I’m working on moving a custom-developed site into EE, and I’m in the first stages of puzzling over how to model user permissions to meet this site’s particular needs (among other challenges.)
In the original site, the clients are institutions who have members who are site users. The site users inherit the level of membership which the institution has (we have several levels of membership.) The members of an institution also have a capability to administer their own members to some degree; e.g., create users and assign some capabilities.
In addition, it’s important to our sales force to be able to temporarily (or permanently) give clients capabilities that ordinarily belong to a higher level of membership, or otherwise tailor their membership to the client’s needs.
So permissions are currently modeled aggregatively (if that makes sense). The site administrator ticks off a set of boxes for the institution client, and those capabilities are inherited by that institution’s members.
I just did a quick query of our current user table, and see 29 different priv levels; and that doesn’t even take into account the 7 user types as well (yes, this site sort of grew “organically” and not exactly professionally, and that’s one of the reasons we’re looking at using EE.)
So I’m wondering:
1) 29 + member groups? (actually more than that.) That doesn’t sound quite nice, and almost impossible to remember which member group can do what without drilling down.
2) How can the membership level of the institution (who is not a site user) determine the member’s capability set? I know I can make a weblog of institutions, and these have a relationship to the articles, but, hmm, how can they also have a relationship to the users?
Looking for some ideas. Thanks! (maybe have to write the user management in CodeIgniter?)
—-Diana