Managing user privileges, best practices [on hold]
Posted
by
Loïc N.
on Pro Webmasters
See other posts from Pro Webmasters
or by Loïc N.
Published on 2013-06-28T10:27:36Z
Indexed on
2013/06/28
16:30 UTC
Read the original article
Hit count: 371
I'm am new to web development. I'm creating a website where different user can have different privileges, such as creating/editing/deleting a news, or adding/editing/deleting whatever kind of content on the website.
I started by creating a "user type" that would indicate the user's privileges (such as "user", "newser", "moderator", "admin", and so on), but I quickly started noticing issues that made me think that this might be a naive approach to this issue.
What if I want to give a regular user the right to edit a news (for whatever reason)? Then the user would be half "user", half "newser". But the system I use can only handle one user-type.
So what would be the best practice here?
I was thinking of removing the concept of roles (or "user-types" such as newser) and only have the concept of "privilege", where every user could have zero to many privileges. So, to re-use the above example, if I wanted a user to have the right to edit some news, I would only have to give him a "edit news" privilege.
Is this the way to go?
© Pro Webmasters or respective owner