Page 1 of 1

Apps with Multiple Modules/Per-Module Permissions

Posted: Sun Oct 31, 2004 12:19 pm
by ErichTheWebGuy
Greetings all. I am currently in the design phase of a potentially huge application. The app will have the ability to accept pluggable modules, similar to the way Mambo works.

The main difference is that, based on what level of account the user has, they will have access to 0-n modules. In addition to that, the user will be able to specify which users to their own site will have access to their modules.

For example, let's say ABC Corp has an account, and has access to moduleA, moduleB, and moduleF. Let's also say that moduleF is a simple form-to-mail function. ABC Corp wants to let visitors to their site access moduleF, but not moduleA or moduleB.

So my question is this: What is the best way to implement a permissions system for this? My thinking is that I would have a module_access table, with 0-n rows, 1 row per user/module. It would then select all rows from that table where user = logged in user and loop through the records, outputting each module's content.

This just seems like a rather ineffecient way to do it, especially since I am currently limited to MySQL version 4.0.20, thus no subqueries. Anyone have any better ideas?

Posted: Sun Oct 31, 2004 1:11 pm
by Christopher
This site has links to many articles on Role Based Access Control design:

http://csrc.nist.gov/rbac/

Posted: Wed Nov 03, 2004 11:48 pm
by ErichTheWebGuy
arborint wrote:This site has links to many articles on Role Based Access Control design:

http://csrc.nist.gov/rbac/
OK, I have read that and lots of other references on RBAC and am convinced that that, at least in a "light" implementation, is the way to go for me. Thanks a bunch for that!

I have a massive flowchart to draw now 8O