It was mandated that I build in group permissions that could be overridden by specific user permissions, similar to the NT security model. Unfortunately, AD won't work for me because I need to lock down parts of a specific page, while still having the containing page respect different rights.
Rich Kroll Application Developer -----Original Message----- From: Dawson, Michael [mailto:[EMAIL PROTECTED] Sent: Monday, November 14, 2005 9:39 AM To: CF-Talk Subject: RE: Module Security Rather than create a hierarchical structure of permissions, I only use Active Directory group membership. If you are in the appropriate AD group, you have access. I can pass in multiple groups if that applies as well. It works quite well for me since our organizational structure is not very deep. Well, not deep in the respect that my security method has caused any issues. Next, I am going to give department managers the ability to add/remove members from groups. That way, they can control the security themselves. M!ke -----Original Message----- From: Rich Kroll [mailto:[EMAIL PROTECTED] Sent: Monday, November 14, 2005 8:23 AM To: CF-Talk Subject: Module Security Hello all, I am in the process of trying to develop a new security model for a project I am working on. I've developed the base model with a hierarchy of permissions to access areas of the application. My problem is that now I need to extend this to control certain modules within a page. These modules are not consistent to a specific page, or even a sequence of pages. My first thought is to have each specific module register with the system and then authenticate against that. Has anyone set up something along these lines and have any gotcha's I may be overlooking? One fear is, since this will be managed by end users, how to communicate what each "module" actually is for them to know if they want their users to have access. For example, within an existing workflow, on the third page in the process is an graph meant for administrators. Trying to explain "Process 1 step 3 graph" might get cumbersome. Any ideas? Rich Rich Kroll Application Developer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:224065 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54