Apps with Multiple Modules/Per-Module Permissions

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
ErichTheWebGuy
Forum Newbie
Posts: 3
Joined: Sun Oct 31, 2004 12:01 pm

Apps with Multiple Modules/Per-Module Permissions

Post by ErichTheWebGuy »

Greetings all. I am currently in the design phase of a potentially huge application. The app will have the ability to accept pluggable modules, similar to the way Mambo works.

The main difference is that, based on what level of account the user has, they will have access to 0-n modules. In addition to that, the user will be able to specify which users to their own site will have access to their modules.

For example, let's say ABC Corp has an account, and has access to moduleA, moduleB, and moduleF. Let's also say that moduleF is a simple form-to-mail function. ABC Corp wants to let visitors to their site access moduleF, but not moduleA or moduleB.

So my question is this: What is the best way to implement a permissions system for this? My thinking is that I would have a module_access table, with 0-n rows, 1 row per user/module. It would then select all rows from that table where user = logged in user and loop through the records, outputting each module's content.

This just seems like a rather ineffecient way to do it, especially since I am currently limited to MySQL version 4.0.20, thus no subqueries. Anyone have any better ideas?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

This site has links to many articles on Role Based Access Control design:

http://csrc.nist.gov/rbac/
ErichTheWebGuy
Forum Newbie
Posts: 3
Joined: Sun Oct 31, 2004 12:01 pm

Post by ErichTheWebGuy »

arborint wrote:This site has links to many articles on Role Based Access Control design:

http://csrc.nist.gov/rbac/
OK, I have read that and lots of other references on RBAC and am convinced that that, at least in a "light" implementation, is the way to go for me. Thanks a bunch for that!

I have a massive flowchart to draw now 8O
Post Reply