I am designing a centralized management GUI to manage all manner of things in my companies intranet. What I am stuck on is part of the security I am trying to design. I can't get the normalization of the tables correct.
essentially my concept is as follows:
- A USER is member of a ROLE which is assigned TRANSACTIONS which allows access to WEBS and/or features in the WEB
So I start out with 4 tables:
- USERS (all users in organization)
- UserID
- UserID
- ROLES (all roles related to webs in the organization)
- RoleID
- RoleID
- WEBS (list of web in the organization)
- WebID
- WebID
- TRANSACTIONS (list of transactions (permissions for the webs)
- TransactionID
Now clearly I need a few more tables that link the IDs together. Initially I had FK_RoleID in the USERS table, but when the scope expanded to include multiple webs, I had to account for a user having different roles in different webs.
So a USER can have one ROLE per WEB, but can be in multiple ROLES across multiple WEBS.
Additional "linking" tables
- USERS_ROLES_WEBS
- UserRoleID
- FK_UserID
- FK_RoleID
- FK_WebID
Then I began thinking how that would work in a GUI
User is selected from a list ............. for editing ............. to add USER to the 'someweb.com' WEB with 'admin' ROLE
- I would envision two (2) DropDownList's, one listing WEBS and the other dynamically populated with ROLES once a WEB is selected)
There would have to be a table that contains a list of ROLES for each WEB so that would be i also need:
- ROLES_WEBS
- RoleWebID
- FK_RoleID
- FK_WebID
Also since there can be the same ROLE used in multiple WEBS that the TRANSACTIONS assigned also could be different
- ROLES_TRANSACTIONS
- RoleTransactionID
- FK_RoleID
- FK_TransactionID
You can see how complex this is getting and I am kind of starting to lose my place already.
So to reiterate
- A USER is member of a ROLE which is assigned TRANSACTIONS which allows access to WEBS and/or features in the WEB
- Each WEBS may not have the same TRANSACTIONS but may have the same ROLES
Is there another way to think about this?
Thanks for you time and insight.