How does Facebook handle Privacy settings in database side?

Question

What are the design patterns to design privacy system like facebook's.

User decides which information to share based his friend groups. All user information (email, phone) is stored in the data table which just key = value table.

Current Tables:

• User - (id)
• UserData - (id, user_id, datatype, value)
• Friendship - (user_id, friend_id, friendgroup_id)
• FriendGroup - (user_id, name)

Example:

• X group can see phone_1
• Y group can see phone_2
• All groups can see phone_3

This schema can be changed.

Answer 1

You will have to make permissions table for FriendGroup. In that you have to gather permission given to each FriendGroup while making group or user can change that permission.

Prmissions(permission_id, friend_group, parameter, visible)

Example:

• X group can see phone_1
• Y group can see phone_2
• All groups can see phone_3

(1,x,phone_1,true)
(1,Y,phone_2,true)
(1,x,phone_3,true)
(1,Y,phone_3,true)

You can more see about ACL following links:

Database model with users, roles and rights

A Role-Based Access Control (RBAC) system for PHP

Patterns for building social network type applications?