I'm using restful_authentication and role_requirement to handle use authentication for my application. I'm wondering what the best way is for me to set up tiered access privileges. Essentially, I want to restrict access as follows: - some users will get access to one or more branches - some users will get access to one or more regions, including the branches within that region - some users will get access to an entire company, including the regions and branches within that company When a person logs into the application, I want to show them data only relevant to their particular branch if they only have access at the branch level. Similarly, when a person logs in that has access to an entire company, I want to be able to show them company data, regional data, and branch-level data. Should I set up three separate index tables (users_branches, users_regions, users_companies), and then when the user logs in just do three separate finds, one against each of these three tables, to find out their access rights? Or is there a better way to do this to cut down on the number of queries? I hope I've been clear enough - let me know if I need to elaborate more. Thanks in advance!
on 2008-10-28 00:52