On Aug 27, 2009, at 9:02 PM, Ben Dunlap <bdun...@agentintellect.com> wrote:

Sort of. Create two tables a login table with user details and a specific
field for a ROLE.

Then create a roles table that lists the various permissions. I store this
This process is significantly simpler when managing users, it's easier to adjust permissions on one role than to edit a bunch of users when something

In this mechanism, does a "role" differ significantly from a "group"?
I have to admin a CRM system that has both roles /and/ groups, and it
always seems a bit excessive. But maybe there's some benefit to roles,
as such, that I'm not seeing.

Thanks, Ben

Yes, they offer an additional layer of granularity on permissions. The apps I write use groups and role to limit acces to certain functionality. The roles determine functional access to records, ie what the user can do with them. The groups membership determines what records the user can see. E.g. If a user has membership in groups A and B, they can see all records from created by or assigned to both groups. A user who belongs to group B only, can only view the records having group B membership.


Sent from my iPod

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to