Role Based Security

I would be interested in  role based security for the following scenario:

In an NT envrionment I want to rely on integrated login based on group
membership.  When user_X runs App1, App2, App3 ...or AppN,  I want the user
to have the minimum set of permissions necessary for each application to
function.

I don't see that this is possible in the current product.  The best that I
can do is map the NT group to a Db login that has the maximum set of
permissions that will allow App1, App2...or AppN to function.


0
Scott
6/5/2006 12:02:29 PM
sybase.sqlanywhere.futures 1193 articles. 0 followers. Follow

5 Replies
515 Views

Similar Articles

[PageSpeed] 15
Get it on Google Play
Get it on Apple App Store

Do all of those applications use the same database or do they use separate 
databases?


-- 
-----------------------------------------------
Robert Waywell
Sybase Adaptive Server Anywhere Developer - Version 8
Sybase Certified Professional

Sybase's iAnywhere Solutions

Please respond ONLY to newsgroup

EBF's and Patches: http://downloads.sybase.com
 choose SQL Anywhere Studio >> change 'time frame' to all

To Submit Bug Reports:
http://case-express.sybase.com/cx/cx.stm?starturl=casemessage.ssc?CASETYPE=Bug

SQL Anywhere Studio Supported Platforms and Support Status
http://my.sybase.com/detail?id=1002288

"Scott Holman" <sholman@micros.com> wrote in message 
news:44841cab$1@forums-2-dub...
>I would be interested in  role based security for the following scenario:
>
> In an NT envrionment I want to rely on integrated login based on group
> membership.  When user_X runs App1, App2, App3 ...or AppN,  I want the 
> user
> to have the minimum set of permissions necessary for each application to
> function.
>
> I don't see that this is possible in the current product.  The best that I
> can do is map the NT group to a Db login that has the maximum set of
> permissions that will allow App1, App2...or AppN to function.
>
> 


0
Rob
6/5/2006 7:09:18 PM
The applications are part of a product suite and use the same database.

"Rob Waywell" <rwaywell_no_spam_please@ianywhere.com> wrote in message 
news:448480b2$1@forums-2-dub...
> Do all of those applications use the same database or do they use separate 
> databases?
>
>
> -- 
> -----------------------------------------------
> Robert Waywell
> Sybase Adaptive Server Anywhere Developer - Version 8
> Sybase Certified Professional
>
> Sybase's iAnywhere Solutions
>
> Please respond ONLY to newsgroup
>
> EBF's and Patches: http://downloads.sybase.com
> choose SQL Anywhere Studio >> change 'time frame' to all
>
> To Submit Bug Reports:
> http://case-express.sybase.com/cx/cx.stm?starturl=casemessage.ssc?CASETYPE=Bug
>
> SQL Anywhere Studio Supported Platforms and Support Status
> http://my.sybase.com/detail?id=1002288
>
> "Scott Holman" <sholman@micros.com> wrote in message 
> news:44841cab$1@forums-2-dub...
>>I would be interested in  role based security for the following scenario:
>>
>> In an NT envrionment I want to rely on integrated login based on group
>> membership.  When user_X runs App1, App2, App3 ...or AppN,  I want the 
>> user
>> to have the minimum set of permissions necessary for each application to
>> function.
>>
>> I don't see that this is possible in the current product.  The best that 
>> I
>> can do is map the NT group to a Db login that has the maximum set of
>> permissions that will allow App1, App2...or AppN to function.
>>
>>
>
> 


0
Scott
6/6/2006 1:45:12 PM
Have you considered using the login procedure to prevent certain groups from 
accessing applications they should  not be allowed to use? You can use 
connection_property('AppInfo') to determine which application is trying to 
connect.

Whitepapers, TechDocs, bug fixes are all available through the iAnywhere 
Developer Community at http://www.ianywhere.com/developer

"Scott Holman" <sholman@micros.com> wrote in message 
news:448586e8$1@forums-1-dub...
> The applications are part of a product suite and use the same database.
>
> "Rob Waywell" <rwaywell_no_spam_please@ianywhere.com> wrote in message 
> news:448480b2$1@forums-2-dub...
>> Do all of those applications use the same database or do they use 
>> separate databases?
>>
>>
>> -- 
>> -----------------------------------------------
>> Robert Waywell
>> Sybase Adaptive Server Anywhere Developer - Version 8
>> Sybase Certified Professional
>>
>> Sybase's iAnywhere Solutions
>>
>> Please respond ONLY to newsgroup
>>
>> EBF's and Patches: http://downloads.sybase.com
>> choose SQL Anywhere Studio >> change 'time frame' to all
>>
>> To Submit Bug Reports:
>> http://case-express.sybase.com/cx/cx.stm?starturl=casemessage.ssc?CASETYPE=Bug
>>
>> SQL Anywhere Studio Supported Platforms and Support Status
>> http://my.sybase.com/detail?id=1002288
>>
>> "Scott Holman" <sholman@micros.com> wrote in message 
>> news:44841cab$1@forums-2-dub...
>>>I would be interested in  role based security for the following scenario:
>>>
>>> In an NT envrionment I want to rely on integrated login based on group
>>> membership.  When user_X runs App1, App2, App3 ...or AppN,  I want the 
>>> user
>>> to have the minimum set of permissions necessary for each application to
>>> function.
>>>
>>> I don't see that this is possible in the current product.  The best that 
>>> I
>>> can do is map the NT group to a Db login that has the maximum set of
>>> permissions that will allow App1, App2...or AppN to function.
>>>
>>>
>>
>>
>
> 


0
Bruce
6/6/2006 3:21:01 PM
Whether a user can connect is based on integrated security and NT group 
membership.  Maybe another example....
The customer purchase the software suite with the embedded database and 
wants to run the applications in the suite and integrate reporting into 
Word, Excel or their favorite report writer (or pay the software vendor for 
custom work).  When the customer connects via the application suite he needs 
one set of permissions and when he connects via Word, Excel, a report writer 
or some custom application he needs another set of permissions.   The 9.x 
product cannot meet this requirement with integrated security because the 
model is 1 user - 1 login - 1 set of permissions.

Thanks

"Bruce Hay" <h_a_y~a_t~i_a_n_y_w_h_e_r_e~d_o_t~c_o_m> wrote in message 
news:44859d5d$1@forums-1-dub...
> Have you considered using the login procedure to prevent certain groups 
> from accessing applications they should  not be allowed to use? You can 
> use connection_property('AppInfo') to determine which application is 
> trying to connect.
>
> Whitepapers, TechDocs, bug fixes are all available through the iAnywhere 
> Developer Community at http://www.ianywhere.com/developer
>
> "Scott Holman" <sholman@micros.com> wrote in message 
> news:448586e8$1@forums-1-dub...
>> The applications are part of a product suite and use the same database.
>>
>> "Rob Waywell" <rwaywell_no_spam_please@ianywhere.com> wrote in message 
>> news:448480b2$1@forums-2-dub...
>>> Do all of those applications use the same database or do they use 
>>> separate databases?
>>>
>>>
>>> -- 
>>> -----------------------------------------------
>>> Robert Waywell
>>> Sybase Adaptive Server Anywhere Developer - Version 8
>>> Sybase Certified Professional
>>>
>>> Sybase's iAnywhere Solutions
>>>
>>> Please respond ONLY to newsgroup
>>>
>>> EBF's and Patches: http://downloads.sybase.com
>>> choose SQL Anywhere Studio >> change 'time frame' to all
>>>
>>> To Submit Bug Reports:
>>> http://case-express.sybase.com/cx/cx.stm?starturl=casemessage.ssc?CASETYPE=Bug
>>>
>>> SQL Anywhere Studio Supported Platforms and Support Status
>>> http://my.sybase.com/detail?id=1002288
>>>
>>> "Scott Holman" <sholman@micros.com> wrote in message 
>>> news:44841cab$1@forums-2-dub...
>>>>I would be interested in  role based security for the following 
>>>>scenario:
>>>>
>>>> In an NT envrionment I want to rely on integrated login based on group
>>>> membership.  When user_X runs App1, App2, App3 ...or AppN,  I want the 
>>>> user
>>>> to have the minimum set of permissions necessary for each application 
>>>> to
>>>> function.
>>>>
>>>> I don't see that this is possible in the current product.  The best 
>>>> that I
>>>> can do is map the NT group to a Db login that has the maximum set of
>>>> permissions that will allow App1, App2...or AppN to function.
>>>>
>>>>
>>>
>>>
>>
>>
>
> 


0
Scott
6/6/2006 6:43:51 PM
Perhaps you could use Login_mode='mixed' (to allow both integrated and 
normal logins). A connection from an application outside your suite would 
use an integrated login and obtain a reduced set of permissions. An 
application within the suite would make an initial integrated login 
connection to authenticate the user, but would then make a second connection 
(based on the database userid from the original connection and the 
application being used) on which it would do its actual work. The identity 
of the original connection could be passed in as an AppInfo connection 
parameter on the second connection. Just a thought.

Whitepapers, TechDocs, bug fixes are all available through the iAnywhere 
Developer Community at http://www.ianywhere.com/developer

"Scott Holman" <sholman@micros.com> wrote in message 
news:4485cc36$1@forums-2-dub...
> Whether a user can connect is based on integrated security and NT group 
> membership.  Maybe another example....
> The customer purchase the software suite with the embedded database and 
> wants to run the applications in the suite and integrate reporting into 
> Word, Excel or their favorite report writer (or pay the software vendor 
> for custom work).  When the customer connects via the application suite he 
> needs one set of permissions and when he connects via Word, Excel, a 
> report writer or some custom application he needs another set of 
> permissions.   The 9.x product cannot meet this requirement with 
> integrated security because the model is 1 user - 1 login - 1 set of 
> permissions.
>
> Thanks
>
> "Bruce Hay" <h_a_y~a_t~i_a_n_y_w_h_e_r_e~d_o_t~c_o_m> wrote in message 
> news:44859d5d$1@forums-1-dub...
>> Have you considered using the login procedure to prevent certain groups 
>> from accessing applications they should  not be allowed to use? You can 
>> use connection_property('AppInfo') to determine which application is 
>> trying to connect.
>>
>> Whitepapers, TechDocs, bug fixes are all available through the iAnywhere 
>> Developer Community at http://www.ianywhere.com/developer
>>
>> "Scott Holman" <sholman@micros.com> wrote in message 
>> news:448586e8$1@forums-1-dub...
>>> The applications are part of a product suite and use the same database.
>>>
>>> "Rob Waywell" <rwaywell_no_spam_please@ianywhere.com> wrote in message 
>>> news:448480b2$1@forums-2-dub...
>>>> Do all of those applications use the same database or do they use 
>>>> separate databases?
>>>>
>>>>
>>>> -- 
>>>> -----------------------------------------------
>>>> Robert Waywell
>>>> Sybase Adaptive Server Anywhere Developer - Version 8
>>>> Sybase Certified Professional
>>>>
>>>> Sybase's iAnywhere Solutions
>>>>
>>>> Please respond ONLY to newsgroup
>>>>
>>>> EBF's and Patches: http://downloads.sybase.com
>>>> choose SQL Anywhere Studio >> change 'time frame' to all
>>>>
>>>> To Submit Bug Reports:
>>>> http://case-express.sybase.com/cx/cx.stm?starturl=casemessage.ssc?CASETYPE=Bug
>>>>
>>>> SQL Anywhere Studio Supported Platforms and Support Status
>>>> http://my.sybase.com/detail?id=1002288
>>>>
>>>> "Scott Holman" <sholman@micros.com> wrote in message 
>>>> news:44841cab$1@forums-2-dub...
>>>>>I would be interested in  role based security for the following 
>>>>>scenario:
>>>>>
>>>>> In an NT envrionment I want to rely on integrated login based on group
>>>>> membership.  When user_X runs App1, App2, App3 ...or AppN,  I want the 
>>>>> user
>>>>> to have the minimum set of permissions necessary for each application 
>>>>> to
>>>>> function.
>>>>>
>>>>> I don't see that this is possible in the current product.  The best 
>>>>> that I
>>>>> can do is map the NT group to a Db login that has the maximum set of
>>>>> permissions that will allow App1, App2...or AppN to function.
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
> 


0
Bruce
6/6/2006 8:09:43 PM
Reply:

Similar Artilces:

Role based security based on Windows authentication
Hello there, A newbie question here.. I am trying to build an application using  role-based security (ie. it would let in only selected users) and I am using Wingdows Authentication as a security model. The problem is that no matter what I do I cannot restrict usage only to specific users. It works on the all or none basis. Ie no matter what I set in the web.config file, it does not effect the security, except setting <deny users="*"/> blocks access altogether..Currently I have the following settings set in the web.config file with no other settings/code set anywhere &nb...

No roles found... but roles-based security works anyway!!!????
Hello, I wrote a ASP.NET 2.0 application using the Membership framework for security (roles and users). For debugging purposes I wrote some code in the index.aspx page to simply write out a list of all the roles that exist, using the good old Response.Write() method. I then published the site to my domain. However, the behavior of the index page is dependent on the running environment as follows: IN VS 2005 ACCESSING LOCAL SQLSERVER: Runs great, all roles listed. IN VS 2005 ACCESSING REMOTE (i.e. "LIVE") SQLSERVER: Runs great, all roles listed. IN A WEB BROWSER VIEWING THE PUBLI...

Forms Security for Role base security. Nirdesh Puri
Hi,I am using IBuySpy portal framwork and using Role based security. But I got some security problem in this type of security.Can you solve my problem.Role base security: Role is based on Task Group and Task Group based on Task and Task based on pages url.Create Two different roles: A and BCreate one user User1User1 assign role Aif User1 login on site and get the menu of Role A. But any how he get the url of Role B page. How we prevent Role B pages from this user.Warm Regards,Nirdesh Puri...

Login with form based authentication and roles based security
Hi, I've develop Sign In pages apply Forms Authentication and Roles Based Security. It means, 1 user can have many roles (HttpContext.Current.User = New GenericPrincipal(fi, astrRoles)). Let's say User ID: sr102, then it roles is Sales, Marketing and Logistic. Im using User.IsInRole("Sales") to control the applications modules. My application like as follow 1. After login success, application show all the application modules such as Logistic, Sales, Marketing, IT, Human Resource and Warehouse. From user id, application will know the roles assigned. How to enable and di...

Dynamically modify page role permissions in Role Based Security
All, Is it possible to configure page role access within a WebForm. Suppose I have the following section in my web.config:  <system.web> <roleManager enabled="true"/> </system.web> <location path="MyPage.aspx"> <system.web> <authorization> <allow roles="PM"/> <deny users="*"/> </authorization> </system.web> </location>  Is it possible to provide a user interface/webform that allows an "administrator" a person to change t...

User based Security instead of Role based (The most common unanswered problem)
Problem: To check whether the user has permission to view some personal data, i need query by the UserId.Page.User only has UserName property.Solution used in TimeTracker starterkit: Create stored procs that take UserName as parameter and always use a select statement to lookup the userid. Other Solutions: Create a custom iprincipal object and store the userid in it during login.I read posts that suggest this is an ASP.NET 1.1 method but no one suggested what is the correct design for ASP.NET 2.0. Does this require event handling on the login control? So whats the best practice f...

role base security
Hi, If I use Widows Integrated security, how can I assign permission to view certain pages based on the group you belong to in active directory? So that if a user from group "a" logs on and click on a link in the menubar a chack will be don to see if he has access to the page, if so, then loads the page. Where can I find information on this? Thanks Some background information is available in: "Building Secure ASP.NET Applications" http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp?frame=trueIf my post is your answer, please mark it as the...

Roles-Based Security
Hi!! Can anybody have any idea abt the Roles-Based Security Roles-Based Security Roles-based security enables personalised presentation of portal content. Security roles assigned to each user determine the type of access they have to services and information on the portal. The portal administrator can create as many security roles as required (e.g. reseller, employee, customer, sales, management, VIP, shareholder etc). Each page and module site can be set to allow the various roles to view, edit, delete or administer etc. its content. Once the user has logged in, only the content th...

Role-Based Security
Hello: Is there a good article that explains in details how the  Role-Based is implemented in asp.net. I don't need code, I just want to understand when and where are the different objcets created. for example, once user is authenticated what happens ? When is the GenericPrinciple object created ? When will the Identity be available. By the way, is there a difference between the Identtiy & the userId that the user was given upon the user creation ? Thanks.   Hi, Check this article http://aspnet.4guysfromrolla.com/articles/082703-1.aspx It provides the explanation you re...

Role based Security
I would be interested in role based security for the following scenario: In an NT envrionment I want to rely on integrated login based on group membership. When user_X runs App1, App2, App3 ...or AppN, I want the user to have the minimum set of permissions necessary for each application to function. I don't see that this is possible in the current product. The best that I can do is map the NT group to a Db login that has the maximum set of permissions that will allow App1, App2...or AppN to function. Posted to the wrong group. "Scott Holman" <sh...

Roles based Security
I have read all the postings and the MS documentation on the subject and my head is spinning. Actually I am frustated at the lack of a good "how to" explanation in micorsoft documentation. It seems that documenation falls between two extremes: explanation of the whole world to showing a few lines of code completely out of context. I have forms authentication working great. I store the roles in a SQL database. Here is the example used in . . HOW TO: Implement Role-Based Security with Forms-Based Authentication in Your ASP.NET Application by Using Visual Basic .NET My...

Web resources about - Role Based Security - sybase.sqlanywhere.futures

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Security (finance) - Wikipedia, the free encyclopedia
equity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...

Apple at center stage of Republican presidential debate over encryption & national security
Apple’s strong position on privacy and encryption has been at odds with the United States government’s pressure to step up its national security ...

Distil Networks Acquires Swedish Security Firm ScrapeSentry
Distil Networks , the global leader in bot detection and mitigation, announced its acquisition of Swedish managed security services provider ...

Security firm sued for filing “woefully inadequate” forensics report
(credit: ErrantX ) A Las Vegas-based casino operator has sued security firm Trustwave for conducting an allegedly "woefully inadequate" forensics ...

Security vulnerabilities, exploits are on the rise
It’s been a busy year for security firms everywhere cyber-attacks, malware, ransomware and other malicious online behavior reached new heights ...

Security forces raid hotel seized by Islamic militants
Pentagon lends assistance to combat deadly act of terror in West African nation of Burkina Faso

Burkina Faso: Security forces raid besieged hotel, free dozens of hostages
CNN Burkina Faso: Security forces raid besieged hotel, free dozens of hostages CNN (CNN) Security forces raided a hotel under siege in Burkina ...

Resources last updated: 1/16/2016 6:39:40 PM