Re: Re: Re: Need advice on a security model, please.
Your model can work, but you'll need to assign your groups based on category — not per-customer.
Try this...
- Give Registered users tiki_p_view only. (Remove the tiki_p_edit.)
- For each category (FOO), create two groups: FOO_EDIT and FOO_VIEW
- For each *_EDIT group, assign tiki_p_edit.
So you'll now have a structure similar to:
| CATEGORY | GROUPS | |
| Foo | Foo_Edit | Foo_View |
| Bar | Bar_Edit | Bar_View |
| Alpha | Alpha_Edit | Alpha_View |
etc.
For each category, assign VIEW permission to its *_VIEW and *_EDIT group. (I assume that if you can edit something you can, by default, view it.)
Now, for each customer, you simply assign them to the appropriate Group. For example:
- If customer A can read all categories but edit only Foo:
- Foo_Edit
- Bar_View
- Alpha_View
- If customer B can edit Foo but read only Bar:
- Foo_Edit
- Bar_View
- If customer C can edit View and Bar but only view Foo:
- Foo_View
- Bar_Edit
- Alpha_Edit
etc.
In this model, there's no "customer" group. You simply assign each username to a group, based on categories.
HTH,
-Rick
Now Available: TikiWiki for Dummies Smarties — A beginner's guide to using ))TikiWiki((.
;){kind=link}
;){kind=link}