What actions do users perform and should be controlled?

[eluser]Bramme[/eluser]
Hi guys

Short development/logic question. I'm working on an auth library for a CRUD (base) application based on actions users are allowed to make.

I was thinking of having following basic rights:

- Read
- Edit
- Delete

Where users with Edit rights could create new records and edit them. But while mulling it over, I thought "maybe I should split them up" and make the rights as following:

- Read
- Create
- Edit
- Delete.

I feel like I'm too inexperienced to answer this question myself and could use some input. Is this something that's ever done (splitting up edit into create and update) or should I just keep it as first planned?

[eluser]sketchynix[/eluser]
I have seen create and update split up and it provides flexibility to do so.

For example, think about trading a stock. You want the investor to be able to create an order & update it, but the market maker should only be able to update the order to mark it as filled, and not be able to delete it or create a trade in the investor's account.