Fine grained security (view but not update)

S

Søren D

I am looking for good practices for allowing certain user roles to see but
but update. For instance a user may have access to a certain updateable grid
but are only allowed to view.

The far most elegant way would of course be to remove the edit/delete/insert
links from the view, but a less elegant solution is also sufficient.

Has anyone published material on the subject or does anyone in here have
some elegant ideas?

TIA,

/Soeren
 
J

Joe Kaplan

Have you looked at the AzMan framework? It is general purpose application
level authorization framework that allows you to program very granular
authorization logic into your applications. It is not coupled to the UI in
any way, so you would need to implement those bindings yourself but it is a
generally useful way to consider implementing this type of logic.
 
S

Søren D

Thanks for your reply, but I am actually looking for the practical approach
to coupling with UI and database

/Soeren
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
474,163
Messages
2,570,898
Members
47,437
Latest member
zillerehman

Latest Threads

Top