The Users Model
Actors and Users
The central object of the Users model is U_Actor, which represents entities with authorisation to act upon the system. This could be, for example, human users (modelled by U_User) or automated agents (such as U_DataFeed). Other types of actor could easily be added if necessary.
Roles and Permissions
Each actor is assigned a number of roles, where each role can be assigned a number of permissions. A user's rights are considered to be the sum union of all the permissions set across all the user's roles. Each permission carries a name which acts as a "magic string"; code in various applications will look for permissions with certain names before allowing users to proceed.
Object Locking
The Users model also contains a mechanism to allow actors to register locks against objects, in the form of the U_Lock entity. Locked objects can be of any entity, as long as the entity has a simple integer primary key. This is purely voluntary locking; a lock on an object will only be honoured by code which does the required checking.