Security - Securing Certain records from users

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Security - Securing Certain records from users

Message

13/11/1998 13:44:11

Erik Moore
EKraft
Austin, Texas, États-Unis

13/11/1998 08:20:55

April Spontak
General Systems Services
Pittsburgh, Pennsylvanie, États-Unis

Information générale

Forum:

Visual FoxPro

Catégorie:

Autre

Titre:

Re: Security - Securing Certain records from users

Divers

Thread ID:

00157351

Message ID:

00157489

Vues:

>We are developing an HR system for a client. They want to specify in the operator/user security section what regions an operator/user can see/edit/add to. Also, they want to designate which departments an operator/user can have access to. We are going to use VFP6.0 along with SQL Server 6.5 or 7.0 when ready. Anyone have any ideas? I am thinking this sophistication will be costly for them. BTW, our security module is modeled similar to Les Pinter's shareware version that is out on this site.
>
>Thanks in advance!
>Mike Thomas, General Systems Sevices -- Pittsburgh PA

I am not familiar with Les Pinter's security framework, but have developed my own...

Any security framework worth its salt should be able to handle this. Here's a 1 minute synopsis of what mne does:

I have a users table, a modules table and an intersection table called useraccess that contains a username, security module, and access level for every instance of access to be granted.

User logs in, username is stored to property of the application object.

Any object, program, or menu item that needs to be secure makes a call to the global security object to check rights for the current user.

For example, a menu item would have something like the following in the skipfor clause:

goSecure.CheckLevel('Accounting') < 1

the security object's checklevel method looks up the user name in the goApp object, looks for a record in the useraccess table that contains the username in the user field, and 'Accounting' in the module field, and if it exists, returns the access level. If it doesd not exist, it returns 0.

the base level form class has a property called SecureModule that contains the name of the module the user must have access to to open/read/write/delete in that form.

In the form's init method htere is code like

IF !EMPTY(THIS.SecureModule') AND TYPE('goSecure.Name') = "C"
   lnsecureLevel = goSecure.CheckLevel(THIS.SecureModule)
   IF lnSecureLevel < 1
      RETURN .F.
   ENDIF
ENDIF

All data entry controls have SecureModule properties as well, so they can be individually secured (this is an excellent place to use extended database information like in dbcx or dbcx2, but I have yet to implement that)

control.init

IF !EMPTY(THIS.SecureModule') AND TYPE('goSecure.Name') = "C"
   lnsecureLevel = goSecure.CheckLevel(THIS.SecureModule)
   lnsecureLevel = goSecure.CheckLevel(THIS.SecureModule)
   IF lnSecureLevel < 2
      THIS.Readonly = .T.
   ENDIF
   IF lnSecureLevel < 1
      THIS.Visible = .F.
   ENDIF
ENDIF

I hope I was close to target with the kind of information you were looking for... let me know if I can offer you any more details, or if I just wasted 3 minutes of your life... :)

Erik Moore
Clientelligence

Répondre

Fil

Voir

Click here to load this message in the networking platform