Access Control 1

[RyanEK]

Hi,

I'm looking for a point in the right direction with regards to access control. What I mean by AC is the ability to set a View/Add/Edit/Delete restriction on a field in a windows form.

For example, lets say I have a windows application with a contact screen and a display name. I only want this field editable for particular users.

Does anyone have any tips on how to achieve this? My initial thought was to store an identifier of all the controls in the db and have a base form loop through through all the controls on a form and apply access rights. ie. if you only have the right to view a field, set the control to readonly.

Thanks in advance to anyone willing to provide tips and suggestions

Ryan

 

[jmeckley]

I would control this at a screen level, not at input level. this will require more forms, but each form will fulfill a specific purpose and in the long run will be easier to maintain.

Jason Meckley
Programmer
Specialty Bakers, Inc.

 

[ZmrAbdulla]

If I understand corrdectly..
Why not a single form and a variable storing userid/permissionid? Then enable disable the controls identified with tag property.

________________________________________________________
Zameer Abdulla
Help to find Missing people

 

[bledazemi]

I am not sure if it would fit well with your situation but I would define a User class and a set of "can" routines.

    public class User
    {
        public bool CanRead(string record, string field)
        {
            //Here your code logic            
        }

        public bool CanWrite(string record, string field)
        {
            //Here the code logic 
        }

        public bool CanAdd(string record)
        {
            //Here the code logic
        }

        public bool CanDelete(string record)
        {
            //Here the code logic
        }

        public bool Can(UserAction action)
        {
            //Here some code logic to check if the user is allowed to perform specific action
        }

    }

    public class UserAction
    {
        public string ActionID;
        public string ActionName;
        public string ActionType;
        //... Other action related properties ??
    }

Encapsulating the user access control in a user class might be a time saver if you decide to change or add to the behaviour of your access control. I think the trick into providing best user access control may lie into defining well in advance as abstract as possible the set of privileges that your application provides.



"It is in our collective behaviour that we are most mysterious" Lewis Thomas

 

[RyanEK]

Thanks for your replies guys. In response...

jmeckley - actually the AC will need to cover restrictions on all levels. From forms, tabs to certain fields. I'll need to define a hierarchy of controls in the db.

ZmrAbdulla - Yep that's my proposed approach. I was wondering if there was another way? Is brute force is the only way to go?

bledazemi - I would indeed define a user class with a list of controls they have access to. Thanks for your great reply.

Ry