Your second approach is fine. It's denormalized, extensible, and can be manipulated using tools you put in place.

You may want to consider "groups" as well, thus people belonging to a group could view/edit pages, that has the potential to save a lot of administrative scut work.

A table of permissions will also be required so that the various codes used for differing levels of permission are consistent. Suggest that when a user logs in the appropriate permission levels etc. should be fetched and stored in a session to save on some trips to the server. This session data, creatively used, could mean that only the files/pages that user is authorized for will be displayed.


At 06:36 PM 11/1/2004, Eric Cranley wrote:
I tried to find this in the archives. If I missed it, my apologies in

I'm developing an intranet for my company, and we are planning on putting
sensitive information on it. I've already setup a login system using
sessions, but I'm not sure how to manage and store permissions, such as who
can view commissions, reset user passwords, etc. I've devised two methods,
but I have a feeling there's a better way to do this that I'm not thinking
of. I'll be storing these permissions in a MySQL database.

My first idea was a single field with the SET datatype. This allows for a
user to have multiple permissions, but makes it hard for other employees to
add permissions later, if they decide to restrict a previously open access
page. (I should mention that I'm the only person here who knows how to
adjust a table in MySQL, and I won't be around forever.)

My other idea solved the previously mentioned problem. I could create a
second table with employee permissions. It would have two fields,
employee_id and permission. Every employee would have one row for every
permission they had. I could also create a third table of page names and
required permission to view it, so if someone later decides that only
certain people should view a page, they can change it without coming to me.

What do people think of these ideas, and is there a better way to do this?
Thanks in advance.

Eric Cranley
IT Specialist
Willis Music Company

PHP Database Mailing List (
To unsubscribe, visit:

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to