[thelist] Multi level Password Protection Help!

David Landy davidlandy at clara.co.uk
Thu Jul 8 23:33:26 CDT 2004


Christopher Johnson wrote:

>As for the login part, you need to set up three
>database tables:

>1: 1 to track the users and their passwords
>2: A table to track groups or access levels available
>3: a table that ties a user to the groups that they belong to

Couldn't agree more, this is definately the way to go.

> That is the easy part. The hard part is protecting the content. The
easiest
> way of doing this may be to section each group of content off to a
> particular page. At the top of the page, you need to assign the page to a
> particular group as well.

Not a bad idea -- I'd never thought of doing it this way, and it certainly
is easy. The drawback -- IMHO -- is that the access rights information is
distributed around your web pages, which makes global maintenance a little
hard (consider changing a group name), and it's hard to see at a glance who
can see what.

Perhaps a better (though slightly more complex) approach is to have a fourth
table granting access rights to the various pages for different groups, viz:

Rights
+---------+-------------+------------+
| groupID | pageName | rights |
+---------+-------------+------------+

Where "rights" is a string to allow various actions on each page eg "ACDUSF"
which stands for (A)dd, (C)hange, (D)elete, (U)ndelete, (S)earch, (F)ind.

In this way all access rights live in one place and can easily be viewed
(and maintained) via the back-end database, and you don't have to alter
pages to change user access rights.

HTH,

David
--




More information about the thelist mailing list