Understanding of Role and Application

Jun 19, 2010 at 12:17 PM

Hi Andrea,

First of all, thank you very much for creating NetSqlAzMan. You guys have done a great job.
Secondly, I have a scenario and I don’t know how to handle it. Let me explain:

For example: I have a web application for Order Placement & Management. That web application has two modules:

# 1 Customer Maintenance Form: It is being used by Employees and Customers. It has Add, Update, Delete and Set Preferences operations to maintain customers master data.
# 2 Order Entry Form: It is being used by the customers to place online orders. It has Submit Order, Cancel Order & Process Order operations.

NetSqlAzMan provides items such as Store, Application, Roles, Tasks and Operations.
Based upon your post http://netsqlazman.codeplex.com/Thread/View.aspx?ThreadId=57748, I mapped like below:

Store = Order Placement & Management
Application 1 : Customer Maintenance Form

  • Item Definitions:
    • Role Definitions:
      1. Employee (It has Customer Data Maintenance Task)
      2. Customer (It has Set Preference Task)
    • Task Definitions:
      1. Customer Data Maintenance ( Operation 1, 2 & 3)
      2. Set Preferences (Operation 4)
    • Operation Definitions:
      1. Add
      2. Update
      3. Delete
      4. Set Preferences

Application 2: Order Entry Form

  • Item Definitions:
    • Role Definitions:
      1. Employee (It has Submit or Cancel Order Task)
      2. Customer (It has Process Order Task)
    • Task Definitions:
      1. Submit or Cancel Order ( Operation 1 & 2)
      2. Process Order (Operation 3)
    • Operation Definitions:
      1. Submit Order
      2. Cancel Order
      3. Process Order

I have a concern. Roles will be duplicated under each application which kind of awkward. If we take a real life example, Roles are created within the departments or at specific business unit level. Such as Order Management. Secondly please try to shed some light on above mapping. It will help me and others to understand and use NetSqlAzMan more efficient way.

Thank again for all the good work!

Jun 21, 2010 at 12:46 PM


that post was referring to a very specific case and therefore not general.

I believe that the better structure is in your case:

- Store: Your company

  - Application: Order Placement & Management

    - Roles: Employee, Customer

      - Tasks: Customer Management, Order Processing

        - Operations: Add Customer, Update Customer, Delete Customer, Set Customer Preferences, Submit Order, Cancel Order, Process Order

Then assign to customer operations to the "Customer Management" Task Order and all operations to the "Order Processing" task;

then assign the "Customer Management" tasks to the "Customer" Role and "Order Processing" task to the "Employee" Role.



Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Jun 23, 2010 at 8:02 PM

Thank you Andrea for the reply. I have created the structure. It looks great!

I have another question.

I am going to develop an application where both Windows and Custom users will log and perform their daily tasks.

Now, when user will log on, I need to get list of authorized tasks / operation. I tried using UserPermissionCache and StorageCache but both of them are returning complete list of items. I tried checking the Authorization type but it is return "Neutral". I am using version I also checked the "Check Access Test" functionality available in MMC and saw how it is validating the access for each item.

My question is: is there any other way through which I just call one method and it returns me the Authorized Items of logged in user?

Thanks in advance for all your help!

Sohail Maroof Naushahi

Jun 24, 2010 at 7:23 AM

Hi sohailmaroof,

the best solution is to use the “NetSqlAzMan WCF Cache Service” as described in the Tutorial 5 of the NetSqlAzMan Guide.pdf:



Tutorial 5: WCF Cache Service

NetSqlAzMan Cache Service is a WCF (Windows Communication Foundation) service, hosted by a Windows NT Service over Http/Net.Tcp protocol.

To install NetSqlAzMan Cache Service:

Ø Download NetSqlAzMan Cache Service from http://netsqlazman.codeplex.com

Ø Install the service P.S.1: If use Integrated Security = true in the Sql connection string, service user must be granted must be in the NetSqlAzMan_Readers sql role. P.S.2: If you have LDAP Store/Application groups in your Storage, service user must be a DOMAIN user able to read from your Active Directory Domain.

Ø Open NetSqlAzManCacheService.exe.config file and change configuration options:



<add name="NetSqlAzMan.Cache.Service.Properties.Settings.NetSqlAzManStorageCacheConnectionString"

connectionString="Data Source=(local);Initial Catalog=NetSqlAzManStorage;Integrated Security=True"

providerName="System.Data.SqlClient" />



<add key="expirationValue" value="0 1 0 0" /> <!-- days hours minutes seconds -->

<add key="StoreNameFilter" value="" /> <!-- leave empty for all Stores -->

<add key="ApplicationNameFilter" value=""/> <!-- leave empty for all Applications -->

</appSettings> … <!-- NET TCP SERVICE -->

<service behaviorConfiguration="NetSqlAzMan.Cache.Service.NETTCPCacheServiceBehavior"


<endpoint address="" binding="netTcpBinding" contract="NetSqlAzMan.Cache.Service.ICacheService" />

<endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange" />



<add baseAddress="net.tcp://localhost:8000/NetSqlAzMan.Cache.Service/CacheService/" />

<add baseAddress="http://localhost:9000/NetSqlAzMan.Cache.Service/CacheService/" />




Ø Start the service

Ø Check Application Log Events for cache build results.


To use NetSqlAzMan Cache Service:

Ø Create a new Web/Windows client application

Ø Add a Service Reference to the mex Address (default is: http://localhost:9000/NetSqlAzMan.Cache.Service/CacheService/ ) and call Service reference “sr”.

Ø Create an instance of the WCF service proxy class:


sr.CacheServiceClient csc = new sr.CacheServiceClient();

Ø Open service connection


csc.Open(); http://netsqlazman.codeplex.com NetSqlAzMan Andrea Ferendeles aferende@hotmail.com 47


Ø Invoke CheckAccess methods:

- csc.CheckAccessForWindowsUsersWithAttributesRetrieve(...);

- csc.CheckAccessForWindowsUsersWithoutAttributesRetrieve(...);

- csc.CheckAccessForDatabaseUsersWithAttributesRetrieve(...);

- csc.CheckAccessForDatabaseUsersWithoutAttributesRetrieve(...);

Ø Alternatively you can use the GetAuthorizedItems(...) methods to recover the entire Items Set for which a user is authorized. GetAuthorizedItems() methods also return the attributes for the various Items for which the User has permissions of type Allow/Allow with Delegation



AuthorizedItem[] GetAuthorizedItems(string storeName, string applicationName, string DBuserSSid, DateTime validFor, params KeyValuePair<string, object>[] contextParameters);

[OperationContract(Name = "GetAuthorizedItemsForWindowsUsers")] AuthorizedItem[] GetAuthorizedItems(string storeName, string applicationName, string userSSid, string[] groupsSSid, DateTime validFor, params KeyValuePair<string, object>[] contextParameters);

Ø Invoke InvalidateCache if you want to force cache re-building (i.e. if authorizations are changed on SQL Storage):



Ø Close service connection (VERY IMPORTANT !)




To get all “authorized items” use a LINQ2Objects query as the following:


var authorizedItems = csc.GetAuthorizedItems(...);

var userItems = from t in authorizedItems where

t.AuthorizationType = AuthorizationType.Allow


t.AuthorizationType = AuthorizationType.AllowWithDelegation

select t;





Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com