Fine grained security (view but not update)

Discussion in 'ASP .Net Security' started by Søren D, Apr 6, 2009.

  1. Søren D

    Søren D Guest

    I am looking for good practices for allowing certain user roles to see but
    but update. For instance a user may have access to a certain updateable grid
    but are only allowed to view.

    The far most elegant way would of course be to remove the edit/delete/insert
    links from the view, but a less elegant solution is also sufficient.

    Has anyone published material on the subject or does anyone in here have
    some elegant ideas?

    TIA,

    /Soeren
     
    Søren D, Apr 6, 2009
    #1
    1. Advertising

  2. Søren D

    Joe Kaplan Guest

    Have you looked at the AzMan framework? It is general purpose application
    level authorization framework that allows you to program very granular
    authorization logic into your applications. It is not coupled to the UI in
    any way, so you would need to implement those bindings yourself but it is a
    generally useful way to consider implementing this type of logic.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    "Søren D" <> wrote in message
    news:...
    >I am looking for good practices for allowing certain user roles to see but
    >but update. For instance a user may have access to a certain updateable
    >grid but are only allowed to view.
    >
    > The far most elegant way would of course be to remove the
    > edit/delete/insert links from the view, but a less elegant solution is
    > also sufficient.
    >
    > Has anyone published material on the subject or does anyone in here have
    > some elegant ideas?
    >
    > TIA,
    >
    > /Soeren
     
    Joe Kaplan, Apr 6, 2009
    #2
    1. Advertising

  3. Søren D

    Søren D Guest

    Thanks for your reply, but I am actually looking for the practical approach
    to coupling with UI and database

    /Soeren

    "Joe Kaplan" <> skrev i meddelelsen
    news:...
    > Have you looked at the AzMan framework? It is general purpose application
    > level authorization framework that allows you to program very granular
    > authorization logic into your applications. It is not coupled to the UI
    > in any way, so you would need to implement those bindings yourself but it
    > is a generally useful way to consider implementing this type of logic.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > "Søren D" <> wrote in message
    > news:...
    >>I am looking for good practices for allowing certain user roles to see but
    >>but update. For instance a user may have access to a certain updateable
    >>grid but are only allowed to view.
    >>
    >> The far most elegant way would of course be to remove the
    >> edit/delete/insert links from the view, but a less elegant solution is
    >> also sufficient.
    >>
    >> Has anyone published material on the subject or does anyone in here have
    >> some elegant ideas?
    >>
    >> TIA,
    >>
    >> /Soeren

    >
     
    Søren D, Apr 7, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. dw

    Fine-grained access control

    dw, May 19, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    452
  2. Guest
    Replies:
    4
    Views:
    556
    Brock Allen
    Aug 3, 2005
  3. Elhanan
    Replies:
    0
    Views:
    379
    Elhanan
    Mar 5, 2006
  4. Søren D
    Replies:
    2
    Views:
    357
    Søren D
    Apr 7, 2009
  5. Gully Foyle

    Fine Grained Security in Ruby 2.0?

    Gully Foyle, Jul 18, 2004, in forum: Ruby
    Replies:
    3
    Views:
    139
    Yukihiro Matsumoto
    Jul 18, 2004
Loading...

Share This Page