Hey guys,

I am working on a small erp like application (based on PHP/MySQL). I need to implement RBAC system in the application.

What I need ...

1) The application needs to have users with around 5 different roles. Super Admin, National admin(diff. national admins for diff. countries), Zonal Admin, Sub-Zonal Admin, user.

2) The Super Admin can access and control everything.

3) A National admin can see users and access details that are local to his/her country, a zonal admin can see users and functions only under his/her zone and so on.

4) I also need to show different menus for different user roles.

What I thought might work....

1) One table will store user details, one will store role details, one will store location access details. We have to map these 3 tables to get the exact access level of the particular user. I really have no idea how to go about this.

2) For the menu, I will create 5 different menus for 5 different users and then show the particular menu depending on his role. Is this a good way to go about this ?

I am completely lost and confused. All my efforts so far have been fruitless.

I think your DB tables look pretty good.

For the menu (and all other places) i would implement something like:

__________________
Nunchaku! Who doesn't like martial arts? =)

Oh Jim, just to be picky and boring as usual:
Will result in a parse error ;)


As for the real question, Wildhoney gave a good idea about this in this thread:
Easy to Modify Login Script with Hierarchical User Permissions and XML Account File

__________________

Damn, and i was just trying to be cool :P

__________________
Nunchaku! Who doesn't like martial arts? =)

I was going to suggest using a bit based permission system, ya beat me to it xD Good script from Wildhoney there (as always :))

__________________
mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0;
Empty set (0.00 sec)