Best Practices - Security Roles and Permissions [message #1691365] |
Mon, 06 April 2015 15:57 |
|
Hi there,
I wracked my brain the whole weekend, but I don't have a clue how to use permissions properly....
Here is my situation: I have got 3 types of users:
- Normal Users
- Power Users
- Admins
Normal User should only see their own orders the have placed their own orders and the can only edit their own user profile. And they have got a power user assigned.
A Power User can place orders for the normal users and create/add normal users to the
application.
And adnmin of course can do everything.
I'm not sure if i need permissions at all. Because depending on the user role I only have to adjust the where clauses of my SQL statement. I guess...
But I'm not sure, if there is a way to do this with permissions as well?
Are there any best practices for such kind of thing?
Regards, Peter
|
|
|
|
Powered by
FUDForum. Page generated in 0.03240 seconds