A little background first.. I'm working from home.. no real team to bounce
ideas off of, so you guys are it.
I'm working on an app SQL2k / ASP Classic, the quick and dirty is there is a
"worklist" of items for users to fix items so that the bill can be payed,
and there are also a series of reports. All items are grouped into 1 of 12
categories. Users are members of one of those 12 groups (categories).
A users worklist can be "filtered" by an admin based on location, bill
amount, first letter of payee's last name etc. Individual report access is
also limited based on user rights.
So.. how to maintain user security. A couple of ideas..
When a user logs in.. put a bunch of stuff into session variables that I can
then access as needed.
Second idea is to put just the logged in userID into a session variable, and
then call an SP or a function to check security as needed.
Third idea is to load up an array on login, stuff it on the session, call a
function on the page(s) as needed to check for appropriate rights
Last.. stuff some security info into a user specific Application var, and
call that as needed.. and then kill it on logout
Thanks for reading.. any thoughts on which may work better? Or a better
solution perhaps?
Thanks!
