The solution is not to use flags, but to use "roles" (also called "groups").
A role is a group of permissions which you can assign to a user. I will use the words "role" and "group" interchangeably in the book—they essentially mean the same thing when speaking of user rights.
For example, you might have a role such as "page editor", which includes the following permissions:
Can create pages
Can delete pages
Can edit pages
You might have a user who is allowed to edit pages and also to edit online store products, in which case you need to either have a single group which covers all those permissions, or two groups ("page editor" and "online store editor"), and the user is a member of both.
The latter case, multiple groups, is much easier to manage, and is in fact necessary; as the number of possible combinations of permissions grows exponentially, more roles are created.
Another important question is, where do these role names come from? Does an administrator create them?
It's an interesting...