What is the best way to manage permissions for a web application - bitmask or database table?

前端未结

关注

 9  764

感动是毒 2020-12-22 19:06

I\'m considering the best way to design a permissions system for an \"admin\" web application. The application is likely to have many users, each of whom could be assigned a

9条回答

时光取名叫无心 (楼主)

2020-12-22 19:34
Usually I have a Users table, a Roles table, and a UserRoles table. This way you can have an unlimited amount of roles without changing your db structure and users can be in multiple roles.

I force the application to only authorize against roles (never users). Notice how the "id" column in the roles table is not an identity column. This is because you may need to control the IDs which get put in this table because your application is going to have to look for specific IDs.

The structure looks like this:
```
create table Users (
 id int identity not null,
 loginId varchar(30) not null,
 firstName varchar(50) not null,
 etc...
)

create table Roles (
 id int not null,
 name varchar(50) not null
)

create table UserRoles (
 userId int not null,
 roleId int not null
)
```
0 讨论(0)

查看其它9个回答
发布评论:

提交评论
- 加载中...