> Yes, they offer an additional layer of granularity on permissions. The apps
> I write use groups and role to limit acces to certain functionality. The
> roles determine functional access to records, ie what the user can do with
> them. The groups membership determines what records the user can see. E.g.

But is this substantially different from just allowing "groups" to
determine access to functionality, /and/ access to records, and
letting the admin create different groups for different reasons? I
guess I'm thinking of the way Active Directory works, which I've
found, in my second life as a system administrator, to be both easy to
grasp and extremely flexible/powerful.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to