The most intelligible and scalable way is what @Deonis suggested. Its main advantage is that the same privilege setting can be organized for user roles, and then select the total properties of the user based on the properties of the roles set for him by a single request.
You can also write privileges in
BLOB . If we consider the option when each property has its own sequence number, then a set of such properties can be stored in a binary sequence, where each set bit is a property allowed by the user. It is possible to get the flag of the set property through a bit shift. A common set of properties for a user and his roles can be obtained through bitwise addition. Disadvantage: it is inconvenient and bearable to edit all this directly through the database.
Also, in the case of PHP, you can use the
TEXT field. Generate a property array in PHP and write the result
serialize() this array to
TEXT . Accordingly, when reading, restore the array through
unserialize() . Disadvantage: to summarize the allowed properties for users and roles at the query level to the database will not work.