I heartily endorse Paul's message.
Couple of other things to remember. * Don't aggregate roles into a single collection of activities, force role selection (if a user can be an admin and a normal user, make them log in as an admin to access that functionality) * The person may have different roles at different sites, so be aware that a User and a Person aren't the same things. * Don't rely on client side security to maintain server side security, secure your endpoints with the same logic as the client uses to determine access and throw appropriate exceptions. Gk. Gregor Kiddie Senior Developer INPS Tel: 01382 564343 Registered address: The Bread Factory, 1a Broughton Street, London SW8 3QJ Registered Number: 1788577 Registered in the UK Visit our Internet Web site at www.inps.co.uk <blocked::http://www.inps.co.uk/> The information in this internet email is confidential and is intended solely for the addressee. Access, copying or re-use of information in it by anyone else is not authorised. Any views or opinions presented are solely those of the author and do not necessarily represent those of INPS or any of its affiliates. If you are not the intended recipient please contact is.helpd...@inps.co.uk ________________________________ From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of Paul Andrews Sent: 21 January 2009 17:49 To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Re: Roles Based UI ----- Original Message ----- From: Tracy Spratt <mailto:tspr...@lariatinc.com> To: flexcoders@yahoogroups.com <mailto:flexcoders@yahoogroups.com> Sent: Wednesday, January 21, 2009 4:27 PM Subject: RE: [flexcoders] Re: Roles Based UI No, please, keep this on line. I have been following it closely because I will be designing and implementing a permissions system in the next couple months. I am finding the discussion very helpful. Things to bear in mind: Some users will most likely be allocating roles/permissions to other users - a potential security issue - never allow one user to create another user with permissions they don't have. Some people may be given a role but should not have all of the permissions normally granted for that role Some people may be given a role but also require extra permissions. Some people may have multiple roles. Roles can change Roles can be time limited. In large organisations you have to consider segregation of roles/permissions dependent on which part of the company they belong to. You can make this as sophisticated as you want.
