I'm making an ASP.Net MVC 3 application in VS 2010. I have a task to create a settings page which would make the columns from the tables in my database with specific permissions (read, read/write etc.).
It's the first time I have a task of this kind and I have no idea on how to make this.
I tried going right click on the project in VS and then go to Settings. There was a link which says that my project didn't have a settings page, so I clicked it to create one. There appeared a table with settings but there are just public/internal access modifiers. I can't seem to find write/read.
Is this the right way of creating a settings page? Or is there another?
I'm sorry Andrew. I answered your question in quite a rush previously. So, I think my answer became quite unclear. I'm so sorry. I will try my best to answer this more clearly. My answer can be quite long and I hope you are patient enough to finish reading this. :-)
Actually, your problem can be solved in very easy way. Believe me! You actually don't need a Setting page for this.
I suppose you will have a Users table in your database, for storing user accounts for your system. Right! And again, I suppose that Users table will have at least these following fields.
UserID [ This must be the primary key for the table. Right! ]
UserName
Password
Email [ This is kind of optional. ]
I only suppose your database has this kind of schema. Or else, there must be other ways to set the permissions for your users in the table.
Alright, create another table called Permissions in your database. That Permissions table will handle the permission rights for your users in the above Users table. Ok! Then, you have two tables. One is your original Users table and another is Permissions table.
Ok! Our new Permissions table will have at least following fields:
ID [ This is the primary key for this table. ]
UserID [ This will come as foreign key from your previous Users table. ]
PermissionRead [ this field will hold boolean data type, or bit data type. True or False for Boolean and 0 or 1 for bit. This is entirely depends on the type of DBMS you use. ]
PermissionWrite [ again, same as PermissionRead. ]
Alright, now you have two tables. These Permission read and write fields are for holding the permission rights for your users.
If you have the exact db schema as I described above, then you will have the following kind of relationship like this:
Users table
UserID | UserName | PW
U-001 | Tim | timpassword
U-002 | Jim | jimpassword
Permissions table
ID | UserID | PermissionRead | PermissionWrite
1 | U-001 | True | False
2 | U-002 | True | True
So, you can see that, User Tim which is UserID U-001 has Read-only permission and User Jim who is U-002 has both read-write permissions.
So, you can check the condition of these fields when a particular user login to the system. If he or she has PermissionRead value True and PermissionWrite value false, then that user has read-only permission right. Or else, if both values are true then that user has read-write permission. Ok!
I tried my best to explain this, and I really do hope you can understand my answer. I really do...!!!
My suggestion is that, you should try this method first. And, if you are alright with this, I can explain more how to set group level permissions from this method. Ok! 'Cause my answer became quite long, and I fear you become bored reading this... ;-)
You don't actually need a setting page for tasks like this. Easiest way to give permissions to the users in ASP.Net is that, you need to create a table in your database. Let's just call it Permissions. Then create these fields in that table:
PermissionID (datatype something you want)
UserID (this must be the foreign key from your Users table)
Read (boolean or bit type)
Write (the same as Read)
Both (the same as Read)
You have a table which is linked to your user table. You can set permissions for the users in the Users table in this Permission table, by setting these boolean (true or false), or bit (0 or 1).
Then, when your user login to the system, you can check these "read", "write" and "both" values from that Permission table, and allow that particular user based on these true or false values.
For instance, if a particular has only Read value true and the other values false, then you can tell that, that user has "read-only" permission.
That's the basic idea for creating user permissions with databases. O'course, you can do some advanced features from database tools. But, I think this is the simplest way to do so. And you can add many permission types you want in that table.
You can even create groups with this method. Like, giving permissions to a particular group will give permission all users belong to that group.
Wish you good luck...!!!
Related
Why did all my tables disappear after changing the user? I created a new user and granted all privileges, but my database is empty after I log in with this new user ? If I log in with the original user they all come back, but I need to work with the tables with the new created user.
I know I can re-create them, but I would like to have them without doing this.
In the connections tab, expand the connection and go to "Other Users" at the bottom of the list and you will see the list of users and, expanding those, their tables (and other objects) that you have at least the SELECT privilege on.
If you want to refer to tables owned by another user in a query then specify the schema name as well as the table name:
SELECT *
FROM other_schema.table_name;
I'm the QuickBase Admin for my QuickBase app. In the app, there's a dashboard report that's used by individuals with viewer access; that way, they can see their students' data, but can't edit the app, tables, structures, etc.
My app's users want to be able to edit one field with notes on that row's data (each row is a student's data, so they'd want to use that field to add notes on that individual), but viewers don't have editing/data entry access tn any column. Is there a way for users to have editing/data entry access to one field, but not the others?
I know with Tableau and other BI software, this isn't possible, but I wanted to ask since my users asked.
Thank you for reading.
Sure you can.
Actually there are more ways to implement this needs.
My opinion better if you create a new table and make a relationship between the student data and a (new) Notes table and you will be able to setup edit rights eg by record owner.
An other way, you can allow the edit right for your users and you can make a restriction on field level. In this case you have to go through on each field and at the Advanced section you will find Permission - Restrict access by role.
Hopefully you do not have a lot of fields :)
Is there any way to get the user (not the role) that created a view?
I tried desc, show, grants on view but couldn't get the specific user
The INFORMATION_SCHEMA.QUERY_HISTORY* table-functions have a USER_NAME column, and you can filter on the QUERY_TEXT to find the view's CREATE-statement.
This should work unless the views were created with a variable. For example: CREATE OR REPLACE VIEW IDENTIIER($MY_VAR)... where MY_VAR is a variable containing the name of the view.
UPDATE
INFORMATION_SCHEMA.QUERY_HISTORY table-functions return results for the past 7 days. Also see the ACCOUNT_USAGE.QUERY_HISTORY table functions, which return results for the past 365 days, with a 45 minute lag.
UPDATE 2
You can also use conventions such as:
Give each user their own schema, composed from their name or initials
Ask users to put their name or initials in the view COMMENT
Or ask users to prefix or suffix their views with their initials
If the views are created with a script or a stored procedure, then you can automate the above.
Lastly, while it's not a best practice, you can in fact create a separate role for each user. This however creates a lot of administrative overhead, especially as you scale, and is not recommended.
The scenario : an Oracle 11g database containing some sensitive user data that could result legal liabilities if disclosed to the wrong party.
The desired effect : only a certain user, connecting from a certain IP, can see the column that contains this sensitive user data
I am not sure that hidden columns or virtual columns are the right ways to do this. It seems that Fine-Grained Access Control could help. I am not sure of what is the best solution. The restriction by IP is probably done at the listener level?
The question :
How can we restrict the visibility of a column so it is only available only to a specific user? All the other users would never see the column, not even when doing a "DESC TABLE_WITH_SENSITIVE_DATA"
Thanks for any tips.
Simplest way to do this is to create a view on the table that does not contain all of the columns. Don't grant select on the table, but only on the view.
The "proper" way to do this is with Fine-Grained Access Control (Virtual Private Database), which can replace the contents of columns with a NULL if certain conditions are not met.
See the example here: http://docs.oracle.com/cd/B28359_01/network.111/b28531/vpd.htm#autoId17
You can probably build this sort of functionality yourself if you're feeling both impoverished and skilled.
Do you the ability to modify roles and create views? Perhaps you could create two separate views and grant access to two different roles for that table. All users that are restricted from seeing the sensitive data would belong to a "restricted" role and the others would have access to the "unrestricted" role. You would need to grant privileges on each view to the appropriate role.
It is important to note that there are restrictions on updating the underlying data associated with a view. As explained here, views that contain set operators, aggregates and GROUP BY DISTINCT and joins and not modifiable.
In my application I have an administrator who can create Tournament objects. When the object is created the service also creates a user (based on the tournament director's info which was entered at creation). The username for the user is the director's e-mail, the password is randomly generated and then mailed to the director.
When the director logs on with his e-mail address and password, I need to be able to link him to his own tournament, in order to only allow him to edit his own tournament's details. I have tried to find a way to store the TournamentId in the default ASP Net Users database, but was unsuccessful.
I had a look at this SO question which would certainly help me, but I can't figure out how it would apply to my problem. When the user logs on, I can't put the TournamentId in the userdata seeing as I don't know it.
Should I then do a lookup in the Tournament table to see which ID corresponds to the email address entered at login and store that in the userData? It seems quite unelegant this way.
I guess you should have a CreatedBy column in your Tournament table where you store the ID of the user who created the tournament. Then when the user logged in, get his id ( may be from session ,if you store it there), Do a select query where CreatedBy=loggedInUserId .That should do the trick.