Hi,

I'm building a web site for my college. We plan to create similar hierarchy for each department, i.e. at first level there are different departments like CS, ME, Maths etc. and within each we have People (Faculty, Students, Alumni), Research (Projects, Labs) and Courses. We want to create separate roles for Site Admin, Department Admin and Authenticated User.

Site Admin will have total control over the site, but should not be able to add/delete/modify any content.
Department Admin should be able to add/delete/modify content for their departments only and also add/remove users with view permission only.
Authenticated user should be able to view the entire site whereas anonymous user should have limited view access.

We would also like to have separate menus for each role.

Question
1. What modules can accomplish the above access control requirements.
2. How can we create a user and associate him with a particular department so that when he is assigned Department Admin role, he is allowed to maintain content and users for that department only.
3. Is it possible to have cardinality in roles, e.g. only one user can be assigned System Admin etc.

Thanks. Any support is welcome.