User accounts and admin accounts, best practices?


what are some techniques people are using to keep user accounts and
admin accounts separate? Meaning, I am going to create a paid service
website and I am going to have general users (free accounts) premium
members (paid accounts) and of course admin functions for me to
monitor them and view invoices and what not. I am planning on using
Restful Authentication but I am not sure what are the best practices
from separating the different accounts. Do I create multiple tables
for all the different types of users? Do I just give certain users
administrative rights in a column some how? I am new to rails and
fairly new to developing web apps in general. Any help or guidance in
the right direction would be greatly appreciated. Thank you in


for the admin account we mostly use a simple http authentication.
As long as we don’t need several types of them with seperate
roles & rights. Admin has it’s own namespace then, so that’s
quite simple.

Keep your users in one table with some flags to identify the role.
Then it depends on the amount of different access rights, if you
need another table for the role (avoid that if ever possible, since
administrating them can become a pain)
Use before filters in application.rb to check the user status at login
time and prepare a few methods for the controllers & views to
know what functionality to display and execute.

Is there a big advantage to using HTTP auth instead of normal auth in
the web form for admins? I currently am doing all logins for users and
admins through my web app, and based on a flag in the db I know if the
user is an admin or not.

I personally don’t know but I was speaking with a rails developer this
weekend about this topic and he said to do it the way you do it
walker, with admins having flags and what not. He has been involved
in some pretty big projects and has worked with some really brilliant
people so I trust his judgment. Well I guess that answers my question.

Nice, sounds pretty straight forward, so for admin I will just use the
Rails http authentication and then for users I will use restful
authentication. Just wondering if anyone else had any suggestions or
links to any online tutorials to this specific question. Thanks for
your response Thorsten