Can someone give guidance on the relational design to implement a fairly simple ACL. Thinking hierarchicly (?), I have a web site with multiple 'sections' (directories, either physical or virtual via database), and subsections, and then documents. I want to be able to assign group level access to sections, and refine that access at the subsection and document level. So,
+ Root
+ Section1 -> Group 1 Only
--> SubSection1
--> SubSection2 -> Group 1 Managers
-------> Doc1
-------> Doc2-> Joe only
+ Section2 Group 2 Only
I'm trying to derive the best data model for this. Users can be in more than one group, and subsections and documents should inherent security, but they can be overridden by assigning more restrictive access to a user or a group.
Lot's of the open source php apps seem to have complex ACL functionality, I just can't figure out where to start to set one up. Do I assign each "object" i.e. a folder/section or a document to a list of those that can have access, so a one to many relationship ? Do I need permission levels, such as read, edit, delete ?
Any guidance is appreciated.
Thanks,
Brian
+ Root
+ Section1 -> Group 1 Only
--> SubSection1
--> SubSection2 -> Group 1 Managers
-------> Doc1
-------> Doc2-> Joe only
+ Section2 Group 2 Only
I'm trying to derive the best data model for this. Users can be in more than one group, and subsections and documents should inherent security, but they can be overridden by assigning more restrictive access to a user or a group.
Lot's of the open source php apps seem to have complex ACL functionality, I just can't figure out where to start to set one up. Do I assign each "object" i.e. a folder/section or a document to a list of those that can have access, so a one to many relationship ? Do I need permission levels, such as read, edit, delete ?
Any guidance is appreciated.
Thanks,
Brian