如何在mysql中为用户角色分配和区域分配设计数据库结构？

Question

Recently my company assign me a project that will mange my company marketing team. I am in trouble or fail to decide about database structure.

In this project have Access Role that will be following:

1) CMO (Chief Marketing officer)

2) ------------General Manager

3) ------------------Regional Manager

4) ------------------------Zonal Manager/State Head

5) ------------------------------Assistance Manager

6) ------------------------------------Area Manager

7) ------------------------------------------User

Access level will be according to mention above role hierarchy.
For example CMO have full access, Regional Manager have all access except CMO and so on.

Now second main things is Region (Region will make after combining multiple zone/state) Zone/State (It will be make after combining multiple city ) Area/City

Now all user will be added by default in any area Then admin assign a role and a region or state or area Finally user can access in system according to their role and their assign zone/state/city/area

if any user access role is Regional Manager and assign a region like Region1 Now user will be able to access all state/zone and their city which comes in region1

Please help me to design database structure that manage these all things?

Answer 1

Create a table in your database titled 'users'. Here you could create multiple tables or one. Basically, you want to create a role field and region field within your table/tables. When a user signs in, they will be granted access based on their role (ie 1 is a gm, 7 is a user)/region.

There are a lot of prebuilt solutions in many languages for what you want to do. I would recommend searching for one.

Answer 2

To represent the hierarchy you could create your roles table with a parent_role_id column meaning that other roles can 'sit under' the parent.

For example:

CREATE TABLE `roles` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `role` varchar(45) NOT NULL,
  `parent_role_id` int(11) DEFAULT NULL,
  PRIMARY KEY (`id`),
  KEY `parent_role_id` (`parent_role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

If I wanted to add a CMO they would keep this field null as nobody is above them. An Area Manager however would have parent id of 5 (assuming that the CMO is 1) as they are under the Assistance Manager. This enables you to build a folder like structure using just one table.

The other users to location relationships could be done in many ways. I think the easiest would be via a number of many to many relationships, such as:

CREATE TABLE `users` (
  `id` int(11) NOT NULL,
  `username` varchar(50) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE `user_roles`(
  `user_id` int(11) NOT NULL,
  `role_id` int(11) NOT NULL,
  PRIMARY KEY (`user_id`,`role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE `user_region` (
  `user_id` int(11) NOT NULL,
  `region_id` int(11) NOT NULL,
  PRIMARY KEY (`user_id`,`region_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

If you are looking for these to be used for governing authorization (aka permissions) then a more test and flexible solution may be an Access Control List (ACL) depending on the language you are using.

http://en.wikipedia.org/wiki/Access_control_list