在数据库中存储用户访问级别

时间:2022-01-30 12:41:44

I am storing a list of "Users" in a table. The business logic of the application will have a reference to an object with all the data in this table for the currently logged-in user. And be able to allow the user to perform operations if they have the correct access.

我将“用户”列表存储在一个表中。应用程序的业务逻辑将引用一个对象,该对象包含当前登录用户的所有数据。如果用户有正确的访问权限,则允许用户执行操作。

I'm wondering what is the best way to store "access levels?"

我想知道存储“访问级别”的最佳方式是什么?

One way I'm thinking of storing the access level is as an integer, and using C# "flags" to combine multiple access levels without requiring a bunch of fields, is this wise?

我考虑将访问级别存储为整数的一种方式是,使用c#“flags”来组合多个访问级别,而不需要一系列字段,这样做明智吗?

Create  = 1
Read    = 2
Update  = 4
Delete  = 8
FullAcc = 16

The other option I'm thinking of, feels less elegent, but I've seen it done a lot:

我正在考虑的另一个选择,感觉不那么优雅,但我看到它做了很多:

Read/Write  = 1
R/W + Delete= 2
Full Access = 3

The reason I'm wondering, is that it seems like it would be more simple to add additional items to the second method, but at some point, it would become a pain in the ass to maintain. What are your thoughts?

我想知道的原因是,似乎向第二个方法添加附加项会更简单,但在某些时候,维护起来会很麻烦。你的想法是什么?

4 个解决方案

#1


5  

I've always preferred the first approach using flags. The danger is that you get too many levels of permissions and you have to keep extending your enum and start using huge numbers and therefor maybe have to change the data type in your database to a large int. However, for something like permissions the number of options should be fairly limited. The one suggestion I would make is to have FullAcc defined as the sum of Create, Read, Update and Delete instead of as a separate entity. That way you won't have to check if a user has Update OR FullAcc permissions when they are trying to update something.

我总是喜欢使用标志的第一种方法。危险在于你得到太多的权限和你继续扩展枚举和开始使用大量因此也许不得不改变数据库中的数据类型int。然而,对于类似的权限选项的数量应该是相当有限的。我的一个建议是将FullAcc定义为创建、读取、更新和删除的总和,而不是作为一个单独的实体。这样,当用户试图更新某些内容时,就不必检查用户是否具有更新或FullAcc权限。

#2


3  

I would go with Option #1 because it gives me individual flags for each type of access.

我将使用选项#1,因为它为每种类型的访问提供了单独的标志。

I would also recommend that you store history of changes with timestamps.

我还建议您使用时间戳存储更改历史记录。

#3


1  

I'd go the enum route. Its strongly typed, transfers reasonably well between the db and code (ints and enums cast well), you can use the FlagsAttribute to combine security rights, and enums are pretty flexible when it comes to versioning issues (as long as you don't remove or rename previously defined enum values).

我要走全会路线。它的强类型,在db和代码之间的传输相当好(int和枚举的转换很好),您可以使用FlagsAttribute来组合安全性权利,并且当涉及到版本控制问题时,枚举非常灵活(只要您不删除或重命名以前定义的enum值)。

#4


1  

Your 'flags' idea is more flexible, allowing you any combination of rights if that ever becomes necessary. The 'FullAcc' item should not be defined as a specific number in your enum, however - it should be a combination of other flags or'd together (like this, with a few left out):

您的“标志”想法更加灵活,如果有必要的话,允许您将权利组合在一起。“FullAcc”项不应该被定义为枚举中的一个特定数字,但是——它应该是其他标志的组合或者一起的(像这样,有几个漏掉了):

enum Rights { Create, read, Update, FullAcc = Create | Read | Update }

The only pain I see with this is if you add more items to the enum, you have to modify the FullAcc item, and then identify your FullAcc records in the db and update the flag value.

我看到的唯一的麻烦是,如果您向enum添加更多的项,您必须修改FullAcc项,然后在db中识别您的FullAcc记录并更新标记值。

#1


5  

I've always preferred the first approach using flags. The danger is that you get too many levels of permissions and you have to keep extending your enum and start using huge numbers and therefor maybe have to change the data type in your database to a large int. However, for something like permissions the number of options should be fairly limited. The one suggestion I would make is to have FullAcc defined as the sum of Create, Read, Update and Delete instead of as a separate entity. That way you won't have to check if a user has Update OR FullAcc permissions when they are trying to update something.

我总是喜欢使用标志的第一种方法。危险在于你得到太多的权限和你继续扩展枚举和开始使用大量因此也许不得不改变数据库中的数据类型int。然而,对于类似的权限选项的数量应该是相当有限的。我的一个建议是将FullAcc定义为创建、读取、更新和删除的总和,而不是作为一个单独的实体。这样,当用户试图更新某些内容时,就不必检查用户是否具有更新或FullAcc权限。

#2


3  

I would go with Option #1 because it gives me individual flags for each type of access.

我将使用选项#1,因为它为每种类型的访问提供了单独的标志。

I would also recommend that you store history of changes with timestamps.

我还建议您使用时间戳存储更改历史记录。

#3


1  

I'd go the enum route. Its strongly typed, transfers reasonably well between the db and code (ints and enums cast well), you can use the FlagsAttribute to combine security rights, and enums are pretty flexible when it comes to versioning issues (as long as you don't remove or rename previously defined enum values).

我要走全会路线。它的强类型,在db和代码之间的传输相当好(int和枚举的转换很好),您可以使用FlagsAttribute来组合安全性权利,并且当涉及到版本控制问题时,枚举非常灵活(只要您不删除或重命名以前定义的enum值)。

#4


1  

Your 'flags' idea is more flexible, allowing you any combination of rights if that ever becomes necessary. The 'FullAcc' item should not be defined as a specific number in your enum, however - it should be a combination of other flags or'd together (like this, with a few left out):

您的“标志”想法更加灵活,如果有必要的话,允许您将权利组合在一起。“FullAcc”项不应该被定义为枚举中的一个特定数字,但是——它应该是其他标志的组合或者一起的(像这样,有几个漏掉了):

enum Rights { Create, read, Update, FullAcc = Create | Read | Update }

The only pain I see with this is if you add more items to the enum, you have to modify the FullAcc item, and then identify your FullAcc records in the db and update the flag value.

我看到的唯一的麻烦是,如果您向enum添加更多的项,您必须修改FullAcc项,然后在db中识别您的FullAcc记录并更新标记值。