Storing application permissions in a database

php mysql arrays permissions store
Reado picture Reado · Apr 25, 2012 · Viewed 12.5k times · Source

I'm developing an application for our company that eventually will have lots of ways of restricting users to particular sections/modules. While the application is still small, I'd like to move to a new method of storing permissions that, as the application grows, will remain easy to maintain and query.

Currently in our MySQL database we have a table called "user" which stores the user's ID, username and password. In a separate table called "user_acl" is the following:

user_acl_id
acl_root
acl_news_read
acl_news_write
acl_news_modify
acl_reports_read
acl_reports_write
acl_reports_modify
acl_users_read
acl_users_write
acl_users_modify

We only have 3 modules at the minute, but over time more will be created and permissions for each will need to be added.

Rather than create a column for each permission, is there any other way or storing this information?

Answer

Ibrahim Azhar Armar picture Ibrahim Azhar Armar · Apr 25, 2012

I would do it this way.

table name: permission
columns: id, permission_name

and then I can assign multiple permissions to the user using a many to many relationship table

table name: user_permission
columns: permission_id, user_id

This design will allow me to add as many permission as I want, and assign it to as many user as i want.

While the above design go with your requirement, I have my own method of implementing ACL in my application. I am posting it here.

My method of implementation of ACL goes like this:

  1. User will be assigned a role (Admin, guest, staff, public)
  2. A role will have one or many permissions assigned to them (user_write, user_modify, report_read) etc.
  3. Permission for the User will be inherited from the role to which he/she is
  4. User can be assigned with manual permission apart from the permission inherited from role.

To do this I have come up with the following database design.

role
I store the role name here 
+----------+
| Field    |
+----------+
| id       |
| roleName |
+----------+

permission:
I store the permission name and key here 
Permission name is for displaying to user.
Permission key is for determining the permission.
+----------------+
| Field          |
+----------------+
| id             |
| permissionName |
| permissionKey  |
+----------------+

role_permission
I assign permission to role here 
+---------------+
| Field         |
+---------------+
| id            |
| role_id       |
| permission_id |
+---------------+

user_role
I assign role to the user here 
+---------------+
| Field         |
+---------------+
| id            |
| user_id       |
| role_id       |
+---------------+

user_permission
I store the manual permission I may allow for the user here 
+---------------+
| Field         |
+---------------+
| id            |
| user_id       |
| permission_id |
+---------------+

This gives me more control over the ACL. I can allow superadmins to assign permission by themselves, and so on. As I said this is just to give you the idea.

Related questions

Passing an array to a query using a WHERE clause

Given an array of ids $galleries = array(1,2,5) I want to have a SQL query that uses the values of the array in its WHERE clause like: SELECT * FROM galleries WHERE id = /* values of array $galleries... eg. (1 || 2 || 5) */ How can I generate …

Read More
Save PHP array to MySQL?

What is a good way to save an array of data to a single mysql field? Also once I query for that array in the mysql table, what is a good way to get it back into array form? Is …

Read More
Mysql where id is in array

I have a string of ids like 1,2,3,4,5 and I want to be able to list all rows in mysql where the ID is contained in that list. I assumed the easiest way would be to turn the string into an …

Read More