Ok, I could use some help on creating this Data Model...

The problem is that I'm making a website in PHP that needs to recognize BROWSERS, ADMINS, ETC... alot of Different USER's that belong to specified GROUPS that have ROLES that determine their access privelege. This is all being done in a MySQL Database so as you can see I have the tables listed as USERS, GROUPS, ROLES, and SITES... SITES being a list of webpages with associated users and groups who have access to them. I also have REALM which is I guess could be an alias for my SITES - it can be ignored for now but on all security/password protected websites there is a REALM field that shows when you have to type in your username/password - I just want to do this correctly.

I've almost got it down but I need some help in nailing it down... right now the PHP code will check the SITES table to get the specified webpage and will check to match whether the particular user or the group he belongs to can access that page.

I think I'm stuck on GROUP and ROLE... I was thinking that the role would be "rwx" or some values standing for "read write execute" but I think that may be too simple for my needs.

USER's assigned---->GROUP's assigned ---->ROLES

I guess what I'm asking is what should I put for ROLES - it's the heart of the access privelege system, ROLES must be assigned to GROUP's. It's much like in Win XP/NT where you have your username and you can belong to an existing group or create your own and even belong to several groups but your access rights are as an ADMINISTRATOR ROLE or the like. The thing is RWX won't cut it as I need to not only prevent the RWX attributes per group and user but say I need to have a page display differently for a user or group or have the links inside of a page altered. Example: anyone who's not logged in is considered a BROWSER and they can go certain places but not others and if they perform a search the links that their search brings up all link to a registration page as the person needs to register first.

The Data Model is simply a text representation of the MySQL
Database Tables I need to make so as you can see it's like this:

|fieldCount|     |fieldName|     |fieldType(MySQL type)|
      1            "userID"       auto_increment OR string....


1	userID		auto_increment
1	username	string
1	password	string
1	groupID	        Group::groupID
1	contactID	Contact::contactID

1	groupID	        auto_increment
1	groupName	string
1	role		Role::roleID

1	roleID		auto_increment
1	role		string
1	access		


If you could find me a link that explains this security concept better to me, I'll gladly accept it.