In ExpressionEngine permissions are controlled by access to templates and weblogs. Per-category access control is currently not possible. For restricting posting and editing privileges separate weblogs are considered the way to go. This creates in some cases undesirable dilemma “categories vs. weblogs”: although more neat and clean design of the website can be achieved by using categories, the need for controlling permissions forces to introduce additional weblogs.

It seems to me that using weblogs instead of categories for the only reason of member access control is wrong. A feature of user access control should not be achieved by changing design decisions at fundamental level; features for access control should be either in-built or achieved using some add-on.

Consider this real-world example. There are currently 5 similar publishing projects on the website. Participators in each project post entries in 6 weblogs. Entries belonging to different publishing projects are differentiated using categories. There is need for restricting editing and posting privileges so that a member belonging to some member group could edit and post only entries in certain weblog in certain category. Restricting access both by weblog and by category would be natural way to go. But since access control by category is not possible, to achieve needed control administrator is forced to think hard about “categories vs. weblogs” dilemma and introduce 24 additional weblogs (4 projects x 6 weblogs).