best practice for role-based security

From: Frank J (FrankJ_at_discussions.microsoft.com)
Date: 06/16/04


Date: Wed, 16 Jun 2004 11:11:50 -0700

We are design an intranet web application backed by centralized SQL DB.

After user login, depending on the deptartment, role(manager, employee, data operator) web page will show/or not show certain sections.

Most important, within one page, based on the role of login-user, some functions will hide/show from the user. For example, an account dept. employee shouldn't see client login password, while customer service cannot delete client account. i.e. for a simple page like client info, there will be so many variants. How can I avoid creating redundent user interface for a same information?

I believe this is an common issue and am looking for best practices. How do I get started? Is there any whitepaper or sample available?



Relevant Pages

  • Best practice for role-based security
    ... We are design an intranet web application backed by centralized SQL DB. ... After user login, depending on the deptartment, role(manager, employee, data operator) web page will show/or not show certain sections. ...
    (microsoft.public.dotnet.security)
  • General Best Practice for role-based security
    ... We are design an intranet web application backed by centralized SQL DB. ... After user login, depending on the deptartment, role(manager, employee, data operator) web page will show/or not show certain sections. ...
    (microsoft.public.dotnet.security)
  • best practice for role-based security
    ... We are design an intranet web application backed by centralized SQL DB. ... After user login, depending on the deptartment, role(manager, employee, data operator) web page will show/or not show certain sections. ...
    (microsoft.public.dotnet.security)