If you're willing to accept the framework it comes with. :) There's a complete security suite in the Members onTap plugin that would be able to provide the kind of access you describe. You would probably need to implement a RuleManager component to augment the security suite that's built into the plugin -- which I did in the Blogs onTap sample application. In fact, the security suite actually lends itself to this quite well as there's a relatively simple method that can be used in the application stage to override the default security settings. Thus a user can have permission to CRUD in general, which can then be overridden for an individual project at the beginning of the request to disable C, U, or D. The RuleManager component would then simply provide a mechanism for layering the security rules (and an interface for users to assign the 2nd layer) to determine who has access to which projects. The first layer of permissions is role-based (although a single user can be a member of multiple roles) -- the RuleManager components would allow you to assign any kind of logic you'd like to override the default rules, so it can be role-based but wouldn't need to be, for example, the Blog can allow you to let a user edit their own comments or not (at least I think I wrote in that ability), where the current user being synonymous with the comment author of course has no relationship to the role system at all.
> CRUD: Create, Read, Update, Delete. > Does anyone know where I could find information and > examples of > applying access control on parts of a web application and > its data? > For example: I could have a list of users with permissions > to projects like so: > User1: > RUD: Project 1 > RU: Project 2 > R: Project 3 (Can Read Only Part of the Project) > User 2 > R: Project 1 (Can Read All of the Project) > RU: Project 2 > RUD: Project 3 > I have been searching the internet and I have found a > couple ideas so > far. They are: > 1. Role-Based Access Control > 2. Discretionary Access Control with Security Descriptor > and Access Token. > Are there any others? > Any ideas? s. isaac dealey 434.293.6201 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.fusiontap.com http://coldfusion.sys-con.com/author/4806Dealey.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:234566 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54