I have several entities (storage, item). Users have permissions related to the repository and there are permissions related to the item. For example, in the repository, the user can add items, delete, and modify them. The rights to the element can allow the user, for example, to view some characteristics of the element, change them, etc. The repository has a creator who decides what access rights can be granted to the user on the repository itself and on each element stored in it. In addition, an item has a creator, and when its item is added to the repository, the creator of the repository can give it access to other items, but cannot restrict access to its item. How best to design it?

At the moment I have only one thought => there are the following tables: Users , Storages , Elements , UserStorages and UserElements .

The structure of the UserStorages and UserElements tables is UserStorages follows: StorageId (or ElementId ) | UserId | Permissions , where Permissions is an array of 0 and 1. The position of each 0 or 1 is some kind of right; 0 - not allowed, 1 - allowed.

  • Perhaps more convenient to do more user roles. and for roles access to the elements. in case you need to change the access of different users (it will be enough to change one role and not all users) - Batanichek

0