I'm designing a database that holds the information for users of three diferentes apps that share the access to the data trough an API. For every user i'm storing credentials, profile and roles.
What I'm looking forward to have should accomplish the following requirement:
Some users need to have access to more than one app. The user will have diferent roles or permissions to access certain resources or protected views in every app. The user should be able to login into every app using a unique set of username/password credentials.
This is the schema I've come up with so far:
Let me give a brief explanation of it:
- Every user has access to a certain apps trough the
app_accesstable - Every
appis composed by a set ofresources - A
usermay have one or moreroles - Every
roleis composed by a set ofpermissions - Every
permissionspecifies the actions available for that role over aresourceof a specificapp.
I want to know if this schema is good to accomplish what I need? Are there any know patterns for this requirement? What could be improved in my design?
app_accesstable.johninapp1and userjohninapp2might refer to the same person. You might be able to treat those accounts as completely separate and independent and that might simplify your design. You will have to check with the author of the requirement if this simplification is possible.profilerelated to theuserdefines who that person is? I can't see how ignoring that fact (ignoring theprofilerelation) could simplify the model. Or you may be refering to other thing and I'm not understanding.app_idto theuserstable making tihs ausers<--N:1-->apps?