Database with users design - sql-server

I am in database design development phase. Application will work with large number of users (LARGE :))
I designed 80% of database but I have one Users table which is connected to everything else:
Users {UserId, FirstName, LastName, Username, Password, PasswordQuestion, PasswordAnswer, Gender, RoleId, LastLoginDate etc etc}
I saw asp.net membership database structure where Users and Membership are two tables. My questions are:
Should I use one users table with all users data in it or more tables?
If answer is 'more tables', what tables to use? Any advice on how to structure relation between those tables?
This is sample relation that I have, and trying to improve. I don't understand why user and userChild are separated tables?

How many tables you need depends on your modeling needs.
For example if you include the RoleId in the Users table then you'll only be able to assign one role per user. Is that what you want?
Otherwise, if you have a separate table linking users to roles, you'll be able to assign more than one role per user.

Related

Cardinality Confusion: between users_roles and roles

I was designing a database as my practice and I came across a confusion where I am not sure the cardinality between a pair of my tables – users_roles, and roles
So I was wondering if you could break it down for me and explain how to think of it to be able to define the relationship. I've got quite a lot of these intermediate tables and they are just confusing me!
Additionally, I'd like to ask if I named my intermediate table correctly.
Depends on what relationship you want to achieve.
users and roles tables are holding all the users and roles.
users_roles maps users with roles, or user id's with role id's. Both user_id and role_id are FOREIGN KEYs referencing id in the other tables as a PRIMARY KEY.
This is giving you a one-many relationship between roles and user_roles as one user can have multiple roles. You can also have one-one relationship if you make role_id UNIQUE, in this situation, a user will have only one role.
Hope this helps.

Single user table for in schema which process user portal and customer website

We are running single database for rest app server. We have three types of users
for customer
for administrator, and
for partners
Currently they have different tables and username and password are also in separate respectively Now We need to refactor this schema as user are expanding.
So should a single table User with Role table is OK ? (Here Role can be admin, partner or customer, manager).
OR
Should we a keep as it is as We will be having issue if we use User and Role table:
if an admin acquire a username then that username can not be the same again for customer or partner due to unique constraint.
I think user role can not be as "Customer" as customer is not a Role. Role can be admin, manager etc
I think this is not the right way to keep in single table. What are your suggestions?
I think you should create three tables for your user management, considering the fact that one user can have several roles (ex:- admin can also be a manager Or Customer can also be a partner). So User table and Role table have a Many-To-Many relationship. In order to create this relationship, you have to create 3rd table having userId and roleId as composite primary key.
additionally, i noticed that you are going to save user's passwords in the database. For the security reasons do not store passwords in plain-text. Instaed store the hash of the password using one way hashing algorithm.
You can read more about it from here -> Best way to store password in database
Yes, it would be better to keep separate tables because of the following reasons:
1. As you specified, Customer is not a role.
2. Since administrators would be limited in number, there is no point in fetching the record for authentication/authorisation from a large data set having the customers. It will hinder the performance.
User
id
userId
role (foreign key)
etc..
Role
id
name
etc
the above structure is best practice.
if you really need extra fields for admin, partner or customer
you can create separate entity for each one and you can refer user as a foreign key like as follows
Customer
id
name
user(foreign key)
etc

Role Based DB table Design

I'm have a requirment consisting of 7 roles in my database, each role has different attributes and want to maintain a single login table with username, password and role. So, is it a good practice to maintain a same login table for group of roles and saving all the other related details of the each role in a separate table based on their roles.

How can I divide up my database into different areas for different kinds of information storage in SQL Server?

My database has been created with table names looking like this for the user information:
DROP TABLE [dbo].[webpages_Membership];
DROP TABLE [dbo].[webpages_OAuthMembership];
DROP TABLE [dbo].[webpages_Roles];
DROP TABLE [dbo].[webpages_UsersInRoles];
Is this somewhat of a standard when it comes to table naming conventions? If I now want
to make some new tables would it be reasonable to also name them things like
admin_application
admin_account
or do DBAs normally assign tables used to hold different things to different users when they want to group table types?
I would just like to find out how people normally group tables in an application. Am I
right to assume they are all under one owner in this case dbo or do people leave the
table names alone and have them stored in different owner accounts?
Yes, the best way is to use schemas to divide logically grouped tables. Good example of this is Adventure works database you can download from CodePlex. They have several schemas for different parts of the company such as Person, Production, Purcahsing, Sales and other. See more details on how MS designed this DB.
Have a look at schemas:
create schema webpages authorization dbo;
GO
create table webpages.Membership (...
create table webpages.OAuthMembership (...
create schema admin authorization dbo;
GO
create table admin.application (...
It used to be that before SQL Server 2005, you needed to create a database user in order to create a schema. However, since then, you can create schemas for organizational purposes. Schemas cannot contain schemas, so it's a single level. Schemas can contain any database object, i.e. tables, stored procedures, etc..
Schemas need to have an owner, hence the authorization bit above. Specifying dbo here will make it the same as if you had created it in the dbo schema.

Better way to represent user roles in a database

Is representing user permissions better in the user table or better in its own permissions table?
Permissions in User table
Putting permissions in the user table means making a column for each permission in the user table. An advantage is queries should run faster because no joins are necessary when relating users to user permissions. A disadvantage is that having many permissions columns clutters the user table.
Permissions in Permission table joined to User table with many-to-many relationship
Doing it this way cleanly separates out the permissions from the user table, but it requires a join across two tables to access user permissions. Database access might be slower, but database design seems cleaner.
Perhaps keeping permissions in a separate table is better when there are many permissions. What are other considerations in making this decision, and which design is better in various situations?
The standard pattern for access control is called Role Based Security. As both the number of users and the number of different types of permissions you need grows, the management of your user-to-permissions links can become increasingly difficult.
For example, if you have five administrators and fifty users, how do you keep the permissions of each group in synch? When one of your users is promoted to an administrator, how many edits do you need to make? The answer is to create two intersections: users-to-roles and roles-to-permissions.
This solution is described (including entity relationship diagram) in my answer to this question.
Your first approach is feasible when the number of different roles/permissions is relatively small. For example if you only have two types of users: normal and admin, a separate table looks like an overkill. Single is_admin column is sufficient and simple.
However this approach does not scale once the number of roles exceeds a few. It has several drawbacks:
user table becomes very "wide" having a lot of empty columns (wasting space)
adding new role to the system requires altering user table. This is cumbersome and might be time-consuming for large user database
listing user roles requires enumerating over all columns, as opposed to simple database query.

Resources