• Map of roles to permission sets

• Default set for each

  RealmType: CLUB, USER, GENERAL; can be overriden for particular realm

• Note: defaults are cached at server startup

• b-realm-role command manages defaults and permissions for specific (realm, role) tuples

• b-sql initializes default permissions; override to add specialized default or special realm permissions

Notes:

RealmRole couples granted permissions to roles. A (realm, role) is the primary key to the table.

If a particular (realm, role) combination is not found, the default set is used. The realm's type identifies which default realm (CLUB, USER, or GENERAL) to use. Ideally, most realms will use the default set; keeping the size of the RealmRole table small. The default RealmRole permissions are cached at server startup to avoid double hits in the normal case.

The command line utility b-realm-role is used to list and edit the RealmRole table. The list subcommand outputs the permissions in a shell command syntax, allowing for easy database reconfiguration.

b-sql's subcommand init_realm_role is called by its subcommand create_db. Applications subclass Bivio::Util::SQL to define their own tables, and if necessary to add to the default permission sets. init_realm_role can also set permissions for specialized realms, such as, bivio.com's Demo Club.