The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

Admin and Non-Admin usrs - desktop app using SQL Server

The app can be installed on any number of pc's but only active accounts will be able to use it.

I want the app to recognise 2 types of user - A regular user and an admin user.

The admin user will be able to make accounts active or inactive and also add a new user to the system. In effect if the user name has an active flag when the app start ups, they can use the database if they don't it won't.

Would appreciate any pointers on how to best implement this without putting too giving the customers too much work on their part after installation.

Also I want to be able to use windows authentication only and not mixed or application roles.

Many thanks
DayToPage
Thursday, December 27, 2007
 
 
"Also I want to be able to use windows authentication only and not mixed or application roles."

This depends on how you are currently doing authentication and authorization in your app. Without knowing more about your app, here are 2 strategies:

1) Read the information from the Windows Access Control List (ACL). This has the advantage of using the built-in user admin tools. You will need to check that the user is part of the Administrator group.

2) This will basically add a flag to your user table and object to determine that it is an admin. You would still need to build a screen to mark a user as admin.
Hector Sosa, Jr - PainlessSVN Send private email
Thursday, December 27, 2007
 
 
"This depends on how you are currently doing authentication and authorization in your app. Without knowing more about your app, here are 2 strategies:"

Authentication and authorisation at the moment is by using a trusted connection.

When I install the app and run as xp administrator I have full control because I have sysadmin rights on SQL server. I can add users and activate/deactivate their accounts. This will not be the case in the wild.

The public role in SQL server gives everyone in it immediate access. However I want to qualify that access so that even though a person has access by virtur of 'public' because of configuration elsewhere, the have an admin role in the app that the app knows about and so will allow the user to open and edit the permission UI.

Any ideas, pointers welcome.
DayToPage
Thursday, December 27, 2007
 
 
Create two windows groups - "App Users" and "App Administrators". Add appropriate permissions to your SQL server for these two windows groups. You can add groups to SQL Server just like you can individual accounts.

Have your clients place the appropriate users into these windows groups, and they can manage users just like they do any other group memberships.
Chris Tavares Send private email
Thursday, December 27, 2007
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz