Re: My own security subsystem
From: Brad M. (take_this_out.officespace@shaw.ca)
Date: 07/01/02
- Next message: Morris Lewis: "Re: Can web site data be protected from access by the webmasters?"
- Previous message: Morris Lewis: "Re: To deteremine NT logins + Sql Logins with sa + dbo + prviliges"
- In reply to: Bottomless Pit: "Re: My own security subsystem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brad M." <take_this_out.officespace@shaw.ca> Date: Sun, 30 Jun 2002 22:45:53 -0600
Yes, I want to develop a routine in my VB app that is something like
IsAllowed() (not a procedure I know, just the name I am going to use) that
will look in the permissions table and match the sql login with the
'permissions' in the profile, and if the query returns a value such as 2,
and 3 is required to open the form, then it will return an 'Access Denied'
to the user and not open the form.
Best Regards,
Brad
"Bottomless Pit" <pauldurdin@iee.org> wrote in message
news:OBXt5DBHCHA.2212@tkmsftngp12...
> I guess tou could use the uid fom the sysusers table in another table to
> record your own permissions system - is this what you mean?
>
> I've not got down this root - yet- because i didnt fully understand the
> system tables and was concerned that they might vary between versions of
SQL
> Server.
>
> --
> regards,
>
> Paul Durdin
> Taradata Ltd
>
> "Brad M." <take_this_out.officespace@shaw.ca> wrote in message
> news:OqnYkw8GCHA.2648@tkmsftngp11...
> > This would work, except for the fact that I can't use NT domain groups.
> > This application is used on NT workstations using a generic id and
> password.
> > Thus, the application itself needs to be able to provide authentication,
> > RBAC, and auditing. But is it possible to associate a profiles table to
> SQL
> > logins?
> >
> > Best Regards,
> > Brad
> >
> > "Bottomless Pit" <pauldurdin@iee.org> wrote in message
> > news:#bYtGV4GCHA.368@tkmsftngp13...
> > > i'm using application roles to achieve this and using NT domain groups
> to
> > > determine what functionality to give a user, but it dosnt do
everything
> so
> > i
> > > have another permissions table that determines in detail what users
can
> do
> > > within the program. I also have a users table and use this to identify
a
> > > persons activity in a history table.
> > >
> > > --
> > > regards,
> > >
> > > Paul Durdin
> > > Taradata Ltd
> > >
> > >
> > > "Brad M." <take_this_out.officespace@shaw.ca> wrote in message
> > > news:eyxC56xGCHA.2888@tkmsftngp10...
> > > > Here is my current situation:
> > > >
> > > > I use a table (userdata) in a database called login to manage my
user
> > > > accounts for my application. However, to access this table and run
my
> > > query
> > > > to validate the 'account' (a row in the table), I have to be
connected
> > to
> > > > SQL Server. I have accomplished this by adding a user called
> 'Logins'.
> > > The
> > > > problem with this is that the login is generic - all users of the
> > > > application sign into the server with it, and this doesn't do much
for
> > > > security (auditing most notably).
> > > >
> > > > The reason why I use the table method is because I have to design my
> own
> > > > RBAC for the server. Users have a profile with their account.
There
> > are
> > > > three profiles: Regular, Audit and System. These profiles have
> > functions
> > > > that are automatic to them, meaning:
> > > >
> > > > A user with a Regular profile can query and add data to the system,
> but
> > > > can't view logs, print usage reports or do any system management
> > functions
> > > > A user with an Audit profile can do all of the above, except cannot
> > > perform
> > > > any system management functions
> > > > A user with an System profile can perform every function in the
system
> > > > (These are very short descriptions, there are many more)
> > > >
> > > > Here's what I'd like:
> > > >
> > > > A user has an ACTUAL SQL login, instead of the generic login looking
> in
> > a
> > > > table thing. But I want to associate my custom profiles with these
> SQL
> > > > accounts. Meaning, I can track usage of the system because each
user
> > has
> > > > their own sql login, but they also have a profile designation, which
> > would
> > > > limit their access in the application.
> > > >
> > > > Any ideas on this?
> > > >
> > > > Best Regards,
> > > > Brad
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Morris Lewis: "Re: Can web site data be protected from access by the webmasters?"
- Previous message: Morris Lewis: "Re: To deteremine NT logins + Sql Logins with sa + dbo + prviliges"
- In reply to: Bottomless Pit: "Re: My own security subsystem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
