Hello list, I'm trying to get my head around the current state of the various login/authentication engines, and can't get a clear view of what the available options are, how stable/robust they are, and what are the pros/cons/capabilities of each. The specific problem I'm trying to solve is this: I've got a bunch of users, who will need to be authenticated and assigned roles (e.g. Administrator, User, ...) and only for specific parts of the system (e.g. AccountsPayable, AccountsReceivable, GeneralLedger). No, I'm not making an accounting system, but this is the simplest analogy I could think of to describe the login/authentication I need. A user may be an Administrator for AccountsPayable, but have no rights whatsoever for GeneralLedger. In other words, I need to be able to restrict their access not only on a role basis, but also on a "which part of the system" basis. I don't want to mix the two and create roles such as GeneralLedgerAdministrator, because that doesn''t give me the scalability and flexibility I know I'm going to need later on. Is there a login/authentication engine that I can just drop in to do this (unlikely), or is there one that could be tweaked to provide this functionality relatively easily? Thanks in advance for any assistance Dave M.
on 2006-01-12 07:37
on 2006-01-12 07:53
David M. wrote: Of all the login/user systems out there the login_engine / user_engine system is the closest to what you need. It can restrict access to specific controller/action pairs based on roles, which sounds pretty close to what you want. It does not offer any support for checking permissions for specific records, however, so if you need that you will have to do some checking yourself. _Kevin