Is it reasonable for a role to have both administrator and user permissions?

explore the following example:

1. Background:

A system faces 2 objects and has the following permissions

users: you can pay bills, apply for invoices, and apply for refunds

Administrator: you can agree to apply and invoice the user, and you can agree and give the user a refund

2. Question:

is it reasonable to design a role that can do both a user and an administrator at the same time?

3. Attach:

generally speaking, is it a great security risk that an account involves both administrator and user permissions?

Programmer Security Database-Design role-permissions

Mar.22,2021

it really doesn't make sense if there are only two identities: administrator and user.
A role is a user and an administrator at the same time, so the administrator has too much authority and is generally not designed in this way, similar to the fact that sellers and buyers on the shopping network cannot play the same role at the same time.
consider adding an object, Super Admin: all permissions, but only one. On the other hand, ordinary administrators inherit some of the capabilities of super administrators (separate from user functions and cannot operate on administrators)

Previous: Thinkphp5 association one-to-one add operation display save non-object

Next: Merging of PHP two-dimensional arrays