From: Ben Dunlap

>> Yes, they offer an additional layer of granularity on permissions.
The apps
>> I write use groups and role to limit acces to certain functionality.
>> roles determine functional access to records, ie what the user can do
>> them. The groups membership determines what records the user can see.
> But is this substantially different from just allowing "groups" to
> determine access to functionality, /and/ access to records, and
> letting the admin create different groups for different reasons? I
> guess I'm thinking of the way Active Directory works, which I've
> found, in my second life as a system administrator, to be both easy to
> grasp and extremely flexible/powerful.

Yes it is. The extra layer allows me to be an admin in group A, only a
reader in group B, and a moderator in group C. The question is whether
you will need the extra level of control now or in the future.

Bob McConnell

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to