From: Ben Dunlap >> Yes, they offer an additional layer of granularity on permissions. The apps >> I write use groups and role to limit acces to certain functionality. The >> roles determine functional access to records, ie what the user can do with >> them. The groups membership determines what records the user can see. E.g. > > But is this substantially different from just allowing "groups" to > determine access to functionality, /and/ access to records, and > letting the admin create different groups for different reasons? I > guess I'm thinking of the way Active Directory works, which I've > found, in my second life as a system administrator, to be both easy to > grasp and extremely flexible/powerful. Yes it is. The extra layer allows me to be an admin in group A, only a reader in group B, and a moderator in group C. The question is whether you will need the extra level of control now or in the future. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
