Jassim Rahma wrote:
I have an application in C# and I want to assign rights based on the user
login. I have users table in the database and I wnat to know what is the
best way to manage the user rights?
Hi,
There are generally two basic approaches to this, capabilities and
access-control. Depending on your application, you need to decide which
way to go about this. Both of these approaches are inherently the same;
it's a way of deciding if an operation (i.e. performed by a user) is
allowed. But they differ on how the users rights are mapped to
resources/operations.
Using capabilities, when an operation is performed the program will check
the *user* and see if he has rights to perform the operation. Using
access-control, the program will check the *resource* and see if the user
has access.
So, capabilities is a list of rights a user has:
U1: {(R1,read), (R1,write), (R2,read)}
U2: {(R1,read)}
U3: {(R2,delete),(R3,read), (R3,write)}
And access control is a list of users who have access to a resource:
R1: {(U1, read), (U1, write), (U2, read)}
R2: {(U1,read), (U3,delete)}
R3: {(U3,read), (U3,write)}
Once you've decided how you want to approach this, the database relations
generally come naturally.
Once you have the relations, you can easily query the database based on how
you want to check permissions.
--
Tom Spink
University of Edinburgh