I have a user table with a self-referential relationship between instructors and students. Currently students are related to their instructors by way of an instructor_id foreign_key. A student will always have an instructor and an instructor will never be a student.
With all that said, in terms of authorization would it be OK to simply determine if a User is a student if they have a value for their instructor_id field and vice-versa? Or should I explicitly be defining user roles?
Firstly, I'd try to find some way to make it not self referential. Perhaps by making just a persons table and having a separate table be the link (users.instructor_id linking to instructors which has the fields instructor_id and user_id, the instructors.instructor_id being used in users.instructor_id, and then you could query SELECT * FROM users WHERE EXISTS (SELECT * FROM instructors WHERE instructors.user_id = users.user_id) to get a list of current instructors), or even best case have a students table and an instructors table.
If you are sure that no instructor will have an instructor_id, then I believe you should be able to check if a user is a student by that field being null(or a default of something like a -1).
I would suggest rebuilding your table structure to be non-self-referential, it will help you in the long run when cases such as an instructor being assigned to another instructor, or a student teaching for some reason or another.