On PHPMaster.com today there's a new tutorial posted (from Martin Psinas) about using role-based access controls in PHP-based applications. His method isn't based in any specific framework, so it's easily portable to just about any app out there.

In this article I will discuss my personal favorite approach: role based access control (RBAC). RBAC is a model in which roles are created for various job functions, and permissions to perform certain operations are then tied to roles. A user can be assigned one or multiple roles which restricts their system access to the permissions for which they have been authorized.

He starts with a warning that, if not properly maintained, a role-based system like this can get to be somewhat chaotic so a rules should be in place around the adding and removing of permissions at certain times. His functionality is based on a few database tables - roles, permissions and cross-reference tables between users/roles & permissions/roles. All of the code you'll need to implement the system is included in a Role class, the PrivilegedUser class and the methods you'll need to add/remove/check the logged in user's permissions.

Juozas Kaziukenas has posted the first part in his look at making ACL easy (access control lists). His examples are more specific to the Zend_Acl component of the Zend Framework, but the concepts can be translated across several different ACL tools out there.

Every now and then I see questions about ACL and how to use it. A lot of web developers are using it without actually knowing what it is and how it works, even though it's powering one of the most important part of applications - user access management.

He starts off with the base level of what an ACL is and how it would work in your application (illustrated by a wrong and right way to handle a simple permission in an application). He talks about roles, resources and privileges as well as how applications using the MVC design pattern make it simple to check the current resource. He also mentions an issue that could be confusing - inheritance.

WebReference.com continues their series looking at user administration in content management systems. This time they look at the importance of user roles and some code to add to help manage them.

Although the operations are simple, it is vital that they be handled correctly. It is generally a poor principle to allow access to the mechanisms of a system rather than providing an interface through class methods. The latter approach ideally allows the creation of a robust interface that changes relatively infrequently, while details of implementation can be modified without affecting the rest of the system.

Their code includes methods to get all roles for a user, check to see which they are permitted to use, add a "permit" role and remove it back out. The tutorial is an excerpt from the Packt book PHP5 CMS Framework Development (Martin Brampton).

Many congratulations go out to Laura Thomson for her promotion over at OmniTI (a company that employs several of the prominent members of the PHP community, including Chris Shiflett, George Schlossnagle, and Theo Schlossnagle).

As George put it in his email: "I am very excited to announce that Laura Thomson has been promoted to the position of Principal. " My role will include focusing on securing new business and improving the quality and effectiveness of service delivery.

Congratulations, Laura! Best of luck in this new position!

In an effort to spread the word even more about the partnerships that Zend is doing with Microsoft and IBM, the crew over at InfoWorld have posted a new interview they did with Andi Gutmans at the (just passed) Zend/PHP Conference & Expo about the situation.

Andi Gutmans, a cofounder of the company and its vice president of technology, spoke with InfoWorld Editor at Large Paul Krill this week at the Zend/PHP Conference & Expo in San Jose, Calif., about PHP, the company's blockbuster deal with Microsoft, and other happenings.

They talk about the significance of the move, the role Zend is going to play, how PHP compares and fits in the market, Zend's IDE project, and the IBM work that's being done.