Barney gave a pretty good overview. When I wrote AccessMonger, I pretty much followed the same model he describes. Permissions give you absolutely granular control over literally anything you please, but as your system grows you could potentially wind up with zillions of permissions. To help manage that I used "groups" to group together bundles of permissions for typical classes of users. So you would create a typical "manager" group where that group has add, edit and delete permissions over a variety of areas. You create this and other default, typical groups in an area reserved for same. Then when a user comes along who you want to give "manager" permissions you go to the user's record and pick that permission group from a list. If you then want to customize that individual user's granted permissions beyond the quasi-generic role you just assigned to them, you will need to be able to grant the user individual permissions on a one-by-one basis.
The real secret to a permission-based system is the management tools you build to manage what is going to wind up being a very complex -- but very flexible -- system. Make sure you build global tools (remove Permission X from all user records, and replace permission X with Permission Y... that sort of thing). -- [EMAIL PROTECTED] Janitor, MSB Web Systems mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:260048 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
