boatingcow
Reputation: 684
The party model, permissions, customers and staff
We are using a party model for a booking application, so that customers and staff effectively share the same table in the database.
Previously customers could only 'book' an appointment if they paid and if a slot was available. Now, we want to create a premium_customer type role so that customers can make bookings without paying and even if there is no availability.
Does it make sense to add customers to a single security model, such as in an ACL or RBAC?
- If so, do we introduce roles called
normal_customerandpremium_customeralongside ourreceptionandduty_managerand other staff roles? - If not, should there be a separate security model for website users?
Upvotes: 5
Views: 348
Answers (2)
Timo
Reputation: 935
As I don't know all your requirements, i can't give you a definitive solution, but your Approach to create a role could be correct i many cases. However, you could also create a "Subscription", wich could have start- and end date.
Upvotes: 2
Related Questions
- Roles and permissions in php
- PHP Access Control System
- Implementing Roles based access control in php application
- Webservice App - Security for Application (Login, Userdata etc.)
- Fine-grained access control
- Design help: Multiple User Roles
- How to manage user access and user permissions
- Access control for multiple users in a web application
- Designing a multiple level user permission system
- Role based access with a twist?