0

I'm a simple system in PHP and codeigniter and need a simple but better way to manage users and their access to the system. So after some search I found interesting topics about access control but I'm still in doubt about if that's a good approach or not.

The role and user perm tables is because some users should have a different access that is not defined by any role. and the user_permission will always have priority over role_permission. For instance, a user has a role that have access to user exclusion but a admin created a user_perm denying user exclusion, so this particular user won't be able to delete users.

Any help will be appreciated.

    CREATE TABLE users
    (
      id PRIMARY KEY,
      username,
      password,
      role_id,
      first_name,
      last_name,
      ...
    );

    CREATE TABLE roles
    (
      id PRIMARY KEY,
      name
    );
    CREATE TABLE actions 
    (
      id PRIMARY KEY,
      name,
    );
    CREATE TABLE role_permission 
    (
      id PRIMARY KEY,
      action_id,
      permission BOOLEAN
    );

    CREATE TABLE user_permission
    (
      id serial NOT NULL PRIMARY KEY,
      action_id,
      permission BOOLEAN
    );
William J.
  • 1,574
  • 15
  • 26
Ricardo Silva
  • 1,221
  • 9
  • 19

1 Answers1

0

you forgot a table for relationship between the role- id to multiple users - id.... so each user would have a role and on basis of the role he would get permissions.. or else u can add a field role_id to users table..

Vishal Wadhawan
  • 1,085
  • 1
  • 9
  • 11