From: Nick Han [mailto:[EMAIL PROTECTED]
Sent: Saturday, 22 May 2004 6:51 AM
<<<<I would recommend using permission objects-base framework over
roles-based. Problem with relying on roles is that when you need to allow
another role to insert or update, you have to go through the templates
where inserts or updates are referenced and change the code. Very
inflexible. But if you're using permision objects-based model, you assign
that object id to any number of roles, and if the loggin user has the role
which contains that ID, then access is granted.
You can write a udf that could do something like this.
<cfif isAllowed("update user record")>
show update link here
</cfif>>>>>
Nick, I’m trying to understand how this would appear in practice. Does
this mean you’d have a table of authority levels or groups, a table of
things they could do, and a many-many table linking them together? In
which case a user would have a record in the user table, a number of
records in the user-groups table linking the user to one or more groups?
Is this how it would be?:
Tbl_USERS (All user information)
Userid
Username
etc
Tbl_GROUPS (Group names)
GroupID
Groupname
Tbl_AUTHORITYLEVELS (Authority Levels)
AuthorityLevelID
Authorityname
Tbl_TASKS (The tasks different groups can perform)
TaskID
TaskName
Tbl_USERSGROUPS (allocates users to groups)
UserGroupID
UserID
GroupID
Tbl_GROUPAUTHORITIES (allocates authority levels to different groups)
GroupAuthorityID
GroupID
AuthoritylevelID
Tbl_TASKSAUTHORITIES (Allocates tasks to different authority levels)
TaskAuthorityID
TaskID
AuthorityLevelID
Cheers
Mike Kear
Windsor, NSW, Australia
AFP Webworks
http://afpwebworks.com
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
