The definitive schema that it will be used is represented in the next link:
In the definition of the schema, some decisions were made to adapt it to the proper context of this library.
- The
user
table won't exist as part of the database schema of the library. Theuser_id
column inrbac_role_assignment
andrbac_super_admin
tables will store the values of the primary key of the existing application database "user table". As the name of the table is unknown to the library, theuser_id
column won't be defined as a foreign key. - If a user id exists in the
rbac_super_admin
table, further checks won't be performed and the permission will be considered asgranted
. - The
rbac_role_assignment
table will relate a user, with a role in a context. - The
rbac_context_type
table describes the different types of resources that will exist in an application. The values in that table are totally attached to the application domain and will be pre-defined by the application itself, not the library. - The
rbac_context
table will store each and every instance of the resources present in the application, for each type ofrbac_context_type
s. Hierarchical relationships between resources will be defined by theparent_id
parameter. - The
rbac_role_permission
table will store the list of permissions granted or denied to a role. - When checking if a permission is granted or denied in a given context, the full hierarchy of the context will be used for the check. This means that once the permission is denied in a higher context in the hierarchy, it will be considered denied in the lower contexts automatically. That is, permission denial completely overrides permission grants.
- The
rbac_permission
table relates permissions with context types. A permission will only make sense for a certainrabc_context_type
and this relation will be defined in this table. - For now Optional/Advanced functionality won't be developed.
- The
user
table will have to exist in the application. - The application domain will define the values of the context types, and this information will be stored into
rbac_context_type
table. - Each time a new resource is created, updated or deleted in the application database, the corresponding
rbac_context
entry will need to be inserted, updated or deleted.