-- RBAC权限扩展 - biz_data_access表 -- Date: 2026-03-21 -- Purpose: 支持数据行级访问控制例外 -- 创建数据访问控制表 CREATE TABLE IF NOT EXISTS biz_data_access ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), data_type VARCHAR(50) NOT NULL, data_id UUID NOT NULL, access_type VARCHAR(20) NOT NULL, access_id UUID NOT NULL, access_level VARCHAR(20) NOT NULL DEFAULT 'read', granted_by UUID REFERENCES auth_user(id), granted_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, CONSTRAINT uk_data_access UNIQUE(data_type, data_id, access_type, access_id) ); -- 创建索引 CREATE INDEX IF NOT EXISTS idx_da_data ON biz_data_access(data_type, data_id); CREATE INDEX IF NOT EXISTS idx_da_access ON biz_data_access(access_type, access_id); -- 注释 COMMENT ON TABLE biz_data_access IS '数据访问控制表,支持特定数据的例外权限授予'; COMMENT ON COLUMN biz_data_access.data_type IS '数据类型: project/space/asset等'; COMMENT ON COLUMN biz_data_access.data_id IS '数据主键ID'; COMMENT ON COLUMN biz_data_access.access_type IS '访问者类型: user/role/department'; COMMENT ON COLUMN biz_data_access.access_id IS '访问者ID'; COMMENT ON COLUMN biz_data_access.access_level IS '访问级别: read/write/admin';