I am in need to create an aoolication with security in a group level type. Something like the Windows NT structure. Real quick the application is something like an inventory with many items. I want to set different groups can view some items and some can view/edit, and other can not do anything. Does anyone have a sample way that the database would be structured and how I would incorporate this into the cf code
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Application Security Structure Help
- Thread starter cep022
- Start date
There are two ways of doing this.
Firstly
Create tables in your db similar to
Table :: Users{
UserName[PK]
Password
Name
}
Table :: Groups{
GroupName[PK]
}
Table :: Users_Groups{
UserName[PK&&FK]
GroupName[PK&&FK]
}
Table :: Groups_Process{
GroupName[PK&&FK]
PageName[PK]
ProcessName[PK]
}
When your user logs in create a session variable
storing the primary key of the user [PK].
When the user access' a page check their permissions
by accessing the Users_Groups table and then
checking for records in the Groups_Pages_Process table.
SQL = "
SELECT * FROM Groups_Pages_Process
WHERE PageName = '#PageName#'
AND ProcessName = 'ViewProducts'
AND GroupName IN (
SELECT GroupName FROM Users_Groups
WHERE UserName = '#Session.UserName#'
)
"
This is assuming that the page is 'ViewProducts'.
If this page has a link to a page 'AddProducts'
then use this process in the top of that page but
also as an if around the link itself so anyone
without permissions wont even see the link.
After checking permissions
if the recordcount is 0 then
<cflocation url="genericnopermissions.cfm">
Secondly
I know this one works with asp but I'm not sure how
much control Coldfusion has over IIS.
Part One
Create user profiles for each user as if they
where accessing the server directly.
Part Two
Go to each file in your project and add/edit/delete
permissions for each of the users for each of the
files.
Part Three
Go into IIS and goto the permissions of the root
folder of your project by right clicking this
folder.
Click the directory security tag.
Click Edit in Anonymous access and authentication
control.
Make sure aninymous access is ticked and click Edit.
The username will probably be IUSR_MachineName.
Click Browse.
Select IWAM_MachineName.
Now when people access pages they will be hit by a
standard windows login promt. If they do not enter
the username and password from the account you set up in
Part One they will be refused entry into the page after
3 attempts. [3 failures does not lock up the account].
Hope this helps
Firstly
Create tables in your db similar to
Table :: Users{
UserName[PK]
Password
Name
}
Table :: Groups{
GroupName[PK]
}
Table :: Users_Groups{
UserName[PK&&FK]
GroupName[PK&&FK]
}
Table :: Groups_Process{
GroupName[PK&&FK]
PageName[PK]
ProcessName[PK]
}
When your user logs in create a session variable
storing the primary key of the user [PK].
When the user access' a page check their permissions
by accessing the Users_Groups table and then
checking for records in the Groups_Pages_Process table.
SQL = "
SELECT * FROM Groups_Pages_Process
WHERE PageName = '#PageName#'
AND ProcessName = 'ViewProducts'
AND GroupName IN (
SELECT GroupName FROM Users_Groups
WHERE UserName = '#Session.UserName#'
)
"
This is assuming that the page is 'ViewProducts'.
If this page has a link to a page 'AddProducts'
then use this process in the top of that page but
also as an if around the link itself so anyone
without permissions wont even see the link.
After checking permissions
if the recordcount is 0 then
<cflocation url="genericnopermissions.cfm">
Secondly
I know this one works with asp but I'm not sure how
much control Coldfusion has over IIS.
Part One
Create user profiles for each user as if they
where accessing the server directly.
Part Two
Go to each file in your project and add/edit/delete
permissions for each of the users for each of the
files.
Part Three
Go into IIS and goto the permissions of the root
folder of your project by right clicking this
folder.
Click the directory security tag.
Click Edit in Anonymous access and authentication
control.
Make sure aninymous access is ticked and click Edit.
The username will probably be IUSR_MachineName.
Click Browse.
Select IWAM_MachineName.
Now when people access pages they will be hit by a
standard windows login promt. If they do not enter
the username and password from the account you set up in
Part One they will be refused entry into the page after
3 attempts. [3 failures does not lock up the account].
Hope this helps
- Status