Storing multiple privileges/settings in a single integer

In many applications you have the need to set users privileges , and while there are many ways to do so, I prefer to using a single integer value to store a users privileges on any single entity.

This has many advantages,

  • you only have a single value representing all privileges
  • you can add and remove available privileges without altering the schema/entity model/storage logic
  • checking for privileges are very simple

Now you might be wondering, how is it possible to store any number of privileges in a single integer?
One of the keys to doing this are the values that you assign each privilege, these must each be twice the previous value.

For example

  • Read = 1
  • Write = 2
  • Delete = 4
  • … = 8

To understand why we do it like this we need to take a look at the individual integers binary representation

1 = 00000001
2 = 00000010
4 = 00000100
8 = 00001000

Anyone see the pattern?

And if you were to sum some of these, say Write (2) + Delete(4)

00000010
+
00000100
=
00000110

Again, you see the pattern?

Each privilege is being stored as a single bit in the integer, and each bit can be checked against even if you add multiple values together.

So, now that we have some of the theory covered, how do we utilize this?

If you have an integer you can easily check for any fraction using a simple statement

In JavaScript

var allPrivileges = 6;
var hasWrite = (allPrivileges  == (allPrivileges  | 2));

In VB.net

Dim allPrivileges As Integer = 6
Dim hasWrite As Boolean = allPrivileges = (allPrivileges Or 2)

Here we are using the bitwise operator | (or) to check that allPrivileges (6) binary or‘ed with 2 equals 6, meaning that 2 is a contained fraction of 6.

Now if you want to add a new privilege (or existing one) you just binary or the current integer with the new integer
In JavaScript

var allPrivileges = 4;
allPrivileges = allprivileges | 2;
// allPrivileges equals 6
allPrivileges= allprivileges | 2;
// allPrivileges still equals 6

In VB.net

Dim allPrivileges As Integer = 4
allPrivileges = (allPrivileges Or 2)
' allPrivileges equals 6
allPrivileges = (allPrivileges Or 2)
' allPrivileges still equals 6

Wasn’t that easy?

In an upcoming post I will show you a simple ExtJs control for visualizing and modifying a users privileges.

Tags: , , ,

This entry was posted on Tuesday, November 17th, 2009 at 20:20 and is filed under programming. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  • Pingback: » Modifying privileges stored binary using ExtJs()

  • http://blog.akawebdesign.com/ Arthur Kay

    Very cool idea… particularly since client-side logic is inherently insecure. I suppose one could even go a step further and use hexadecimal values to further obfuscate the meanings of each value.

    I may try to implement something like this in my own tool… I look forward to reading your follow-up post.

  • http://blog.akawebdesign.com Arthur Kay

    Very cool idea… particularly since client-side logic is inherently insecure. I suppose one could even go a step further and use hexadecimal values to further obfuscate the meanings of each value.

    I may try to implement something like this in my own tool… I look forward to reading your follow-up post.

  • http://kinsey.no/ Øyvind Sean Kinsey

    This has nothing to do with obfuscating, only with the logic for storing and retrieving privilieges in the simplest way – but if you want to, then yes, you could use hex-notation to specify the values.

    The follow-up post is already published, http://kinsey.no/blog/index.php/2009/11/17/modify… and gives an example on how one could view/modify such a value through using Javascript/ExtJs.

    As always when it comes to enforcing security in a webapplication, this has to be done both on the server (to actually enforce the restriction) and on the client (to avoid the user trying to do something he wil not be able to do)

  • http://oyvind.kinsey.no/ Øyvind Sean Kinsey

    This has nothing to do with obfuscating, only with the logic for storing and retrieving privilieges in the simplest way – but if you want to, then yes, you could use hex-notation to specify the values.

    The follow-up post is already published, http://kinsey.no/blog/index.php/2009/11/17/modify… and gives an example on how one could view/modify such a value through using Javascript/ExtJs.

    As always when it comes to enforcing security in a webapplication, this has to be done both on the server (to actually enforce the restriction) and on the client (to avoid the user trying to do something he wil not be able to do)

  • Pingback: Feather Earrings()

  • http://www.register-web-domain.in/ Domain registration

    These kind of post are always inspiring keep sharing more post like that

  • http://www.findacellphoneuser.com/ cell phone lookup

    Excellent article from which I gained a much better understanding of this matter, which can be confusing to me.  Very sincere thanks!

  • http://www.webhostings.in/ Web Hosting Provider

    Nice explanation and really glad for me,,

  • http://www.bellspharmacy.com Generic Viagra

    After reading your healthy things on this issue I have much confidence to be healthy as everyone want. This is very deep point you have shared on this issue to solve,
    I like to search more healthy post to review, I think it may be your post next time.