Re: Role based security - where are permissions/operations ?
From: A Mackie (andrew_at_mackie14.freeserve.co.uk)
Date: Thu, 21 Oct 2004 07:48:43 -0700
Joe Kaplan (MVP - ADSI) wrote:
> It sounds like the storage of the data is still your biggest issue. Perhaps
> using ADAM would work if AD isn't available though. It is free to
> redistribute with server 2K3, so perhaps you could off that as an option.
> It would make sense for AzMan to support storing the policy data in SQL
Yes, storage of data is a significant issue. ADAM might be a possibility, but SQL Server would be better.
Leaving AzMan aside, my conclusion about standard .NET "role based security" is that it isn't actually suitable for proper role based access control at all. The reasoning is that it doesn't provide a means to assign permissions/operations to user-defined roles at run-time, or allow administrators to dynamically change those role-permission assignments. Is that a valid conclusion ?