How to Properly Use Access Plans, User Groups, and Tokens (163258)

MORE INFORMATION

There is a misconception about the association between access plans and tokens that must be clarified. A section of the documentation discusses access plans as owning not only users, but also having lists of tokens associated with the access plan, so the users would inherit the tokens. The SQL system is structured so this inheritance can occur, but it's not recommended, in part because of changes to the schema coming in Microsoft Commercial Internet Server (MCIS) 2.0, and in part because this is not the intended use.

To use each of the two "group" schemas (access plans and user groups), keep in mind the following guidelines:

• Use access plans to group users for billing purposes only. Third-party billing systems (or your own custom code) can take this user-to-access plan association for different levels ($) of memberships (such as youth, standard, premium, and so on).
• Use user groups to group users into logical associations for tokens (such as a "pets" token for pet content, or a "cooking" token for cooking content). Users become members of the user groups, and the groups have their specific token(s) assigned to them, which in turn provides the user with access to the token.
• Do not assign tokens to users directly, except perhaps for test purposes or in very special (one-use only) cases. Even for groups like "administrators," you should create an administrators group, and associate access for control areas (such as the sysadmin scripts) to this group only.

In this way, you can use association with an access plan for billing, and association with user groups for access and security.