tags:

views:

93

answers:

4
+1  Q: 

Elegent Web Permission Schemes

Hello Everyone,

I'm currently writing a web application that have about 6-12 pages. On each one of these pages, I want the user to be able to do some (or all) of the following actions: View, Add, Update, and Delete.

The current permission scheme I thought of is having an integer in a database. This integer will correspond to a binary number (e.g.: 26 -> 11010). The resulting binary number acts as a "toggle" and determines what permissions the user has. The definition of what bit represents what permission is stored in another table.

My problem is, if each page has 4 options (view, Add, Edit, Delete), then this way of determining permissions can get out of hand.

Does anyone have any other ideas for a permission scheme that would be as flexible (with respect to configurability) as this, but not as overwhelming (with respect to integer limits)?

Thanks, Onion-Knight

+2  A: 

I would suggest you do not resort to bits. Use separate columns in the DB for each category of permissions and use integers 1 and 0 to indicate whether that permission is granted or not. This would save you from bit manipulations and would be fast as well. The only downside will be a larger number of columns which, by your description, does not seem much of an issue.

Crimson  2009-11-04 12:55:03
This- it may feel like you're doing a great job at showing off your technical chops by using a bitwise representation for your permissions, and if that is your goal then go for it, but in six months time when you have to go back and revisit that code to fix some problem that has turned up, you'll be wishing you'd gone for the obvious and easily maintained solution.
glenatron  2009-11-04 12:58:48
A: 

With 32 bit integer you get 32 flags. How many permissions do you expect in your application?

Alex Reitbort  2009-11-04 12:55:28
A: 

What language are you using? Solutions can vary depending on that.

Ben Dauphinee  2009-11-04 12:55:37
@Ben Dauphinee - this is really more a comment than it is an answer.
Dominic Rodger  2009-11-04 12:56:37
+5  A: 

Perhaps a better answer, if you really need to go this route, is to have a per-page/per-user row in your database, with a set of permissions, so your table looks like so: 

 page        user     create read update delete 
 =====       =====    ====== ==== ====== ======
 test.html   joe      y      y    y      n 
 test2.html  joe      n      y    y      n

Alternately, as is usually the case, you're better off having roles, like author, editor, reviewer, admin, and giving your roles the fined-grained permissions, and putting the users into roles.

Chris Kaminski  2009-11-04 12:59:36

related questions

RSS feeds from Gallery2
User authentication on Resin webserver
Recommendation for straight-forward python frameworks
Why no favicon for my web site?
Preferred way to use favicons?
IE6: To support or not to support.
FF3 WinXP != FF3 Ubuntu - why?
Source control for web projects.
Drag and drop ftp file upload web widgets
Accessing post variables using Java Servlets
Anyone have experience creating a shared library in MATLAB?
The Difference Between a DataGrid and a GridView in ASP.NET?
Options for Google Maps over SSL
Is there an Unobtrusive Captcha for web forms?
How can I detect if a browser is blocking an popup?
How to curl or wget a web page?
What Hosting Service is best for Django applications?
What are some web-based knowledge-base solutions?
What is a good web-based Grid that accepts Excel clipboard data?
What's the best online payment processing solution?
What are effective options for embedding video in an ASP.NET web site?
How can I tell if a web client is blocking ads?
How do I make a checkbox toggle from clicking on the text label as well?
Can you recommend a good CSS online resource or book?
Class views in Django