-- Database Migration for RBAC + ABAC Authorization -- Run this script to set up the authorization tables -- Note: The tables are already populated with your data -- This script is provided for reference and documentation -- ============================================================ -- TABLE: permissions -- Stores all system permissions (resource + action) -- ============================================================ CREATE TABLE IF NOT EXISTS permissions ( id INT AUTO_INCREMENT PRIMARY KEY, permission_name VARCHAR(100) NOT NULL, description TEXT, resource VARCHAR(100) NOT NULL, action VARCHAR(50) NOT NULL, UNIQUE KEY unique_permission (resource, action), INDEX idx_resource_action (resource, action) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; -- ============================================================ -- TABLE: policy_attributes -- Stores ABAC policy constraints for permissions -- ============================================================ CREATE TABLE IF NOT EXISTS policy_attributes ( id INT AUTO_INCREMENT PRIMARY KEY, attribute_name VARCHAR(100) NOT NULL, attribute_type ENUM('user', 'resource', 'environment') NOT NULL, comparison ENUM('=', '!=', '>', '<', '>=', '<=', 'IN', 'CONTAINS', 'STARTS_WITH', 'ENDS_WITH') NOT NULL, attribute_value VARCHAR(255) NOT NULL, permission_id INT NOT NULL, INDEX idx_permission_id (permission_id), FOREIGN KEY (permission_id) REFERENCES permissions(id) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; -- ============================================================ -- TABLE: user_attributes -- Stores user-specific attributes for ABAC evaluation -- ============================================================ CREATE TABLE IF NOT EXISTS user_attributes ( id INT AUTO_INCREMENT PRIMARY KEY, user_id CHAR(11) NOT NULL, attribute_name VARCHAR(100) NOT NULL, attribute_value VARCHAR(255) NOT NULL, INDEX idx_user_id (user_id), UNIQUE KEY unique_user_attribute (user_id, attribute_name) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; -- ============================================================ -- TABLE: users -- Main user table (already exists in your schema) -- ============================================================ CREATE TABLE IF NOT EXISTS users ( user_id CHAR(11) PRIMARY KEY, first_name VARCHAR(50) NOT NULL, middle_initial CHAR(1), last_name VARCHAR(50) NOT NULL, suffix VARCHAR(10), email_address VARCHAR(60) NOT NULL, account_type VARCHAR(60) NOT NULL, emp_id VARCHAR(50), reg CHAR(2), prov CHAR(3), aProv CHAR(3), mun CHAR(2), bgy CHAR(3), is_logged_in CHAR(2) DEFAULT 'N', first_logged_in CHAR(2) DEFAULT 'N', address VARCHAR(255), contact_number VARCHAR(13), device_id VARCHAR(50), role_id INT, role_dps INT, is_deleted VARCHAR(2) DEFAULT 'N', secret_key VARCHAR(100), is_activated VARCHAR(2) DEFAULT 'Y', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, INDEX idx_email (email_address), INDEX idx_role (role_id) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; -- ============================================================ -- EXAMPLE: Adding a New Permission -- ============================================================ -- Step 1: Insert the permission /* INSERT INTO permissions (permission_name, description, resource, action) VALUES ('Delete User Account', 'Permanently delete a user account', 'users', 'delete'); -- Step 2: Add ABAC policies (optional) INSERT INTO policy_attributes (attribute_name, attribute_type, comparison, attribute_value, permission_id) VALUES ('role', 'user', '=', 'Super Admin', LAST_INSERT_ID()), ('is_activated', 'resource', '=', 'N', LAST_INSERT_ID()); */ -- ============================================================ -- EXAMPLE: Adding User Attributes -- ============================================================ /* INSERT INTO user_attributes (user_id, attribute_name, attribute_value) VALUES ('U0000000005', 'region', '02'), ('U0000000005', 'role', 'Regional Admin'), ('U0000000005', 'action_user_role', 'Regional Administrator'), ('U0000000005', 'role_dps', '1'); */ -- ============================================================ -- INDEXES for Performance -- ============================================================ -- These should already be created by the CREATE TABLE statements above -- but are listed here for reference: -- permissions table ALTER TABLE permissions ADD INDEX IF NOT EXISTS idx_resource_action (resource, action); -- policy_attributes table ALTER TABLE policy_attributes ADD INDEX IF NOT EXISTS idx_permission_id (permission_id); -- user_attributes table ALTER TABLE user_attributes ADD INDEX IF NOT EXISTS idx_user_id (user_id); -- users table ALTER TABLE users ADD INDEX IF NOT EXISTS idx_is_deleted (is_deleted); -- ============================================================ -- VERIFICATION QUERIES -- ============================================================ -- Check permissions count -- SELECT COUNT(*) as total_permissions FROM permissions; -- Check policies count -- SELECT COUNT(*) as total_policies FROM policy_attributes; -- Check user attributes count -- SELECT COUNT(*) as total_user_attributes FROM user_attributes; -- View permissions with their policies /* SELECT p.id, p.permission_name, p.resource, p.action, COUNT(pa.id) as policy_count FROM permissions p LEFT JOIN policy_attributes pa ON p.id = pa.permission_id GROUP BY p.id ORDER BY p.id; */ -- View user with all attributes /* SELECT u.user_id, u.first_name, u.last_name, ua.attribute_name, ua.attribute_value FROM users u LEFT JOIN user_attributes ua ON u.user_id = ua.user_id WHERE u.user_id = 'U0000000001' ORDER BY ua.attribute_name; */