* * * C# Application and Database Security Model * * *

I'm building a new C# web application that will provide my company
some administrative operations that were previously only completed
by tweaking the data in the database.

1. Encrypted password authentication
2. "Group" level permissions that allow permission overrides for specific
users
3. Ability to set permissions to view, edit, and read only - by user or
role.
4. Ability to set permissions based on data - certain users can only see
their related data
5. User based tracking - need to track what data has changed, and when, and
by what user

Example:

Security Roles:
Role A
Role B

Users:
User A
User B

End Result:
- We need to authenticate and allow access to the application to
both User A and User B.

- User A and User B are both company employees, but the operations
and data they have access to may be different.

- User A is in Role A, and User B is in Role B.

- Role B has access to their own operations, but also
has access to some of the same operations as Role A.

- User B/Role B can only see Data B (data specific to this users customers).

- User A/Role A can only see Data A (same as above) - BUT due to User A's
position in the company, they are also able to view User B customer data.

We are trying to utilize an "off the shelf" app like Authorization Manger
with
Windows 2003, or something similar like Impersonation and Delegation.

We are currently using a fairly simple database driven security model that
has
group level permissions, but we now have grown in size and have different
offices/IT departments, and we need an Enterprise level solution to be used
in all IT departments.

{ } Does anyone know if Authorization Manger, or another off the shelf
solution can do this?

{ } Has anyone had the same requirements and built their own component to
handle this?
If so, are you willing to share the architecture?

{ } Does anyone have any information that can point me in the right
direction?

Thanks

--Brian A


.

Relevant Pages

  • Re: List Users Permissions down to table.column action
    ... THIS STORED PROCEDURE GENERATES COMMANDS ... -- FIXED PROBLEMS WITH STATEMENT LEVEL PERMISSIONS GRANTING. ... -- CREATE TABLE TO HOLD LIST OF USERS IN CURRENT DATABASE ... -- GRANT USER ACCESS TO SERVER ROLES ...
    (microsoft.public.sqlserver.security)
  • Re: User access on a company intranet
    ... Yes they need full permissions on the folder where the backend is. ... You wouldn't need to do this in your copy of the database. ... However you can toggle the shiftkey bypass from another mdb file. ... When you want to implement security, you create a new mdw file, ...
    (microsoft.public.access.security)
  • Re: Active directory corruption
    ... During an installation of PHP I accidentally changed permissions for the ... Active Directory database is unavailable because it is damaged, ... Open a command prompt and run NTDSUTIL to verify the paths for the ...
    (microsoft.public.windows.server.sbs)
  • Re: Active directory corruption
    ... default web site and copied the permissions to all the child ... as it may not be the database that is the problem. ... prompt, use the ESENTUTL to check the integrity of the database. ... To recover the database type the following at the command prompt: ...
    (microsoft.public.windows.server.sbs)
  • Problem is w/ .ADP..Re: SQL db Permissions for users not working
    ... You do not have SELECT permissions on the ... SysObjects system table in the database. ... figured out that qualifying the database owner (dbo in my ... >> I feel that the object owner is not dbo, ...
    (microsoft.public.sqlserver.security)