The hierarchy of permissions

Sep 28, 2011 at 10:06 AM

I've configured a Task which contains a single Operation. The Task has no authorization rule assigned to it but the contained Operation does. Here's an example:

SalesPage.aspx (The named task)

          |_______ SalesPageRefund (The named operation contained within the task)

 

This is basically attempting to model a scenario where if someone has the ability to perform a refund in a web page called SalesPage.aspx then that person should implicitly / automatically also get access to the parent Task. 

Unfortunately this doesn't appear to be the case or perhaps I've got something configured wrong. When I run a CheckAccess test for a given user with this setup I see:

SalesPage.aspx - (NEUTRAL)

          |_______ SalesPageRefund - (ALLOW)

 

I'm hoping that authorization to the SalesPage.aspx task will inherit up from the contained SalesPageRefund operation - and when I think about this scenario it makes sense to me: if a user has the ability to perform a specific action within a web page, then that user also needs access to the page that contains this action.

Do I misunderstand something here? Thanks for any help,

Joe

Sep 28, 2011 at 10:19 AM

Ok I might be able to cope by doing this: when I check authorization for the parent task and the AuthorizationType comes back as NEUTRAL, I can then go on to check the contained IAzManItem Members property on the parent to see if any of those children operations / tasks are allowed. Do you think this sounds like the right approach?

Sep 28, 2011 at 1:39 PM

Exactly.

You have understood well on how to use the NetSqlAzMan hierarchy.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Sep 28, 2011 at 4:43 PM

Thank you for confirming - traversing the permissions of child items on the parent is working well for me.