Page 1 of 1

User management

Posted: Tue Apr 08, 2008 8:58 pm
by clrockwell
I think this is the right forum, I apologize in advance if it is not.

We need a user management system that allows for assigning privileges on a case by case basis. For instance, we have two 'object's now that can be acted upon, each in 3 different ways (create, edit, delete). In one instance we may want to allow a user access to create and delete one object with all privileges on the other object. Then the instance could arrive that we want 25% of users to be able to perform an edit on both objects, and every other user has no privileges. I think you can see where this could go, and I have to be ready for it.

Of course, we need for the system to be extensible (adding new objects, and new actions on existing/new objects).

I am convinced a group based system would not work (the different combinations of groups could get way out of hand). We have thought of using a number based system, but extensibility concerns me. When I say number based I mean either: a 0|1 to each action, so a user with two privileges on one object would be stored in mysql table as 011; or a system similar to our file access permissions are granted (777, 646, etc). Both of these thoughts are in their infancy.

From a php performance and mysql storage standpoint, what do you all think my best options are here.

Thanks much in advance for any suggestions.

Re: User management

Posted: Tue Apr 08, 2008 10:25 pm
by Christopher
An ACL based system is what you need. There is phpGACL and the Zend Framework has something that might work for you.