I'm developing a large scale user authentication and document storage system. Basically, how should I work out permissions for access to documents?
Should a Document have a list of users that can access it or should a User have a list Documents that they can access.
Does a user have a relation to a document which includes information on read/write permissions or does a document have a relation mapping to a user with the permissions that user is allowed to perform on that document.
Whats the best way to specify read/write access.
I can't have a heirachial permissions system.
I would greatly appreciate anyone with any experience with the issues delt with above, the access, and persmission task I have to deal with in my current project and I'm really desperate to finsish soon.
All of my questions are strongly orientated towards database table structure etc.
Cheers,
Billy
