Hi all,

Has anyone seen a good article on the theory (if not the practice) behind the development of user and group access privileges for the admin section of a web site?

To expand a little: I want be able to develop a web site where lots of users can login to a password-protected area. Depending on what 'group' of users they belong to (eg. group A, B, or C) then they will have access to perform certain functions as defined by the settings for their group. I'd like also to consider such complexities as
1. A user belonging to more than 1 group
2. A user having individual permission that allow them to override their group settings
3. The possibility of sub-dividing functions down to the update/delete/add level, thus for example 1 group may have privileges to add to (but not update/delete) some records, and another group may have privileges to do all three.

I've developed this sort of application before, but not in a particularly systematic way (ie. I bolted it together as I went along).

I want to use PHP and MySQL (but of course!), but the sort of article I'm looking for could quite easily be language/database independent.

My feeling is that this is a big subject, maybe even a book in it's own right?

Thanks for any pointers anyone can give me.