The system I am developing will be severely hampered for usability with two sets of logins, as it is a community web site where many users have backend privileges.

Would I be better off:

• using only frontend users (Rainlab\User\Models\User) and roles and granting backend access as necessary
• using only backend users (Backend\Models\User ) and denying backend access as necessary
• sync frontend and backend users and login would generate two login tokens for users

Any feedback from people who have done this or anyone else would be much appreciated.

Last updated 8 years ago

I think "many users have backend privileges" is a little vague to answer. Are we talking 10, 50, 100 users?

KurtJensen said:

I think "many users have backend privileges" is a little vague to answer. Are we talking 10, 50, 100 users?

10-20%. 50 out of a few hundred active users.

To my opinion, the appropriate solution will be using only frontend users, implement your own "backend" for them and implement there only features they will need. Of course, it is a little bit more work to do, but it is clear and safe solution. Nobody will change something they shouldn't have access to.

Allowing the public to access your back-end is a serious security concern. While technically the permission structure is secure, it is assumed that users accessing the back-end have some level of trust in your operation. As an analogy, having separate user tables is the equivalent of a network firewall, giving users open access to your back-end is like disabling your firewall.

Consider building the administration features in the front end.