I recently wrote an article about the concept and implementation of something which I call Role-Based Security in a Hierarchical Environment . It is a form of RBAC (Role-based access control). However, it also takes in account a context object (on which item is my function performing). And role permissions cascade down the context-tree. So having a permission on a certain context object means you also have permission for all underlying context objects (or not, depending on the role parameters). A typical use of this kind of security framework is in a traditional filesystem like NTFS.
In the article I outline the basic concepts behind it and an implementation in SQL Server 2005. The basis for this article is an implementation done in a recent production-ready webapplication. And it turned out to be a very effective way to deal with both partition issues, such as multiple clients in a single database. And security issues: making sure the users do not perform actions they are not allowed to do.
My intention is to write more articles like these in the future, thereby giving a little bit back to the development community of which I have taken so much already.
Links:
Share this post
Twitter
Google+
Facebook
Reddit
LinkedIn
StumbleUpon
Email