- \n
- The Basic\u00a0 Approach<\/a><\/li>\n
- The Fine-Grained Approach<\/a><\/li>\n
- The Roles Management Classes<\/a><\/li>\n
- The Controller Endpoints<\/a><\/li>\n
- How the savePrivileges Work<\/a><\/li>\n<\/ol>\n
<\/p>\n
Now, let’s take some time to understand how management of roles and privileges work in Spring Boot. There are two approaches to handling Roles and Privileges in SpringBoot.<\/p>\n
- \n
- The Basic Approach<\/li>\n
- The Fine-grained Approach<\/li>\n<\/ul>\n
1. The Basic Approach: User-> Roles -> Privilege Relationship<\/strong><\/h4>\n
The User -> Role relationship could either be one-to-many or many-to-many.<\/p>\n
This means a User could have more that one role<\/p>\n
The Role -> Privilege relationship could also either be one-to-many or many-to-many<\/p>\n
Generally, a Role would have multiple privileges<\/p>\n
Also, a user assigned a given role, would inherit all the privileges under that role ( we would not use this approach, we would use a more fine-grained approach)<\/p>\n
To assign a User additional permissions, you could either:<\/strong><\/p>\n
- \n
- assign the User additional Role that includes the desired permission<\/li>\n
- add the desired permission to the Role the User currently holds<\/li>\n<\/ul>\n
<\/p>\n
2. A Fine-Grained Approach: User -> Privilege, Role -> Privilege<\/strong><\/h4>\n
In this application, we would use the Fine-Grained Approach. The Basic Approach was used in FleetMS version 2<\/a>.<\/p>\n
As mentioned above, if a user is assigned a role, he would automatically inherit all the privileges under that role. However, we would use this approach.<\/p>\n
In the fine-grained approach, a users could be assigned privileges\u00a0 from any role. This means that a user could be assigned some privileges from the ADMIN role and some privileges from the FINANCE MANAGER role.<\/p>\n
This also allows us to assign a user all the privileges under a given role if needed.<\/p>\n
AssignAll and UnassignAll<\/strong><\/p>\n
Since a user has privileges and each privilege belongs to a role, we could implement ‘Role Assignment’ by assigning the user all the privileges belonging to specific role. Same for unassign as we. The screen appears as shown below:<\/p>\n
- The Fine-Grained Approach<\/a><\/li>\n
![\"User](\"https:\/\/www.kindsonthegenius.com\/wp-content\/uploads\/2024\/10\/Screenshot-2024-10-13-at-10.09.17-1024x640.jpg\")
<\/a>