if I am using Yii's authManager, am I still required to create a user group table? Correct me if I'm wrong, if we're using authManager and RBAC schema, we create roles and assign tasks to it. We then assign roles to a users.
In that case, do we still need a group table and have a FK in the user table that references group table's ID column?
Thank you.
Related
I recently had this problem in designing a SQL database.
I want to create a database for a school, and of course not all users have the same role or privileges.
For example, there are teachers, headteacher, students and parents.
If I put all those in the same table and put a role column the table, then I can't be free to put any other columns for a specific role
like I can't add a grade column for student because the other roles don't have grades.
Also I can't put them in separate tables because in the log in I can't specify the role for this user and go to his table .
What is the best way to do something like this?
Use polymorphism on the user table.
Create a user table with basic authentication and common information like email and credentials. Now create 2 columns authority_type, authority_id (naming can be changed).
Now for every type of new role or privilege, create a table.
For e.g. In your case, there will be a table for the teacher, headteacher, student and parent. All have separate sets of attributes.
Whenever saving a user record, you'll use its authority_type and its authoriy_id ( record foreign key of that other table ).
I'm trying to build ASP.NET core api where I have a few group of users. These groups have a common database, but from there they can only see the records assigned to them.
For example the user XYZ calling the controller returning the values from the Products table sees only those that were assigned to his group. And the same when he adds a new Product, only the users of his group see it, and other groups do not know about the existence of this Product.
I would like to ask you to explain to me how to do it in ASP.NET core, what libraries I could use, because unfortunately I don't know how to do it.
Thank you in advance for your help.
I don't think you need to search for a library or a framework to build this out, you can do the implementation as follows,
Create a table that reads as ProductPermissions
Make an entry for recordid, groupid, roleid in this table
After a user is assigned a group, the relevant tables should have the values like UserDetails, UserGroups, UserRoles etc
When I want to see the list of products that are accessible to me, I make a request to the GetProducts API.
The API gets my userid from the authentication process, roles and group ids
Now, you have to join the products table and the ProductPermissions table with the keys and filter by the groupid that I have been assigned.
The same logic applies for all the entity operations that I do, any action will be validated against the ProductPermissions table.
Note
In order to get a generic table than redundant ProductPermissions, you can have the table as EntityPermissions and then have the entityId (ex: Product, Category etc) as a column and that will be used a filter during joining so that you have a single table for all entities.
I actually need some feedback on the tables since my goal is to have
only the admin who can add the users and add files to the users. An admin can login and select either add users, add files for the users.Only the users who can login and download files.
Looks to me like you're missing a USER_ROLES table (primary key: UserID,RoleID). The FK from Files would be to USER_ROLES, not ROLE. Also, you should be consistent in naming tables as either singular or plural nouns. (I prefer plural).
I've made some changes on users_roles table and the only changes on the users table is only the userid in pk since I don't need the foreign key in userid.
Let's say I have a database with two tables, User and Store.
Lets make the rules:
A User must belong to one Store
A Store may have one or more Users
A store though, may have a store manager. What is the best approach for this?
Adding a 'is_store_manager' boolean column at the Users table, or create a foreign key called something like manager_user_fk at the Store table? I guess that would create a many to many relationship though, which would be bad, but it would be a solid constraint to select a user I think. What would be the best approach?
Don't create a fk on the Store. It is somewhat redundant and will make some future SQL queries harder.
You could add another table, UserType with the Manager, and Non-Manager types. You'd then add a fk on the Users table pointing to the UserType.
Edit:
If you wanted a user to be allowed multiple roles, you'd need another join table:
Let's call the previous table table Role, instead of UserType, and add another table, UserRole that is a join between User and Role (it has only 2 columns: a foreign key to User, and a foreign key to Role. With this setup, you wouldn't have any fk on the User table, as this join table would hold all the information about the relationship. A user could have as many roles as you like then.
An alternative to the accepted solution which only allows a user to be of one type you can use what I've been doing to replace boolean status fields. Create a table called UserManager with a primary key also being a foreign key to User.
Any user with an entry in UserManager is a manager. To get the managers you just join the User table with the UserManager. This also lets you store more meta data (i.e. you could store when the user became a manager etc).
Then if you want an AdminUser table, you do the same thing. Any user in the AdminUser table is also an admin. You can have a user be both (or none, or one). Along with storing more meta data about the type.
I have different 3 types of users and each type of user can have columns and relationships with tables that another type doesn't, but all of them have login(Unique) and password,
how would you do:
create a table for each type or
create one table for all of them or
create a table for all of them only for login and password and separate for all the other things and bind them with a FK
something else
Number 3 is the best of the options you suggested (updated slightly for clarification):
create a table for all of them for login and password and anything else that is shared and a separate table for all the other things that are not shared and bind them with a FK
Except don't store the password, store a hashed version of a salted password.
An alternative might be to assign groups and/or roles to your users. This might be more flexible than a fixed table structure, allowing you to add new roles dynamically. But it depends on your needs whether this is useful for you or not.
As Aaronaught pointed out, in the main table you need an AccountType to ensure that a user can only have one of the roles. You must remember to check the value of this column when joining the tables to ensure that a user has only one role active.
A unique constraint on the foreign key ensures that a user can only have a role once.