This is not so much directly related to Perl as it is application development (save that my applications, mentioned soon, are entirely written in Perl). Now that the 'disclaimer' is there, I'll begin:

I have a suite of web-based applications, all performing different tasks of allowing the creation, editing or deletion of 'documents' among other things. Documents is in quotes because all information is really stored in databases and only in metaphor are they actually documents to the end user.

Right now the permission system is patched together -- okay, let me move some code here, change something there, put his name in the code directly over yonder and such. Horrible, I know I should be flogged but a lot of the code was inherited so to speak.

I am re-developing all of the scripts from the ground up and the first thing to change needs to be the access control. But I cannot quite put my finger on a good system or how to implement it. Ultimately, each user should have 'read', 'write', 'edit', 'delete' and/or 'execute' privleges on a number of the applications or documents.

But how to implement, store/retreive permissions in an efficient manner? XML Access Control lists? An application table, detailing who has permissions (comma separated user ids or limited columns?)? User table detailing which applications/documents each individual can access?

So, while I am tackling this issue myself, I am curious as to if and how any of my fellow monks have faced similiar situations.

--
notsoevil
--
Jeremiah 49:32 - And their camels shall be a booty. . .