Reputation: 12069
User Permission Tree: How to get there?
I'm implementing a product stock manage website, witch has many layers of permissions. It has an admin that has all kind of permissions and then level 2, 3, 4, etc... that will have less permitions. But specific users can have special permissions, like for example creating users, or read information about other users.
Consider the following scenario:
* admin inserted user1, user2 and user3.
* user1 inserted user4 and user5 under his supervision.
* user1 edited user4's permission so: user4 can see all user5's
activity, but user5 cannot see user4's activity.
* user5 inserted user6 and user7 and can see all their activity, but
user4 cant!
* user2 is in the same "level" and user1 and user3, but he cant see
their sublevels activity.
How can I make this permission-tree implicit in my database?
Graphical scheme of the permissions tree:
Upvotes: 4
Views: 1379
Answers (1)
Reputation: 910
First-off, the table of users would be {id, username, password, ..., owner}, owner being the user id that created the account This creates a tree of users.
Then you would need an ACL table in the form {userid, updatepriviledgeid, deleteuserid, updateuserid, viewid, ..., wholetree, ...} Each entry would be for a user id in the main table (this is not a primary key) The rest, e.g. updatepriviledgeid would mean that this user can update the user information. Each record has an associated wholetreeupdtae as a boolean that simplifies whether the user has permission to the whole tree
Upvotes: 1
Related Questions
- Hierarchical role/permissions based access
- Roles and permissions in php
- What is the efficient way to make a permission system?
- Managing user permissions with a hierarchy
- manage user permissions in php
- How to manage user access and user permissions
- Where and how to store User Permissions?
- Designing a multiple level user permission system
- How to structure user permissions for a cms
- How to structure multiple users with multiple permission levels?