Document access permissions

Question

I have a simple document management system which currently offers "public" access to documents based on a company id - I would like to implement access controls on a user by user basis. I am happy with how to check access rights etc in PHP but not sure how best to maintain approved users in the table in an efficient way.

A document could have public access or private access restricted to x users and as I don't know the value of x it doesn't make sense to implement multiple fields in MySql called user1, user2 etc.

There is a table already called users and one called documents. Would a new table called users to docs make sense or is there a better way to implement this so I can check if a user is entitled to access the document if they attempt to?

Answer 1

Best method is to have link tables, e.g.

table #1: users (id, ...)
table #2: documents (id, ....)

and

table #3: user_documents (user_id, document_id)

where user_id and document_id are foreign keys pointing at the users and documents tables

If a record exists in user_documents, then the user has access to the document. If you need to implement various levels of access (read/write/etc..) you'd store that in the user_documents table as well in extra fields.

By comparison, if you had something like

table #1: users (id, doc1, doc2, doc3, etc...)

where the doc# fields point at documents this user has access to, you'd have to have N fields in the table to handle permissions for N documents. If only a few users have rights on N docs and most have far fewer, you'd be wasting a lot of space on unused fields. And there will always be some joker who requires N+1 documents, meaning you're modifying your tables every time.

With the link table, you only have 2 fields, ever, and only as many records as there are user/document access pairs.