0
Is a login table normally added to the database?
Normally I know we have a user table with attributes like email, password, etc. Then we validate user credentials. But what if there is more than one user role/type. I.e admin, customer, supplier and we want these tables to be separate due to their different attributes instead of grouping it as user table. I was thinking of storing ID and user role in session but I'm not sure which is right. Saw some sites creating a login table.
1 Answer
+ 1
Even with very simple apps, one user may have multiple types of access, for example an administrator can change the system settings, create users, may view certain data but not allowed to modify it.
Once you get to this point (usually it should be clear from the system design), if you use a relational database then you need to apply the normalization principles: to avoid data redundancy. The you will have:
- a table for user info (name, email, salted password hash)
- a table for the roles
- a table for the access, where users are combined with roles. In such a table, you would have a composite key from user_id and role_id