加入收藏 | 设为首页 | 会员中心 | 我要投稿 广西网 (https://www.guangxiwang.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 编程 > 正文

数据库设计 – 包含用户,角色和权限的数据库模型

发布时间:2021-01-11 08:18:26 所属栏目:编程 来源:网络整理
导读:我有一个带有用户表和角色表的数据库模型.我想控制最多10个不同元素的访问权限.可以将访问权限授予角色或单个用户. 以下是用户,角色和项目的表定义: CREATE TABLE users( id serial NOT NULL PRIMARY KEY,username character varying UNIQUE,password charac

我有一个带有用户表和角色表的数据库模型.我想控制最多10个不同元素的访问权限.可以将访问权限授予角色或单个用户.
以下是用户,角色和项目的表定义: 

CREATE TABLE users
(
  id serial NOT NULL PRIMARY KEY,username character varying UNIQUE,password character varying,first_name character varying,last_name character varying,...
);

CREATE TABLE roles
(
  id serial NOT NULL PRIMARY KEY,name character varying NOT NULL,description character varying,...
);

CREATE TABLE element_1
(
  id serial NOT NULL PRIMARY KEY,...
);

...

现在我有两种不同的权利设计方式.一个表具有权限类型列或10个权限表 – 每个要控制访问权限的元素对应一个表.

每个元素的权限表与一个权限表的优缺点是什么? – 或者是更合适的方式吗?

解决方法

首先,您计划实施哪种类型的安全模型?基于角色的访问控制(RBAC)或自主访问控制(DAC)?

RBAC in the Role-Based Access Control
(RBAC) model,access to resources is
based on the role assigned to a user.
In this model,an administrator
assigns a user to a role that has
certain predetermined right and
privileges. Because of the user’s
association with the role,the user
can access certain resources and
perform specific tasks. RBAC is also
known as Non-Discretionary Access
Control. The roles assigned to users
are centrally administered.

DAC In the Discretionary Access
Control (DAC) model,access to
resources is based on user’s identity.
A user is granted permissions to a
resource by being placed on an access
control list (ACL) associated with
resource. An entry on a resource’s ACL
is known as an Access Control Entry
(ACE). When a user (or group) is the
owner of an object in the DAC model,
the user can grant permission to other
users and groups. The DAC model is
based on resource ownership.

see source

1)在RBAC中:您需要ElementType表来为角色分配权限(用户被分配给角色). RBAC定义:“这个角色/用户可以做什么”.管理员为角色分配权限和权限,将用户分配给角色以访问资源.
2)在DAC中:用户和角色通过访问控制列表(所有权)拥有元素的权限. DAC定义:“谁有权访问我的数据”.用户(所有者)授予对所拥有资源的权限.

无论如何我建议这个数据模型:

CREATE TABLE ElementType
(
    Id (PK)
    Name
    ...
)

CREATE TABLE ElementBase
(
    Id (PK)
    Type (FK to ElementType)
    ...
)

(一对一的关系)

CREATE TABLE Element_A
(
    Id (PK,FK to ElementBase)
    ...
)

CREATE TABLE Element_B
(
    Id (PK,FK to ElementBase)
    ...
)

1)RBAC(多对多关系)

CREATE TABLE ElementType_To_Role_Rights
(
    RightId (PK)
    RoleId  (FK to Role)
    ElementTypeId (FK to ElementType)
    ...
)

2)DAC(多对多关系)

CREATE TABLE ElementBase_To_Actor_Rights
(
    RightId (PK)
    ElementBaseId (FK to ElementBase)
    ActorId (FK to Actor)
    ...
)

CREATE TABLE Actor
(
    Id (PK)
    Name
)

CREATE TABLE User
(
    Id (PK,FK to Actor)
    Password
    ...
)

CREATE TABLE Role
(
    Id (PK,FK to Actor)
    ...
)

(编辑:广西网)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
      站长推荐
      热点阅读

      【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

      建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

      Copygight © 2008-2022 https://www.guangxiwang.cn/ All Rights Reserved. 广西网