Geek Answers Handbook

Saving user access level in the database

I save the Users list in a table. The business logic of the application will have a link to the object with all the data in this table for the current user. And to be able to allow the user to perform operations if they have the correct access.

I am wondering what is the best way to store "access levels"?

One of the ways I'm going to save the access level is an integer, and is using the C # flags to combine multiple access levels that don't require a bunch of fields a wise thing?

Create = 1 Read = 2 Update = 4 Delete = 8 FullAcc = 16

Another option that I think of feels less elegant, but I saw how he did a lot:

 Read/Write = 1 R/W + Delete= 2 Full Access = 3

The reason I'm curious is because it would be easier to add extra elements to the second method, but at some point it will become a pain in the ass. What are your thoughts?

+6
design c # database database-design
source share
4 answers

I always preferred the first approach using flags. The danger is that you get too many permission levels, and you need to continue to expand your enumeration and start using huge numbers, and you may have to change the data type in your database to a large int. However, for something like permissions, the number of options should be quite limited. The only thing I would like to do is to indicate that FullAcc is defined as the sum of Create, Read, Update and Delete instead of a separate object. This way, you don’t have to check if the user has Update or FullAcc permissions when they try to update something.

+5
source share

I would go with Option # 1 because it gives me separate flags for each type of access.

I would also recommend keeping a history of changes with timestamps.

+3
source share

I would go along the listing route. Its strongly typed, it is well tolerated between db and code (other than int and enums), you can use FlagsAttribute to combine security rights, and the listings are quite flexible when it comes to versioning issues (unless you delete or rename previously defined values transfers).

+1
source share

The idea of ​​your flags is more flexible, allowing you any combination of rights if it ever becomes necessary. However, the "FullAcc" element should not be defined as a specific number in your enumeration - it should be a combination of other flags or together (for example, with a few left):

 enum Rights { Create, read, Update, FullAcc = Create | Read | Update }

The only pain I see with this is to add more elements to the enumeration, you need to change the FullAcc element and then define the FullAcc entries in db and update the flag value.

+1
source share

More articles:


All Articles