473,473 Members | 1,844 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

users and roles

Hi

I haven a question concerning roles and membership in asp.net 2.0. I work
for an online university, and we would like to implement role based security
for our portal. Currently our university has 11 courses, which fall in 5
semesters, and each course is then subdivived into approx 5 or more
groups, and in each group we have teachers, students, teacherAssistants. A
quick calculation can approximate that we have to create about 825 roles.
(11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles)

Of course, this is only an estimate, and we are probably going to need more
userTypes(students, teachers, teacherAssistants, headTeacherAssistant), and
create more courses(math, french,computerScience). The number of semester
might also increase if we decided to make the length of a semester shorter.
To solved this, I proposed the following idea, and would like your opinion
on this approach to see if it's viable in terms of maintenance, and fine
control over security. Each roles would have the following naming
convention.

roleName -> "<course><semester><groupName><userType>"

Here is an example of 12 roles that would be created to satisfy 2 courses
all in Fall with 2 groups in each course.

ChemistryFallGroup1Student
ChemistryFallGroup1Teacher
ChemistryFallGroup1TeacherAssistant

ChemistryFallGroup2Student
ChemistryFallGroup2Teacher
ChemistryFallGroup2TeacherAssistant

ReligionFallGroup1Student
ReligionFallGroup1Teacher
ReligionFallGroup1TeacherAssistant

ReligionFallGroup2Student
ReligionFallGroup2Teacher
ReligionFallGroup2TeacherAssistant

My quesiton is the following, Is this a bad way to organize roles for this
type of portal. Also, is there an alternative way to do this do this kind of
roles based security. By alternative, I mean creating a custom RoleProvider,
and adding a groupID column. That way in the aspnet_UsersInRoles table we
would have the following columns.
(UserId | RoleId | GroupID). Is this second approach going to lead to a lot
of problems down the road, and will it require a lot of work? Will this mean
we would have to rewrite a lot of controls that work with the
SqlRoleProvider, and SqlMembershipProvider. I would appreciate any feedback,
or advice. Also, if you can suggest which approach is better and why, or
suggest alternatives ways. Thank you for the time you have given this post,
and I hope to hear from you soon.

Francis



Mar 17 '06 #1
2 1074
On Fri, 17 Mar 2006 14:06:25 -0500, Francis Reed wrote:
groups, and in each group we have teachers, students, teacherAssistants. A
quick calculation can approximate that we have to create about 825 roles.
(11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles)


This seems not just silly, but completely unmanageable.

Why not simply create a role for each course, semester, group and type,
then apply the roles that apply to each user? That seems like a much
simpler approach.

Mar 18 '06 #2
Hi

Thank you for answering. I understand the idea, but what if the following
situation occurs. I have a user called bob, and I would like bob to have the
following access level.

student access for only group1 of the fall semester of the chemistry course.
(chemistry fall student group1)

teacher access for only group2 of the winter semester of the religion course.
(religion winter teacher group2)

If I create the following roles, "chemistry", "religion", "fall", "winter",
"student", "teacher", "group1", "group2", and add bob to those roles. That
would make bob both a teacher and a student, for both religion and chemistry
in both the winter and fall semesters, and he would be in group 1 and 2 for
both courses. Which is not the acess I want to give bob. One thing I want to
clearify, is that groups are subdivisions of a specific course.

So unless I'm not understanding the idea properly, I don't think it will
work. I really appreciate your advice, and would like to hear more from you.
Please feel free, and let me know if I have misunderstood the idea you are
suggesting.

Have a nice day
Francis

"Erik Funkenbusch" wrote:
On Fri, 17 Mar 2006 14:06:25 -0500, Francis Reed wrote:
groups, and in each group we have teachers, students, teacherAssistants. A
quick calculation can approximate that we have to create about 825 roles.
(11 courses * 5 Semesters * 5 groups * 3 userTypes = 825 roles)


This seems not just silly, but completely unmanageable.

Why not simply create a role for each course, semester, group and type,
then apply the roles that apply to each user? That seems like a much
simpler approach.

Mar 20 '06 #3
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
5
Report effective permissions for all users?
by: Ross Presser | last post by:
As our customers demand that we tighten our IT security in the company, I've been asked to prepare a report quarterly showing, for each user in Active directory, what his effective permissions are...
Latest Bytes
6
Asp.net runtime error - multiple users with Access Db
by: mark | last post by:
I have an asp.net ecommerce web application on a remote web server. I'm using an Access database on the back end. I've notice a few strange things. When I mimic an multiple user environment by...
Latest Bytes
1
forms authentication not making users reauthenticate
by: Travis Parrent | last post by:
I'm having a problem where my application forces the user to log on intially, but then never forces them to reauthenticate. Following is the login code currently but I've tried several different...
Latest Bytes
4
Sharing Users, but not roles between Applications
by: Francis Reed | last post by:
Hi I'm currently developping a University portal that uses single sign on between multiple applications, and I would like to store my users in one application and share them with other...
Latest Bytes
5
How to access web.config deny and allow users tag values?
by: profdotnet | last post by:
Below is the code of web.config file: <configuration> <system.web> <authentication mode="Forms" /> <authorization> <allow users="Admin"/> <deny users="Jack,Mary" /> <deny users="?">...
Latest Bytes
2
Deny acces to users that are not in any role
by: Markus Palme | last post by:
Hi NG! Is it possible to deny access to a (logged in) user that is not in any role? Placeholders like <deny roles="?"/don't seem to be possible. Regards Markus <location...
Latest Bytes
0
ASP.NET 2.0 Authorization based on Combination of Allow/Deny Users/Roles.
by: Douglas J. Badin | last post by:
Hi, The problem with Authorization is it stops at the first match and doesn't permit Grouping. On the Web Site, I am trying to Secure Page Access and SiteNaviagation by implementing the...
Latest Bytes
6
Using Windows Authentication in ASP.NET - Adding properties to users
by: Matt Adamson | last post by:
Guys, I'm unsure how to use windows authentication in an intranet application. I'd like to user existing windows account to identify users however the issue I have is how to then add settings to...
Latest Bytes
3
Membership API Controls - Manage Roles and Users
by: Steven Nagy | last post by:
Hi all, I'm getting across the membership API stuff. However it seems that we would have benefitted from some extra controls for "Manage Users" and "Manage Roles". Is there some additional...
Latest Bytes
5
How to Get Number of Users in Membership Role
by: Jonathan Wood | last post by:
Greetings, I'm using ASP.NET membership and I'd like to query the number of users in a particular role. I don't want the overhead of returning a dataset and then getting the number of items...
Latest Bytes
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us