Jan K. van Dalen
|
| Posted: 02/12/2004, 7:06 AM |
|
Love to see the support of "Doors" in addition to the current one (Levels).
|
|
|
 |
lneisius
Posts: 29
|
| Posted: 02/13/2004, 7:08 AM |
|
Do you have an example implementation? I think this may be what I'm trying to achieve.
|
 |
|
Jan K. van Dalen
|
| Posted: 02/17/2004, 11:53 AM |
|
This is a multi-part message in MIME format.
------=_NextPart_000_0038_01C3F565.CD2E4710
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
What are Doors?
In most tougher situations, you will probably want to use Doors. You =
assign a different door to each protected procedure (or the same door to =
a bunch of procedures). The administrator can assign any combination of =
doors to each user. This is a little more work for the administrator, =
but that's what they get with the added flexibility.
For example, the first user can access procedures A, B and C; the second =
user can access procedures A, C and D; the third user can access =
procedures B, C and E; etc.
User 1 | A | B | C | | |
User 2 | A | | C | D | |
User 3 | | B | C | | E |
It doesn't matter what door number you specify for a particular =
procedure. In fact, you can specify the same door number for more than =
one procedure. For example, the "manager" door could control access to =
many different procedures associated only with the manager's duties.
"lneisius" <lneisius@forum.codecharge> wrote in message =
news:22402ce876ef750@news.codecharge.com...
> Do you have an example implementation? I think this may be what I'm =
trying to achieve.
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.codecharge.com/
>
------=_NextPart_000_0038_01C3F565.CD2E4710
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV>
<P align=3Dleft><FONT face=3DArial>What are Doors?</FONT></P>
<P align=3Dleft><FONT face=3DArial>In most tougher situations, you will =
probably=20
want to use Doors. You assign a different door to </FONT><FONT =
face=3DArial>each=20
protected procedure (or the same door to a bunch of procedures). The=20
administrator can </FONT><FONT face=3DArial>assign any combination of =
doors to=20
each user. This is a little more work for the administrator, =
</FONT><FONT=20
face=3DArial>but that's what they get with the added =
flexibility.</FONT></P>
<P align=3Dleft><FONT face=3DArial>For example, the first user can =
access procedures=20
A, B and C; the second user can access </FONT><FONT =
face=3DArial>procedures A, C=20
and D; the third user can access procedures B, C and E; etc.</FONT></P>
<P align=3Dleft><FONT face=3DArial>User 1 | A | B | C | | |</FONT></P>
<P align=3Dleft><FONT face=3DArial>User 2 | A | | C | D | |</FONT></P>
<P align=3Dleft><FONT face=3DArial>User 3 | | B | C | | E |</FONT></P>
<P align=3Dleft><FONT face=3DArial>It doesn't matter what door number =
you specify=20
for a particular procedure. In fact, you can </FONT><FONT =
face=3DArial>specify the=20
same door number for more than one procedure. For example, the "manager" =
door=20
</FONT><FONT face=3DArial>could control access to many different =
procedures=20
associated only with the manager's duties.</FONT></P>
<P align=3Dleft><FONT face=3DArial size=3D2>"lneisius" <</FONT><A=20
href=3D"mailto:lneisius@forum.codecharge"><FONT face=3DArial=20
size=3D2>lneisius@forum.codecharge</FONT></A><FONT face=3DArial =
size=3D2>> wrote in=20
message </FONT><A =
href=3D"news:22402ce876ef750@news.codecharge.com"><FONT=20
face=3DArial =
size=3D2>news:22402ce876ef750@news.codecharge.com</FONT></A><FONT=20
face=3DArial size=3D2>...</FONT></P></DIV><FONT face=3DArial =
size=3D2>> Do you have=20
an example implementation? I think this may be what I'm trying to=20
achieve.<BR>> ---------------------------------------<BR>> Sent =
from=20
YesSoftware forum<BR>> </FONT><A =
href=3D"http://forums.codecharge.com/"><FONT=20
face=3DArial size=3D2>http://forums.codecharge.com/</FONT></A><BR><FONT =
face=3DArial=20
size=3D2>> </FONT></BODY></HTML>
------=_NextPart_000_0038_01C3F565.CD2E4710--
|
|
|
|
lneisius
Posts: 29
|
| Posted: 02/17/2004, 12:05 PM |
|
Wouldn't levels do the same thing if you created a one to many relationship? You could assign levels 1,3,4,5,6, etc... to some one and then assign the levels to the page, form, or field based on this procedure.
I believe levels are a good way to go but CCS needs ability to work with mutiple levels for one user. I have looked at a few of the post on this forum for multiple groups and yet to see one I like. I think its possible within the CCS structure just haven't had time to fully investigate.
|
|
|
|
Navneet Kakkar
|
| Posted: 02/18/2004, 10:14 AM |
|
I wud suggest in addition to the group level security we currently have with
CCS, why can't CCS add user level list also,
In Some cases, we want to give access to a user of a particular group but
not all the members of that group.
The user table name can be asked in the project properties and instead of
the groups we define in CCS, it can be a table based in order to make it
administratable by an web interface, instead of we changing the code and
publishing it again and again on change in group security.
Flexibilty is what everyone requires, that is what i feel
--
Thanks
luv
Navneet
aquananu@yahoo.com
9811153443
"lneisius" <lneisius@forum.codecharge> wrote in message
news:224032741e27b22@news.codecharge.com...
> Wouldn't levels do the same thing if you created a one to many
relationship? You could assign levels 1,3,4,5,6, etc... to some one and then
assign the levels to the page, form, or field based on this procedure.
>
> I believe levels are a good way to go but CCS needs ability to work with
mutiple levels for one user. I have looked at a few of the post on this
forum for multiple groups and yet to see one I like. I think its possible
within the CCS structure just haven't had time to fully investigate.
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.codecharge.com/
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.592 / Virus Database: 375 - Release Date: 2/18/2004
|
|
|
|
RonB
Posts: 228
|
| Posted: 02/26/2004, 1:27 AM |
|
Basicaly this is a role based security request. I 've advocated such a security measure many times.
I also believe shifting the security to the database would be very nice.
Instead of including the levels in the code on the page you could reference a page name and level to the database. By using an level is in query you could assigng several levels to a page and make this as complex as you want. Leaving security levels on the page is not something I'm comfortable with as it is, in my opinion, a possible security risk. Management of security levels per page wouold also be a lot easier when leaving it to the database.
If I want to ad a level to a page I know have to open the page in CCS and add the level manualy to the page. By shifting this proces to the database I could design an admin function wich would allow me to administer these levels "online". This would save me the trouble of opening the page in CCS.
|
|
|
|
peterr
Posts: 5971
|
| Posted: 03/25/2004, 12:28 PM |
|
The database-based security can be already easily implemented.
There are many ways of doing this, therefore we allow users to implement their own solutions. We've implemented our own role-based dynamic security within 2 hours, with additional improvements done later.
We see no reasons to support one specific method, since everyone has more personalized needs at the lower level. We support our current Group/Role based security for the basic-to-medium needs. While we support custom extenisibility for more specialized and complex needs.
I do not see any needs to improve the existing security mechanism at this time since many of our users already implement many various security mechanisms of their own, including those describd above.
Of course in the future we may come back to this topic and analyze some of the most commonly used solutions and possibly implement an additional method.
For now I recommend discussing in our other forums the topics of how to implement custom security. Possibly the users will share their solutions.
Thanks
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
RonB
Posts: 228
|
| Posted: 03/26/2004, 1:48 AM |
|
Quote peterr:
We've implemented our own role-based dynamic security within 2 hours, with additional improvements done later.
Would it be possible to share this with the comunity, maybe in the form of a tutorial. many developers are using CCS because it has a lot of build in functionality. I do agree that you can not cater to every possible solution on this matter but maybe it is possible to offer two, page and database security as a starting example? I'd love to see how you guys implemented a database driven security per page system in such a short time. I learned most of my programming skills throug CC and CCS by looking at the code this wonderfull piece of software generates. Its a great development tool (have I been kissing up enough to make you consider sharing it with us  )
|
|
|
|
peterr
Posts: 5971
|
| Posted: 03/26/2004, 2:32 AM |
|
Below is the simplest demonstration. Set the page's "Restricted" property to "No" and then add this code (ASP) to the page's "After Initialize" event:
if NOT CheckSecurity(FileName) then Redirect = "Login.asp"
Then create the following function in Common.asp:
Function CheckSecurity(PageName)
If FileName = "Default.asp" And Session("RoleID")="Guest" Then CheckSecurity = False Else CheckSecurity = True
End Function
This is it!
The function CheckSecurity is in a sense dynamic as it will not allow "Guests" to access the page "Default.asp", but of course it is simplified not to use the database. You can use the CCDLookup function to retrieve the user's permissions from the database.
For example (this is an untested variant of possible security implementation):
Function CheckSecurity(PageName)
Dim AllowAccess
AllowAccess = CCDLookup("access_status","role_permissions","page_name='" & PageName & "' AND user_role=" & Session("RoleID"), ConnectionName)
If AllowAccess = "yes" Then CheckSecurity = True Else CheckSecurity = False
End Function
You may also need to modify the Login form to create the "RoleID" session when the users login, or place your roles in the field specified in CCS as the Group ID and then use Session("GroupID")
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
RonB
Posts: 228
|
| Posted: 03/26/2004, 3:28 AM |
|
Thanks!!
|
|
|
|
|
