Hi everybody,
I am working on a small project that implements basic security (users
have to login/logout).
Only one user can be logged in at one time. I use C# and ADO.NET.
Users, passwords, accessrights to the system etc. is saved in an Access
database. Everything works fine the way security is implemented at this
point. I use an enum "AccessRight" (All, Read, Write) in my
application. Corresponding values is found in a separate table in my
database(tbl_Rights). By checking a users rights in the database and
comparing it to the enum I can enforce security within the application.
Some users can only read data not write or make changes, while others
can read and write.
What I want to be able to do is to have some sort of "dynamic"
security. Do I have to use an enum within my app like I have done? What
if I want to add another security level...then I would have to make
changes to my source code. I don't like that.
Any suggestions? Any help is appreciated.
Thanks