Unifier Permissions

Unifier Permission Structure 

As you can see, Permissions consist of a (Company or Shell) + (User or Group) + (Module).

The problem with this model comes if you have a system with a lot of shells.  I worked in a system that had 100,000 shells, 30 bps, and to support 700 users, required over 2 million entries in the permission table.

The nice thing about the model, is it does allow you to control what BP's can be used per shell or company.  

Unifier Permission Table

The permissions for companies are stored in the SYS_COMPANY_PERMISSIONS table.  This table contains a reference for Company, Group or User, and Module ref id  (PermissionId).  The permissions for Shells are located in the SYS_PROJECT_PERMISSIONS table.  In the table structure Project = Shell.

Now Permission ID = REF ID from the menu object in the database.  The menu objects can be found in SYS_USER_DEFINED_MENU table. In the CONTENT field, you will find JSON like the following: Notice the refid.  Now refid that are 7 digits long are BP's.  In fact the id matches the SYS_BP_CONFIG table, the BP_ID column.


{
  "name":"Company Workspace",
  "image":"../icons/u_company.png",
  "children":
  [
    {
      "name":"Summary",
      "image":"../icons/u_summary.png",
      "label":"Summary",
      "nodeType":"0",
      "refid":"project_summary"
    },
    {
      "name":"Collaboration",
      "children":
      [
        {
          "name":"Tasks",
          "image":"../icons/u_tasks.png",
          "label":"Tasks",
          "nodeType":"0",
          "refid":"project_tasks"
        },
        {
          "name":"Messages",
          "image":"../icons/u_messages.png",
          "label":"Messages",
          "nodeType":"0",
          "refid":"project_messages"
        },
        {
          "name":"Drafts",
          "image":"../icons/u_drafts.png",
          "label":"Drafts",
          "nodeType":"0",
          "refid":"project_drafts"
        }
      ],
      "image":"../icons/u_collaborate.png",
      "label":"Collaboration",
      "nodeType":"1"
    },
    {
      "name":"General",
      "image":"../icons/u_general.png",
      "label":"General",
      "nodeType":"0",
      "refid":"project_general"
    },
    {
      "name":"Document Manager",
      "children":
      [
        {
          "name":"Company Documents",
          "image":"../icons/u_project_documents.png",
          "label":"Company Documents",
          "nodeType":"0",
          "refid":"75"
        },
        {
          "name":"Unpublished Documents",
          "image":"../icons/u_unpublish_docs.png",
          "label":"Unpublished Documents",
          "nodeType":"0",
          "refid":"76"
        }
      ],
      "image":"../icons/u_reports.png",
      "label":"Reports",
      "nodeType":"1"
    },
    {
      "name":"Custom",
      "children":
      [
        {
          "name":"Operations",
          "children":
          [
            {
              "name":"Work Order",
              "image":"../icons/u_business_process.gif",
              "label":"Operational Work Order",
              "nodeType":"0",
              "refid":"1000003"
            },
            {
              "name":"Facility Improvement",
              "image":"../icons/u_business_process.gif",
              "label":"Facility Improvement",
              "nodeType":"0",
              "refid":"1000005"
            }
          ],
          "image":"../icons/u_default_folder.gif",
          "label":"Operations",
          "nodeType":"1"
        }
  ],
  "label":"Company Workspace",
  "nodeType":"1",
  "refid":"projectname"
}

How the permission byte array works

In the permission table, you will notice that the PermissionValue is a byte array varying in length.  The length of the byte array depends on what permissions are being represented.  

The checkbox represents the value of the first character in the byte array.  So if the first character is a 1, then Modify Record Ownership is checked.  If 0, then Modify Record Ownership is unchecked.