Hacker News new | comments | show | ask | jobs | submit login

You can model most security requirements with either decision matrixes and/or decision trees. These matrices and/or trees can be retrieved or calculated dynamically avoiding you from having code like: user.hasRole("Superadmin") || snip...

The two primary models are Access Control Lists or Role based security. You can google lots of info on these two security models.

In the past for enterprise/b2b I usually build ACL security with a Role based security on top (that is the RBAC underneath is ACLs). Obviously for consumer based products this is massive overkill.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact