← Back to products
🛡️

RBAC Permissions

6 login policies, granular permission registry, B-end role management

6 login policies (independent/group SSO/global SSO/single device/multi device/IP bound), granular permission registry, B-end RBAC role management. Multi-instance Token, each device/app has independent Token.

example.json
// 配置分组 SSO 策略
{
  "login_policy": "group_sso",
  "policy_config": {
    "group_key": "yunjii_products",
    "max_devices": 3,
    "ip_whitelist": []
  }
}

// 多实例 Token 表
CREATE TABLE um_user_token (
  user_id BIGINT,
  token VARCHAR(255),
  scope VARCHAR(50),            -- 应用分组/全局
  scope_type ENUM('app', 'group', 'global'),
  device_id VARCHAR(64),
  login_ip VARCHAR(45),
  ip_bound BOOLEAN,
  expire_at DATETIME
);

Core features

6 key capabilities, covering everything from basic to advanced

6 login policies

independent / group_sso / global_sso / single_device / multi_device / ip_bound

Group SSO

Same-group apps share login state, one-click SSO within product line

Global SSO

All apps share login state, group-level single sign-on

Single/Multi device

single_device forces old device offline, multi_device allows N concurrent

IP binding

ip_bound policy, Token bound to IP, top choice for internal system security

Permission registry

um_perm_registry + um_b_roles, B-end granular role-permission management

API endpoints

All endpoints accessed via BFF proxy /api/* , auto-handling auth passthrough

MethodPathDescription
GET/check_token.phpToken verification (incl. scope/scope_type)
POST/b_console.php?mod=policyConfigure login policy
GET/b_console.php?mod=devicesQuery user device list

Other products