469,086 Members | 1,247 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,086 developers. It's quick & easy.

users and roles

Hi

I haven a question concerning roles and membership in asp.net 2.0. I work
for an online university, and we would like to implement role based security
for our portal. Currently our university has 11 courses, which fall in 5
semesters, and each course is then subdivived into approx 5 or more
groups, and in each group we have teachers, students, teacherAssistants. A
quick calculation can approximate that we have to create about 825 roles.
(11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles)

Of course, this is only an estimate, and we are probably going to need more
userTypes(students, teachers, teacherAssistants, headTeacherAssistant), and
create more courses(math, french,computerScience). The number of semester
might also increase if we decided to make the length of a semester shorter.
To solved this, I proposed the following idea, and would like your opinion
on this approach to see if it's viable in terms of maintenance, and fine
control over security. Each roles would have the following naming
convention.

roleName -> "<course><semester><groupName><userType>"

Here is an example of 12 roles that would be created to satisfy 2 courses
all in Fall with 2 groups in each course.

ChemistryFallGroup1Student
ChemistryFallGroup1Teacher
ChemistryFallGroup1TeacherAssistant

ChemistryFallGroup2Student
ChemistryFallGroup2Teacher
ChemistryFallGroup2TeacherAssistant

ReligionFallGroup1Student
ReligionFallGroup1Teacher
ReligionFallGroup1TeacherAssistant

ReligionFallGroup2Student
ReligionFallGroup2Teacher
ReligionFallGroup2TeacherAssistant

My quesiton is the following, Is this a bad way to organize roles for this
type of portal. Also, is there an alternative way to do this do this kind of
roles based security. By alternative, I mean creating a custom RoleProvider,
and adding a groupID column. That way in the aspnet_UsersInRoles table we
would have the following columns.
(UserId | RoleId | GroupID). Is this second approach going to lead to a lot
of problems down the road, and will it require a lot of work? Will this mean
we would have to rewrite a lot of controls that work with the
SqlRoleProvider, and SqlMembershipProvider. I would appreciate any feedback,
or advice. Also, if you can suggest which approach is better and why, or
suggest alternatives ways. Thank you for the time you have given this post,
and I hope to hear from you soon.

Francis



Mar 17 '06 #1
2 954
On Fri, 17 Mar 2006 14:06:25 -0500, Francis Reed wrote:
groups, and in each group we have teachers, students, teacherAssistants. A
quick calculation can approximate that we have to create about 825 roles.
(11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles)


This seems not just silly, but completely unmanageable.

Why not simply create a role for each course, semester, group and type,
then apply the roles that apply to each user? That seems like a much
simpler approach.

Mar 18 '06 #2
Hi

Thank you for answering. I understand the idea, but what if the following
situation occurs. I have a user called bob, and I would like bob to have the
following access level.

student access for only group1 of the fall semester of the chemistry course.
(chemistry fall student group1)

teacher access for only group2 of the winter semester of the religion course.
(religion winter teacher group2)

If I create the following roles, "chemistry", "religion", "fall", "winter",
"student", "teacher", "group1", "group2", and add bob to those roles. That
would make bob both a teacher and a student, for both religion and chemistry
in both the winter and fall semesters, and he would be in group 1 and 2 for
both courses. Which is not the acess I want to give bob. One thing I want to
clearify, is that groups are subdivisions of a specific course.

So unless I'm not understanding the idea properly, I don't think it will
work. I really appreciate your advice, and would like to hear more from you.
Please feel free, and let me know if I have misunderstood the idea you are
suggesting.

Have a nice day
Francis

"Erik Funkenbusch" wrote:
On Fri, 17 Mar 2006 14:06:25 -0500, Francis Reed wrote:
groups, and in each group we have teachers, students, teacherAssistants. A
quick calculation can approximate that we have to create about 825 roles.
(11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles)


This seems not just silly, but completely unmanageable.

Why not simply create a role for each course, semester, group and type,
then apply the roles that apply to each user? That seems like a much
simpler approach.

Mar 20 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Travis Parrent | last post: by
4 posts views Thread by Francis Reed | last post: by
2 posts views Thread by Markus Palme | last post: by
3 posts views Thread by Steven Nagy | last post: by
5 posts views Thread by Jonathan Wood | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by kglaser89 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.