Any thoughts?
BACKROUND:
Thirty-five thousand clients doubling yearly over next few years.
These clients are assigned to reps.
These reps are assigned to assistants.
A rep's data-access is limited to their own clients only.
An assistant's data-access is limited to their own rep's clients only.
App relates a dozen or so different child tables to the client table(s).
App has roughly one hundred thirty different modules and/or reports.
App data will eventually scale to a SQL/remote data server.
Users will access system via winframe initially and then via a browser.
Users will run both single client and multi-client queries/updates.
The developer (me) is new to vfp and is converting a legacy system.
App under dev with vfp6, vfe6, stonefield, xcase.
========
ISSUE: Security Design
Two approaches come to mind, I am posting for additional insight
and/or alternatives.
========
Approach one: Build a valid-client view on app login for the user
Containing all appropriate accounts ids. Potentially including
common header information in that view.
Advantage: less constraints and code overhead throughout entire app,
quicker lookups and direct selects on parent and children.
Disadvantage: scaling with respect to app startup overhead
(Data-over-wire and init time).
Minor: user will need to refresh for newly qualifying clients.
=========
Approach two: Access validates via an object each time a new account
is referenced and dynamically store valid-accounts for the session.
If the account hasn’t been validated it will require a client lookup
to ascertain rep and an assistant lookup to ascertain access to that
rep's clients.
Advantage: scaling, quicker app startup (data-over-wire and init-time).
Disadvantage: code that is more complex throughout, with more overhead
in individual operations and mass processing.
Minor: User will NOT typically access all accounts in a session.
===========
I have been lurking on the UT for several months now and using the
search engine to answer the majority of my questions.
Since I have no inclination to worsen the signal-to-noise ratio I've
waited until this first post to toss in: The PUTM/VFP Forum has proven
well worth my time and is a source of not only knowledge but also enjoyment.
============
SHAMELESS PLUG: EMAIL your orders for the Jim Booth action figure with
twistable nipple ring and ceramic ale stein. Quantities limited.