How do I design my access control system ?

[amitdgr]

This is going to be a small erp like application (based on PHP/MySQL). I need to implement RBAC system in the application.

 

I came across your wonderful article on PHP RBAC system. But, being a new programmer, I was not able to get all the intricacies of the system you have implemented for Radicore. But what I understood is that you have, over the years, developed a solid system. I felt you will be able to help me out.

 

What I need ...

 

1) The application needs to have users with around 5 different roles. Super Admin, National admin(diff. national admins for diff. countries), Zonal Admin, Sub-Zonal Admin, user.

 

2) The Super Admin can access and control everything.

 

3) A National admin can see users and access details that are local to his/her country, a zonal admin can see users and functions only under his/her zone and so on.

 

4) I also need to show different menus for different user roles.

 

What I thought might work....

 

1) One table will store user details, one will store role details, one will store location access details. We have to map these 3 tables to get the exact access level of the particular user. I really have no idea how to go about this.

2) For the menu, I will create 5 different menus for 5 different users and then show the particular menu depending on his role. Is this a good way to go about this ?

 

I am completely lost and confused. All my efforts so far have been fruitless. My whole future depends on this one project.

 

All I ask you for is to show me the right and best approach for my problem, I don't mind how hard the implementation will be. I am willing to learn.