Storing application permissions in a database

Question

I\'m developing an application for our company that eventually will have lots of ways of restricting users to particular sections/modules. While the application is still small,

Answer 1

I think you should have fave tables:

user
user_x_profile
profile
profile_x_function
function

You set up various "generic" profiles "viewer", "employee", "manager" etc.

You set up a "function" entry for each object you want to control.

Then link the functions to the profiles in profile_x_function.

Then assign one or more profiles to each user.

This cuts the administration effort. Say you want to add another function that only "managers" can use -- you just add a new entry in the function table then add an entry in the "profile_x_function" table which links to the "manager" profile the permission to the manager profile and its available to all managers.

To query access you will need a five table join, but you are only selecting one permision attribute.