0

I want to implement role-based access control for an iOS application I am currently working on. Access needs to be controlled to both the views as well as the actual data. For instance, I will display the same view with different buttons based on the role of the user. Similarly, I would like to protect other confidential information at the data level.

I figured there is no easy solution (read configuration files) to this, and need to implement this in the code itself. To secure access to views, it will be as grunt as hiding/showing different views based on the role. And to secure data, have the various access permissions as entity properties in the Core Data data model itself.

Is my conclusion right? Are there better ways of accomplishing the same? Thanks!

Paul de Lange
  • 10,613
  • 10
  • 41
  • 56
rajeshvenkat
  • 13
  • 4
  • Could you go one step further and not even have data on the device if the user's role doesn't allow them access to it? (I assume there is a server-side component to this application; make the server decide what is safe to hand out..) – sarnold Jul 24 '12 at 03:45
  • Well, yes, I have thought about that and that seems to be the only option for securing application at the data-level. – rajeshvenkat Jul 25 '12 at 01:03

0 Answers0