What Are Groups?
Like roles, group permissions give you much more flexibility than tiers. However they really do a different sort of job.
For this example lets say we're dealing with editorial access to a web page in the admin side of a content management system.
With groups in AMPro, the editor would belong to any number of groups, and the page in question would also belong to any number of groups. We would decide if the editor and the page are granted access by comparing the group list of each. If there is at least one match, access is granted.
Curly |
Moe |
Page 468 |
Page 23 |
Page 127 |
Accounting |
Everyone |
Everyone |
Shipping |
Finance |
|
Sales |
|
Accounting |
HumanResources |
|
Finance |
|
|
Accounting |
In the example above, the user Moe belongs to the groups Everyone, Sales and Finance. As such, he has access to Page 468, since both he and that page belong to the same group. In addition he can get to Page 127, as once again there is a match (the Finance group) between their two membership lists.
Curly, on the other hand, is limited to Pages 23 and 127, since he belongs to Accounting and those two pages also have group matches to that category.
Is it enough just to use groups in a permission system? Anything is possible but under most circumstances probably not. A much more likely -- and sensible -- structure is to combine groups with tiers or roles. Using either in conjunction with groups expands the flexibility of the system dramatically.
For example, use groups to decide what pages in your content management system a user can access in the first place. Then set up roles to decide what that user can do once they get there. You can do exactly the same thing with tiers, although tiers will of course be 1)simpler to set up and 2)less flexible.
Examples of how to work groups into your code using AccessMonger Pro are available to registered users.
|