Granting access within your program

[steve1rm]

Hello,

I have a program that when a user logs in they will only be able to do certain things based on there user privilege. Example, low, medium, and full access.

If the user has low then they can only view, if the use has medium they can edit and add, if they have full then they can do everything.

The buttons will be disabled for actions that they cannot do.

In the database, i have entered their privileges as low, med, or full.

I am not sure if this is the best way to do this, but before each form is loaded, i check there privileges by quering the database. Then disabling button based on their user privilege.

As this is my first time i have done this, I would like to know how this is done in the real world. Is there is a more efficient method of doing this.

Many thanks in advance,

Steve

 

[earthandfire]

Rather than querying the database on each form, why not just store their status (low, medium or full) globally within the program by running that particular query once on login. Then you can refer to the global variable (whether a shared property in a class or a public variable in a public module makes little difference - except to some of the purists here ) each time a form is opened.



Hope this helps.

 

[chrissie1]

purist here.

Christiaan Baes
Belgium

"My new site" - Me

 

[chiph]

I agree with earthandfire -- read it once and keep it in memory.

I can, however, think of two scenarios where you'd want to read it every time:
1. The app is likely to come under attack from people wanting free use (games, chat clients, etc)
2. The app is designed to stay running for long periods of time, and you want it to always reflect the current set of permissions (that were set on a central DB).

Consider which category your app will fall into, and code accordingly.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[steve1rm]

Hello,

Thanks for your advice.

I was thinking of gettng there the privilege from when they log in and having that in a global variable.

However, I would like to do this in a very professional way that is both efficient and scalable. Is is possible to have groups of permissions and then assign a person to this group. Something that is very simliar to SQL Server.

Do you know of any online tutorials?

Thanks in advance,

Steve

 

[techsmith]

You should be able to do this with 3 tables: users, roles and user_roles.

Alternatively, you could also add a roles attribute to a users table and hold a delimited list of roles against each user record.

Either of these approaches will get you a list of roles that each user is in, which you can then use to apply your security restrictions e.g. hiding controls, disabling menuitems etc.

 

[steve1rm]

Hello All,

The best method do use is role-based authorization using windows generic principle and generic identity.

This worked great and I would recommend it for anyone wishing to use permissions.

Have a table for users, groups, and roles and assign a user to a group.

Steve