Best practice for Permission database structure in a 3 Level Menu

Posted on 2008-11-05
Last Modified: 2008-11-06

I need to create a Menu with 3 level in my web application and I want to be able to manage permission for every item in any level.

Can someone tell how should I build my database structure and queries to do so.

Ex :

      |_ Menu1_1
      |_ Menu1_2
      |_ Menu2_1
      |_ Menu2_2
                 |_ Menu2_2_1

I want user1 to have access to everything in Menu1 but only Menu2_1 of the menu 2
I want user2 to have access to Menu2_2_1 in Menu2_2 but not Menu1 and Menu2_1

Question by:maxleb
    1 Comment
    LVL 29

    Accepted Solution

    sounds complicated. Will the user with no permissions still be able to see the forbidden menu items?
    If not then you could have all the menu items in a table and a column within that table that has a security level.
    A separate user table could also have a column that notes their security level.
    Inner join these tables on security level and you have your menu item.
    Then you have to work out how to build your page around the menu items that may or may not be in your SQL results.

    If you show the menu items regardless of the current users permission then you could put the permitted items in an array along with their URLs and give the permitted menu items an <a href> tag.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Thoughout my experience working on eCommerce web applications I have seen applications succumbing to increased user demand and throughput. With increased loads the response times started to spike, which leads to user frustration and lost sales. I ha…
    What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
    Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
    Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now