I have a table like this:
CREATE TYPE action_types AS ENUM ('SELECT', 'INSERT', 'UPDATE', 'DELETE');
CREATE TABLE resources(
id uuid PRIMARY KEY DEFAULT uuid_generate_v4(),
name text NOT NULL
);
CREATE TABLE roles(
id uuid PRIMARY KEY DEFAULT uuid_generate_v4(),
name text NOT NULL
);
CREATE TABLE users(
id uuid PRIMARY KEY DEFAULT uuid_generate_v4(),
role_id uuid REFERENCES roles(id) NOT NULL
CREATE TABLE permissions(
id uuid PRIMARY KEY DEFAULT uuid_generate_v4(),
action action_types NOT NULL,
resource_id uuid REFERENCES resources(id) NOT NULL,
UNIQUE(action, resource_id)
);
CREATE TABLE access(
role_id uuid REFERENCES roles(id),
permission_id uuid REFERENCES permissions(id) NOT NULL,
PRIMARY KEY(role_id, permission_id)
);
(similar to this data model)
Tables:
- resources are my tables (like posts, categories, comments, etc)...
- roles (like, admin, editor, etc)
- users (anyone logged in)
- permissions (view posts, update comments, delete categories, etc)
- access (admin has access to update comments etc)
Problem:
How do I change the model to handle owners (creators) of resources. I may want the owner of a post to be able to edit and create, but not delete a post. What about more than one owner?
Should I add or remove a table to make this more like ABAC instead of RBAC?
Obviously handling the permissions in practice will require RLS or other means, this is just a data-modeling question.
J
