To manage permissions in your application, you don't need to touch the code structure. Instead, you simply add or modify records in specific database tables. The system uses a Role-Based Access Control (RBAC) model.

Core Concepts

• Users: The actual people logging in.
• Roles: Labels like "Admin", "Manager", or "Support" that group users together.
• Resources: The parts of your application you want to protect (e.g., "users", "tickets", "products").
• Permissions: The specific actions allowed (e.g., "create", "read", "update", "delete", "list").

How to Manage Access (Step-by-Step)

1. Create a New Role

If you need a new type of user (e.g., "Editor"), you simply add a row to the roles table.

• Table: roles
• Action: Insert a new record.
• Example: Name = "Editor"

2. Define a Resource

If you create a new feature (e.g., a "Blog"), you need to register it as a resource.

• Table: resources
• Action: Insert a new record.
• Example: Name = "blog_posts"

3. Grant Permissions (The "Rule Book")

This is the most important part. To say "Editors can update blog posts", you link the three concepts together in the role_resource_permissions table.

• Table: role_resource_permissions
• Action: Insert a record linking the IDs of:
  1. Role: (e.g., ID for "Editor")
  2. Resource: (e.g., ID for "blog_posts")
  3. Permission: (e.g., ID for "update")

You repeat this for every action you want to allow (e.g., one row for "read", another for "create").

4. Assign a Role to a User

Finally, to give a user these powers, you just assign them the role.

• Table: users
• Action: Select the Role for a specific user.
• Example: Select "Editor" for user "john@example.com".

Summary of Tables

Public Access

Public (unauthenticated) access is controlled by the public role in the database. Assign permissions to the public role to allow access to resources for non-logged-in users.