Database structure - groups, users and roles
Submitted by rainer on Tue, 05/20/2008 - 11:30
My first proposal for the groups, users and roles is as following:
- There are groups and supergroups
- A group is in one supergroup
- There are users and roles
- A user is member of 1..n groups in 1..n roles
- A user is member of 1..n supergroups in 1..n roles
Roles are initially "Admin", "Manager", "Worker" and "Controller".
The entities group, supergroup, user, role have each two foreign key fields for mapping to legacy systems. The count "two" is a trade-of between 1 and many. Two should be enough to integrate to most systems.
- Login to post comments
Subscribe comments
Comments
Do we really need the concept of supergroups? Couldn't we also allow groups to be members of other groups?
This would free us from the burden of having two different kinds of groups. Of course we would have to check for cyclic references when adding a group but that's quite easy.
Having a group hierarchy also allows us to have a very powerful rights management (users in .rights.users automatically have the rights .rights.users.add, .rights.rights.delete, ...). Adding a group would automatically add you in the group .rights. This way the creator of the group has automatically all rights.