I use the user's password as the basis for the encryption key, and use this to encrypt a json-encoded string of the user's permissions and store this along side their user name.

On login, the user name is the only field which is searched for in the database.

When a matching row is returned, the encrypted data comes out of the database its then decrypted with the password. If this is valid json, its decoded and used - else the password was incorrect

I use the user's password as the basis for the encryption key, and use this to encrypt a json-encoded string of the user's permissions and store this along side their user name.

On login, the user name is the only field which is searched for in the database.

When a matching row is returned, the encrypted data comes out of the database its then decrypted with the password. If this is valid json, its decoded and used - else the password was incorrect

EDIT

Additionally I could add some random data the json, like a salt, and re-encrypt and update in the db to add some time-variance to it