If you are using Fusebox, I have a roles based security system that plugs into the Fusebox permissions. Alternatively you could use it to secure parts by simply making calls to application.security.validatepermissions().
You can create profiles which apply privileges. Sample app and stuff are on my site. Works in Access and MSSql right now, but since its a database abstraction layer, you could redo the db stuff in MySql, or Oracle and have it work. Sandy Clark http://www.shayna.com/index.cfm?fuseaction=public.code -----Original Message----- From: Troy Simpson [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 07, 2006 7:53 PM To: CF-Talk Subject: Application Security Framework or model available? CRUD: Create, Read, Update, Delete. Does anyone know where I could find information and examples of applying access control on parts of a web application and its data? For example: I could have a list of users with permissions to projects like so: User1: RUD: Project 1 RU: Project 2 R: Project 3 (Can Read Only Part of the Project) User 2 R: Project 1 (Can Read All of the Project) RU: Project 2 RUD: Project 3 I have been searching the internet and I have found a couple ideas so far. They are: 1. Role-Based Access Control 2. Discretionary Access Control with Security Descriptor and Access Token. Are there any others? Any ideas? -- Thanks, Troy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:234559 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54