Group / User based security. Table / SQL question

Posted by Brett on Stack Overflow See other posts from Stack Overflow or by Brett
Published on 2010-03-24T09:21:47Z Indexed on 2010/03/24 9:23 UTC
Read the original article Hit count: 285

Filed under:
|
|

Hi,

I'm setting up a group / user based security system.

I have 4 tables as follows:

  • user
  • groups
  • group_user_mappings
  • acl

where acl is the mapping between an item_id and either a group or a user.

The way I've done the acl table, I have 3 columns of note (actually 4th one as an auto-id, but that is irrelevant)

  • col 1 item_id (item to access)
  • col 3 user_id (user that is allowed to access)
  • col 3 group_id (group that is allowed to access)

So for example

item1, peter, ,

item2, , group1

item3, jane, ,

so either the acl will give access to a user or a group. Any one line in the ACL table with either have an item -> user mapping, or an item group.

If I want to have a query that returns all objects a user has access to, I think I need to have a SQL query with a UNION, because I need 2 separate queries that join like..

item -> acl -> group -> user AND item -> acl -> user

This I guess will work OK. Is this how its normally done? Am I doing this the right way?

Seems a little messy. I was thinking I could get around it by creating a single user group for each person, so I only ever deal with groups in my SQL, but this seems a little messy as well..

© Stack Overflow or respective owner

Related posts about sql

Related posts about mysql