which role-permission database design?

Question

I want to manage roles and permissions. Most of designs on web look like this

tables:

Users
Roles
UserRoles
Permissions
RolePermissions

Here, what is permissions? I am thinking for such a design instead:

Users
Roles
UserRoles
Permissions

In this design, Roles is supposed to be:

   id   |     name

while permissions is supposed to be:

id | role_id | section | action

permissions defines which role in which section has what action control. something like this:

id  |  role_id  |  section  |  action

1   |     2     |  posts    | edit
2   |     2     |  posts    | add
3   |     2     |  posts    | delete
4   |     3     |  users    | approve
5   |     3     |  users    | edit
6   |     4     |  articles | delete
7   |     2     |  users    | givepermission

It uses two strings instead of an extra table and numbers. Also checking it on PHP seems easier.

Does this design have problem? And is it recommended by you according to your experiences?

score -2 · Answer 1 · answered Jan 08 '14 at 13:17

As to whether your design is recommended, then it depends on the problem you are trying to solve. However, your design makes sense for a RESTful application, and should be resilient.

For your permissions table, you may want to consider using a bitmask instead of strings.

which role-permission database design?

1 Answers1