Tutorial - Advanced Security - User ID Security In this tutorial we will show you how to setup User ID Advanced Security Access in ASP.NET Maker. We will use the demo database for demonstration. User ID The "Employees" table and "Orders" table in the demo database will be used in this example. Fields in Table "Employees" Fields in Table "Orders" Steps to Setup Advanced Security 1. Loading ASP.NET Maker Open ASP.NET Maker and connect to the demo database. 2. Setting up Security Click on the [Security] tab, there are two sections for the login process: Administrator Login Use Existing Table To set up the user ID, click on the [Advanced] button. A popup window will appear. 3. Setting up User Access Own Data You can set up the [User ID] Field and [Parent User ID] as follow: As the caption suggests, the User ID Field is a field to identify users. The field values for each user must be unique. So typically the primary key of the User Table is used as User ID Field. To identify the records owned by a user, the records must also have a field to store the User ID value. Therefore, all protected tables must have an User ID field, the field names can be different though. To setup User Data for different tables/views, click on "Tables" in the Database pane. The Tables Setup Page will then be displayed on the right pane. In the "User ID Field" column, select the "User ID Field" for the tables/views that requires User Data security.
[Parent User ID] field stores the parent User ID that the user belongs to. For example, a parent user can be the manager that the employee reports to. You can select an Parent User ID for users so the parent user can modify the child users' records as his/her own. (otherwise the feature is disabled)
In this example, we set the Parent User ID Field as the "ReportsTo" field. Click the [Generate] button and ASP.NET Maker will generate the required ASP.NET scripts automatically. 5. Running the ASP.NET Programs Login as employee #1 using "nancy" and user name and "1234" as password. Go to the "Orders" table. As we have used User ID security for the table,
although we can still view all the records, we can only modify employee #1 (nancy)'s records. If you now log out and login again as employee #3 using "janet" as user name and "1234" as password, you can only modify employee #3 (janet)'s records:
But if you now logout and login again as employee #2 using "andrew" as user name and "1234" as password, you can only access employee #1(nancy), #3(janet), #4(margaret), #5(steven) and #8(laura)'s records because "andrew" is the parent user of them, all these users report to "andrew".
Note: There are two types of Advanced Security implemented in ASP.NET Maker - User ID Security and User Level Security. User ID Security secures data at record level and User Level Security secures data at table level. They can work independently or work together. See the following tutorials on User Level Security also. Also see: Advanced Security - Static User Level Security
|
©2004-2011 e.World Technology Ltd. All rights reserved. |