Does the different Admin levels need to be located in a dbtable or can it be done without a database.

have a column in your user table that gives auth level. Mostly I see this as a number. You can then have a seperate table that has each corresponding number and the description and any other params related to auth.

hard to explain exactly what else you might need there because that will depend on your own scenario.

Then on logged in pages you can test for => or == to see if certain components need to be displayed.

I have set-up the user table with different levels, 1-4.

I didnt quite follow you with regards to the second table tho.

I take it i don't need a ID field, just a field that has 1,2,3,4. in it. The bit i didnt follow was the second field.

Would it be easier to not have the second table but just have limits on the secure pages so user =1 has all access, user=2 can only access pages 1&4 (on pages 2,3 they get a 'Unauthorised' message) etc.

the main reason for the second (or more even) table woould be if you have a more complex auth system. It is easy enough to put your levels into a script somewhere and include that on every page to see if they have the appropriate access level.

I have done that before but I have also created extended rows that has a column for every option available on the site. I then load the permissions from that table when they log in. I then just run off of the session to build the site, if this permission exists then do this, if it does not, then skip it.

It is a little hard to explain as it is very dependant on the specific system.

If you are mainly just giong for access to various pages then you could use a simple system and not worry too much about the extra tables.