The Solution can be implemented in following method. The required screens in the application would be.
- User Group Master - Create Multiple groups from the screen
- User Master - create multiple users from the screen
- User Group Detials Master - Select User, the screen would list different user group. Assign different groups to the user.
- User Group Rights Master - Select the Group, List different menus in the application and grant different privilages.
Method For Implementation
Assign Menu ID to all Menus, Keep a menu master table to list in screen for assigning rights.
Create a rights details table with menu id,group id and different rights you want to control,visibility,save,editing details and additional stuffs based on your requrements.
Create a function checkpermission while doing any operations in the screen or accessing the menu item with the menu id and the permission to check and user id as parameter. The function will return value True or False and the rights can be controlled.
The same can be achieved in Web Application also. It has been implemented succesfully in various personal projects which I had undertaken. Additionaly you could also have an Audit log insert in the permission checking function and provide access reports based on screen accessed or data modified on screen or task completed on screen or additional task you would want logged in your application