Since this seems to come up occasionally, I'm sharing my response
to this ticket with the entire TG community. I'm certain at least
one person will tell me "that's the stupidest thing I've ever
heard"...
Doesn't sound stupid at all :)
On Feb 5, 2006, at 4:19 PM, Jeff Watkins wrote:
There is nothing preventing you from creating a Model that better
suits your needs, however, experience with large user communities
shows that you're almost always better off modelling via Users-
>Groups<-Permissions rather than applying permissions directly to a
particular User.
It's essential for user management (when there are more, than let's
say 10 users :). As you pointed out.
I have a little "semantic" quirk though:
I have subclassed for one of my apps a small variation of TGs default
identity scheme in which I substitute TG_Group for Role (as It fits
better in my head: "Permissions tied to Roles"), for example,
GROUP_ADMIN (which has permissions "can create user", "can edit
user", etc...). Then it have a different Group class (which isn't the
same concept as TG_Group) which models different groups in wihch
users are "grouped" into as to limit the scope in which a GROUP_ADMIN
has priviileges on, for example. These Groups have no permissions
attached to them whatsoever, theyre just to relate users among
themselves.
Just wanted to share it with you.
Regards, Alberto
