IMHO, independant permissions for viewing, adding, editing, deleting elements may be going too much into details and obviously adding to the complexity.
Having only one permission for each type of element should be enough. - any one can view elements on the public site anyway, so no permission is needed; - permission for adding elements, but not editing or deleting it in case of error is kind of weird; - why any one could delete an element, but not just modify it is there is anything wrong with it? My system uses a table for all CMS types of elements (less than 20 of them). Each type has a two characters code. Every user has a list of all types he can edit (ie: view, add, modify, delete); This list is set in a session variable at login time. In the admin module, the menu is generated according to the codes found in this permissions list. As an extra security measure, the presence of the element code in the list is checked again at the top of all editing modules (one line of code). Setting perrmissions for users is just a matter of checking appropriates checkboxes in a form and storing the list of permissions in the appropriate field for this user. Now I agree that this appraoch is not database wise "normalized", but it is much more easy and efficient if you have say less than 1000 different types of permisions. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:307601 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
