Designing a multiple level user permission system
I am working on a site that has a database schema like a tree. From top to bottom I have:
- One Company can have many
- Locations that can have many
- Fleets that can have many
- Vehicles
The user permission system has to be flexible in that someone can gain or have restricted access at any level of the tree. For example, a person that manages location x will by default have full access to all fleets below location x and all vehicles below location x. But I should also be able to restrict the user's access to any node below location x.
What would be the proper way to develop a schema for a permission system such as this? Would it be realistic to store each node a user has access to even though it would be kind of redundant? The goal is for me to be able to easily run queries for开发者_开发技巧 example to get all locations a user has access to.
You might find a number of threads on SO interesting. Among them:
Implementing permissions based on reputation
Database schema for ACL
精彩评论