Greetings all. I am currently in the design phase of a potentially huge application. The app will have the ability to accept pluggable modules, similar to the way Mambo works.
The main difference is that, based on what level of account the user has, they will have access to 0-n modules. In addition to that, the user will be able to specify which users to their own site will have access to their modules.
For example, let's say ABC Corp has an account, and has access to moduleA, moduleB, and moduleF. Let's also say that moduleF is a simple form-to-mail function. ABC Corp wants to let visitors to their site access moduleF, but not moduleA or moduleB.
So my question is this: What is the best way to implement a permissions system for this? My thinking is that I would have a module_access table, with 0-n rows, 1 row per user/module. It would then select all rows from that table where user = logged in user and loop through the records, outputting each module's content.
This just seems like a rather ineffecient way to do it, especially since I am currently limited to MySQL version 4.0.20, thus no subqueries. Anyone have any better ideas?
Apps with Multiple Modules/Per-Module Permissions
Moderator: General Moderators
-
ErichTheWebGuy
- Forum Newbie
- Posts: 3
- Joined: Sun Oct 31, 2004 12:01 pm
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
This site has links to many articles on Role Based Access Control design:
http://csrc.nist.gov/rbac/
http://csrc.nist.gov/rbac/
-
ErichTheWebGuy
- Forum Newbie
- Posts: 3
- Joined: Sun Oct 31, 2004 12:01 pm
OK, I have read that and lots of other references on RBAC and am convinced that that, at least in a "light" implementation, is the way to go for me. Thanks a bunch for that!arborint wrote:This site has links to many articles on Role Based Access Control design:
http://csrc.nist.gov/rbac/
I have a massive flowchart to draw now