Whats the right way to make users of applications manage rights of the app

Aug 18, 2010 at 7:28 AM
In my scenario, Some users are power users of the application they have been assigned These power users are generally managers of a departmant and they should be able to give their workers rights for their own applications These power users need a way to give other people rights So whats the right way to do this? a)give them SQL rights on netsqlazman storage and give them mmc control? i dont want them to be able to controll all the applications b)give them allow with delegate on the specific application and write a custom website using the netsqlazman api to delegate other users? first i dont want two place authorization, some from the mmc and some from my own website and i did not test this delegation with api, i wonder if it is acceptable to give all the app specific rights using allow with delegation
Aug 18, 2010 at 8:31 AM

Hello,

I think a "Delegation" is what you need (AllowWithDelegation).

No need to write a web console for that purpose.

If I understood well, these power users may:

1) Delegate for Roles only

2) Delegate for Roles on which they have permission AllowWithDelegation only.

So, a "DropDown" populated with the roles AllowWithDelegation it's enough.

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Aug 18, 2010 at 9:29 AM
Andrea, Can you be more specific what you mean by that Dropdown? How will the departmant manager give access to own workers inside the app that he/she was assigned and have superuser access ? / or you mean outside the app?
Aug 18, 2010 at 9:37 AM

- create a “Delegation.aspx” page on your application

- Create a “DropDown” control populated with all Roles that current user has “AllowWithDelegation” permission (invoke a CheckAccess for all Roles and get AllowWithDelegation only)

- Select a User for delegation

- Create an Authorization (using NetSqlAzMan.dll DOM) to the delegated user for the selected role

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Aug 18, 2010 at 9:44 AM
Edited Aug 18, 2010 at 9:45 AM
So when the manager wants to remove a delegation, or the manager wants to see who he/she have delegated and which of them are active (not expired) is it possible to query the access rights someone have delegated?