I am developing a site that needs an access permissioning scheme. I am uncertain how I want to structure the scheme, and I am having a hard time finding good resources on determining not just how to implement a permission scheme, but how to plan what the scheme should be capable of doing.
I have lots of questions and not a lot of solid information. And I can't formulate the pros and cons of the available answers.
- Should it be role based and if users have roles?
- Should it be group based?
- Should groups be able to be members of Groups, as in AD?
- Or should only users be able to be members of groups?
- How should I handle permission defaults?
- Should the be set based off the tool that creates the page?
- Should the creating user set the permissions on page creation?
- Should users be able to create their own groups?
What is your experience in designing permission schemes? I am pretty green in this, and any good resources, books, blogs, etc., would be really helpful.