Reputation: 135
Role Based Access Control MySql Implementation
I'm about to develop a management web app with Laravel.
I need that my users have different roles with different permission.
In details: some users can add customers, some users can write pieces of a paper related to the customer, some other users can just read that paper and some other users can read just some pieces of that paper.
So I decided to use an RBAC approach in order to gain a certain flexibility. I'll use this DB schema (just an example schema, but represent the needings of my application):
My answer is: since there is a direct relationship between users and paper, customer, attachs etc., how are RBAC rules expressed? I have to check user's permission in frontend when he request an operation or a resource? Or there are ways to express this rules even at backend level? Maybe using some GRANT options?
Hope sby can help. Thank you!
Upvotes: 1
Views: 4005
Answers (1)
Reputation: 10210
I would recommend using one of the RBAC packages already available to you, there are a few out there but a couple noteworthy mentions include:
You define roles such as User and Customer, permissions such as can-write-paper, can-read-paper and assign them to either roles or individual users depending on your use case.
Upvotes: 2
Related Questions
- Laravel RBAC (Role Based Access Control) Model Relationship
- Laravel 5 role based access control
- Yii Role Based Access Control
- Yii Framework 2.0 Role Based Access Control RBAC
- How to design a hierarchical role based access control system
- Is my Role Based Access Control a feasible solution?
- Implementing Roles based access control in php application
- Yii framework 2.0 Role based access control PhpManager
- Advanced Role-Based Access Control
- A more simple approach to role-based access control (RBAC)?