Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP newbie - restrict view of records possible? 2

Status
Not open for further replies.
ad2

ad2

Technical User
Dec 31, 2002
186
US
I’ve just inherited an application developed with ASP and back end SQL Server. I’ve had no ASP experience but have used VBScript extensively to program Microsoft Access applications.

This is what management wants as a new feature:

Currently all staff can view all records via the user interface, they all do have a username and password logon to the UI.

Management wants to restrict who can view certain records to supervisors, specifically staff records that have a disciplinary action noted.

How can this be done in ASP? Via the UI log-in? Set up users and groups like in Microsoft Access?

Thanks in advanced, any help you can give me is very needed.
 
Sort by date Sort by votes
Well if I can see Bill's record and I can see Jane's record but for some reason I can't see Joe's record .... well then I know by inference that Joe has a disciplinary "issue" ...


Why not change your SQL queries so that those rows are not returned?
 
Upvote 0 Downvote
Sorry, should have been more sepecific. Evey staff record has a Notes field, which can have good or bad, etc. notes applied.

What they want is to restrict a staff persons record so only their specific manager can access it.

So Bob can't access the records of staff managed by Jane.

Would this be done by setting up user groups and permissions?
 
Upvote 0 Downvote
I would still follow Sheco's original thought (though there are other ways to do it) - change the SQL code. Something like this is one way:
Code: 
UserID = [i][LoggedInID][/i]
strSQL = "SELECT UName, UID, UPhone, UGender"
[COLOR=green]'You can use hardcoded names/ID's or you can separately query your database to see who should have access and then validate against that.[/color]
if UserID = "[i][whatever is ok to view the notes][/i]" then
  strSQL = strSQL & ", UNotes"
end if
strSQL = strSQL & "FROM myTable"
Then, you don't have to change any of your front-end code and everything should return based on who the user is.

------------------------------------------------------------------------------------------------------------------------
"Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing ever happened."
- Winston Churchill
 
Upvote 0 Downvote
Ideally you want to find a source of org chart data that is already maintained by someone else... otherwise you'll be on the hook for that also.

Is this for a big company? If so then there may already be an org chart of sorts that you can use.... ask around to see if org info is being saved in the ActiveDirectory... if so is it kept up to date or only entered once when a user account is created and then the data goes stale over time? Also some places will keep this type of data in their email system like Exchange or Notes.

 
Upvote 0 Downvote
TOO COOL guys! Thanks Soooooooo much!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
write HTML code within ASP line
Replies
1
Views
286
xwb
xwb
leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
265
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
218
penguinspeaks
penguinspeaks
how2trainyourdragon
  • Locked
  • Question
Request.Server variables blank for classic ASP
Replies
12
Views
531
GriffMG
GriffMG
leifoet
  • Locked
  • Question
First execute an input command and only then proceed with displaying the next record of the table
Replies
0
Views
156
leifoet
leifoet

Part and Inventory Search

Sponsor

Back
Top