I am trying to figure out the best way to set up the model for what
could be a moderately complicated authentication / ACL issue. I am
trying to set up a kind of “single sign-on” for a web application, where
the end user could be assigned one or more roles through one or more
customers. I’m also trying to figure out which of the authentication
packages might work best for this setup.
A Customer represents a corporate entity that would pay to use a
website. Each person represents an individual and has their own
sign-on, and has one or more roles, either with a single customer or
with multiple customers.
Tables:
PEOPLE
id
last_name
first_name
e_mail
has_many people_roles
CUSTOMERS
id
customer_name
ROLES
id
role_name
PEOPLE_ROLES
person_id
customer_id
role_id
For example:
Johnny has Security Clearance Level 1 for Customer A
Jane has Level 2 and Level 3 for Customer B, and has Level 1 for
Customer A
As for the account, just make a user belong to a company or account
model to get more differentiation.
I’m not sure this will do what I’m looking for, since they could have
one set of permissions within the context of one Customer, and another
set of permissions with another customer.
As for the account, just make a user belong to a company or account
model to get more differentiation.
I’m not sure this will do what I’m looking for, since they could have
one set of permissions within the context of one Customer, and another
set of permissions with another customer.
Any other thoughts?
Oh, I think I get it… use AAA/ACL to control the “what you can do” and
use a model to control what they see. Is that basically it?
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.