Home/ Questions/Q 8778223
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T19:28:40+00:00

I’m currently in the process of designing a web app that requires the use

  • 0

I’m currently in the process of designing a web app that requires the use of user permissions and roles. The roles will be stored within the SQL database (using MS SQL but this should be a design independent of the implementation).

What is the standard practice for allowing a user to have multiple roles, a “One to Many” relationship if you will.

What I came up with conceptually is the idea of a int field that uses a bit flag to determine if the user has that role:

User Group | Permission Mask | Value
-------------------------------------
Basic      | 0 0 0 0 1       | 1
Advanced   | 0 0 0 1 0       | 2
...        |    ...          | ...
Admin      | 1 0 0 0 0       | 16

This way, on my PHP side’s authentication I can quickly math out if a user belongs to the role or not. The biggest drawback I see with this is readability and understanding. For someone not involved with this design decision would they be able to figure out what’s going on when maintenance/upgrades (new roles) come along?

Is this appropriate for my needs? Is there a more standardized way of allowing users to have multiple roles/groups?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    User
------------
Id
Name


Roles
-----------
Id
Name


UserRoles - the UserID,RoleID combination has to be unique
-----------
UserId,
RoleId


Groups
------------
Id
GroupName


UserGroups - UserID, GroupID combination has to be unique
--------------
UserId
GroupId

    Sample Data

    UserRoles
----------------------------------------------
UserID  | RoleID
--------------------------
123       ADMIN
123       EDITOR
124       SITE-USER

    Queries

    -- if no rows returned, then user does not belong to role
Select 1 From UserRoles Where UserID=123 AND RoleID='ADMIN'

-- get user roles
Select ur.ID, ur.Name From UserRoles ur
JOIN Role r ON ur.RoleID = r.RoleID
JOIN Users u ON ur.UserID = u.UserID
WHERE u.UserID = 123
    • 0