I hope the senario below equating to an email address book gives an idea of my query:

Imagine 3 company wide address books, say for "Suppliers", "oCustomers", "pCustomers" - 'o' being ordinary, 'p' being premium.

User A creates a new address book entry, and decides to share it with the "pCustomers" address book.

Only Users X, Y & Z who are members of that Address Book can see the entry.

Users B & C are only members of the "oCustomers" Address Book, and thus cannot see it.

All Users ( A, B, C, X, Y, Z ) are members of the "Suppliers" Address Book, thus can see all entries.

On the surface the solution appears relatively trivial...

Create a many to many table, matching AddressBook_IDs with AddressEntry_IDs.

Now in PHP all I have to do is find all AddressEntry_IDs that match the AddressBook_ID where the user is a member.

Trouble is, this is all written in a text file - not very secure, a simple change by removing the "WHERE user is a member" clause, and all the data is listed.

Ok, so instead I could use MySQL security, and only grant the SELECT right to those AddressBook members.

Trouble is now I need a separate table for each AddressBook as not all users would be able to read the many to many one. Also if I wanted to list all addresses a user could see I would have to query n number of separate address book tables.

There must be a more obvious way of controlling access rights, what am I missing?

Cheers all,

asp