当前位置：文江博客话题详情

如何仅将数据分配给具有特定角色的用户？

发布于 2024-10-20 05:45:27 字数 105 浏览 1 评论 0原文

如果我只想将数据分配给具有管理员角色的用户，我将如何在数据库模式中表示它？即我有一个用户表、角色表、user_roles 表，并且该特定用户链接到管理员角色。那么我如何才能仅为管理员用户指定信息？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

回首观望 2024-10-27 05:45:27

EDIT4：所以，如果我理解的话，你有用户表、角色表和将用户链接到角色的关联。

一种想法是将值放入角色表中，然后基本上您将拥有多个管理级别的多个角色。

或者，您可以在关联表中创建其他字段，以参数化关联，但这会影响所有其他关联。（或者您可以：X位于B组中，选项1 = 1，选项2 = 42，选项3 = NULL，并根据组不同地对待选项字段）

其他想法，但我会完全不同：

你将组视为用户，有一个特殊的字段调用 isGroup [True/False]。然后创建 groupAssociation 表来存储哪个用户属于哪个组。

示例：

USER
--Id--    --IsGroup--
A         False
B         False
C         True
D         True

GROUPASSOCIATION
--uid--   --BelongsTo--
A          C
B          D
C          D

请注意，您可以级联说 C 包含在 D 中。
然后，您创建一个权限表并将组或用户与某些权限相关联。

PRIVILEGE
--Id--    --Name--
1         Access Area 1
2         Access Area 2
3         Modify user
4         Edit on StackOverflow

PRIVILEGEASSOCIATION
--uid--   --pid--
A         4
C         2
D         1
C         3

因此，用户 A 将拥有所有权限（一项直接权限，两项来自 C 组，一项用于 D 组，因为 C 包含在 D 中），而 B 则只有一项权限（来自 D 组），

在您的情况下会更好吗？

EDIT3：鉴于您最后的评论，这不再有效
GRANT 命令将帮助您解决问题。

您可以在那里看到它： GRANT

作为示例：

GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';

您可以仅对列、所有表或所有数据库执行此操作

编辑：哦，好吧，让我检查组。我忘记了那部分。

EDIT2：我没有看到任何有关 MySQL 中组权限调整的信息： this 表示这是不可能的，但它已经很旧了。但我遇到了另一个SO问题，他们使用 PHP 来管理组。

EDIT4: So if I understand, you have the users table, role table and an association linking users to roles.

One idea would be to put the value in the role table, then basically you'll have multiple role for multiple admin levels.

Or you can create other fields in the association table, to parametrize the association, but that would impact all other association. (or ou can have : X is in group B with option1=1, option2=42, option3=NULL and treat options fields differently depending on the group)

Other idea, but I would have made it completely differently:

you treat groups as users, with a special field call isGroup [True/False]. Then you create the groupAssociation table which stores which user belongs to which group.

Example :

USER
--Id--    --IsGroup--
A         False
B         False
C         True
D         True

GROUPASSOCIATION
--uid--   --BelongsTo--
A          C
B          D
C          D

Note that you can cascade saying that C is included in D.
Then you create a privilege table and associate groups or user to certain privileges.

PRIVILEGE
--Id--    --Name--
1         Access Area 1
2         Access Area 2
3         Modify user
4         Edit on StackOverflow

PRIVILEGEASSOCIATION
--uid--   --pid--
A         4
C         2
D         1
C         3

So user A would have all privileges (one direct, two from C group, one for D group since C is included in D) and B would have only one (from group D)

Would it be better in your case?

EDIT3: Given your last comment, this in not valid anymore
The GRANT command will help you sort out your problem.

You can see it right there : GRANT

As an example :

GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';

You can do it for a column only, for all table, or all database as well

EDIT: Oh well, let me check for groups. I forgot that part.

EDIT2: I didn't see anything about group permission tuning in MySQL : this said it's not possible but it's quite old. But I came accros this other SO question and they are using PHP to manage the groups.

回复收藏 0 原文

笑着哭最痛 2024-10-27 05:45:27

我认为OP正在尝试在数据库中设置一个字段，其中user_role等于admin角色。如果是这种情况，那么您需要执行以下操作：

UPDATE field FROM users LEFT JOIN user_role ON user.id = userrole.userid 
WHERE userrole.role = 'adminrole'

现在这完全取决于您的架构，您能否发帖以便我们为您提供更准确的 SQL 命令？

编辑：好吧，再次阅读问题只是让我感到困惑。请发布您的确切架构。

编辑2：
对于您的示例，将额外字段存储在用户表中是有意义的，因为地址与用户相关。仅当 users_role 等于 admin_user 时才需要设置此字段。这样，如果您将来需要扩展，您也会有所帮助。如果没有，您还可以定义另一个名为 admin_addresses 的表。这只为管理员用户指定，可能类似于：Admin_address_table (userID,address)。

要强制执行此逻辑（无论哪种方式），您可以使用例如存储过程。将数据传递给存储过程，如果 user_role 等于 admin_user，它将更新地址字段。或者，您可以在更新数据时使用应用程序逻辑。

走哪条路真的取决于你。您可以更好地了解将来可能发生什么以及需要存储哪些确切信息。希望这有帮助。

I think the OP is trying to set a field in the database where the user_role is equal to admin role. If this is the case then you would need to do something like:

UPDATE field FROM users LEFT JOIN user_role ON user.id = userrole.userid 
WHERE userrole.role = 'adminrole'

Now this would depend entirely on your schema, could you please post so we can give you a more accurate SQL command?

EDIT: ok reading the question again just confuses me. Please post your exact schema.

EDIT2:
With your example, it would make sense to store the extra field in the users table, since, an address is related to a user. You would only want to set this field if the users_role is equal to admin_user. This way you would also help if you needed to expand in the future. If not, you could also define another table called admin_addresses. This would only be specified for admin users and could look like: Admin_address_table (userID,address).

To enforce this logic (either way) you could use e.g. a stored procedure. Pass the data to a stored procedure and it would update the address field if the user_role was equal to admin_user. Alternmatively you could use application logic when updating your data.

It is really up to you which way to go. You have a better idea of what may happen in the future and what exact information needs to be stored. Hope this helps.

回复收藏 0 原文

~没有更多了~