I've set up a number of systems with role-based activity.
Generally I set things up as follows:
I define a series of "permissions" regarding activites that can be performed. For example: "can add this", "can delete that", "can do the other thing".
The I set up roles, each of which is basically a set of permissions. "admin" has all permissions, "gold subscriber" may have most permissions, "basic subscriber" has fewer, and "peon" may have very few, etc...
When a user logs in, his set of permissions is determined by his assigned role or roles (I usually have this all database-based) and made available to both the presentation layer as well as the model. (See
this article for some insight on how I set this up for the presentation layer).
It's important to remember that there are at least two prongs to this:
1) Adjusting the UI to only show available activities (you don't want to display a Delete button to a user who has no permission to delete the current item).
2) Disallowing users from performing actions that they do not have the permission for in the back-end code.
Note: just hiding the Delete button from the user is
not sufficient security. Your back-end code
must also perform the check before carrying out the action.
[ July 08, 2006: Message edited by: Bear Bibeault ]