Just picked up the thread midstream here... I much prefer roles based security. One of the biggest advantages is you can simplify administration. You could even allow supervisors the ability to assign roles to people that work in their department. The roles would he/she could assign would be predetermined by his/her role. Then to update permissions... an administrator simply modifies the roles.
The other feature that we had in a system that we built was to set system that each time the user hit the page the permissions were verified. This meant a user/roll could be assigned or revoked... as well as the settings for the roles, and each time the user hits the site... the true permissions were active. It should not require log in on again. Some developers I have talked with say this would be a good idea, but it is to complex. My thoughts are just my opinion... but why would a developer using fusebox 3 with built in structure... and the kick at the idea of standardized roles technology. (I do not think this should be a core requirement for fusebox... but an "standard extension".) That's my outlook. John Farrar >>> [EMAIL PROTECTED] 04/05/02 09:48AM >>> I understand Hal's point of view. It makes perfect sense. But Lee, I'm still trying to figure you out. First, some definitions: User: A person Group: A set of people, who have some application-independent property (such as job title) in common. (ex: Manager) Permission: Something that the user can do. (ex: FlushEBtoilet) Role: A set of permissions. (ex: UseEB) So Lee, are you saying that we don't need groups because we can accomplish the same thing by assigning users directly to roles? Are you saying that permissions are too granular, and we can get by just fine having the code deal directly with roles? That is, instead of <cfif hasReadArticlePermission>Read this article</cfif> <cfif hasSearchArticlePermission>Search this article</cfif> this works okay for you: <cfif isArticleReader> Read this article Search this article </cfif> Am I getting close? Patrick ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
