Security and Audit functionality
From: MattC (m_at_m.com)
Date: 05/25/04
- Next message: sri: "RSA encryption using javascript"
- Previous message: Ken Schaefer: "Re: Machine.Config -- ProcessModel vs Impersonation"
- Next in thread: Raymond Lewallen: "Re: Security and Audit functionality"
- Reply: Raymond Lewallen: "Re: Security and Audit functionality"
- Reply: Prodip Saha: "Re: Security and Audit functionality"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 May 2004 11:09:18 +0100
Hi,
I have a requirement that security be devised at page level, I'm am also
required to keep an audit trail of who performed what action, when and what
on.
My current solution is as follows:
Create 5 DB tables: Users, SecurityProfiles, SystemTasks, TasksProfileLinks,
Audit.
For this to work each user is given a securityprofileID, a security profile
is told which SystemTasks can be performed (via the TasksProfileLinks
table). As each ASPX page loads it will have hardcoded the name of the
Systemtasks it is designed to perform. It will then take the current
sessions SecurityProfileID and determine if this user is allowed to view the
page, if not then a redirect takes place and the UserID, SystemTask,
DateTime are entered into the audit table.
Although this would work, it does require that each page knows ahead of time
what its SystemTask name is.
Has anyone done something similar to this before and have a better
implementation.
Thanx in advance.
Matt
- Next message: sri: "RSA encryption using javascript"
- Previous message: Ken Schaefer: "Re: Machine.Config -- ProcessModel vs Impersonation"
- Next in thread: Raymond Lewallen: "Re: Security and Audit functionality"
- Reply: Raymond Lewallen: "Re: Security and Audit functionality"
- Reply: Prodip Saha: "Re: Security and Audit functionality"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
