Eric,
Your second approach is fine. It's denormalized, extensible, and can be manipulated using tools you put in place.
You may want to consider "groups" as well, thus people belonging to a group could view/edit pages, that has the potential to save a lot of administrative scut work.
A table of permissions will also be required so that the various codes used for differing levels of permission are consistent. Suggest that when a user logs in the appropriate permission levels etc. should be fetched and stored in a session to save on some trips to the server. This session data, creatively used, could mean that only the files/pages that user is authorized for will be displayed.
Miles
At 06:36 PM 11/1/2004, Eric Cranley wrote:
I tried to find this in the archives. If I missed it, my apologies in advance.
I'm developing an intranet for my company, and we are planning on putting sensitive information on it. I've already setup a login system using sessions, but I'm not sure how to manage and store permissions, such as who can view commissions, reset user passwords, etc. I've devised two methods, but I have a feeling there's a better way to do this that I'm not thinking of. I'll be storing these permissions in a MySQL database.
My first idea was a single field with the SET datatype. This allows for a user to have multiple permissions, but makes it hard for other employees to add permissions later, if they decide to restrict a previously open access page. (I should mention that I'm the only person here who knows how to adjust a table in MySQL, and I won't be around forever.)
My other idea solved the previously mentioned problem. I could create a second table with employee permissions. It would have two fields, employee_id and permission. Every employee would have one row for every permission they had. I could also create a third table of page names and required permission to view it, so if someone later decides that only certain people should view a page, they can change it without coming to me.
What do people think of these ideas, and is there a better way to do this? Thanks in advance.
Eric Cranley IT Specialist Willis Music Company
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
