What is the best way to manage permissions for a web application - bitmask or database table?
I think it's a general rule of thumb to stay away from mystical bitstrings that encode the meaning of the universe.
While perhaps clunkier, having a table of possible permissions, a table of users, and a link table between them is the best and clearest way to organize this. It also makes your queries and maintenance (especially for the new guy) a lot easier.
how about creating a Permission table, then a UserPermission table to store the relationships?
You'll never have to modify the structure again, and you have the ability to add as many permissionss as you wish.
I've done it both ways. But I don't use bit masks much anymore. A separate table would be fine that you can use as a cross reference, given a user id or a group id as a foreign key.
UserID | Permission
===================
1 | 1 1 representing manage users
1 | 2 2 being manger products
2 | 3
This way would be easier to maintain and add on to later on.
I'd also use a separate table to manage what the permissions are.
PermissionID | Description
==========================
1 | Manage Users
2 | Manager Products