J
Jéjé
Hi,
I'm looking for some sample to implement an item level security system in my
Web application.
My users can create & manage project.
The company has some organizationnal units.
Each unit can create/manage projects.
Today the security is set at the "system" level, I mean if a user can create
a project he can (using roles defined at the web site level).
But I want to add some restrictions:
* A user can create a project for any organizationnal units if he's a
"system project user"
* A user can create a project for 1 organization if he's member of
"organization XXX project user"
* A user can create a project for 1 organization AND any child OU if he's
member of "organization XXX project user" (which as children OU)
* A user can manage a project if he's the owner of the project, or if he's
an "organization XXX project user" member (or parent OU member) or a member
of the "system project user"
its an ASP.Net V2 application.
So, when I display a project, I want to hide some edit buttons if the user
is not authorized to edit the project.
So, What is the better way to implement this security model?
thanks for your guides.
Jerome.
I'm looking for some sample to implement an item level security system in my
Web application.
My users can create & manage project.
The company has some organizationnal units.
Each unit can create/manage projects.
Today the security is set at the "system" level, I mean if a user can create
a project he can (using roles defined at the web site level).
But I want to add some restrictions:
* A user can create a project for any organizationnal units if he's a
"system project user"
* A user can create a project for 1 organization if he's member of
"organization XXX project user"
* A user can create a project for 1 organization AND any child OU if he's
member of "organization XXX project user" (which as children OU)
* A user can manage a project if he's the owner of the project, or if he's
an "organization XXX project user" member (or parent OU member) or a member
of the "system project user"
its an ASP.Net V2 application.
So, when I display a project, I want to hide some edit buttons if the user
is not authorized to edit the project.
So, What is the better way to implement this security model?
thanks for your guides.
Jerome.