user_table
id, etc
permission table
id, user_id, permission_type
with this structure, each user could have several permission types associated with their account, one for each set of features they could have access to. you would never need to change the table structure in order to add new types of permissions.
to take this a step further, you could make each type of permission a binary number. this way you could make a set of permissions be represented by one integer by using bitwise operators.
for instance if you had the constants
PERMISSION_CHANGE_PERMISSIONS = bindec('001') = 1
PERMISSION_MAKE_CHANGES = bindec('010') = 2
PERMISSION_ACCEPT_CHANGES = bindec('100') = 4
you could combine these values into one integer using a bitwise operator “|”
(PERMISSION_CHANGE_PERMISSIONS | PERMISSION_MAKE_CHANGES) = bindec('011') = 3 = $users_combined_permissions
then to check if they have a specific permission, use the bitwise operator “&”
($users_combined_permissions & PERMISSION_MAKE_CHANGES) = true
if you did that, you would only need one db record for each set of permissions.