I like you mention this because it has had me going nuts for a while in the past. I've never implemented myself but I came up with an idea I think you'd like :cool:Quote:
Originally Posted by Captain Proton
Considering a RBAC system, each role is in fact a group of users. Within each, I'd define a captain (I said you'd like it) who has the privilege of performing actions on each and every object created by any other user in that group (of the same role) or any group below it (groups/roles keep hierarchical order). By default a user can/may only perform actions on the items he/she him/herself created. By default every first user of a group is captain. Of course, multiple captains would also be possible; that way you could define a role (visitor) which has privileges to perform an action (read) on a given object (article) where every user is a captain ...
Does that make any sense?