I prefer something similar to what James mentioned but with the addition of groups or roles. The groups or roles would have a member table joining them 1 group/role to many permissions. A user could have either roles, and or permissions. If they had the role they by proxy had all the permissions the role has. When you start to have dozens of different permissions having roles / groups simplifies the management of them.
-----Original Message----- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, May 24, 2007 6:16 AM To: CF-Talk Subject: Re: Granular Security Model This could be normalised so that there is a user table, an enlitlement table and an m:n joining table between them (user_entitlement or similar). This way only a true (1) is indicated in the DB and you can assume false for everything else (inlcuding when initialising the struct in CF). On 5/24/07, Robert Rawlins - Think Blue wrote: > The structs method work nicely from a ColdFusion point of view, but I felt > the database was a little untidy as you had a separate database column for > each 'entitlement' which was set to 0 or 1 dependant on the permissions, > each user then had a row in this table. This was then stored in the struct > as key/value pairs with each entitlement having its one struct element and a > 'true' or 'false' value, you can then do something like <cfif > Session.User.Entitlements.DeleteUser> to check if the user has that > permission. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:279127 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
