>I think you may be confusing "Role" with "Group". For instance, in SQL Server you have Users, Groups, and Roles. Roles would be "AcctBalanceReader", "DepositEnterer", "WithdrawalApprover", etc...
>Contrasted with groups such as "Managers" -> "Supervisors" -> "Tellers".
>A member of the Managers group would also be a member of Supervisors and Tellers. Groups are hierarchal. Roles are flat.
There's no such thing as 'Groups' in SQL server 2000, just Users and Roles. However, a Windows 'Group' can be a user in SQL server, but the concept of 'group' is a windows server/domain entity. From the SQL BOL:
Groups
There are no groups in Microsoft® SQL Server™ 2000 or SQL Server version 7.0. You can, however, manage SQL Server security at the level of an entire Microsoft Windows NT® or Microsoft Windows® 2000 group.
Also, in SQL server ROLES can be hierarchal, you can assign a ROLE to a ROLE.
In .Net the only items the security knows is User (Identity) and Roles (Principal). It has no concept of "groups" either.
>The Principal class allows you to store all of the roles that a Group (and by inference, a User) is a member of in an array of strings. So a User/Group can have many roles and code-access security is designed around a User/Group performing many roles.
Exactally, which leads to my question which is about creating PrincipalPermission objects. For example, in code I could do:
If (User.IsInRole("Function Specific") or User.IsInRole("Administrator"))
blah blah blah
But, if I want to use permission attributes how would I do the above? That is my quesion? So, this isn't about the user, it's about the secured item. I can't seem to find this documentated.
BOb
Previous
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only