James Haskell
|
| Posted: 02/01/2005, 2:27 PM |
|
I'm looking at the viability of using CodeCharge for some of our projects, and have a general question about security. I'm not very familiar yet with CodeCharge, so please bear with me on vocabulary and descriptions.
We have a typical scenario where some users have varying access to the database. A very few people should have access to the "setup and configuration" screens or forms, whereas most people would have access to reports. There are a number of additional screens that will have varying access depending on a user's role...
How difficult is it to have a user log in, and then display a standard, "menu" web page that has various links either active or disabled / not visible depending on their membership in various User Groups (these could be MS SQL Server roles, or some other User / UserGroup tables). Is there any of this type of security built into CodeCharge? How do CodeCharge developers typically address this issue?
Thanks very much for any assistance.
|
|
|
 |
peterr
Posts: 5971
|
| Posted: 02/01/2005, 9:56 PM |
|
Yes, this type of security is built-in. For each Web page you can setup the "Restricted" property where you specify which user groups/roles should have access to that page. Unauthorized users will be kicked back to the login page.
You can also create several includable menus and hide the ones that you don't want specific users/groups/roles to see, or you can hide individual links.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
 |
|
senpai
Posts: 1
|
| Posted: 02/03/2005, 7:56 AM |
|
I also am considering using CCS, but can't find an overview of the security model it uses. I've read the user guide about setting up project security. From that it appears each user can only be a member of 1 group (since you specify the user table and the group_id column). Is this correct ?
I have a site where the users are grouped into hundred's of groups and they all have access to the same 'members' pages, once logged in, but the data they see is restricted to that for their group. I don't want hundred's of copies of the same page,each restricted to one group. If I have one page, all users must be in this one group. How would you overcome this ?
_________________
http://www.ryoku.co.uk/
ryoku sports martial arts supplies |
|
|
|
peterr
Posts: 5971
|
| Posted: 02/03/2005, 10:38 AM |
|
The built-in security model is quite straightforward: you specify a group for each user, then you specify as many groups as you like for each page. You don't need to make copies of pages, as a page can be accessed by as many groups as specified. You can also restrict access on per-form basis, thus within a page certain forms can be hidden from various user groups.
Finally, the security in CCS is very easily extensible. Each page calls the CCSecurityAccessCheck function, which is quite simple and checks if the current user's group belongs to the groups specified for that page. I've seen developers creating their own variants of that function, so that it can handle any other types of security, including multi-group user roles and some other setup variants. At http://forums.codecharge.com/posts.php?post_id=43087 there is a small example of how to do this.
Thus I'd say that it may not even be a good idea to limit everyone to use just one security model, but go ahead and implement whichever one you need.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
|
