You might try token-based security:
When the user logs in, they're given a set of security
tokens. When the user takes action on a page, the page
checks to see if they have the tokens before
proceeding.
Tokens can be hierarchical, e.g.
App1 = general user token for app1
App2 = general user token for app2
App1.production = app1 token for user from production
App1.production.admin1 = app1 token for admin from
production with level 1 admin rights
App1.production.admin2 = app1 token for admin from
production with level 2 admin rights
so you might have someone log in and get a
<cfset
session.tokens="App1,App2,App1.production.admin,App1.production">
to indicate their permissions.
--- Aidan Whitehall <[EMAIL PROTECTED]>
wrote:
> > We use a Security structure like this:
> >
> > SecLevel.Admin = 1
> > SecLevel.Update = 2
> > SecLevel.Public = 3
> > [ snip ]
>
=====
I-Lin Kuo
Macromedia CF5 Advanced Developer
Sun Certified Java 2 Programmer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
