29 lines
1.3 KiB
SQL
29 lines
1.3 KiB
SQL
-- RBAC权限扩展 - biz_data_access表
|
|
-- Date: 2026-03-21
|
|
-- Purpose: 支持数据行级访问控制例外
|
|
|
|
-- 创建数据访问控制表
|
|
CREATE TABLE IF NOT EXISTS biz_data_access (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
data_type VARCHAR(50) NOT NULL,
|
|
data_id UUID NOT NULL,
|
|
access_type VARCHAR(20) NOT NULL,
|
|
access_id UUID NOT NULL,
|
|
access_level VARCHAR(20) NOT NULL DEFAULT 'read',
|
|
granted_by UUID REFERENCES auth_user(id),
|
|
granted_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
|
CONSTRAINT uk_data_access UNIQUE(data_type, data_id, access_type, access_id)
|
|
);
|
|
|
|
-- 创建索引
|
|
CREATE INDEX IF NOT EXISTS idx_da_data ON biz_data_access(data_type, data_id);
|
|
CREATE INDEX IF NOT EXISTS idx_da_access ON biz_data_access(access_type, access_id);
|
|
|
|
-- 注释
|
|
COMMENT ON TABLE biz_data_access IS '数据访问控制表,支持特定数据的例外权限授予';
|
|
COMMENT ON COLUMN biz_data_access.data_type IS '数据类型: project/space/asset等';
|
|
COMMENT ON COLUMN biz_data_access.data_id IS '数据主键ID';
|
|
COMMENT ON COLUMN biz_data_access.access_type IS '访问者类型: user/role/department';
|
|
COMMENT ON COLUMN biz_data_access.access_id IS '访问者ID';
|
|
COMMENT ON COLUMN biz_data_access.access_level IS '访问级别: read/write/admin';
|