I tried to find this in the archives. If I missed it, my apologies in advance.
I'm developing an intranet for my company, and we are planning on putting sensitive information on it. I've already setup a login system using sessions, but I'm not sure how to manage and store permissions, such as who can view commissions, reset user passwords, etc. I've devised two methods, but I have a feeling there's a better way to do this that I'm not thinking of. I'll be storing these permissions in a MySQL database. My first idea was a single field with the SET datatype. This allows for a user to have multiple permissions, but makes it hard for other employees to add permissions later, if they decide to restrict a previously open access page. (I should mention that I'm the only person here who knows how to adjust a table in MySQL, and I won't be around forever.) My other idea solved the previously mentioned problem. I could create a second table with employee permissions. It would have two fields, employee_id and permission. Every employee would have one row for every permission they had. I could also create a third table of page names and required permission to view it, so if someone later decides that only certain people should view a page, they can change it without coming to me. What do people think of these ideas, and is there a better way to do this? Thanks in advance. Eric Cranley IT Specialist Willis Music Company -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php