Users belong to 1 group. Every group has specific rights (defined in the group_rights table). The group_rights:
user_management:
0: nothing
1: may warn users
2: may suspend users
3: may edit/delete users
group_management:
0: nothing
1: may view groups
2: may add groups
3: may give root access to groups
forum_management:
0: nothing
1: view in backend, but can't do anything
2: edit fora
3: add fora
global_access:
1: whole group suspended
2: normal access
3: root access
So the user group would look like this:
======== groups ========
Id: 1
Name: users
Description: All the registered normal users
======== group_rights ========
id: 1
group_id: 1
global_access: 2
user_management: 0
group_management: 0
forum_management: 0
And the admin group like this:
======== groups ========
Id: 2
Name: admin
Description: This admin group has got extra rights
======== group_rights ========
id: 2
group_id: 2
global_access: 2
user_management: 3
group_management: 2
forum_management: 3
And the admin+ group like this:
======== groups ========
Id: 3
Name: admin+
Description: Admin+ is for only a few users, like the owner
======== group_rights ========
id: 3
group_id: 3
global_access: 3
user_management: 3
group_management: 3
forum_management: 3
And the moderator group like this:
======== groups ========
Id: 4
Name: moderator
Description: Global moderators
======== group_rights ========
id: 4
group_id: 4
global_access: 2
user_management: 2
group_management: 1
forum_management: 2
Could you give some feedback? I know it isn't perfect and can be better, so maybe you could help me :)
Here's how I typically set up users/roles/rights:
actions
id unsigned int(P)
description varchar(255)
|---|----------------------------|
|id | description |
|---|----------------------------|
| 1 | Warn users |
| 2 | Suspend users |
| 3 | Edit/delete users |
| 4 | View groups |
| 5 | Add groups |
| 6 | Give root access to groups |
| 7 | View backend |
| 8 | Edit fora |
| 9 | Add fora |
|---|----------------------------|
groups
id unsigned int(P)
name varchar(50) // Admins, Moderators, etc.
|---|------------|
|id | name |
|---|------------|
| 1 | Admins |
| 2 | Moderators |
|---|------------|
groups_actions
id unsigned int(P)
group_id unsigned int(F groups.id)
action_id unsigned int(F actions.id)
|---|----------|-----------|
|id | group_id | action_id |
|---|----------|-----------|
| 1 | 1 | 3 |
| 2 | 1 | 5 |
| 3 | 1 | 9 |
| 4 | 2 | 2 |
| 5 | 2 | 4 |
| 6 | 2 | 8 |
|---|----------|-----------|
users
id unsigned int(P)
username varchar(32)
password varbinary(255)
email varchar(255)
|---|----------|----------|-------|
|id | username | password | email |
|---|----------|----------|-------|
| 1 | user1 | **** | xxxx |
| 2 | user2 | **** | xxxx |
| 3 | user3 | **** | xxxx |
|...| ... | ... | ... |
|---|----------|----------|-------|
users_groups
id unsigned int(P)
user_id unsigned int(F users.id)
group_id unsigned int(F groups.id)
|---|---------|----------|
|id | user_id | group_id |
|---|---------|----------|
| 1 | 1 | 1 |
| 2 | 2 | 2 |
| 3 | 3 | 1 |
| 4 | 3 | 2 |
|---|---------|----------|
User 1 is an Admin
User 2 is a Moderator
User 3 is both an Admin and Moderator