roles

问题 I'm looking into how to implement authorization in MVC 4 (.NET 4.5), and have specifically been reading about SimpleMembership. Is there any typical or accepted way in MVC to have roles that have additional properties aside from a name? For example, suppose you were designing a CMS, and wanted to be able to have a role called something like Writer that let a user make modifications. However, you also want the role to be restrictive to a single page. The only way that I know of to do that

问题 My Visual Studio .NET application uses SQL Server 2005 Express. It has to be installed on my customer's main server system & on two client computers.all with Windows XP or Vista or 7. Now, every time when i install my application & SQL Server on my customers computers, I have to change the server name specified in the connection string, i.e. the DATA SOURCE. Because, when I install SQL Server on customer's computer, then the server name is taken by SQL Server 2005 Express, as the computer

问题 I use devise for authentication and have assigned a role for each user. I have one more model posts which contain number of posts. I want to restrict one user of the role employee to view the specific post and the same user to view and create the different post. How can I do this? 回答1: I realize I am late to the battle here. What you are looking for is an extension to role-based access control. RBAC cannot cater well for your scenario. You need to consider attribute-based access control.

问题 I am trying to drop user from role in several databases. It is not sure that user can be in same role in all the databases. How can i check if the user is in the role and if it is drop the user from the role. e.g. IF user exists in role BEGIN drop user from role END 回答1: This is what i did: IF EXISTS(SELECT * FROM sys.database_role_members AS RM JOIN sys.database_principals AS U ON RM.member_principal_id = U.principal_id JOIN sys.database_principals AS R ON RM.role_principal_id = R.principal

问题 I have an custom role provider that gets the roles a user belongs to from a database. I also have a custom authentication module registered in my web.config's httpModules which sniffs incoming HTTP requests and (if it's an OAuth signed request) sets the HttpContext.Current.User property to impersonate the user, and the IPrincipal that it sets includes all the user's roles, plus an extra one called "delegated". The trouble is, after I set my custom IPrincipal, apparently ASP.NET still calls my

问题 Here's what I was doing before the error occurred I'm trying to assign a role for a user from my users and roles table in a new table called `role_users'. Role.php model class Role extends Model{ public function users(){ return $this->belongsToMany('App\User','role_users', 'role_id', 'user_id'); } } User.php model class User extends Model implements Authenticatable { use \Illuminate\Auth\Authenticatable; public function roles(){ return $this->belongsToMany('App\Role', 'role_users', 'user_id',

问题 I have an User and a Group Entity which both hold an array of roles. Now I would like to keep the option open to modificate the roles, add them and so on. Should I use constants in the classes for this or should I relate an OneToOne-relation to a table which keeps all the roles? Best Regards, pus.dev User <=> Role Group <=> Role public function getRoles() { $roles = $this->roles; foreach ($this->getGroups() as $group) { $roles = array_merge($roles, $group->getRoles()); } // we need to make

问题 I have 2 questions regarding the claims: 1) In .Net 4.5 and MVC 5 how does the microsoft implements the autorization, when you set on controller AuthorizeAttirubte, does it check the database to get the user role? Or it uses the claims? I've read somewhere that microsoft uses database each time to verify the role, and they advised to write a new AuthorizeAttribute to implement claims authentication. This is the article i'm talking about: http://kevin-junghans.blogspot.be/2013/10/improving

问题 I work on a vb.net winforms app where we currently are using simple roles for security. We enable/disable specific controls based on if the current user has the required role. We are to the point where this is no longer granular enough. Our application is based on different physical locations we call sites. A user might have permission to do something (for example, edit a site's configuration) at one site but not another. Therefore, we now need to lookup permissions based on current user AND

问题 I found out how to deny all access to tables for user in a schema. REVOKE ALL PRIVILEGES ON SCHEMA test FROM user; But what can i do to restrict access to all functions in a schema, so that user couldn't read the code? I was trying this: REVOKE ALL ON FUNCTION test.test_function(text) FROM user; Yes, it has restricted the ability to change a function, but not to actually see it. What have i missed? 回答1: REVOKE access to the system view pg_proc or at least the column prosrc that hase the