On the Zend Blog there's a new tutorial posted that covers the situation where a user has multiple roles and you're using ACLs (access control lists). The post shows how to accomplish this with the ZendAcl component of the Zend Framework.
After covering the essentials of the ZendPermissionsAcl component (Access Control unit, Cross Cutting Concerns module, in the Zend Framework Advanced course), many students have approached me to ask, “what happens if a user has multiple roles?”
In this article I discuss the “traditional” way of handling a user who has multiple roles, and then lay out an easy approach which I simply call Mr. X.
The tutorial starts with a bit of a refresher on the use of the ZendAcl component to define the list of roles and resources (and relating the two). It also covers the "everyone" (anonymous) role and adding that into the mix. The "one user, multiple roles" issue is then solved with a
multiCheck function that can verify multiple roles at once. Finally it talks about "Mr. X" and how to add that to all users, assuming that they will have the groups/roles information we need.