Click here to Skip to main content
15,907,687 members
Please Sign up or sign in to vote.
4.67/5 (3 votes)
See more:
I'm going to develop a web application that will take care of permissions,
it means that there is an administrator that have all permissions in the site, an unregisterd user that have some permissions, retgisterd user and so on..
My question is what is the design pattern that corresponding to the situation??
Thank you.

You can potentially model this with the Actor Role pattern. You can find more information here[^].
Share this answer
Sander Rossel 18-Apr-11 16:57pm    
Oops, that link appears to be broken :(
I was actually quite interested in it as well ;)
Pete O'Hanlon 18-Apr-11 17:01pm    
There. The editor seems to have borked it - it's sorted now.
Sander Rossel 18-Apr-11 17:09pm    
Nice one :)
Espen Harlinn 18-Apr-11 18:17pm    
Liked it too, my 5
Sergey Alexandrovich Kryukov 19-Apr-11 0:58am    
Good known formal approach, my 5, too.
But look at my answer as well: I point out what to start with, practically. I think it's pretty interesting, too, based on my experience.
Pete offers you a robust analysis method — use it.

I will give you only one idea, but it should help you to avoid one common fallacy.
Here is the fallacy: people tend to start this designs from inventing the roles they envision: administrator, engineer, manager, operator… You already started, it looks like.

Don't do it! These concrete roles may or may not be used in future. They should be more flexible than that.

Start with your application functions — they are the most stable as they reflect your application-specific functionality your application is centered around. Identify more or less independent groups activities, so withing the group one activity is impossible without the other one. The role would be a mapping of an actor onto a subset of the groups of activity.

Note, you don't even have to create the roles — your customer can do it based on the structure of their organization. Give them a meta-data tool to create them! They will have fun clicking the activities and adding them to the role they want to invent. For you it will be easy enough; and you will avoid artificial decisions.

Good luck,
Share this answer
asaffff496818 19-Apr-11 3:53am    
You mean that I should develop the application without taking paying attention to the roles??
and then what?
Sergey Alexandrovich Kryukov 19-Apr-11 4:09am    
It's not about the order of development, this is about the analysis. But yes, develop application without restriction first, by design it keeping the groups or functionality with different permission in mind. When you have application working, start adding limitations per functional group. Again, introduce permission but consider leaving the roles to the customer.

This is what happens on the user side: By default, all is permitted after installation, then the admin makes a role with maximum permissions and add all other roles.

asaffff496818 19-Apr-11 4:59am    
Thank you very much... if you have some guide or tutorial about how to make it step by step or just something more detailed it can help very much.
And again thank you.
Sergey Alexandrovich Kryukov 19-Apr-11 12:46pm    
I don't know such thing, maybe because this is mostly application-specific. For the method, I would use the Solution by Pete (maybe he knows some other sources to read; they are certainly available).

Are you going to formally accept my Solution?
Thank you.
BobJanova 19-Apr-11 5:16am    
Excellent answer.

I actually had exactly this experience with a web app I wrote. I began by providing what could be termed 'roles' (in forum terms it is known as a 'mask' but essentially the same thing), and access to various parts of the app based on role level. In the end it became too inflexible and I rebuilt the access control with flags for various groups of tasks, and each role becomes simply a collection of flag values.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900