I need information where to start on a very advanced project I'm going to get involved with.
There will be 5 Role categories depending the level they will not have access to all items or fields.
A. Administrator - Should have access to all information from all users
B. Agent - Should have access to almost all information related to their customers.
C. Primary User - Will have access to all users related to their company
D. Other Users - Will have access only to their information.
E. Anonymous User - General access to general information.
What I am looking for is on the same page different roles should have different access permissions.
For example a help desk page. The administrator has access to all data including hidden fields which are not available to end-users, and could see the Casas from all users and is able to edit them or delete them.
The agent access the same page but only sees the Casas related to his customers, some internal information will not be available for him.
The end-user has access only to his Casas and has limited information and limited capabilities of making changes.
Please provide how this could be done and some resources for more information.
Role Security Project Question
Moderator: General Moderators
Re: Role Security Project Question
While this is more of a PHP code issue than Security, I'll give you a few hints that might get you started on your project (is this for a class?). First, you will surely want to use session variables to keep track of what role a user has as they navigate from page to page during the session. So your PHP code will always be aware of what role the current user has. When you are deciding whether or not to display a <div> or other page element, you can use PHP to display only the appropriate elements. When you are retrieving data from a database, probably using SQL queries, again you can use PHP to build your SQL statement with the appropriate criteria for the role of the current user.