2

I want to set some of the permission for the particular depending of Role of current user. For example: I have to role 3 roles let it be

  1. Super Admin
  2. Admin
  3. Supervisor

If I set permission for supervisor, super admin and admin should automatically get the permission. If I set for Admin then super admin should get permission but supervisor should not able to access those pages.

Please help with the solution

NOTE: I don't want to give multiple role to particular user

Arjun Sharma
  • 595
  • 2
  • 9
  • 23
  • As far as I know it is not in tree structure in aspnet membership. So you can't do it. There is no role-subrole relation. You may create role subrole relation yourself but it is not a good idea , it effects many aspnetmembership features. – Davut Gürbüz Jul 22 '13 at 12:31
  • @DavutGürbüz thanks for reply , I know there is no tree structure i think there would be some way that we can define access level using C# code – Arjun Sharma Jul 22 '13 at 12:33
  • You'd have to enhance the aspnetmembership tables and stored procedures. It can be done, but I'd guess its two days solid work. – Alexander Jul 22 '13 at 12:58
  • @Alexander I think it is more than two days for full implementation. Think about `[RequireRole(...)]` like attributes . It all turn around current structure . – Davut Gürbüz Jul 22 '13 at 13:10
  • Correct. A workaround might be to implement transactions: Add two new tables, assign granular transaction rights to roles, like "allowThis" and "allowThat". These transactions can be assigned to multiple roles. Then overload GetRolesForUser, and return transactions instead of roles. Just a thought. – Alexander Jul 22 '13 at 13:32

2 Answers2

0

There is very effective solution by using "Authorization Manager".

It provides a flexible framework for integrating role-based access control into applications. It enables administrators who use those applications to provide access through assigned user roles that relate to job functions.

Authorization Manager applications store authorization policy in the form of authorization stores that are stored in Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), XML files, or Microsoft SQL Server databases. These polices are then applied at run time.

for more information visit http://msdn.microsoft.com/en-us/library/bb897401.aspx

Abbas Amiri
  • 3,074
  • 1
  • 23
  • 23
0

I don't want to give multiple role to particular user.

You should be able to assign multiple roles to users; it is how the role base authorization supposed to be. A role's authentication should not depend on other roles.

Please do not implement hierarchy role to role based authentication.

It is not a good design practice. If you do not careful, they will become circular dependency, and they are very hard to debug.

Win
  • 61,100
  • 13
  • 102
  • 181