Reputation: 13651
Need advice on user role based design
Let say I'm building an Q&A site like stackoverflow. My site has the following main features:
Post: post can be question or answer
Profile: personal profile of users
Private Message: stores private message of users
....
I was trying to figure out how to design user roles in my system. And I came up with: (each user only belongs to one role)
Is it ok to design user roles like this? If not, can anyone give me some suggestion? I am using MySQL, Struts 2. In Struts 2, are there any avalable libraries for Role Based Access Control (RBAC)?
(I have read Need some advice on my own Role Based Access Control (RBAC), but doesn't seem to solve my problem)
Upvotes: 2
Views: 1023
Answers (1)
Reputation: 2770
I have implemented RBAC in my current struts2-project.RBAC contains 3 things. User,Roles and Permissions.
Relationships are as below:
Role-Permission: M-M
User-Role:M-M
See, the relationship is like this because, If suppose you define a role ADMINISTRATOR, then it will require PERMISSIONS like CAN_READ,CAN_WRITE,CAN_EXECUTE...etc. You would also want to define Roles having combinations of above permissions and you would also like to create users with some combination of roles. ex:
READER is role having permission CAN_READ.
WRITER is role having permission CAN_WRITE.
You can now have user with role READER & WRITER
Upvotes: 1
Related Questions
- Role based authorizations to actions in Java/Struts
- Dynamic Roles in struts 2
- Store user Role into one table field or separate table with roles
- Need advice about design Restful with user role
- What is the best approach to create a role based web application?
- How to implement Role Based Access Control with Authentication and Session Management in Struts2?
- Modeling User Roles Hibernate
- User/Role/Module based architecture
- Good Java project architecture with database
- Need help with the design of the Employee and Manager relationship