Results 1 to 4 of 4
  1. #1
    Join Date
    Aug 2004
    Posts
    4

    Design advice would be appreciated.

    Hi guys.

    I have a problem which I hope someone can help me with.

    I,ll briefly show what tables I have and then the problem.

    Tables

    USERS
    user_id
    user_password

    GROUPS
    group_id
    group_name

    USERGROUPS
    user_id
    group_id

    MODULES
    module_id
    module_name

    PERMISSIONS
    permission_id
    permission_name

    MODULEPERMISSIONS
    module_id
    permission_id

    Now then, obviously this is designed for a website, which has named modules to seperate the different sections. Each of these modules has a set of permissions associated with it. The permissions table will hold every permission needed by any module (some will need all permissions, others will need only a selected few, and I want to keep the ability to create a new permission at any time).

    The modulepermissions table, will hold details about the permissions a module can have.

    Now I need to be able to associate a group with a permission for a module, that the module has, and not able to select a permission which isnt defined in the modulepermission table.

    I,m stuck on this.

    Can anyone offer me any advice?

    Thankyou.

  2. #2
    Join Date
    Nov 2002
    Location
    Hillsboro, OR, USA
    Posts
    59
    I'm not quite sure what the question is, but this might be relevant:

    http://halhelms.com/writings/ProposedSecurityModel.pdf

    Brian

  3. #3
    Join Date
    Aug 2004
    Posts
    4
    Hi

    Thx for the reply.

    That article didnt help me, but thankyou anyway.

    I also dont think I have explained what i,m trying to do properly, I,ll have another go.

    The modules table, will list all of the different sections of the website.

    The modulepermissions table is there to setup all the different permissions a module needs to work properly.

    Now the table I want to create will allow someone to setup a group with any of the permissions that a module has allready been given, but none that it hasnt been given.

    I was thinking about doing the following....

    GroupModulePermissions

    group_id
    module_id
    permission_id

    where module_id and permission_id have FK relationships to the modulepermissions table and all the fields are a PK.

    But i,m not sure if this is correct.

    Please let me here your thoughts on the matter, anyone.

    Thankyou.

  4. #4
    Join Date
    Apr 2004
    Location
    Toronto, Canada
    Posts
    249
    If a group that needs access to a module must have all the permissions for that module, then it suffices to have only the group_id and module_id in the last table, since the permissions can be inferred from the modulePermissions table.
    If a group can have access to only some features of a given module, then what you have done is correct.


    Hope that helps.

    Ravi

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •