Re: Mapping AZMAN to our existing security Design, Scenario?

AzMan verifications take place only at the operation level. One could
certainly write custom code to perform task-level verifications, which would
usually represent a verification of all operations in the task and any
subtasks (recursively). In your case, however, it might be that a menu
should be displayed/enabled if the user has rights to any operation under
the menu-level task. The code for this would be similar, verifying whether
any operation is allowed rather than whether all operations are allowed.



"Vijay Varma" <dotnetvarma@xxxxxxxxxxxx(donotspam)> wrote in message
news:43562FB8-DA1C-4E6D-ABDD-3D836C6C817D@xxxxxxxxxxxxxxxx
Hi,
Our applications are running under visual basic 6 and SQL Server.Security
for these applications like user,roles,groups and object permissions are
been
stored in sqlserver and checked through the application.We have our
dynamic
menu which is been stored in SQL Server and displayed dynamically based on
our roles and groups.

The above design was so cluttered and confusing if we need to create a new
application and design a menu or access control for the application it is
becoming complex.When my manager spoke to microsoft team,they have
suggested
AZMAN for this...


I have started converting our existing security design into new role based
authorization using AZMAN....I have created all the parent menus as tasks
and
submenus as operations in AZMAN as XML store.I have defined groups,roles
and
assigned users also.

When i access the store,get the client security context and then trying to
check whether the user role has access to particulat task or not.but i
could
not able to check,bcos it allows only role checking at operation
level......


Is there any way to check the task before checking the access level for
operations...If so could some body let me know,how to do that....

Regards
varma

--
Vijay Varma
Programmer Analyst


.