我应该如何表示数据库中唯一的超级管理员权限?
我的项目需要有多名管理员,其中只有一名管理员具有超级管理员权限。
在数据库中表示这一点的最佳方式是什么?
My project needs to have a number of administrators, out of which only one will have super-admin privileges.
What is the best way to represent this in the database?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
使用角色/组方法。您有一个包含所有可能角色的表,然后有一个包含用户的键及其所属角色的键的相交表(每个用户可以有多个条目,因为每个用户可以有多个角色(或属于多个组))。
另外,不要称呼他们超级管理员 - 只要管理员就可以了,其余的称呼为高级用户或类似的名称。
Use a roles/groups approach. You have a table containing all the possible roles, and then you have an intersect table containing the key of the user and the key of the role they belong to (there can be multiple entries per user as each user could have several roles (or belong to several groups)).
Also, don't call them super admin - just admin is fine, call the rest power user or something similar.
简单而有效:UserId = 1。您的应用程序将始终知道它是超级用户。
Simple, yet effective: UserId = 1. Your application will always know it is the SuperUser.
有几种方法可以做到这一点。
第 1 点:在管理员(或用户)表上有一列名为
IsSuperAdmin的列,并有一个插入/更新触发器,以确保在任何给定时间只有一个人设置它。第二:表中有一个
TimestampWhenMadeSuperAdmin列。然后,在查询中找出它是谁,请使用类似以下内容的内容:数字 3/4:使用数字中的触发器或最后一个人拥有权力的方法,将超级管理员用户 ID 放入单独的表中1 或 2。
就我个人而言,我喜欢第 2 点,因为它可以为您提供所需的内容,而无需不必要的触发,并且有一个审计跟踪,可以确定在任何给定时间谁拥有权力(尽管不是完整的审计跟踪)因为它只会存储某人被任命为超级管理员的最近时间)。
第一个问题是如果你只是清除当前的超级管理员该怎么办。要么你必须把权力交给别人,要么没人拥有。换句话说,您可能会陷入没有超级管理员的情况。而第 3 和第 4 个额外的表只会使事情变得复杂。
There are a few ways to do this.
Number 1: Have a column on your administrator (or user) table called
IsSuperAdminand have an insert/update trigger to ensure that only one has it set at any given time.Number 2: Have a
TimestampWhenMadeSuperAdmincolumn in your table. Then, in your query to figure out who it is, use something like:Number 3/4: Put the SuperAdmin user ID into a separate table, using either the trigger or last-person-made-has-the-power approach from numbers 1 or 2.
Personally, I like number 2 since it gives you what you need without unnecessary triggers, and there's an audit trail as to who had the power at any given time (though not a complete audit trail since it will only store the most recent time that someone was made a SuperAdmin).
The trouble with number 1 is what to do if you just clear the current SuperAdmin. Either you have to give the power to someone else, or nobody has it. n other words, you can get yourself into a situation where there is no SuperAdmin. And number 3 and 4 just complicate things with an extra table.