I am trying to design an application with Role Based Access Control. And I have also designed the ER Diagram. So here I try to achieve that a USER will have a single ROLE and based on the particular ROLE it will get permissions for RESOURCES set in the resource_role table.
Please suggest if I am making any mistake.
As while searching on the internet for the RBAC ER diagram I have come across some designs like .
Source:- GitHub Link and Youtube
In this ER diagram, I have some questions which are as follows:-
How a USER can hold multiple ROLE as there is no relation between the three i.e USER, ROLE, and RESOURCE. How to identify which ROLE to use for the particular user?
And how the user_role bridge table linked to role in one and only one relation? As USER can have many ROLE attached to it.
Thanks to all in advance.