本文提供了针对EAS产品权限体系的多个SQL查询语句,旨在帮助用户理解并查询每个用户在各个组织下的实际权限信息。由于EAS产品权限体系复杂,前台无法直接展示详细信息,故提供了这些SQL语句供用户通过第三方工具执行。查询涵盖了用户权限(包括直接分配和通过角色分配)、组织关系、权限类型(如操作权、禁止权、转授权)等方面的内容。文章还提醒了SQL执行时可能遇到的问题及解决方案,并提供了格式化SQL的工具链接及附件下载。此外,还列出了多个具体查询示例,如查询用户在哪些组织下有哪些权限、哪些用户拥有特定权限、权限是否被禁用等,并解释了如何根据权限项别名查询其详细信息。
----------------- 用户权限查询相关sql汇总-------------------
背景:EAS产品权限体系内部有一些逻辑处理,前台无法清楚详细的展示每个用户在每个组织下的'实际'权限信息。因此篇文章是根据用户权限体系内部逻辑整理的各种常用查询sql来帮助大家学习并了解用户组织权限的实际关系。
请用第三方工具连接数据库来执行以下sql,因为EAS查询分析器可能不能正常识别以下sql格式,查询会报错,实际sql无问题,且查询分析器最多只能展示6500条数据。
如需格式化sql,可访问:https://tool.oschina.net/codeformat/sql
首先这里放上客户经常想要的sql:
--用户,权限(包含角色分配的权限),组织关系查询。(查看所有用户在哪些组织下有哪些功能权限)
--注意:如果组织名称为系统管理单元,是代表该用户在所有组织下有该权限,系统管理单元 并非 真实的组织,只是为了方便验证权限的一个虚拟值
--注意:权限类型 10:操作权; 20:禁止权; 30:转授权
SELECT u.fnumber AS 用户名, bu.fnumber AS 组织编码, bu.fname_l2 AS 组织名称, pm.falias_l2 AS 权限项名称, pm.flongnumber AS 权限项长编码 , s.fpermtype AS 权限类型 FROM ( SELECT fuserid, forgid, fpermitemid, fpermtype FROM ( SELECT fowner AS fuserid, forgid, fpermitemid, fpermtype FROM t_pm_userorgperm UNION ALL SELECT a.fuserid, a.forgid, b.fpermitemid, b.fpermtype FROM t_pm_userroleorg a INNER JOIN t_pm_roleperm b ON a.froleid = b.froleid ) x ) s INNER JOIN T_pm_user u ON s.fuserid = u.FID INNER JOIN T_pm_permitem pm ON s.fpermitemid = pm.FID INNER JOIN T_org_baseunit bu ON s.forgid = bu.FID
--查询 没有删除没有禁用的用户在哪些组织下有哪些功能权限
SELECT u.fnumber AS 用户名, bu.fnumber AS 组织编码, bu.fname_l2 AS 组织名称, pm.falias_l2 AS 权限项名称, pm.flongnumber AS 权限项长编码 , s.fpermtype AS 权限类型 FROM ( SELECT fuserid, forgid, fpermitemid, fpermtype FROM ( SELECT fowner AS fuserid, forgid, fpermitemid, fpermtype FROM t_pm_userorgperm UNION ALL SELECT a.fuserid, a.forgid, b.fpermitemid, b.fpermtype FROM t_pm_userroleorg a INNER JOIN t_pm_roleperm b ON a.froleid = b.froleid ) x ) s INNER JOIN T_pm_user u ON s.fuserid = u.FID INNER JOIN T_pm_permitem pm ON s.fpermitemid = pm.FID INNER JOIN T_org_baseunit bu ON s.forgid = bu.FID where s.fuserid in ( SELECT FID FROM t_pm_user where FISDELETE = 0 and FFORBIDDEN = 0 )
其他常用sql
--权限类型 10:操作权; 20:禁止权; 30:转授权
--1、查看所有用户在哪些组织下直接分配了哪些权限
SELECT u.FNUMBER AS "用户名", bu.FNUMBER AS "组织编码", p.FNUMBER AS "权限项编码", p.FALIAS_L2 AS "权限项别名", uop.FPERMTYPE AS "权限类型" FROM t_pm_userorgperm uop INNER JOIN t_pm_user u ON uop.FOWNER = u.FID INNER JOIN t_pm_permitem p ON uop.FPERMITEMID = p.FID INNER JOIN t_org_baseunit bu ON UOP.FORGID = BU.FID WHERE u.FIsDelete = 0
--2、查看所有用户在哪些组织下通过角色分配了哪些权限
SELECT u.FNUMBER AS 用户名, r.FNUMBER AS 角色编码, bu.FNUMBER AS 组织单元编码, pm.falias_l2 AS 权限项名称, pm.flongnumber AS 权限项长编码 , RP.fpermtype AS 权限类型 FROM T_PM_USERROLEORG uro INNER JOIN T_PM_USER u ON URO.FUSERID = U.FID INNER JOIN T_PM_ROLE r ON URO.FROLEID = R.FID INNER JOIN T_ORG_BASEUNIT bu ON URO.FORGID = BU.FID INNER JOIN T_PM_ROLEPERM RP ON URO.FROLEID = RP.FROLEID INNER JOIN T_PM_PERMITEM pm ON RP.FPERMITEMID = pm.FID WHERE u.FIsDelete = 0
--3、查询这个用户 在哪些组织下 拥有哪些操作权限 (替换用户id)
SELECT fowner AS fuserid, forgid, fpermitemid, fpermtype FROM t_pm_userorgperm WHERE fowner IN ('用户id') UNION ALL SELECT fuserid, forgid, fpermitemid, b.fpermtype FROM t_pm_userroleorg a JOIN t_pm_roleperm b ON a.froleid = b.froleid WHERE fuserid IN ('用户id')
--4、查看哪些用户在哪些组织下拥有该操作权限(4.1,4.2查出来的都有效)
--4.1、查看哪些用户在哪些组织下拥有该操作权限(用户组织权限表,替换权限项编码,如何查询权限项编码参考节点6)
SELECT FOWNER, FORGID FROM T_PM_USERORGPERM WHERE FPERMITEMID IN ( SELECT FID FROM T_pm_permitem WHERE FNUMBER IN ( '权限项编码' ) ) AND FPermType = 10
--4.2查看哪些用户在哪些组织下拥有该操作权限(用户组织角色表,替换权限项编码,如何查询权限项编码参考节点6)
SELECT FUserID, FORGID, FROLEID FROM t_pm_userroleorg WHERE FRoleID IN ( SELECT FRoleID FROM T_PM_RolePerm WHERE FPermItemID IN ( SELECT FID FROM T_pm_permitem WHERE FNUMBER IN ( '权限项编码' ) ) AND FPermType = 10 )
--5、查看某权限是否在某组织下被禁用(5.1,5.2查出来的都有效)
--5.1、查看某权限是否在某组织下被禁用(用户权限组织表,替换权限项编码,如何查询权限项编码参考节点6)
SELECT FOWNER, fpermitemId, forgId FROM T_PM_USERORGPERM WHERE FPERMITEMID IN ( SELECT FID FROM T_pm_permitem WHERE FNUMBER IN ( '权限项编码' ) ) AND FPermType = 20
--5.2、查看某权限是否在某组织下被禁用(用户角色组织表,替换权限项编码,如何查询权限项编码参考节点6)
SELECT FUserID, FROLEID, forgId FROM t_pm_userroleorg WHERE FRoleID IN ( SELECT FRoleID FROM T_PM_RolePerm WHERE FPermItemID IN ( SELECT FID FROM T_pm_permitem WHERE FNUMBER IN ( '权限项编码' ) ) AND FPermType = 20 )
--6、根据某权限项别名(可能会重复),来查询对应的fid,编码(fnumber),长编码(flongnumber),主业务组织类型(FORGRELATION)
--注意:长编码就是该权限项分配时的树结构,根据该树结构可以定位到具体哪个是你要找的权限项
例如:
SELECT fid,fnumber,flongnumber,FORGRELATION FROM T_pm_permitem where FALIAS_L2 = '报表查看' and fisleaf = 1
补充:
--7、查看某权限(包括直接分配权限和通过角色分配)在哪些组织下分配给了哪些用户(替换权限项别名,即以下sql中的'付款单查看')
SELECT u.fnumber AS "用户名", bu.fnumber AS "组织编码", bu.fname_l2 AS "组织名称", pm.falias_l2 AS "权限项名称", pm.flongnumber AS "权限项长编码", pm.ftype AS "权限类型_10代表有权_20代表禁用" FROM ( SELECT fuserid, forgid, fpermitemid, fpermtype FROM ( SELECT fowner AS fuserid, forgid, fpermitemid, fpermtype FROM t_pm_userorgperm WHERE fpermitemid = ( SELECT TOP 1 fid FROM t_pm_permitem WHERE FALIAS_L2 = '付款单查看' AND FISLEAF = 1 ) UNION ALL SELECT fuserid, forgid, fpermitemid, b.fpermtype FROM t_pm_userroleorg a JOIN t_pm_roleperm b ON a.froleid = b.froleid AND b.FPERMITEMID = ( SELECT TOP 1 fid FROM t_pm_permitem WHERE FALIAS_L2 = '付款单查看' AND FISLEAF = 1 ) ) ) s INNER JOIN T_pm_user u ON s.fuserid = u.FID INNER JOIN T_pm_permitem pm ON s.fpermitemid = pm.FID INNER JOIN T_org_baseunit bu ON s.forgid = bu.FID
金蝶EAS_V8.1_权限表结构.docx(73.35KB)
用户组织权限.zip(2.33KB)
推荐阅读