Re: user control - permissions - roles...

Nick Han Fri, 21 May 2004 13:56:16 -0700

I would recommend using permission objects-base framework over roles-based. Problem with relying on roles is that when you need to allow another role to insert or update, you have to go through the templates where inserts or updates are referenced and change the code. Very inflexible. But if you're using permision objects-based model, you assign that object id to any number of roles, and if the loggin user has the role which contains that ID, then access is granted.

You can write a udf that could do something like this.

<cfif isAllowed("update user record")>

show update link here

</cfif>

Any user who has the security role that has this ID will pass the test. You can revoke a permission right from a role by simply removing that object id from the role.

Nick Han

>>> [EMAIL PROTECTED] 05/21/04 12:18PM >>>
Hi all

i'm looking for any example how to create an user control with roles permissions... like Administrator is God, Managers could insert and change, SK8er Boy could only view certain aspects from appl....

Please do you have any example?

Thanx in advance.
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

Re: user control - permissions - roles...

Reply via email to