Role based Authorization help

I am confused by all of the different Authorization options. What I need is the quickest way to have a few different roles with various level of access - nothing too complicated. When I set up the project (I wasn’t thinking about Roles yet), I used Auth, from the Cookbook. That doesn’t seem to be the right selection. I see there is TinyAuth, and now in the Cookbook it states Authorization is the standard. Can someone point me in the right direction? Additionally, would I be able to replace what is installed now with one of these other solutions? I am running CakePHP 4.3.

The Auth component is deprecated and should not be used for new projects. There are now standard Authentication and Authorization plugins instead. There are also a number of third-party plugins that extend these to add common functionality. Which of those might be best for you is not something we could answer from the details given here, you’d need to read their documentation to see if they handle your use cases.

Thank you for your reply - perhaps this could help with providing me with a recommended solution:

The project is a CRUD databank.
Super-admin > Admin > User.

  • User can only view records ;
  • Admin can add-to/edit/delete records ;
  • Super-admin creates and assigns a record to a single Admin. (Each record starts out with just a few basic fields, then is assigned to Admins to gather additional information)

Thank you in advance

Users can view all records? Admins have edit access to specific records only? That’s not just role-based, but also ACL. You can build all of this with straight-forward code using just the standard plugins and simple policies. Or other plugins might be useful, I’ll have to leave that to others to answer for you, as I have no useful experience there to share.

Correct. It’s a criminal case record database for a specific type of crime. With that said here’s a little better explanation of the workflow:

  1. Super Admin adds the initial Case Record, which includes very limited information (Case Filed Date, Offender Name, City/County, Criminal Offense Statute) - then assigns the Case Record to an Admin (Case Manager).

  2. Admin follows the Case over time and adds/edits to Case Record the information such as Charge details, Criminal Dispositions, Sentencing, Fines, etc.

  3. User has the ability to browse/read/view all of the Case information, but cannot modify in any way