Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Storing user access level in a database

I am storing a list of "Users" in a table. The business logic of the application will have a reference to an object with all the data in this table for the currently logged-in user. And be able to allow the user to perform operations if they have the correct access.

I'm wondering what is the best way to store "access levels?"

One way I'm thinking of storing the access level is as an integer, and using C# "flags" to combine multiple access levels without requiring a bunch of fields, is this wise?

Create  = 1
Read    = 2
Update  = 4
Delete  = 8
FullAcc = 16

The other option I'm thinking of, feels less elegent, but I've seen it done a lot:

Read/Write  = 1
R/W + Delete= 2
Full Access = 3

The reason I'm wondering, is that it seems like it would be more simple to add additional items to the second method, but at some point, it would become a pain in the ass to maintain. What are your thoughts?

like image 928
Nate Avatar asked Jan 05 '10 18:01

Nate


People also ask

What is access level in database?

There are three levels of access for Users; Full Access, Limited Access and Basic Access. The Allow Data Export and Allow Options Editing options are available to users with Full or Limited access, but not Basic Access users.

What the permission levels of the users are in accessing the database?

Database access levels are, from lowest to highest, Connect, Resource, and DBA. Use the corresponding keyword to grant a level of access privilege. You can modify the database schema if you own the database object that you intend to modify.

What is a user access level?

User access levels define what information the different users on your account can access and edit. They are particularly important for when you want to keep your employees' hourly rates confidential. When adding a new user, you'll be asked to assign them a user role.


1 Answers

I've always preferred the first approach using flags. The danger is that you get too many levels of permissions and you have to keep extending your enum and start using huge numbers and therefor maybe have to change the data type in your database to a large int. However, for something like permissions the number of options should be fairly limited. The one suggestion I would make is to have FullAcc defined as the sum of Create, Read, Update and Delete instead of as a separate entity. That way you won't have to check if a user has Update OR FullAcc permissions when they are trying to update something.

like image 87
TLiebe Avatar answered Oct 29 '22 18:10

TLiebe