Permission Help what is the best way to set permission

Lets say I want to using a database create a site kinda like a wiki that will allow only users with a certian permission level view it. and only users with an even higher level edit it. So you'd have three levels, can't see it, can see it, and can see and edit it.I can think of 3 ways to do this. 1) In the database for the page (where it's content is stored) there would be a coloum one for each of the above permissions, and users wh had that permission would be listed there.2) there is a table that just contains permissions so there would be three coloms storing boolian values for each permission.3) In the user's database there would be a permission coloumb that would state what permission they have.I was wondering what the most efficant way is, or the easiest, or most secure. What would you use?

The solution you have requires three variables. One for can't see, one for can see, and another for can see and edit. First of all, that'll take some room in the database. Not much, I know, but when your user count gets higher, the storage will increase accordingly.If you are familiar with the permissions set on the cpanel for user groups and their ability to read/write/execute files, then you will be able to understand the following proposal pretty well.Use a single variable named "permissions" (if it is not a reserved word). By default, each user would be assigned a value of zero. Having a value of zero means the user can't see the page. When the user is able to see the page, set the variable to a value of one. How you detemine the ability to see the page is your call. And for those whom you allow to edit pages, make a value of two. Admin could have a value of 3 which means that they could alter the other user's values.So instead of three variables to check, you only have one. Read the user's value. Assume it is a zero, dis-allow reading the page. If it is equal or greater than 1, allow them to read the page. If it is equal or greater than 2, allow them to change the page. If it is equal or greter than 3, allow them to chage a user's value. It might seem to be more work, but not any more than dealing with the three variables. You would have to apply the same or similar number of logical checks before setting permissions, only this way you have one piece of data to read and deal with.Just trying to help...

Okay I was thinking something like that, just one thing. Where would you put that permissions value. In the users table or in a separate permissions table?

Probably attached to the table you would look up the password in. Since you would access the User-id table on sign-in, it would avoid having a separate look-up in another table for the permission.the table would be : ((username)(password)(permission))Look up the user to see if they have already registered, if not, then show the reg'n page.Use the password to verify the user and the permission to determine acces and level of access.Should work okay. The username would be a unique key, required. the password required. The default permission would be default = 0 and set or re-set by an admin or use some other criteria such as activity level. Example, once you post a certain number of times, you get to edit the posts??? Admin types could set the value on sign up or because they feel like it?Another way to do it would be set the value to 1 for read access on sign-up and re-set to 0 for banning a client?You'll figure something out. Good luck with it.

And If I do it that way I'll be able to add another permission entry if I wanted to ad another module.Thanks a bunch