We have a system where users have access privledges and roles. The access
privledges control what pages the users have access to and can even control
what they can and cannot do in a particular page. The roles control what
groups of access privledges the user has at any given time. A single user
can have more than one role (administrator, guardian, staff, student, etc.)
and switch between them at will, changing their access priveledges on the
fly.
Using this setup, an administrator can give a trusted parent/guardian a
limited staff role, but only let them update student records, while other
normal staff members can add, update, and delete students, as well as
guardians. While this person is assuming the role of guardian, they will
only see their own kids, but if they switch their role to staff, then they
will be able to see all of the kids. They can switch back and forth
whenever they want, as often as they want.
This is accomplished using the access permissions built into the database.
Very little of the security is managed by CF. We use role based views to
decide what data the user will see. It's pretty slick and it really takes a
load off of CF and the CF programmer.
Todd Ashworth
Web Application Developer
Network Administrator
Saber Corporation
314 Oakland Ave.
Rock Hill, SC 29730
(803) 327-0137 [111] (p)
(803) 328-2868 (f)
----- Original Message -----
From: "Heidi Belal" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Sunday, April 01, 2001 10:52 AM
Subject: Password Protection
> Hi all!
> I have a question that i'd like suggested solutions to
> if possible!
> I want to allow certain people to access certain
> pages.
> I already have a log in page which is password
> protected, but everybody who logs in has full access
> to all the pages. I want to eliminate that full
> access.
> So, how about if i categorize the people into various
> levels of access, and assign each a number. Then have
> that number in the database in the password/username
> table. Then when a person tries to access the page,
> before displaying it checks which number/level the
> person is in and if the person is allowed access.
> What do you think?
> Thanks!
>
>
>
> =====
> Heidi Belal
> ICQ# 32127109
> http://m3.easyspace.com/hmbelal
>
> A bus stops at a bus station.
> A train stops at a train station. On my desk
> I have a work station...
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
