Home/ Questions/Q 7171537
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T15:26:02+00:00

I have DB with few permission tables in form: UserId, Object Id, lot of

  • 0

I have DB with few permission tables in form: 

UserId, Object Id, lot of bit fields

I’ve added users groups to my DB and I need to update permissions to work with users and users groups. I think about 2 approaches.

  1. Create copy of each permission table and have 2 tables for each object permission (user and group permission) – in each table I’ll have one foreign key to ‘permission owner’ tables (in one table – to users and in second table to user groups):

    UserId NOT NULL, Object Id NOT NULL, lot of bit fields  
GroupId NOT NULL, Object Id NOT NULL, lot of bit fields

  2. Add one field (GroupId) to each permission table and use one of fields (UserId or GroupId) to identify if it is permission for group or user. So I’ll have table with 2 foreign keys – to users and user groups, but for each record only one of those FK will be used – other will be null.
    Table could looks like this: 

    UserId NULL, GroupId NULL, ObjectId NOT NULL, lot of bit fields

What is the best solution in your opinion? What are pros and cons of both? Are there other, better solution?
EDIT: I need to know what to do with foreign keys to users and groups, not with bit fields.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If the types of permissions that both sets can be granted are always the same, I’d probably keep it in the same table. But make sure you add a check constraint:

    UserId int NULL,
GroupId int NULL,
constraint CK_CorrectFKs CHECK (
   (UserId is null and GroupId is not null) or
   (UserId is not null and GroupId is null)
),
ObjectId int NOT NULL, lot of bit fields

    Or, have you considered modelling groups as users – either just modifying the Users table to accept groups directly, or having the Groups table (with “group only” columns) referencing the Users table? It may be a simpler route to go down (depending on which other parts of your database need to only work with users, for example). Then all your permission checks can just be “Here’s a list of IDs (one of which is the user, the other are groups), please work out the aggregate permissions for this user”.

    • 0