Defining user roles in Database

Question

I'm developing a web application which will shared by a few colleges in my city. The cumulative number of clerks and office staffs will be around a few ten thousands.

I have created users like 'admission clerk','account staff', etc. and have defined the tables that can be accesses by each user type( say 'admission clerk' can access only admission_table and not payment_table).

I have enforced a programmatic security, where, when an admission clerk of a college logs in, he can delete an entry in admission_table where student_college field equals admission_clerk organization . Can I achieve the same by creating users in the dbms ?

Answer 1

You can try to multiply admission_tables to have one main table admission_table with columns

id, college_code, reference_id

The last field references to a college's admission_table

So you will have multiple admission_table_ with the same structure separate one for each college.

Thus you can use table roles.

It's complicated way and you can't get aggregate of the multiple tables data but it could work.

UPDATE

Alternatively you can prevent deleting from the table and create a special secured_delete() STORED PROCEDURE. So an admission clerk 1 can't delete directly but can call secured_delete_college1() only (moved from comment)

Answer 2

MySQL does not support row level security. You may workaround this by using views but that comes with certain quirks. I'd suggest sticking into implementing the row level security on the application level.