Using a normalized table approach usually results in one additional table to handle one-to-many relationships (i.e. a user being a member of multiple groups), but the approach is extensible in the future if someone needs a finer-grained authorization solution. Case in point, the following link shows a fine-grained RBAC solution based on the use of normalized tables while following NIST guidelines. You can see how the approach could be applied to your original design to add fine-grained authorization all the way down to a module’s content item level.

http://www.sqlrecipes.com/database_design/fine_grained_role_based_access_control_rbac_system-3/

Cool to reduce nombers of table… for easy implementation in existing apps/

thx