A quickie: If users are already logged into the application and change are subsequently made to their roles, is it possible to have the users' permissions change immediately rather than waiting until their next login? 

TIA

________________
_____/ Regards,
____/ al

Only if you make that happen.

RBS loads the user's effective permissions (i.e. those permissions directly assigned, those assigned via a role and those limited or allowed based on location or time) when they login (as you surmised).  As I mentioned in my previous post, I did an extension that allowed for users to be assigned different roles based on the project they where working on. Because RBS loads all permissions when they login, this allowed users to open multiple instances of the app, connected to different projects.  In that case it was nice.

I had on my list (this app isn't being actively developed at this point) to handle the situation you are asking about. Specifically, I wanted to be able to handle naughty users. A user needed to be kicked out of the app NOW.  I was thinking of creating a service that would listen for client requests. The clients would periodically poll this service to see if they needed to force the user to login again  or maybe just kick them out (depending on how urgent the situation...I.e. if they were very naughty, exit the app, don't save changes and growl threateningly).   I did some research into how to setup a service like this, using threading etc. but never got a chance to work on it.

There are some other posts related to this if you do some searching.  The Microfour guys use a service like this in their medical app for several different things, including application updates and some batch processes etc. There was some good stuff in there.

Hope that helps!