基于角色的权限访问控制数据库设计 - cychai的专栏 -
CSDN博客
对于权限、角色、组、用户之间的关系,四者之间均是多对多的关系:
设计的原则:数据是数据,关系是关系。
1. 要求:
用户、客户、员工,这三者是一种继承的关系。分配角色,赋予不同的权限。
下面的设计并没有引入“组”的概念,只是涉及用户、权限、角色三者。
2. 数据库设计中实体表: 1) 用户表 user 2) 角色 role 3) 权限 permission
3. 关系表: 1) 用户角色表 userRole 2) 角色权限表 rolePermission
下面是使用PowerDesigner设计的PDM图:
主外键关系命名:
Fk_parent_<主键>_child_<外键>
表关系建立原则:
Table A 字段: aid(主键) Table B 字段: bid(主键) 1. 一对一 Table A
Table B 分别设置各自的主键 2. 一对多(A对B:1-n)
Table B中设置外键 aid 3. 多对多
必须设置一张单独的关系表 Table C 中设置外键 aid bid
下面是使用PowerDesigner设计后生成的SQL Server 2005脚本文件:
/*==============================================================*/
/* DBMS name: Microsoft SQL Server 2005 */
/* Author: ChaiChunyan
/* Created on: 2008-11-11 20:28:05 */
/*==============================================================*/
if exists (select 1
from sys.sysreferences r join sys.sysobjects o on (o.id = r.constid and o.type = 'F')
where r.fkeyid = object_id('RolePermission') and o.name = 'FK_ROLEPERM_FK_PERMIS_PERMISSI') alter table RolePermission drop constraint
FK_ROLEPERM_FK_PERMIS_PERMISSI go
if exists (select 1
from sys.sysreferences r join sys.sysobjects o on (o.id = r.constid and o.type = 'F')
where r.fkeyid = object_id('RolePermission') and o.name = 'FK_ROLEPERM_FK_ROLE_R_ROLE') alter table RolePermission
drop constraint FK_ROLEPERM_FK_ROLE_R_ROLE go
if exists (select 1
from sys.sysreferences r join sys.sysobjects o on (o.id = r.constid and o.type = 'F')
where r.fkeyid = object_id('customer') and o.name = 'FK_CUSTOMER_FK_USER_I_USER') alter table customer
drop constraint FK_CUSTOMER_FK_USER_I_USER go
if exists (select 1
from sys.sysreferences r join sys.sysobjects o on (o.id = r.constid and o.type = 'F')
where r.fkeyid = object_id('employee') and o.name = 'FK_EMPLOYEE_FK_USER_I_USER') alter table employee
drop constraint FK_EMPLOYEE_FK_USER_I_USER go
if exists (select 1
from sys.sysreferences r join sys.sysobjects o on (o.id = r.constid and o.type = 'F')
where r.fkeyid = object_id('guest') and o.name = 'FK_GUEST_FK_USER_I_USER') alter table guest
drop constraint FK_GUEST_FK_USER_I_USER go
if exists (select 1
from sys.sysreferences r join sys.sysobjects o on (o.id = r.constid and o.type = 'F')
where r.fkeyid = object_id('userRole') and o.name =