Reputation: 3153
User rights stored in Database
I am developing a Webapp with user rights. The user rights should be stored in the database and I am now puzzeling with the how to.
I thought about the possibility to use flags like in an "ordinary" application.
0 - NoRights
1 - User
2 - Support
4 - Finance
8 - Admin
The actual right would then consist of one or more added numbers. A User with Support rights would then have the userright 3.
What is best practice in Database moddeling to store userrights?
I am using a Microsoft SQL Server 2008R2 but I guess this question has a database agnostic answer
EDIT:
Here some resources I found on my way and with the kind help of the people who answered and commented.
Best Practice for Designing User Roles and Permission System?
https://security.stackexchange.com/questions/63518/mac-vs-dac-vs-rbac
Upvotes: 3
Views: 255
Answers (1)
Reputation: 415
This is many to many relation. Meaning that one user can have multiple roles and one role can be attached to multiple users.
Ie user1 can have roles 1 and 4 and role 1 can be hold by user1 and user2.
This normally is modelled using bridge tables, ie "
User(userId, name) Role(roleId, description)
UserRole(userId, roleId)
https://en.m.wikipedia.org/wiki/Many-to-many_(data_model)
Hope this helps
Upvotes: 3
Related Questions
- Get size of all tables in database
- How do I get list of all tables in a database using TSQL?
- Insert results of a stored procedure into a temporary table
- How do I rename a MySQL database (change schema name)?
- Search text in stored procedure in SQL Server
- Function vs. Stored Procedure in SQL Server
- How can I list the tables in a SQLite database file that was opened with ATTACH?
- What are the options for storing hierarchical data in a relational database?
- Create new user in MySQL and give it full access to one database