Limiting Data Access

Topics: Building and extending application blocks, Enterprise Library Core, Pre-release discussions, Security Application Block
Aug 21, 2011 at 1:26 AM

Hi,

 

Im a newbie to enterprise app development and am learning the ropes. Is there anything in the enterprise library that will allow me to limit the level of access of data. i.e. a regional manager should only be able to view data for his region.

 

All/Any help is greatly appreciated. 

 

Thanks

Arun KV.

Aug 22, 2011 at 4:05 AM

Hi Arun,

You may want to check the Security Application Block of Enterprise Library.

 

Noel Angelo Bolasoc
Global Technologies and Solutions
Avanade, Inc.
Contact Us

Aug 22, 2011 at 6:43 AM
Hi Neol,

The security application block has Role based and Rule based authorizations, but I really do not see how to apply these to some of the issues we face currently. i.e. Data View/Operations restrictions. eg: in northwind database, Lets say the VP for beverages should see data only for beverages and nothing else.

--
Arun KV
SOFTWARE TECHNOLOGY PARK LTD.

Corporate Office: Fitzalan House,2nd floor, 70 High street, Ewell, Surrey, U.K. KT 171RQ. Tel : +442083939001 Fax : +442083938223
Africa Office: No. 45 A, Adeola Odeku Street, Victoria Island, Lagos, Nigeria. Tel: + 234 17652767, Mobile: +234 7039578724 Email: arunv@stplglobal.com,arunstpl@gmail.com www.stplglobal.com

This information contained in this electronic message and any attachments to this message are intended for the exclusive use of the adresses(s) and may contain propiietary, confidnetial or privileged information. If your are not the intended receiient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Aug 22, 2011 at 8:03 AM

Hi,

You can still use the Security Application Block though you will need to add a little code that will check if the user is authorized for that operation before invoking it. Another approach would be using Authorization Call Handler. It is attribute based and it will automatically check the authority of user before executing the operation. You will require a little background with Unity Interception for this one.

 

Noel Angelo Bolasoc
Global Technologies and Solutions
Avanade, Inc.
Contact Us