I would like implement a database containing hierarchical acl data
我想实现一个包含分层acl数据的数据库
My tables
我的桌子
-
USERS
: idUser,username,... - 用户:idUser,用户名,...
-
GROUPS
: idGroups,name... - 组:idGroups,名字......
-
GROUPSENTITIES
: idGroup, idChild, childType (1 for users, 2 from groups) - GROUPSENTITIES:idGroup,idChild,childType(用户为1,组为2)
-
ROLES
: idRole,name... - 角色:idRole,名字......
-
ROLESENTITIES
: idRole, IsDeny, idChild, childType (1 for users, 2 from groups)ROLESENTITIES:idRole,IsDeny,idChild,childType(用户为1,组为2)
-
Every user can belong to 0 or more groups
每个用户都可以属于0个或更多组
- Every group can belong to 0 or more groups
- 每个组可以属于0个或更多组
- Every user and every group can belong to 0 or more roles and roles can be allowed or denied
- 每个用户和每个组都可以属于0个或更多角色,并且可以允许或拒绝角色
- If an explicit deny is found, role is denied
- 如果发现显式拒绝,则拒绝角色
How can I store this kind of data? Is my design correct?
我该如何存储这类数据?我的设计是否正确?
Is it possible retrieve a list of users with all allowed roles?
是否可以检索具有所有允许角色的用户列表?
Can you please write me a query (T-SQL based) for extract this information from db
你能不能给我写一个查询(基于T-SQL)从db中提取这些信息
thanks in advance
提前致谢
1 个解决方案
#1
0
You can write the tables as you would expect. For instance, to get all the users in a group, when there are hierarchical groups, you would use a recursive CTE. Assume the group table is set up as:
您可以按预期编写表格。例如,要获取组中的所有用户,当存在分层组时,您将使用递归CTE。假设组表设置为:
create table groups (
groupid int,
member_userId int,
member_groupid int,
check (member_userId is NULL or member_groupid is null)
);
with usergroups as (
select groupid, member_userid, 1 as level
from groups
union all
select g.groupid, users.member_userid, 1+level
from users u join
groups g
on u.member_groupid = g.groupid
)
select *
from usergroups;
#1
0
You can write the tables as you would expect. For instance, to get all the users in a group, when there are hierarchical groups, you would use a recursive CTE. Assume the group table is set up as:
您可以按预期编写表格。例如,要获取组中的所有用户,当存在分层组时,您将使用递归CTE。假设组表设置为:
create table groups (
groupid int,
member_userId int,
member_groupid int,
check (member_userId is NULL or member_groupid is null)
);
with usergroups as (
select groupid, member_userid, 1 as level
from groups
union all
select g.groupid, users.member_userid, 1+level
from users u join
groups g
on u.member_groupid = g.groupid
)
select *
from usergroups;