Hi, The answer depends on the type of administrative interface you are planning on building but in short I would go with a definite YES.
For example: if the application is something like a CMS; you would use user roles and give some users more rights than others. E.g. Editor would have access to more functionality than an author or a forum contributor. However, if you are talking about admin interface to manage the system; like view application/user statistics, edit database, delete orphaned sessions, switch application into maintenance mode or audit users internal mail messages (i.e. auditing that will require you to have very high access right and does not relate to the underlying application functionality) – then you definitely should segregate the two. Otherwise the impact of a breach will be disastrous. Also, have a look how Joomla! does it. They have role based user hierarchy and a separate administrative interface for application housekeeping tasks. Cheers, Serg On Fri, Sep 19, 2008 at 8:34 AM, Giorgio Sironi <[EMAIL PROTECTED]> wrote: > 2008/9/18 Ghrae <[EMAIL PROTECTED]>: >> Is there an article or best practice about this topic? Good and bad points? >> Suggestions on how it should work? What functionality is considered admin >> and what functionality is just limited to those with login / permission >> access? > > I personally don't make distinction. I use a config to allow action > for some categories of users. Simple user/admin is not enough if you > think for instance of a message board: we have moderators that can > access one or more forums that stand in between from users and admins. > > > -- > Giorgio Sironi > Piccolo Principe & Ossigeno Scripter > http://www.sourceforge.net/projects/ossigeno >
