In my web application project i have packages, modules and documents (such as creatememo, createcircular,CreateEmployee). in my database i created tables for packages, associated modules and objects (employee, memo, circular). then i have action table that defines applicable actions on each object e.g create, List, edit, print etc. now i manage rights by a table that contain ids of users, objects and actions. semantically, each row of this table will be like user a can edit employee, user b can create employee etc. my question is if my approach appropriate. should i move to storing pages in database and managing rights on page level rather than on object level (currently followed)