数据库计划 – 包括用户,脚色和权限的数据库模子

我有一个带有效户表和脚色表的数据库模子.我想节制最多10个差异元素的会见权限.可以将会见权限授予脚色或单个用户.
以下是用户,脚色和项目标表界说：

CREATE TABLE users
(
  id serial NOT NULL PRIMARY KEY,username character varying UNIQUE,password character varying,first_name character varying,last_name character varying,...
);

CREATE TABLE roles
(
  id serial NOT NULL PRIMARY KEY,name character varying NOT NULL,description character varying,...
);

CREATE TABLE element_1
(
  id serial NOT NULL PRIMARY KEY,...
);

...

此刻我有两种差异的权力计划方法.一个表具有权限范例列或10个权限表 – 每个要节制会见权限的元素对应一个表.

每个元素的权限表与一个权限表的优弱点是什么？ – 可能是更吻合的方法吗？

办理要领

RBAC in the Role-Based Access Control
(RBAC) model,access to resources is
based on the role assigned to a user.
In this model,an administrator
assigns a user to a role that has
certain predetermined right and
privileges. Because of the user’s
association with the role,the user
can access certain resources and
perform specific tasks. RBAC is also
known as Non-Discretionary Access
Control. The roles assigned to users
are centrally administered.

DAC In the Discretionary Access
Control (DAC) model,access to
resources is based on user’s identity.
A user is granted permissions to a
resource by being placed on an access
control list (ACL) associated with
resource. An entry on a resource’s ACL
is known as an Access Control Entry
(ACE). When a user (or group) is the
owner of an object in the DAC model,
the user can grant permission to other
users and groups. The DAC model is
based on resource ownership.

see source

1)在RBAC中：您必要ElementType表来为脚色分派权限(用户被分派给脚色). RBAC界说：“这个脚色/用户可以做什么”.打点员为脚色分派权限和权限,将用户分派给脚色以会见资源.
2)在DAC中：用户和脚色通过会见节制列表(全部权)拥有元素的权限. DAC界说：“谁有权会见我的数据”.用户(全部者)授予对所拥有资源的权限.

无论怎样我提议这个数据模子：

CREATE TABLE ElementType
(
    Id (PK)
    Name
    ...
)

CREATE TABLE ElementBase
(
    Id (PK)
    Type (FK to ElementType)
    ...
)

(一对一的相关)

CREATE TABLE Element_A
(
    Id (PK,FK to ElementBase)
    ...
)

CREATE TABLE Element_B
(
    Id (PK,FK to ElementBase)
    ...
)

1)RBAC(多对多相关)

CREATE TABLE ElementType_To_Role_Rights
(
    RightId (PK)
    RoleId  (FK to Role)
    ElementTypeId (FK to ElementType)
    ...
)

2)DAC(多对多相关)

CREATE TABLE ElementBase_To_Actor_Rights
(
    RightId (PK)
    ElementBaseId (FK to ElementBase)
    ActorId (FK to Actor)
    ...
)

CREATE TABLE Actor
(
    Id (PK)
    Name
)

CREATE TABLE User
(
    Id (PK,FK to Actor)
    Password
    ...
)

CREATE TABLE Role
(
    Id (PK,FK to Actor)
    ...
)

（编辑：湖南网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!