I need to add user roles and permission system into my web application built using PHP/MySQL. I want to have this functionality:
1- One root user can create sub-roots, groups, rules and normal users( all privilegis) .
2- Sub-roots can create only rules, permissions and users for his/her own group ( no groups).
3- A user can access either content created by him or his group, based on the permission assigned to him, by group root.
I need the system to be flexible enough, so that new roles and permissions are assigned to content.
I have a users table storing group key along with other information. Currently I am using two feilds in each content table i.e. createdBy and CreatedByGroup, and using that as the point whether a certain user has permissions. But its not flexible enough, because for every new content, I have to go throug all data updates and permission updates. Please help me by discussing your best practices for schema design.