Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
gdeconto
Posting Yak Master
107 Posts |
 Posted - 2003-12-19 : 17:05:26
|
| I am looking at trying to figure out how to create code that would be able to scan some permissions table to determine what, if any, access a user or group has to a given resource/app/whateverI would like the system to follow the NT Permissions model in that the system would allow users/groups to inherit permissions from higher levels.say I have a system that contains tables similar to this:1. user table contains userid field2. group table contains groupid field3. group membership table contains groupid and userid fields4. user permissions table contains appid, userid, and some bitfields to describe access priviledges5. group permissions table contains appid, groupid, and some bitfields to describe access priviledgesadditional info:1. a user can belong to one or more groups2. a group can belong to one or more groups3. permissions are inherited if not otherwise specified (ie if groupA belongs to groupB that belongs to groupC, and no specific access has been given to groupA or groupB, then groupA and groupB both inherit access from groupC)The table structure is not, I think, a problem to define (already have most of it in place).The HARD part is coming up with an efficient, non-cursor method of finding out what access a user or group has (given the need to take into account inheritance).Has anyone done anything in this regard? If so, any advice or code snippets/examples would be really appreciated. |
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2003-12-20 : 01:06:40
|
| I haven't seen anything like this before. However, why are you trying to re-invent the wheel? why not just use NT authentication in your app and be done with it?-ec |
 |
|
|
gdeconto
Posting Yak Master
107 Posts |
Posted - 2003-12-20 : 11:11:14
|
| I need to allow very specific access to very specific data. Dont know how using nt authentication would allow me to do this level of granularity.besides, would then have to get a client license for every user and hate having to send microsoft any more of my money than necessary. [grin] |
|
|
|
gdeconto
Posting Yak Master
107 Posts |
Posted - 2004-01-01 : 15:37:48
|
| no other suggestions/comments re how to do this? |
|
|
|
sbt1
Yak Posting Veteran
89 Posts |
Posted - 2004-01-05 : 12:17:12
|
| I may be doing something similar in the near future.My plan was to remember the name of each object the user has access to, and store them in a simple table so I can do a lookup.I'd recommend you make a provision (boolean field) for employees to either have access to everything or restricted access set, so you don't have to wade thru the permission tokens for those who have access to everything. |
|
|
|
gdeconto
Posting Yak Master
107 Posts |
Posted - 2004-01-05 : 12:23:08
|
| thx. Please keep me apprised. Maybe we can work some of this out together. |
|
|
|
|
|
|
|
|
how to implement "nt permissions" like access