SQL 最佳用户角色权限数据库设计实践?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/46016139/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Best user role permissions database design practice?
提问by Joginder Pawan
I want to design database for a web app in which user can access particular tabs based on the permissions given to a role.
我想为 Web 应用程序设计数据库,用户可以在其中根据授予角色的权限访问特定选项卡。
What I have done so far is I created two tables USER_TABLEand USER_ROLES.
到目前为止,我所做的是创建了两个表USER_TABLE和USER_ROLES。
USER_TABLEhas below fields:
USER_TABLE有以下字段:
- id (primary key)
- user_name
- password
- first_name
- last_name
- created_date
- role_id_fk (foreign key)
- id(主键)
- 用户名
- 密码
- 名
- 姓
- 创建日期
- role_id_fk(外键)
USER_ROLEShas below fields:
USER_ROLES有以下字段:
id (primary key)
role_name (e.g. ADMIN, TAB1_USER, TAB2_USER)
created_date
id(主键)
role_name(例如 ADMIN、TAB1_USER、TAB2_USER)
创建日期
Here, the user having role_name "ADMIN" can see all the tabs, other users can access specific tabs only.
在这里,具有角色名称“ ADMIN”的用户可以看到所有选项卡,其他用户只能访问特定选项卡。
My question is do I need to create a table USER_PERMISSIONShaving foreign key in USER_ROLEStable with below fields:
我的问题是我是否需要在USER_ROLES表中创建一个具有以下字段的外键的表USER_PERMISSIONS:
- id (primary key)
- permission_type (ALL, TAB1, TAB2....)
- id(主键)
- permission_type (ALL, TAB1, TAB2 ....)
or should I manage this at my code level? What would be the cons and pros of both approaches?
或者我应该在我的代码级别管理这个?这两种方法的优缺点是什么?
回答by Zohar Peled
As krokodilko wrote in his comment, it depends on the level of flexibility you need.
I have implemented role based permissions for one of my clients as follows:
正如 krokodilko 在他的评论中所写,这取决于您需要的灵活性水平。
我已经为我的一位客户实现了基于角色的权限,如下所示:
- User (user id (PK), user name (unique), password (salted and hashed!), first name, last name, phone etc')
- Role (role id (PK), role name (unique), role description)
- Permission (permission id (PK), permission name (unique)) - the tabs / screens / actions goes here
- User To Role (user id, role id) - PK is both columns combined
- Role to Permission (role id, permission id) - PK is both columns combined
- 用户(用户 ID (PK)、用户名(唯一)、密码(加盐和散列!)、名字、姓氏、电话等)
- 角色(角色id(PK)、角色名称(唯一)、角色描述)
- 权限(权限 ID(PK),权限名称(唯一)) - 选项卡/屏幕/动作放在这里
- User To Role (user id, role id) - PK 是两列组合
- Role to Permission (role id, permission id) - PK 是两列组合
But my requirement was to be as flexible as possible, and it is a system that is still growing (6 years and counting).
但我的要求是尽可能灵活,这是一个仍在发展的系统(6 年和计数)。
I guess a lot of applications can have the user to role as a one to many relationship, instead of a many to many like in my case, but I wouldn't go hard coding permissions or role to permissions in any application.
我想很多应用程序都可以让用户扮演一对多关系,而不是像我这样的多对多关系,但我不会在任何应用程序中对权限或角色进行硬编码。
