Unsure how to Model this problem

I'm working on a management interface for a Single Login
authentication system.
We have server web apps, each app can have different installs (same
code base different database connection), and available user rights
are identical on all instances of a particular web app. They would
also like basic support for rolls, with default right sets that can be
applied to users.

What I have been trying for the last day is to make this work

  Has Many rights and instances
  Belongs to software
  Belongs to software

I'm pulling my hair out trying to figure out how to tie a user into
that relationship so that a user on a specific instance has a set of
rights that are not shared across all instances.

The other applications are not rails based; most are classic asp, in
many ways this is part of a push to try to update some older
nightmarish software as well.

Any advice or suggestions are appreciated.

Ok, I guess my question is a little to broad, our DB designer ended up
giving us a database that we have to use.

I'm running into a problem where I'm not sure how to make the model

I have the following tables/models

I would like to be able to find out what rights a user has on a given
Can you do
has_many :instances_rights
has_many :instances_rights_users, :through => :instances_rights
has_many :rights, :through => instance_rights_users

or for this three way relationship am I better off finding by SQL?

Thank You!
You are my Hero!

A much better solution would be to use a single sign on model where
authentication is done in one place and authorization stays with the


The protocol is actually quite simple. I implemented a cas server and
client in a day.