I am working on a system which will be used internationally. I have a fairly standard permission based access that I will put in place.
- Permissions give access to different features
- Roles are sets of permissions assigned to users
My problem is that there is an extra dimension that I do not know how to work with.
Basically, the system will be used in different countries. In each country there can be multiple offices. If somebody has access to the country, he should have access to all offices but if he has access to an office, he should not have access to the country.
Getting more complex, there could be multiple levels of offices. (for example : an office contains multiple sub-offices).
Finally, somebody could have some access to the whole country but more accesses to one specific office.
I have worked in the past with systems like this which were incredibly messy to handle and do not want to make the same mistake.
Is there some good practices/readings out there you recommend ? How would you implement such a system ?
Aucun commentaire:
Enregistrer un commentaire