security via db

Currently, my application assigns security levels to users (1, 2, 3 etc.)
and I control access to areas via this level which is stored in a session.

I would like to allow the administrator to be able to specify which areas
are accessible by user instead if being limited by my hardcoded options.
i.e. Each employee profile would have a checkbox for each area on the
system. Checked allows access, unchecked denies access.
Ideally, you would be able to select between read-only / read-write / no
access.

Whats the best way to go about implementing this? Any examples available?

Thanks in advance for any help!

Re: security via db

<<
Currently, my application assigns security levels to users (1, 2, 3
etc.)
and I control access to areas via this level which is stored in a
session.

I would like to allow the administrator to be able to specify which
areas
are accessible by user instead if being limited by my hardcoded options.
i.e. Each employee profile would have a checkbox for each area on the
system. Checked allows access, unchecked denies access.
Ideally, you would be able to select between read-only / read-write / no
access.

Whats the best way to go about implementing this? Any examples
available?

Thanks in advance for any help!
>>

I'd suggest having some fields added to the Users table such as Level1,
Level2, and Level3 with values such as Read-only, Read-write, and None.

And have the login page set session variables:
Session("Level1") = Read-write
Session("Level2") = Read-write
Session("Level3") = Read-write

And then the top of a page could have something like:
If Session("Level3") <> Read-write Then
Response.Redirect "login.asp"
End If

And here's a little something I put together about a simple login:

Classic ASP Design Tips - Login Page
http://www.bullschmidt.com/devtip-loginpage.asp

Best regards,
J. Paul Schmidt, Freelance ASP Web Developer
http://www.Bullschmidt.com
ASP Design Tips, ASP Web Database Demo, Free ASP Bar Chart Tool...


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!