I tried to find this in the archives. If I missed it, my apologies in

I'm developing an intranet for my company, and we are planning on putting
sensitive information on it. I've already setup a login system using
sessions, but I'm not sure how to manage and store permissions, such as who
can view commissions, reset user passwords, etc. I've devised two methods,
but I have a feeling there's a better way to do this that I'm not thinking
of. I'll be storing these permissions in a MySQL database.

My first idea was a single field with the SET datatype. This allows for a
user to have multiple permissions, but makes it hard for other employees to
add permissions later, if they decide to restrict a previously open access
page. (I should mention that I'm the only person here who knows how to
adjust a table in MySQL, and I won't be around forever.)

My other idea solved the previously mentioned problem. I could create a
second table with employee permissions. It would have two fields,
employee_id and permission. Every employee would have one row for every
permission they had. I could also create a third table of page names and
required permission to view it, so if someone later decides that only
certain people should view a page, they can change it without coming to me.

What do people think of these ideas, and is there a better way to do this?
Thanks in advance.

Eric Cranley
IT Specialist
Willis Music Company

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to