I am looking to create a website.

There will be a portal, from which the user (and thier associated users) can create/access one or more databases. There will be many different databases in the background (for historical reasons, please just go with that bit).

It must obviously be 100% secure.

I thought it probably needs a database that then has links for the other databases to be accessed. So, the portal might have a schema like simplified example below.

[![enter image description here][1]][1]

When the user clicks a database link, the 'initialAccessKey' would create a session token with which the database could be accessed.

My questions are:

 1. Is this a reasonable way to approach the task? 
 2. Is there a better way? 
 
 3. Is it secure? It seems like all the sensitive info is in one
    place! A bug could enable access to someone elses database, which
    would be catastrophic.

Any help much appreciated.


  [1]: https://i.sstatic.net/S18Jb.png