Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
ASP_DRUG_DEALER
Yak Posting Veteran
61 Posts |
 Posted - 2006-12-19 : 00:11:59
|
| Hey all-Crazy question. I am just starting a new project and need to figure out a way to limit access at the record level. For example, Salesman Jim only has query access his client list. However all clients are stored in the clients table. Salesman Ted can also access his client list but also Jim's entire client list. I keep coming back to having to create some type of ACL\table and checking it before each query. I will be building this app using ASP.net (2.0) and SQL 2k5. Any suggestions? I think this needs to be done in the layers above the data layer. Hate to reinvent the wheel if someone has already done this.Any help would be great.Thanks,Doug |
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2006-12-19 : 01:11:25
|
| Just creata a ACL table and do a EXISTS/IN/JOIN everytime you want to select the customers.Depending on technique, duplicates of customers might occur.Peter LarssonHelsingborg, Sweden |
 |
|
|
ASP_DRUG_DEALER
Yak Posting Veteran
61 Posts |
Posted - 2006-12-19 : 12:26:00
|
| Any chance I could get you to expand on this a bit? Maybe show a query example?Thanks for the help!Doug |
|
|
|
|
|
|
Record Level Access Control Design