stackoom
  简体   繁体   中英

Design help: Multiple User Roles

 原文  2012-11-05 19:22:54       php/ sql/ authentication/ permissions

Question

I'm currently in the process of designing a web app that requires the use of user permissions and roles. The roles will be stored within the SQL database (using MS SQL but this should be a design independent of the implementation).

What is the standard practice for allowing a user to have multiple roles, a "One to Many" relationship if you will.

What I came up with conceptually is the idea of a int field that uses a bit flag to determine if the user has that role: 

User Group | Permission Mask | Value
-------------------------------------
Basic      | 0 0 0 0 1       | 1
Advanced   | 0 0 0 1 0       | 2
...        |    ...          | ...
Admin      | 1 0 0 0 0       | 16

This way, on my PHP side's authentication I can quickly math out if a user belongs to the role or not. The biggest drawback I see with this is readability and understanding. For someone not involved with this design decision would they be able to figure out what's going on when maintenance/upgrades (new roles) come along?

Is this appropriate for my needs? Is there a more standardized way of allowing users to have multiple roles/groups?

2 answers

solution1
 3 ACCPTED  2012-11-05 19:27:37

User
------------
Id
Name


Roles
-----------
Id
Name


UserRoles - the UserID,RoleID combination has to be unique
-----------
UserId,
RoleId


Groups
------------
Id
GroupName


UserGroups - UserID, GroupID combination has to be unique
--------------
UserId
GroupId

Sample Data 

UserRoles
----------------------------------------------
UserID  | RoleID
--------------------------
123       ADMIN
123       EDITOR
124       SITE-USER

Queries 

-- if no rows returned, then user does not belong to role
Select 1 From UserRoles Where UserID=123 AND RoleID='ADMIN'

-- get user roles
Select ur.ID, ur.Name From UserRoles ur
JOIN Role r ON ur.RoleID = r.RoleID
JOIN Users u ON ur.UserID = u.UserID
WHERE u.UserID = 123

solution2
 1  2012-11-05 19:31:56

You should do something simple. It's a *-* relationship, why not implement it that way in the database? You would only need 2 more tables to map these roles to individual users, you could easily add new roles, and this would make sense for potential newcomers. Of course you would have to hardcode role access to functionalities initially, but you would have an easier upgrade path, would you want to have the whole thing configurable.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question User Roles DB Schema Design Need help in creating a user in Laravel with roles Multiple user database design Show content based on multiple user roles in WordPress CakePHP Multiple User Roles/PRO Membership Role How to assign Multiple roles to a single user in wordpress Assign multiple roles to a user programmatically in SugarCRM Yii 2 Creating Multiple User Roles (RBAC) Middleware on route level based on multiple user roles Session variable arrangement for user management in multiple roles
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM