Hello everyone, I'm just starting to experiment with Acegi, guided by the "Spring in Action" book.

A quick question:

Let's say I want to build a site like Blogger.com, where people can create their own blogs. For any given blog out of 1000s, we have simple 2 roles: ADMIN and MEMBER.

MEMBER can add/edit/delete blogs
ADMIN can add new MEMBERs, and also have all the MEMBER powers

So here's my question:

Does this mean that there are two roles that you can use? Or does it mean we need 1000s of different roles, like ROLE_ADMIN_1 (where 1 is the id of the blog?).

For example, you wouldn't want someone who is an ADMIN of one blog to simply be able to edit another blog. So we need to differentiate ADMIN of blog id = 1 and ADMIN of blog id = 2. So that says, to me, that we have ADMIN and MEMBER roles for every blog (so potentially 1000s).

From the examples in the book, it was clear how to set up roles for specific website sections (students can go here, alumni can go here), but not for roles that cut across different objects.

Is there a way to set this up dynamically, as if there were two roles, or do I have to set up 1000s of roles? What do I change to do this?

Andrew