Users belong to 1 group. Every group has specific rights (defined in the group_rights table). The group_rights:
user_management:
0: nothing
1: may warn users
2: may suspend users
3: may edit/delete users
group_management:
0: nothing
1: may view groups
2: may add groups
3: may give root access to groups
forum_management:
0: nothing
1: view in backend, but can't do anything
2: edit fora
3: add fora
global_access:
1: whole group suspended
2: normal access
3: root access
So the user group would look like this:
======== groups ========
Id: 1
Name: users
Description: All the registered normal users
======== group_rights ========
id: 1
group_id: 1
global_access: 2
user_management: 0
group_management: 0
forum_management: 0
And the admin group like this:
======== groups ========
Id: 2
Name: admin
Description: This admin group has got extra rights
======== group_rights ========
id: 2
group_id: 2
global_access: 2
user_management: 3
group_management: 2
forum_management: 3
And the admin+ group like this:
======== groups ========
Id: 3
Name: admin+
Description: Admin+ is for only a few users, like the owner
======== group_rights ========
id: 3
group_id: 3
global_access: 3
user_management: 3
group_management: 3
forum_management: 3
And the moderator group like this:
======== groups ========
Id: 4
Name: moderator
Description: Global moderators
======== group_rights ========
id: 4
group_id: 4
global_access: 2
user_management: 2
group_management: 1
forum_management: 2
Could you give some feedback? I know it isn't perfect and can be better, so maybe you could help me :)
Here's how I typically set up users/roles/rights: