I need to design a system that will control access to certain information. The requirement from the user is to use access levels e.g.
Level 1 - Support Level 2 - Manager Level 3 - Senior Manager Level 4 - Department Head etc.
If a certain piece of information is marked as Level 1, then all roles should be able to view that piece of information. If it is marked as level 3, then only the Senior Manager and Department Head can view it, but the Manager and Support roles can't view it.
Questions
- When I assign the access level to a piece of information, will I have to assign multiple roles to it in order for me to achieve this functionality?
- Is there a better way of doing this?