How to design the permission database including project management?

an existing system needs to design rights management database tables, in addition to the common "user registration, login" and so on, there is also the need to create and manage projects. Different projects are assigned to different people, and some people in the project who operate with different identities have different permissions. Users are divided into users of our company and users of outside companies. They read some permission designs based on RBAC, basically including "users", "roles", "permissions" and their associated tables, but I am a little confused about how to design their permissions database tables for "project". Please help me to guide


if I understand it correctly, the operation permissions of the project are only related to the user's role (that is, your identity)

  • A separate table for the project has a many-to-many relationship with the user table. You can pull an associated table of userId and projectId (for more information, please see hibernate's manytomany)
  • different roles have different operation permissions, and different roles have different permissions in different projects. You can pull a separate permission table with a total of four columns, self-increasing primary key, project id, role id, project permissions , where the project id+ role id is the joint unique key, enumerated variables can be used in the project permission business, and numbers can be used to represent
  • in the table.
< hr >

digression

in fact, all designs should go back to their origin, that is, business requirements. "different roles have different permissions, and different roles have different permissions in different projects." what is this specific scenario? Is there an administrator platform for Super Admin to set permissions for each role in each project?

in fact, I think a more reasonable solution: user rights and project decoupling, may only be used for the login of the system and the operation rights of other modules. Project permissions are configured directly through the page and are user latitude, that is, change the role id in the second table to user id. That is, each project administrator can assign permissions to users, so the configuration of project permissions in user latitude is more reasonable

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e47c71-4cffc.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e47c71-4cffc.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?