Designing a multiple level user permission system

Vanessa picture Vanessa · May 20, 2011 · Viewed 12.8k times · Source

I am working on a site that has a database schema like a tree. From top to bottom I have:

  • One Company can have many
  • Locations that can have many
  • Fleets that can have many
  • Vehicles

The user permission system has to be flexible in that someone can gain or have restricted access at any level of the tree. For example, a person that manages location x will by default have full access to all fleets below location x and all vehicles below location x. But I should also be able to restrict the user's access to any node below location x.

What would be the proper way to develop a schema for a permission system such as this? Would it be realistic to store each node a user has access to even though it would be kind of redundant? The goal is for me to be able to easily run queries for example to get all locations a user has access to.

Answer

Denis de Bernardy picture Denis de Bernardy · May 20, 2011

You might find a number of threads on SO interesting. Among them:

Implementing permissions based on reputation

Database schema for ACL