I'm trying to incorporate auth logic into the ancestor objects whereby I just have to set some flags in the descendant pages for automatic authentication. But I'm a bit confused as to how to design the auth module. Do I authenticate each page or each table or each action (select/insert/delete/update) on each page/table? How do I go about authenticating a page-action if the page has multiple action buttons such as Add, Edit, Delete...? Is it better to store auth data in the database? If so, what tables do I need (users/groups...) and their structure?