hehehe, after making the first post, then watching this thread, all I
can say is "oops".
I have to say I use both ideals - Hal's and Lee's. I've written apps
where there was absolutely no need (and indeed it would have been
detrimental) to code granular permissions. However I've also written
bigger apps, or apps with a more complex user/group requirement, for
which I've used granular permissions.
In part, I like granular permissions because I'm used to it from the
unix world. Take an example from a Database system - you can grant a
user permissions like so:
insert,update,select from tableA
or you could grant
delete from tableA
or a superuser could have:
all on tableA
this can also span to entire databases and instances. Often you'll
end up just granting databaseA.all to a user, to allow them to proceed
with anything they wish. The most important thing this gives me is
*permission groups* - collections of permissions that have a logical
grouping that doesn't necessarily fit with a human grouping - in
essence, a difference between groups and roles.
I like to give certain groups access to a bundle of permissions
(sometimes seen as a role).
However if I wanted to allow someone else (or another group) access to
just one of those permissions, I need to be able to specify the
permission itself (ie Insert to tableA).
It's perfectly feasible to have Bob, who is a member of group1, only
allowed to insert new records to tableA, while members of group2 can
do anything they like to tableA.
this is just how it works for me - I think that as well as it often
being a matter of taste, it can be a matter of requirement. A lot of
apps don't necessarily need this granularity, so you can either avoid
it or put it in just in case (or simply because you prefer the feel of
it). This is what I do.
Toby
---------------------------------------
Life is poetry - write it in your own words.
---------------------------------------
Toby Tremayne
Senior Technical Consultant
Code Poet and Zen Master of the Heavy Sleep
Lyricist Software
www.lyricist.com.au
0416 048 090
ICQ: 13107913
==^================================================================
This email was sent to: [email protected]
EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9
Or send an email to: [EMAIL PROTECTED]
T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================
