using sqlazman in hierarchial access application

Topics: General Topic, NetSqlAzMan Core, Web Console
Jul 2, 2011 at 1:47 PM
Edited Jul 2, 2011 at 2:00 PM

Hello everybody, I want to use SQLAZMAN for authorization in a report application using SQL reporting service.

it has a hierarchy which you can access a report when you can access its parents and itself so both should be in user role, so I assumed every report is a task and I defined the report hierarchy in SQLAZMAN according to report hierarchy, but I faced a problem. If you define task like report when you add a task that has some children any user who access the parent has access to its children even if you didn’t add the task (report) to that sqlazman application then I decide to use negative access. When a task add to a role it means this role does not have access to this particular task then when we want to check user access we use its contradicted (if checkaccess method return true you don’t have access when return false you have access) result but even then if a user has some task in some of its role and doesn't have access in other roles the result of checkaccess method will be true so we assume it doesn't have access however it does. I also can write my own check access but I prefer to find better solution.

Any suggestion for this problem?

Jul 3, 2011 at 9:45 AM

I cannot understand.

Can you post a concrete example of this hierarchy ?

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Jul 3, 2011 at 10:52 AM

Thank you for your attention Andrea

I try to explain it better, first of all we have report hierarchy for example we have to report "Main" and we have report "Child" Main is Child parent in azman task then we add  "Main" to a role for example admin. If we check access both of them in one of this role user the result will be allow. Is there any solution that we remove child task from a role. Or do you have any solution for our project we want keep hierarchy in azman but sometime parents have access but children don't.

Thank you

Jul 4, 2011 at 2:00 PM

Then you can use a "Deny" permission to break the authorization chain on the child.

In this way the user will be "Allowed" on the parent but "Denied" on the child.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com