MySQL Query with Sub-Query optimisation
Question
I have built a CMS system with a fairly typical user/group/permission system where users can be members of groups, and permissions can be applied to either the user directly, or to groups which users can be members of.
Permissions can also be 'wildcard' (eg apply to all objects) or apply to specific objects designated by a module name and a row id. Permissions can with be 'Allow' which grants access, or 'Deny' which specifically prevents access and overrides any 'Allow' permissions they have been granted elsewhere. Deny is stored in the userpermission/grouppermission table by creating an row with the 'allow' column set to 0.
The following query is currently used (and works) to list all users which have been granted a specific 'wildcard' permission (permissionid 123).
SELECT
`user`.*
FROM
(
SELECT
`user`.*,
`userpermission`.`allow` AS `user_allow`,
`userpermission`.`permissionid` AS `user_permissionid`,
`grouppermission`.`allow` AS `group_allow`,
`grouppermission`.`permissionid` AS `group_permissionid`
FROM
`user`
LEFT JOIN `userpermission` ON
`user`.`userid` = `userpermission`.`userid`
AND `userpermission`.`module` = '*'
AND `userpermission`.`rowid` = '*'
AND `userpermission`.`permissionid` = 18
LEFT JOIN `usergroup` ON
`user`.`userid` = `usergroup`.`userid`
LEFT JOIN `grouppermission` ON
`usergroup`.`groupid` = `grouppermission`.`groupid`
AND `grouppermission`.`module` = '*'
AND `grouppermission`.`rowid` = '*'
AND `grouppermission`.`permissionid` = 18
WHERE
(
`grouppermission`.`allow` = 1
OR
`userpermission`.`allow` = 1
)
) AS `user`
LEFT JOIN `userpermission` ON
`user`.`userid` = `userpermission`.`userid`
AND `userpermission`.`permissionid` = `user`.`user_permissionid`
AND `userpermission`.`allow` = 0
AND `userpermission`.`module` = '*'
AND `userpermission`.`rowid` = '*'
LEFT JOIN `usergroup` ON
`user`.`userid` = `usergroup`.`userid`
LEFT JOIN `grouppermission` ON
`usergroup`.`groupid` = `grouppermission`.`groupid`
AND `grouppermission`.`permissionid` = `user`.`group_permissionid`
AND `grouppermission`.`allow` = 0
AND `grouppermission`.`module` = '*'
AND `grouppermission`.`rowid` = '*'
GROUP BY `user`.`userid`
HAVING
COUNT(`userpermission`.`userpermissionid`) + COUNT(`grouppermission`.`grouppermissionid`) = 0
However it is very slow (~0.5 seconds, with ~3000 users, ~250 groups, ~10000 usergroup joins, ~30 permissions, ~150 grouppermissions and ~30 userpermissions).
permissionid as per the example above is just one permision. It may also be necessary to check multiple permissions eg IN(18,19,20) instead of = 18
Explain provides the following output - I think I've got the right columns indexed however I'm not sure about how (or if its possible) to index the derived table:
+----+-------------+-----------------+------+----------------------------+--------------+---------+--------------------------------+------+---------------------------------+
| id | select_type | table | type | possible_keys | key | key_len | ref | rows | Extra |
+----+-------------+-----------------+------+----------------------------+--------------+---------+--------------------------------+------+---------------------------------+
| 1 | PRIMARY | [derived2] | ALL | NULL | NULL | NULL | NULL | 62 | Using temporary; Using filesort |
| 1 | PRIMARY | userpermission | ref | USERID,PERMISSIONID,ALLOW | USERID | 4 | user.userid | 2 | |
| 1 | PRIMARY | usergroup | ref | USERID | USERID | 4 | user.userid | 4 | |
| 1 | PRIMARY | grouppermission | ref | GROUPID,PERMISSIONID,ALLOW | PERMISSIONID | 4 | user.group_permissionid | 3 | |
| 2 | DERIVED | user | ALL | NULL | NULL | NULL | NULL | 2985 | |
| 2 | DERIVED | userpermission | ref | USERID,PERMISSIONID | PERMISSIONID | 4 | | 1 | |
| 2 | DERIVED | usergroup | ref | USERID | USERID | 4 | [database].user.userid | 4 | |
| 2 | DERIVED | grouppermission | ref | GROUPID,PERMISSIONID | PERMISSIONID | 4 | | 3 | Using where |
+----+-------------+-----------------+------+----------------------------+--------------+---------+--------------------------------+------+---------------------------------+Is it possible to re-write the query without the sub-query so that it can be optimised, or optimise it as-is?
If the data structure needs changing that isn't a huge issue.
2 answers
solution1
1 ACCPTED 2014-11-07 14:22:46
You're left joining and afterwards you count the non-null rows and check if there exist none. I hope you realize from my wording, that this is more complicated than it needs to be. You can simply rewrite the whole query like this:
SELECT
`user`.*
FROM
`user`
LEFT JOIN `userpermission` ON
`user`.`userid` = `userpermission`.`userid`
AND `userpermission`.`module` = '*'
AND `userpermission`.`rowid` = '*'
AND `userpermission`.`permissionid` = 18
LEFT JOIN `usergroup` ON `user`.`userid` = `usergroup`.`userid`
LEFT JOIN `grouppermission` ON
`usergroup`.`groupid` = `grouppermission`.`groupid`
AND `grouppermission`.`module` = '*'
AND `grouppermission`.`rowid` = '*'
AND `grouppermission`.`permissionid` = 18
WHERE
(`grouppermission`.`allow` = 1 OR `userpermission`.`allow` = 1)
AND NOT EXISTS (SELECT 1 FROM `userpermission` WHERE `user`.`userid` = `userpermission`.`userid`
AND `userpermission`.`allow` = 0
AND `userpermission`.`module` = '*'
AND `userpermission`.`rowid` = '*'
AND `userpermission`.`permissionid` = 18
)
AND NOT EXISTS (SELECT 1 FROM `grouppermission` WHERE `usergroup`.`groupid` = `grouppermission`.`groupid`
AND `grouppermission`.`allow` = 0
AND `grouppermission`.`module` = '*'
AND `grouppermission`.`rowid` = '*'
AND `grouppermission`.`permissionid` = 18
);
What's also great about EXISTS() , is, that it stops as soon as an entry was found. You don't have to get all rows and check afterwards if there was none.
Another way to write the query would be this:
SELECT
`user`.*
FROM
`user`
LEFT JOIN `userpermission` ON
`user`.`userid` = `userpermission`.`userid`
AND `userpermission`.`module` = '*'
AND `userpermission`.`rowid` = '*'
AND `userpermission`.`permissionid` = 18
LEFT JOIN `usergroup` ON `user`.`userid` = `usergroup`.`userid`
LEFT JOIN `grouppermission` ON
`usergroup`.`groupid` = `grouppermission`.`groupid`
AND `grouppermission`.`module` = '*'
AND `grouppermission`.`rowid` = '*'
AND `grouppermission`.`permissionid` = 18
LEFT JOIN `userpermission` up ON `user`.`userid` = `up`.`userid`
AND up.`allow` = 0
AND up.`module` = '*'
AND up.`rowid` = '*'
AND up.`permissionid` = 18
LEFT JOIN grouppermission gp ON `usergroup`.`groupid` = `gp`.`groupid`
AND gp.`allow` = 0
AND gp.`module` = '*'
AND gp.`rowid` = '*'
AND gp.`permissionid` = 18
WHERE
(`grouppermission`.`allow` = 1 OR `userpermission`.`allow` = 1)
AND up.userid IS NULL
AND gp.groupid IS NULL;
Have a try which one works better for you.
solution2
0 2014-11-10 09:53:17
Another way to do this without any sub-queries is:
SELECT
`user`.*,
SUM(CASE WHEN `userpermission`.`allow` = 1 THEN 1 ELSE 0 END) as user_allow,
SUM(CASE WHEN `grouppermission`.`allow` = 1 THEN 1 ELSE 0 END) as group_allow,
SUM(CASE WHEN `userpermission`.`allow` = 0 THEN 1 ELSE 0 END) as user_deny,
SUM(CASE WHEN `grouppermission`.`allow` = 0 THEN 1 ELSE 0 END) as group_deny
FROM
`user`
LEFT JOIN `userpermission` ON
`user`.`userid` = `userpermission`.`userid`
AND `userpermission`.`module` = '*'
AND `userpermission`.`rowid` = '*'
AND `userpermission`.`permissionid` = 18
LEFT JOIN `usergroup` ON `user`.`userid` = `usergroup`.`userid`
LEFT JOIN `grouppermission` ON
`usergroup`.`groupid` = `grouppermission`.`groupid`
AND `grouppermission`.`module` = '*'
AND `grouppermission`.`rowid` = '*'
AND `grouppermission`.`permissionid` = 18
GROUP BY
`user`.`userid`
HAVING
(
`user_allow` > 0
OR
`group_allow` > 0
)
AND
`user_deny` = 0
AND
`group_deny` = 0
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.