Fine grained security (view but not update)

Discussion in 'ASP .Net Security' started by Søren D, Apr 6, 2009.

  1. Søren D

    Søren D Guest

    I am looking for good practices for allowing certain user roles to see but
    but update. For instance a user may have access to a certain updateable grid
    but are only allowed to view.

    The far most elegant way would of course be to remove the edit/delete/insert
    links from the view, but a less elegant solution is also sufficient.

    Has anyone published material on the subject or does anyone in here have
    some elegant ideas?

    TIA,

    /Soeren
     
    Søren D, Apr 6, 2009
    #1
    1. Advertisements

  2. Søren D

    Joe Kaplan Guest

    Have you looked at the AzMan framework? It is general purpose application
    level authorization framework that allows you to program very granular
    authorization logic into your applications. It is not coupled to the UI in
    any way, so you would need to implement those bindings yourself but it is a
    generally useful way to consider implementing this type of logic.
     
    Joe Kaplan, Apr 6, 2009
    #2
    1. Advertisements

  3. Søren D

    Søren D Guest

    Thanks for your reply, but I am actually looking for the practical approach
    to coupling with UI and database

    /Soeren
     
    Søren D, Apr 7, 2009
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.