Hello Everyone,

I writing a asp.net web application and I’m trying to figure out the best way of implementing the users and roles.

The application allows a user to log in (using the role of ‘submitter’) and submit an idea or comments. After the user has submitted their idea, an evaluator (using role ‘evaluator’) evaluates the idea. The role of a submitter can not access and/or edit someone else’s idea but there own. An evaluator can only evaluate ideas in his/her department. In other words the level of access a user has is highly dependant on business logic. Performing the business logic is not a problem. I’m wondering what is the best way to “temporally” give a user greater or lesser access. Can I temporally assign an additional role to a user. What I have in mind is creating a couple of ‘submitter’ roles. One role only has read access and the other has edit access. If the idea was submitted by the current user, temporally give them the role with edit privileges, when the user leaves the page, remove that privilege.
Will MM allow me to change a user’s roles at runtime with out making the changes to the database? If the answer is yes, could you provide an example of how to do this?

The reason I would like to use roles is the customer can still easily modify the access privileges to the controls on the page allowing them to customize the roles to their needs.

If there is a better way of combining business logic with security, please feel free to share your ideas.

Any comments or suggestions would be greatly appreciated.
-Douglas Hammon