【BOS基础系统_权限】用户组织权限相关查询SQL
----------------- 用户权限查询相关sql汇总-------------------
背景:EAS产品权限体系内部有一些逻辑处理,前台无法清楚详细的展示每个用户在每个组织下的'实际'权限信息。因此篇文章是根据用户权限体系内部逻辑整理的各种常用查询sql来帮助大家学习并了解用户组织权限的实际关系。
请用第三方工具连接数据库来执行以下sql,因为EAS查询分析器可能不能正常识别以下sql格式,查询会报错,实际sql无问题,且查询分析器最多只能展示6500条数据。
如需格式化sql,可访问:https://tool.oschina.net/codeformat/sql
首先这里放上客户经常想要的sql:
--用户,权限(包含角色分配的权限),组织关系查询。(查看所有用户在哪些组织下有哪些功能权限)
--注意:如果组织名称为系统管理单元,是代表该用户在所有组织下有该权限,系统管理单元 并非 真实的组织,只是为了方便验证权限的一个虚拟值
--注意:权限类型 10:操作权; 20:禁止权; 30:转授权
SELECT u.fnumber AS 用户名, bu.fnumber AS 组织编码, bu.fname_l2 AS 组织名称, pm.falias_l2 AS 权限项名称, pm.flongnumber AS 权限项长编码 , s.fpermtype AS 权限类型 FROM ( SELECT fuserid, forgid, fpermitemid, fpermtype FROM ( SELECT fowner AS fuserid, forgid, fpermitemid, fpermtype FROM t_pm_userorgperm UNION ALL SELECT a.fuserid, a.forgid, b.fpermitemid, b.fpermtype FROM t_pm_userroleorg a INNER JOIN t_pm_roleperm b ON a.froleid = b.froleid ) x ) s INNER JOIN T_pm_user u ON s.fuserid = u.FID INNER JOIN T_pm_permitem pm ON s.fpermitemid = pm.FID INNER JOIN T_org_baseunit bu ON s.forgid = bu.FID
--查询 没有删除没有禁用的用户在哪些组织下有哪些功能权限
SELECT u.fnumber AS 用户名, bu.fnumber AS 组织编码, bu.fname_l2 AS 组织名称, pm.falias_l2 AS 权限项名称, pm.flongnumber AS 权限项长编码 , s.fpermtype AS 权限类型 FROM ( SELECT fuserid, forgid, fpermitemid, fpermtype FROM ( SELECT fowner AS fuserid, forgid, fpermitemid, fpermtype FROM t_pm_userorgperm UNION ALL SELECT a.fuserid, a.forgid, b.fpermitemid, b.fpermtype FROM t_pm_userroleorg a INNER JOIN t_pm_roleperm b ON a.froleid = b.froleid ) x ) s INNER JOIN T_pm_user u ON s.fuserid = u.FID INNER JOIN T_pm_permitem pm ON s.fpermitemid = pm.FID INNER JOIN T_org_baseunit bu ON s.forgid = bu.FID where s.fuserid in ( SELECT FID FROM t_pm_user where FISDELETE = 0 and FFORBIDDEN = 0 )
其他常用sql
--权限类型 10:操作权; 20:禁止权; 30:转授权
--1、查看所有用户在哪些组织下直接分配了哪些权限
SELECT u.FNUMBER AS "用户名", bu.FNUMBER AS "组织编码", p.FNUMBER AS "权限项编码", p.FALIAS_L2 AS "权限项别名", uop.FPERMTYPE AS "权限类型" FROM t_pm_userorgperm uop INNER JOIN t_pm_user u ON uop.FOWNER = u.FID INNER JOIN t_pm_permitem p ON uop.FPERMITEMID = p.FID INNER JOIN t_org_baseunit bu ON UOP.FORGID = BU.FID WHERE u.FIsDelete = 0
--2、查看所有用户在哪些组织下通过角色分配了哪些权限
SELECT u.FNUMBER AS 用户名, r.FNUMBER AS 角色编码, bu.FNUMBER AS 组织单元编码, pm.falias_l2 AS 权限项名称, pm.flongnumber AS 权限项长编码 , RP.fpermtype AS 权限类型 FROM T_PM_USERROLEORG uro INNER JOIN T_PM_USER u ON URO.FUSERID = U.FID INNER JOIN T_PM_ROLE r ON URO.FROLEID = R.FID INNER JOIN T_ORG_BASEUNIT bu ON URO.FORGID = BU.FID INNER JOIN T_PM_ROLEPERM RP ON URO.FROLEID = RP.FROLEID INNER JOIN T_PM_PERMITEM pm ON RP.FPERMITEMID = pm.FID WHERE u.FIsDelete = 0
--3、查询这个用户 在哪些组织下 拥有哪些操作权限 (替换用户id)
SELECT fowner AS fuserid, forgid, fpermitemid, fpermtype
FROM t_pm_userorgperm
WHERE fowner IN ('用户id')
UNION ALL
SELECT fuserid, forgid, fpermitemid, b.fpermtype
FROM t_pm_userroleorg a
JOIN t_pm_roleperm b ON a.froleid = b.froleid
WHERE fuserid IN ('用户id')--4、查看哪些用户在哪些组织下拥有该操作权限(4.1,4.2查出来的都有效)
--4.1、查看哪些用户在哪些组织下拥有该操作权限(用户组织权限表,替换权限项编码,如何查询权限项编码参考节点6)
SELECT FOWNER, FORGID FROM T_PM_USERORGPERM WHERE FPERMITEMID IN ( SELECT FID FROM T_pm_permitem WHERE FNUMBER IN ( '权限项编码' ) ) AND FPermType = 10
--4.2查看哪些用户在哪些组织下拥有该操作权限(用户组织角色表,替换权限项编码,如何查询权限项编码参考节点6)
SELECT FUserID, FORGID, FROLEID FROM t_pm_userroleorg WHERE FRoleID IN ( SELECT FRoleID FROM T_PM_RolePerm WHERE FPermItemID IN ( SELECT FID FROM T_pm_permitem WHERE FNUMBER IN ( '权限项编码' ) ) AND F
【BOS基础系统_权限】用户组织权限相关查询SQL
声明:除非特别标注,否则均为本站原创文章,转载时请以链接形式注明文章出处。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
