I am using NetSqlAzMan for managing authorizations in my application.
In my application, I would like to manage authorization on a record level; allow/deny a user/group to perform an operation on record (e.g. order, customer) #number
I am aware that the solution to such a problem in NetSqlAzMan is using attributes and I have set an small project to test how it works. My application looks like this:
DBUsers:
- John
- Bob
Roles:
- Admin
- Sales
- Marketing
Tasks:
- CreateOrder
- UpdateOrder
- DeleteOrder
- PrintOrder
Authorization examples:
I would like the Sales role to be allowed to UpdateOrder, but in the same time deny UpdateOrder (Attributes: OrderNum=12).
I would like to allow Bob to PrintOrder (Attributes: OrderNum=13) and deny Bob from PrintOrder (Attributes: OrderNum=16)
In both cases, I would end up with a Deny authorization overriding any allow authorization whether I CheckedAccess for (Sales,UpdateOrder) or for (Bob,PrintOrder).
Is there any way to get the AuthorizationType per attribute or does this require any changes.
NetSqlAzMan does not support this and it is not easy to modify it as well. Here is my discussion with the author.
http://netsqlazman.codeplex.com/discussions/282501