发表新帖
发表新帖

Storing application permissions in a database

后端 未结
关注
5 1748
一生所求
一生所求 2021-01-30 18:38

I\'m developing an application for our company that eventually will have lots of ways of restricting users to particular sections/modules. While the application is still small,

5条回答
  • 天命终不由人
    天命终不由人 (楼主)
    2021-01-30 19:35

    I would do it this way.

    table name: permission
columns: id, permission_name

    and then I can assign multiple permissions to the user using a many to many relationship table

    table name: user_permission
columns: permission_id, user_id

    This design will allow me to add as many permission as I want, and assign it to as many user as i want.

    While the above design go with your requirement, I have my own method of implementing ACL in my application. I am posting it here.

    My method of implementation of ACL goes like this:

    1. User will be assigned a role (Admin, guest, staff, public)
    2. A role will have one or many permissions assigned to them (user_write, user_modify, report_read) etc.
    3. Permission for the User will be inherited from the role to which he/she is
    4. User can be assigned with manual permission apart from the permission inherited from role.

    To do this I have come up with the following database design.

    role
I store the role name here 
+----------+
| Field    |
+----------+
| id       |
| roleName |
+----------+

permission:
I store the permission name and key here 
Permission name is for displaying to user.
Permission key is for determining the permission.
+----------------+
| Field          |
+----------------+
| id             |
| permissionName |
| permissionKey  |
+----------------+

role_permission
I assign permission to role here 
+---------------+
| Field         |
+---------------+
| id            |
| role_id       |
| permission_id |
+---------------+

user_role
I assign role to the user here 
+---------------+
| Field         |
+---------------+
| id            |
| user_id       |
| role_id       |
+---------------+

user_permission
I store the manual permission I may allow for the user here 
+---------------+
| Field         |
+---------------+
| id            |
| user_id       |
| permission_id |
+---------------+

    This gives me more control over the ACL. I can allow superadmins to assign permission by themselves, and so on. As I said this is just to give you the idea.

    0 讨论(0)
 看不清?
提交回复
热议问题