Reputation: 4212
How to implement default Roles on a Role Based Access Control
I'm implementing a Role Based Access Control system .
Users have Roles (many-to-many)
Roles have Permissions (many-to-many)
Roles have Privileges (many-to-many)
A Role belongs to A Customer
I want to have 2 default Role s : Admin and Normal. The problem is , the Role s belong to Customers. So it means i need to define this default Roles for each Customer.
How can i avoid defining the same 2 Roles for each Customer ?
(The first idea i have come up with, was to keep the owners of these default Roles NULL , but this is gonna add a lot of extra control and forking over my authorization methods)
Upvotes: 0
Views: 1019
Answers (1)
Reputation: 144
Not sure if I get it right, but the Role shouldn't depend on Users...
The general solution at DB level is employing a connection table, i.e. one USER table, one ROLE table and a USER_ROLE table with two foreign keys to USER and ROLE tables, respectively.
The solution at JPA level (I assume you use this because of the "Java" label you added) is to annotate the collection representing the association with a @ManyToMany tag and the framework will handle the rest of it.
Upvotes: 1
Related Questions
- How to implement role-based access control Java/MySql?
- Role Based Access Control MySql Implementation
- Designing a role based access control with support for relations
- user, role, permissions and a specific group RBAC?
- How to design a hierarchical role based access control system
- Access control: RBAC with additional group memberships instead of object properties
- Need some advice on my own Role Based Access Control (RBAC)
- DB schema for RBAC with multiple levels of roles
- how to design: users with different roles see different records