Does anybody have some pointers for designing roles for authentication in a big organization?
e.g. a user may have a roles as 'manager' within a department 'sales', but have role 'user' for accessing payroll data etc.. Should he then have roles called 'sales_manager' and 'payroll' or are there better ways of doing this?
I want to stop people creating roles like 'sales_javafrontend_user'.
I can't seem to find guidelines on the net..