I want to design database for a web app in which user can access particular tabs based on the permissions given to a role.
What I have done so far is I created two tables USER_TABLE and USER_ROLES.
USER_TABLE has below fields:
USER_ROLES has below fields:
id (primary key)
role_name (e.g. ADMIN, TAB1_USER, TAB2_USER)
created_date
Here, the user having role_name "ADMIN" can see all the tabs, other users can access specific tabs only.
My question is do I need to create a table USER_PERMISSIONS having foreign key in USER_ROLES table with below fields:
or should I manage this at my code level? What would be the cons and pros of both approaches?
User Roles give Administrators the ability to control what users can do within the system, without giving full administrator access. A Role is a collection of Permissions which could be based on a job function. Permissions are assigned to Roles and Roles are assigned to Users.
Permissions define how a user can access the Emptoris Supplier Lifecycle Management application and complete the assigned tasks.
As krokodilko wrote in his comment, it depends on the level of flexibility you need.
I have implemented role based permissions for one of my clients as follows:
But my requirement was to be as flexible as possible, and it is a system that is still growing (6 years and counting).
I guess a lot of applications can have the user to role as a one to many relationship, instead of a many to many like in my case, but I wouldn't go hard coding permissions or role to permissions in any application.
Further explanation: Role based security database design on What the # do I know?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With