> "if department _id is NULL, user has access to all departments data." > > This is your problem. You've assigned meaning to the "value" NULL. > > CREATE TABLE permission ( > id serial, > user_id CHAR(10) NOT NULL REFERENCES user, > permission_id CHAR(10) NOT NULL REFERENCES privilege, > UNIQUE (user_id, permission_id)); > > > CREATE TABLE permission_department ( > id serial, > user_id CHAR(10) NOT NULL REFERENCES user, > permission_id CHAR(10) NOT NULL REFERENCES privilege, > department_id CHAR(10) REFERENCES department , > UNIQUE (user_id, permission_id, department_id)); > > Any person who is authorized to access documents of a department MUST have > a corresponding row in permission_department: If they are authorized to > view documents of all departments, then they must have a row corresponding > to every department. I don't understand why the permission_department table is required ? If user is authorized to all departments, I can add separate row for each department to former permission table. So the permission_department table is not required at all. Unfortunately, this approach causes loss of information: it loses the fact that user is allowed to see all departments data. If new department is added, this department should be made accessible for all users which have marked as "access all departments". So I'll think still continuing to use null as unrestricted department access. Is it reasonable to create unique constraint using CREATE UNIQUE INDEX user_id_permission_id_department_id_unique_idx ON permission (user_id, permission_id, COALESCE(department_id,'ALL')) Andrus. ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match