The thing is, Roger, you don't have to trade ease of use for flexibility. Having permissions as a separate entity simply makes the construction more coherent. It's not that you MUST assign individual users to permissions. I would virtually never do this. But, as I pointed out earlier, having permissions as separate beasties from user groups makes the model far more reusable and makes maintenance much easier as well. In other words, it tastes great AND it's less filling.
-----Original Message----- From: Roger B. [mailto:[EMAIL PROTECTED]] Sent: Friday, April 05, 2002 5:15 PM To: [EMAIL PROTECTED] Subject: RE: secure tag and permissions hal helms wrote: > Where Lee and I disagree... I think I'm somewhere in between the two of you... although my interpretation of where the two of you are at seems to change from post to post. :) Basically, I've got a table like this: UserGroupID|Read|Write|Run|Skip|Jump ...and each user has a UserGroupID attached. Individual fuses don't know and don't care about that UserGroupID, which seems to be what you're suggesting... at the fuse level, everything looks like this: <cfif qryPerms.skip> <cffrolic> <cfelse> <cfwalkitoffbuddy> </cfif> However, I don't allow users to break out of their group template. If an individual user needs to do something special that is outside the scope of any group's definition, then I create a new group. It's not that I consider that approach to be philosophically superior... in fact, it feels a little "ugly" to Developer Me. OTOH, I'm also my own primary client, and I have to actually *use* the stuff I build. >From the perspective of someone wearing an admin's hat, allowing individual users to break away from a group definition would just be confusing. I'd rather check the "ArticleReaders" template for its permissions list and know that all ArticleReaders share that security definition than be forced to open each ArticleReader account and investigate who has what flags set. This is one case where I would choose to trade flexibility for ease of use. -- Roger ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
