Re: Role-Based hierarchical model advice

From: VSK (vskacct@hotmail.com)
Date: 09/27/02 

From: "VSK" <vskacct@hotmail.com>
Date: Fri, 27 Sep 2002 15:02:13 -0400

In fifth Chapter of ASP.NET Website programming by Marco and Kevin has provided a sample database design for security scenario.
That may help u...

-VSK
  "NeverStill" <sklett_2000_NoSpizay@yahoo.com> wrote in message news:OnaNELcZCHA.1688@tkmsftngp09...
  Hello,

  I've been assigned my first security task for a web application, here are the main facts:
    a.. Small scale, asp.net web application
    b.. Forms Authentication
    c.. Validating credentials against SQL server
    d.. SSL - not that it matters, but just in case

  From my initial research, it looks like what we want to go with is Role-Based (RBAC) security and simply assign the different user to 1 or many roles.

  I'm having a hard time getting my head around the best way to setup everything, I think what would help is advice on the best way to construct the database in regards to the roles. Would I need to create a many-to-many table for every item that I want to secure so that I can manage the roles? That would be a lot of work.

  Also, if I wanted to make a role type: "Power User" inherit the roles: "User", "Guest", etc, how could I structure things so that?? I know these kinds of questions are annoying, I'm not looking for someone to hold my hand through this, I would just like some pointers or even links to articles that might be informative. ANY help would be greatly appreciated, I'm pretty lost on this ;)

  TIA-

  Steve

Quantcast