L
Liet Kynes
I'm new to the .NET security framework, and I pose the following questions:
1) According to the documentation I've read .NET is promoting a role-based
security model centered around IPrincipal. What about granular user-based
security requirements? For example: I'm building a file repository app that
allows users to upload files to the application and share them with specific
users and groups/roles. Suppose we have three roles (officer, manager, and
employee). An officer uploads a sensitive document to which only officers
are privy...with the exception of a single manager. This manager cannot
simply be moved into the officer role, since he should not be privy to all
files that officers can see. Is this a scenario that can be supported by the
..NET Security model, or will I have to "roll my own" permissioning framework
for this? It seems to me that each file would have to have its own ACL that
contained roles and users.
2) Is the concept of role hierarchies supported? Extending the example
above, officers should be able to see all files, managers see a subset(s),
and employees see a subset(s) of that. Is this supported, or do I have to
explicity call .IsInRole for every group individually?
I'd appreciate any insight or pointers to more resources.
Liet
1) According to the documentation I've read .NET is promoting a role-based
security model centered around IPrincipal. What about granular user-based
security requirements? For example: I'm building a file repository app that
allows users to upload files to the application and share them with specific
users and groups/roles. Suppose we have three roles (officer, manager, and
employee). An officer uploads a sensitive document to which only officers
are privy...with the exception of a single manager. This manager cannot
simply be moved into the officer role, since he should not be privy to all
files that officers can see. Is this a scenario that can be supported by the
..NET Security model, or will I have to "roll my own" permissioning framework
for this? It seems to me that each file would have to have its own ACL that
contained roles and users.
2) Is the concept of role hierarchies supported? Extending the example
above, officers should be able to see all files, managers see a subset(s),
and employees see a subset(s) of that. Is this supported, or do I have to
explicity call .IsInRole for every group individually?
I'd appreciate any insight or pointers to more resources.
Liet