Planning a new Yii app

I’m trying to plan this Yii application, but i’m struggling with the logic of authentication.

The service will be pay by user so my idea was to make use of auth groups

The level’s of authentication i’ll need are.

Superadmin - There will only be one user (me) that will be in this group. I will be managing accounts and how many users an account can have, if the account is active/inactive.

admin - This is the main account for a customer where they can create/manage users and give them read/wright access to various things. they will be limited to the amount of users they can have (depending on what i set with the superadmin user). This user will have full access to all of it’s account data.

user - These accounts in this group are what the user in the admin group set. they will only be allowed access rights that have been set by the admin user.

All user’s tied to an account via a unique id.

I hope this makes sense, it’s confusing the hell out of me. I’m looking for any advice or the sort of logic i should be using?

thanks,

Nathan

i think i have my head around how to do 99% of it, the only thing i’m struggling with is limiting the amount of users an admin could create.

for instance;

I (in the superadmin group) allow an admin (in the admin group) to have 5 accounts (in the user groups). If the admin create’s 2 users they have 3 left etc. delete those 2 users, there back to 5.

So he can have up to 5 users at the same time or he can create 5 accounts? In first case, it should be as easy as counting number of users created by a given admin. You can do that before you show a create new user form or in a bizrule if you are going to use RBAC. In second example, I think you should add a new table with columns like user_limit, user_created. New table will allow creating more limits types in future.