Home/ Questions/Q 4036998
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T12:17:34+00:00

Please consider this scenario: a web app that has 4 levels of access: admin

  • 0

Please consider this scenario: a web app that has 4 levels of access: admin > manager > representative > customer > no role (public access pages)

With my current app setup I can allow access in 2 ways:

  1. I can write code, that will assume role precedence, i.e. if a user is a a manager – app will automatically assume that he/she has the right to access areas that customer & representative can, but not the admin.

  2. I can assign each role individually in a table. For instance a user will have 3 roles assigned to them. So the app will not assume role precedence / inheritance. I can either let the admin assign users with roles, or right some code that will automatically assign extra roles to a user if a higher access level is granted.

Which of this two approaches is better from the standpoint of maintainability?

P.S.

I don’t think this matters but I’m using Rails 3 with CanCan & Devise.
Also my setup for the relationship between roles and users is the following:

Role <=> (HABTM) <=> User

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I have a similar role requirement and I’ve chosen approach 1. It’s natural to assume that the higher up the role hierarchy you go, the more access you have. So, saying a manager has access to the resources a representative has is OK.

    Also, since you’re using CanCan, the fall through is very easily set up. Start with the role with the least access at the top of the initialize block and work your way down.

    • 0