Answer the question
In order to leave comments, you need to log in
L
L
Lite_robot2017-09-26 19:18:48
Lite_robot, 2017-09-26 19:18:48
SQL: How to implement a user model with individual rights and at the same time being in a group that sets the initial rights?
How to implement a user model with individual rights, which at the same time is in a group that also sets the rights for the user?
Is it correct to design using a table of individual rights, or to implement all types of rights through groups?
2 answer(s)
@xmoonlight
X
xmoonlight, 2017-09-26 @xmoonlight
The nested permissions set always override the existing permissions of the current level (directories, groups/partitions, etc.) if they are overridden by new ones.
Otherwise (if the current and new ones do not overlap), the rights of the current level are valid without changes.
This is done through permission masks using the merge operation - a direct replacement of the bits of the access mask through a sequential check from the top to the bottom (to the current one being checked) over all the masks encountered.
For rights, you always need to use a separate rights table (ACL), and the objects for granting rights and the rights themselves should already be set in related tables.
Access control - should be centralized and understandable!
Similar questions
Y
G
J
N
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question