We use a third-party model for booking applications, so that customers and employees can effectively use the same table in the database.
Previously, customers could only “book” a meeting if they paid, and if the slot was available. Now we want to create a type role premium_customerso that customers can place orders without payment and even in the absence of availability.
Does it make sense to add clients to the same security model, for example, in an ACL or RBAC?
- If so, we will present the role
normal_customerand premium_customertogether with our receptionand duty_managerand other staff roles? - If not, should there be a separate security model for website users?
source
share