APPNET OS has an excellent system for administrator groups.
Administrator groups make it easy to create administrator roles.
In Administrator Group Management, groups can be created and denied URI's, granted URI's, denied apps, and granted apps can be defined.
If a URI is denied, then the administrator is issued a 403, access denied page.
Denied apps are not rendered and not output.
If a container app is denied, only the placeholder is output.
AJAX queries are blocked for denied apps.
The default group that is set is automatically applied to all newly created administrators.
Groups Logic
If only denied URI's exist, then all URI's are issued except for the denied ones.
As soon as allowed URI's are defined, only these are output, regardless of the denied URI's.
If only denied apps exist, then all apps are output except the denied ones.
Once allowed apps are defined, only these will be output, regardless of the denied apps.
The collection of administrator groups provides two different views.
A list view that gives a perfect overview of the groups and a detail view that is also used to edit the groups.
To change the view, two buttons are available to the right, above and below the collection.
List view
Details view