RBAC (Role-Based Access Control, role-based access control) means that users are associated with roles and permissions. Simply put, a user has several roles, and each role has several permissions. In this way, a "user-role-permission" authorization model is constructed. In this model, there is a many-to-many relationship between users and roles, and between roles and permissions.
Therefore, we generally start from the user-role-privilege model and build an association table based on the corresponding relationship to establish the relationship between the table and the table.
And there are 10 tables in this employee management system:
Basic table: user table, role table, permission table, resource table, proxy table (you can temporarily authorize your authority to the person who represents you), department table.
The mapping tables created according to the association relationship: user role table, role permission table, department permission table, user agent table.
A user can use multiple roles or multiple permissions, all of them are in a many-to-many relationship, and permissions can be seen as operating permissions on resources.
In this system, we can use primary keys and foreign keys to authorize users and the entire department through association tables.
All we use the mapping table to maintain the relationship between them.
Below is the EER diagram of this system:
We can see that the most basic is the user, role, permission tables and then through the mapping table associated with the foreign key to establish a connection, which is also the most basic. And we can also expand the table relationship and establish a connection according to the needs of the system, such as department and delegation.
sql script
-- MySQL dump 10.13 Distrib 5.7.12, for Win64 (x86_64)
--
-- Host: localhost Database: user_management
-- ------------------------------------------------------
-- Server version 5.7.14-log
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Table structure for table `delegation`
--
DROP TABLE IF EXISTS `delegation`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `delegation` (
`delegation_id` int(11) NOT NULL,
`delegation_user_id` int(11) DEFAULT NULL,
`startDate` date DEFAULT NULL,
`endDate` date DEFAULT NULL,
PRIMARY KEY (`delegation_id`),
KEY `delegation_user_id` (`delegation_user_id`),
CONSTRAINT `delegation_ibfk_1` FOREIGN KEY (`delegation_user_id`) REFERENCES `user` (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `delegation`
--
LOCK TABLES `delegation` WRITE;
/*!40000 ALTER TABLE `delegation` DISABLE KEYS */;
/*!40000 ALTER TABLE `delegation` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `department`
--
DROP TABLE IF EXISTS `department`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `department` (
`department_id` int(11) NOT NULL,
`department_name` varchar(30) DEFAULT NULL,
PRIMARY KEY (`department_id`),
UNIQUE KEY `department_id_UNIQUE` (`department_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `department`
--
LOCK TABLES `department` WRITE;
/*!40000 ALTER TABLE `department` DISABLE KEYS */;
INSERT INTO `department` VALUES (1,'研发部');
/*!40000 ALTER TABLE `department` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `department_permission`
--
DROP TABLE IF EXISTS `department_permission`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `department_permission` (
`department_id` int(11) DEFAULT NULL,
`permission_id` int(11) DEFAULT NULL,
KEY `department_id` (`department_id`),
KEY `permission_id` (`permission_id`),
CONSTRAINT `department_permission_ibfk_1` FOREIGN KEY (`department_id`) REFERENCES `department` (`department_id`),
CONSTRAINT `department_permission_ibfk_2` FOREIGN KEY (`permission_id`) REFERENCES `permission` (`permission_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `department_permission`
--
LOCK TABLES `department_permission` WRITE;
/*!40000 ALTER TABLE `department_permission` DISABLE KEYS */;
/*!40000 ALTER TABLE `department_permission` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `permission`
--
DROP TABLE IF EXISTS `permission`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `permission` (
`permission_id` int(11) NOT NULL,
`resource_id` int(11) DEFAULT NULL,
PRIMARY KEY (`permission_id`),
KEY `resource_id` (`resource_id`),
CONSTRAINT `permission_ibfk_1` FOREIGN KEY (`resource_id`) REFERENCES `resource` (`resource_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `permission`
--
LOCK TABLES `permission` WRITE;
/*!40000 ALTER TABLE `permission` DISABLE KEYS */;
/*!40000 ALTER TABLE `permission` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `resource`
--
DROP TABLE IF EXISTS `resource`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `resource` (
`resource_id` int(11) NOT NULL,
`resource_name` varchar(25) DEFAULT NULL,
`resource_crud` int(11) DEFAULT NULL,
PRIMARY KEY (`resource_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `resource`
--
LOCK TABLES `resource` WRITE;
/*!40000 ALTER TABLE `resource` DISABLE KEYS */;
/*!40000 ALTER TABLE `resource` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `role`
--
DROP TABLE IF EXISTS `role`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `role` (
`role_id` int(11) NOT NULL,
`role_name` varchar(20) DEFAULT NULL,
PRIMARY KEY (`role_id`),
UNIQUE KEY `role_id_UNIQUE` (`role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `role`
--
LOCK TABLES `role` WRITE;
/*!40000 ALTER TABLE `role` DISABLE KEYS */;
INSERT INTO `role` VALUES (1,'总经理');
/*!40000 ALTER TABLE `role` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `role_permission`
--
DROP TABLE IF EXISTS `role_permission`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `role_permission` (
`role_id` int(11) DEFAULT NULL,
`permission_id` int(11) DEFAULT NULL,
KEY `role_id` (`role_id`),
KEY `permission_id` (`permission_id`),
CONSTRAINT `role_permission_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `role` (`role_id`),
CONSTRAINT `role_permission_ibfk_2` FOREIGN KEY (`permission_id`) REFERENCES `permission` (`permission_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `role_permission`
--
LOCK TABLES `role_permission` WRITE;
/*!40000 ALTER TABLE `role_permission` DISABLE KEYS */;
/*!40000 ALTER TABLE `role_permission` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `user`
--
DROP TABLE IF EXISTS `user`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user` (
`user_id` int(11) NOT NULL,
`user_name` varchar(40) DEFAULT NULL,
`user_gender` varchar(8) DEFAULT NULL,
`user_email` varchar(30) DEFAULT NULL,
`user_phone` varchar(20) DEFAULT NULL,
`user_address` varchar(45) DEFAULT NULL,
`user_birthday` date DEFAULT NULL,
`department_id` int(11) DEFAULT NULL,
PRIMARY KEY (`user_id`),
UNIQUE KEY `use_idr_UNIQUE` (`user_id`),
KEY `department_id` (`department_id`),
CONSTRAINT `user_ibfk_1` FOREIGN KEY (`department_id`) REFERENCES `department` (`department_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `user`
--
LOCK TABLES `user` WRITE;
/*!40000 ALTER TABLE `user` DISABLE KEYS */;
INSERT INTO `user` VALUES (101,'mike','male','[email protected]','183xxxxxxxx','chengdu','2017-01-19',1),(102,'mao','female','[email protected]','183xxxxxx','chengdu','2017-01-20',1),(103,'huang','male','[email protected]','183xxxxxxxx','chengdu','2017-01-24',NULL);
/*!40000 ALTER TABLE `user` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `user_delegation`
--
DROP TABLE IF EXISTS `user_delegation`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_delegation` (
`user_id` int(11) DEFAULT NULL,
`delegation_id` int(11) DEFAULT NULL,
KEY `user_id` (`user_id`),
KEY `delegation_id` (`delegation_id`),
CONSTRAINT `user_delegation_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `user` (`user_id`),
CONSTRAINT `user_delegation_ibfk_2` FOREIGN KEY (`delegation_id`) REFERENCES `delegation` (`delegation_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `user_delegation`
--
LOCK TABLES `user_delegation` WRITE;
/*!40000 ALTER TABLE `user_delegation` DISABLE KEYS */;
/*!40000 ALTER TABLE `user_delegation` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `user_department`
--
DROP TABLE IF EXISTS `user_department`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_department` (
`user_id` int(11) DEFAULT NULL,
`department_id` int(11) DEFAULT NULL,
KEY `user_id` (`user_id`),
KEY `department_id` (`department_id`),
CONSTRAINT `user_department_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `user` (`user_id`),
CONSTRAINT `user_department_ibfk_2` FOREIGN KEY (`department_id`) REFERENCES `department` (`department_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `user_department`
--
LOCK TABLES `user_department` WRITE;
/*!40000 ALTER TABLE `user_department` DISABLE KEYS */;
/*!40000 ALTER TABLE `user_department` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `user_role`
--
DROP TABLE IF EXISTS `user_role`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `user_role` (
`user_id` int(11) DEFAULT NULL,
`role_id` int(11) DEFAULT NULL,
KEY `user_id` (`user_id`),
KEY `role_id` (`role_id`),
CONSTRAINT `user_role_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `user` (`user_id`),
CONSTRAINT `user_role_ibfk_2` FOREIGN KEY (`role_id`) REFERENCES `role` (`role_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `user_role`
--
LOCK TABLES `user_role` WRITE;
/*!40000 ALTER TABLE `user_role` DISABLE KEYS */;
/*!40000 ALTER TABLE `user_role` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2017-02-15 16:44:55