How do I design my access control system ?
 

Hey guys,

I am working on a small erp like application (based on PHP/MySQL). I need to implement RBAC system in the application.

What I need ...

1) The application needs to have users with around 5 different roles. Super Admin, National admin(diff. national admins for diff. countries), Zonal Admin, Sub-Zonal Admin, user.

2) The Super Admin can access and control everything.

3) A National admin can see users and access details that are local to his/her country, a zonal admin can see users and functions only under his/her zone and so on.

4) I also need to show different menus for different user roles.

What I thought might work....

1) One table will store user details, one will store role details, one will store location access details. We have to map these 3 tables to get the exact access level of the particular user. I really have no idea how to go about this.

2) For the menu, I will create 5 different menus for 5 different users and then show the particular menu depending on his role. Is this a good way to go about this ?

I am completely lost and confused. All my efforts so far have been fruitless.

I think your DB tables look pretty good.

For the menu (and all other places) i would implement something like:

Oh Jim, just to be picky and boring as usual:
Will result in a parse error ;)


As for the real question, Wildhoney gave a good idea about this in this thread:
http://www.talkphp.com/script-giveaw...ount-file.html

Damn, and i was just trying to be cool :P

I was going to suggest using a bit based permission system, ya beat me to it xD Good script from Wildhoney there (as always :))