Home/ Questions/Q 384669
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T15:24:11+00:00

I’m currently working on improving my database to make room for growth. As it

  • 0

I’m currently working on improving my database to make room for growth. As it stands, different users have different ‘permissions’ to areas of the website. Some users have permissions to multiple areas of the website.

I’d like some feedback if I’m doing this in the most efficient way:

 tblUsers:
    usrID       usrFirst       usrLast       phone    //etc....
      1            John          Doe 
      2            Jane          Smith
      3            Bill          Jones          


 tblAreas: 
    id      name   
     1       Marketing
     2       Support
     3       Human Resources
     4       Media Relations

 tblPermissions:

    id       usrID       areaID   
    1          1           2
    2          1           4
    3          2           1
    4          3           3

Right now, for each “area”, I have separate directories. However, I’d like to minimize all of these directories down to one main directory, and then redirect users on logging in to their appropriate ‘area’ based upon their permissions.

Does it sound like I’m doing this correctly? I’ve never created a multi-layered site with different permissions and different groups of people, thus, I’m certainly open to learning more on how to do this correctly.

Thanks very much!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The general design is ok. The issues that pop out on me relate to naming.

    • SQL doesn’t need hungarian notation — generally considered unnecessary / bad (tblUsers -> users).
    • I wouldn’t prefix table-names to column-names …
    • … except for column “id” which should always include your table name (i.e. areaId)
    • Your “first” and “last” column don’t make sense (hint: firstName)
    • I’d rename tblPermissions -> userAreas

    Depending on your programming language and database, I’d also recommend using underscore instead of capitalization for your table/column-names.

    As for using separate directories for different groups, I’d advise against it. Have the security-checks in your code instead of your directory layout.

    Reasoning:

    What happens when somebody decides that support is also allowed to do some marketing stuff? Should you change your code, or add a record into your database?

    Or what if you have overlapping actions?

    @brianpeiris: A couple of things come to mind:

    • No need for column aliases in JOINs
    • Makes it easier to search through code (“foo_id” gives less results than “id”)
    • JOIN USING (foo_id) instead of JOIN ON (foo.id=bar.id).
    • 0