user accounts and admin accounts, best practices?

Hello,

what are some techniques people are using to keep user accounts and admin accounts separate? Meaning, I am going to create a paid service website and I am going to have general users (free accounts) premium members (paid accounts) and of course admin functions for me to monitor them and view invoices and what not. I am planning on using Restful Authentication but I am not sure what are the best practices from separating the different accounts. Do I create multiple tables for all the different types of users? Do I just give certain users administrative rights in a column some how? I am new to rails and fairly new to developing web apps in general. Any help or guidance in the right direction would be greatly appreciated. Thank you in advance.

DanPaul

for the admin account we mostly use a simple http authentication. As long as we don't need several types of them with seperate roles & rights. Admin has it's own namespace then, so that's quite simple.

Keep your users in one table with some flags to identify the role. Then it depends on the amount of different access rights, if you need another table for the role (avoid that if ever possible, since administrating them can become a pain) Use before filters in application.rb to check the user status at login time and prepare a few methods for the controllers & views to know what functionality to display and execute.

Nice, sounds pretty straight forward, so for admin I will just use the Rails http authentication and then for users I will use restful authentication. Just wondering if anyone else had any suggestions or links to any online tutorials to this specific question. Thanks for your response Thorsten

Is there a big advantage to using HTTP auth instead of normal auth in the web form for admins? I currently am doing all logins for users and admins through my web app, and based on a flag in the db I know if the user is an admin or not.

I personally don't know but I was speaking with a rails developer this weekend about this topic and he said to do it the way you do it walker, with admins having flags and what not. He has been involved in some pretty big projects and has worked with some really brilliant people so I trust his judgment. Well I guess that answers my question.