How to determine a users' top-most role

Topics: General Topic, NetSqlAzMan Core
Oct 27, 2011 at 8:46 AM

In our application we have a number of defined 'core' roles in a hierarchy and also the ability for end users to descend their own roles from cores roles. This could be described as looking like this where the first 3 levels are the core role levels and the 4th level below Finance is a custom role level:

SuperUser --

                 |-- Administrator--

                                          |--Sales 

                                          |--Support

                                          |--Finance--

                                          |               |--Finance extended

                                          |               |--Finance custom

                                          |--NoAccess

 

What can be seen from this is that if a user is for example in the Administrator role, they are also hierarchically in the sub roles too (Sales, Support etc). 

I'm trying to develop a method that will enable me to determine a users top most / highest security access role. The NetSqlAzmanRoleProvider doesn't quite provide this functionality and I've tried to traverse the IazManItem role items for a user but I can't seem to correctly work out how to go up the hierarchy tree to the top most role. Any pointers / sample code would be very much appreciated.

Many thanks,

Joe

 

 

Oct 27, 2011 at 9:45 AM

Hi,

you can use this workaround.

Background:

If you have two Roles with the following authorizations:

= Parent Role (AllowWithDelegation)

=== Child Role 1

=== Child Role 2

And you Check the access on:

= Parent Role => result will be AllowWithDelegation

=== Child Role 1 => result will be Allow

=== Child Role 2 => result will be Allow

This … because the AllowWithDelegation permission when is inherited … becomes just Allow

Workaround:

Give the AllowWithDelegation permission to core roles only. When CheckAccess … consider as Core role only … roles that have AllowWithDelegation as CheckAccess result

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Oct 27, 2011 at 11:28 AM

Hi Andrea - thank you very much, that sounds pretty good.

I think this means I won't be able to use the NetSqlAzmanRoleProvider.AddUsersToRoles method to assign users to roles and I'll need to use the IAzManItem.CreateAuthorization method instead. Do you agree?

Oct 27, 2011 at 11:31 AM

Yup. J

Nov 2, 2011 at 5:42 PM

That approach worked very well thank you