Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

archiebango's avatar

Best Practice for Multi Auth?

Hi,

I have planning to build a simple website that has 4 roles.

Admin Buyer Seller Viewer

What is the best practice for it?

*Should I create 4 database?

*Should I create a single database with 4 tables?

*or should I create single database and single table, and add a reference column, example Admin = '1' , Buyer '2', Seller = '3', Viewer ='4'

Regards.

0 likes
4 replies
martinbean's avatar
martinbean
8 years ago
Best Answer
Level 80

@archiebango No, don’t create four database tables, models, and set of controllers and views and auth user providers. That’s just a massive overhead and maintenance headache.

Users are users. Add a role column or something to your users table and use middleware to determine what a user can see based on their role.

1 like
isaackearl's avatar

If you want them to be really separated you can do the second approach where you have multiple tables representing different authenticatable models.

Laravel has some built in functionality with this.

Here is a good tutorial I found https://devmarketer.io/learn/setting-multi-authentication-laravel-5-4-part-1/

The important part is this:

<?php
return [

    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
        'api' => [
            'driver' => 'token',
            'provider' => 'users',
        ],
        'admin' => [
            'driver' => 'session',
            'provider' => 'admins',
        ],
        'admin-api' => [
            'driver' => 'token',
            'provider' => 'admins',
        ],
    ],
    
    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\User::class,
        ],
        'admins' => [
            'driver' => 'eloquent',
            'model' => App\Admin::class,
        ],
    ],

In your config you setup multiple providers and guards. Then you can have separate logins and use the guard method to specify who you are trying to login..

if (Auth::guard('admin')->attempt($credentials)) {
    // etc...
}

EDIT: Or you can just do what martinbean said and have a single users table and create a role column. It depends on how separate you want the logins to be. However I typically do it as martinbean says and just add a role column.

archiebango's avatar

Hi, thanks to all of you. I will follow the recommendations. Cheers.

4Jean's avatar

I want to implement the first approach. Pleas can anyone post a sample of how to achieve this i have admin, student and parent roles all in users table.

Please or to participate in this conversation.