Access Control - it's all about the User

Who is using your web service?  Give them an account and you'll know.

Once you know who your visitor is, you should be able to customise the users experience to match their likely interests.

This can't be done without knowing something about them and storing that knowledge against their account. So the User account has two purposes;

• To allow the User to customise their website experience
• To enable you to understand who is doing / interested in what?

Of course you can also use the account to control access to part or all of the website or any other objects involved - documents / message boards / grids / any other object in the system.  You can also control the users access to subscribed services, online tools, member benefits, product discounts etc.

So your web service will require a permissions management system, together with roles management.  For a complete system,. you should be using an associations model, where Users can see things that they are associated to, with the access being provided to the level that the association should expect.  For example;

• Authors can edit
• Admin can delete / publish
• Members can read / discount purchase
• Users can see / purchase

Expect your web platform to both understand the roles your users have in your web service and to provide quick and easy management of their rights.  And expect all other objects in your system to work with those accounts to enable the rights that have been granted on them.

To see an example of how a system can provide all of this control, please contact us for further details.