Sophisticated role management - how to?
Hello,
I am about to build a new web application and there will exist 2 major roles like administrator and user.
Those two roles can then be extended to assignmore rights to them.
Is there a common most used practice for this topic?
Are administrator and user persistent classes that should be mapped to the relational database system?
If so, how do I store the information about the more detailed user role, that for example may do a bunch of additional operations? Or the administrator that may only delete some users he is assigned to manage?
On first attempt I thought of using enumerations with all the roles that may exist, but that wouldnt fit my needs because the system should be open to new roles without having to re-code/touch the sources.
I'd appreciate any help on this topic,
Thanks in advance!
[873 byte] By [
rapthora] at [2007-11-27 4:09:52]
# 1
If I understand correctly, would this help you? (I'll use general terms for roles and permissions)
Administrator has read, write, execute, create, delete.
User has read, write, create
These are the only allowed permissions.
You can create a permission matrix. So, if a new user is created and he gets an Administrator role, you then have to choose what permissions he has. Same for the user. A scenario would be
Admin1 -> read, write, execute, create, delete
Admin2 -> read, write, execute, create
User1 -> read
User2 -> write, create
You would have your role permissions in a table maybe, that way updating them wouldn't be difficult. Then you have your user specific permissions based on the role as above. Each user has a table in the database with whatever information needed. Then you would have java objects corresponding to those tables, and then when you load the data for a user, you would just check that field.
Anytime you would want to add a new user role, just add it to the database. Your display code would never have to be changed.
