|---|---|---|
| 1 | Jack | Man |
| 2 | Lily | Woman |
After merging:
| UserID | Name | Age | Sex |
|---|---|---|---|
| 1 | Jack | 23 | Man |
| 2 | Lily | 29 | Woman |
Mixed Rows and Columns
Role A filter: Age < 30, columns Name, Age
| UserID | Name | Age |
|---|---|---|
| 1 | Jack | 23 |
| 2 | Lily | 29 |
Role B filter: Name contains "Ja", columns Name, Sex
| UserID | Name | Sex |
|---|---|---|
| 3 | Jade | Woman |
| 4 | James | Man |
After merging:
| UserID | Name | Age | Sex |
|---|---|---|---|
| 1 | Jack | 23 | Man |
| 2 | Lily | 29 | Woman |
| 3 | Jade | 27 | Woman |
| 4 | James | 31 | Man |
Note: Cells with red background indicate data invisible in individual roles but visible in the merged role.
Summary
Role merging data-scope rules:
- Between rows, if any condition is satisfied, the row has permissions.
- Between columns, fields are combined.
- When rows and columns are both configured, rows and columns are merged separately, not by row-column combinations.