RBAC Permissions
6 login policies, granular permission registry, B-end role management
6 login policies (independent/group SSO/global SSO/single device/multi device/IP bound), granular permission registry, B-end RBAC role management. Multi-instance Token, each device/app has independent Token.
// 配置分组 SSO 策略
{
"login_policy": "group_sso",
"policy_config": {
"group_key": "yunjii_products",
"max_devices": 3,
"ip_whitelist": []
}
}
// 多实例 Token 表
CREATE TABLE um_user_token (
user_id BIGINT,
token VARCHAR(255),
scope VARCHAR(50), -- 应用分组/全局
scope_type ENUM('app', 'group', 'global'),
device_id VARCHAR(64),
login_ip VARCHAR(45),
ip_bound BOOLEAN,
expire_at DATETIME
);Core features
6 key capabilities, covering everything from basic to advanced
6 login policies
independent / group_sso / global_sso / single_device / multi_device / ip_bound
Group SSO
Same-group apps share login state, one-click SSO within product line
Global SSO
All apps share login state, group-level single sign-on
Single/Multi device
single_device forces old device offline, multi_device allows N concurrent
IP binding
ip_bound policy, Token bound to IP, top choice for internal system security
Permission registry
um_perm_registry + um_b_roles, B-end granular role-permission management
API endpoints
All endpoints accessed via BFF proxy /api/* , auto-handling auth passthrough
| Method | Path | Description |
|---|---|---|
| GET | /check_token.php | Token verification (incl. scope/scope_type) |
| POST | /b_console.php?mod=policy | Configure login policy |
| GET | /b_console.php?mod=devices | Query user device list |