In this tutorial we will show you how to setup static User Level Security in ASP.NET Maker. We will use the demo database for demonstration.
User Level Security secures data at table level. Each user level is granted with specific permissions to tables in the database. Users with different access levels are restricted with different add/copy, list/search/view, delete and edit rights.
There are 2 types of User Level security:
1. Static User Levels - the User Levels and the permissions are defined in the project and the User Levels are not to be changed after script generation.
2. Dynamic User Levels - the User Levels and the permissions are defined in 2 tables in the database, the User Levels can still be changed with the generated scripts.
In this tutorial we use static User Level Security.
The "Employees" table and "Orders" table in the demo database will be used in this example.
Fields in Table "Employees"
Fields in Table "Orders"
Steps to Setup Static User level Security
1. Loading ASP.NET Maker
Open ASP.NET Maker and connect to the demo database.
2. Setting up User Access Levels
Click on the [Security] tab, there are two sections for the login process:
If you tick this option, a hard-coded Administrator account will be generated which has all access right to all tables/views.
Use Existing Table
Tick this option to set up the user access levels. You should select the security table and the corresponding Login Name and Password fields.
To set up the user levels, click on the [Advanced] button. A popup window will appear. Click on the [User Levels] button. Select the User Level Field.
There are three built-in user levels:
Anonymous - Anonymous is a built-in user level for anonymous users (i.e. users that have not logged in). The User Level ID of Anonymous is -2.Administrator - Administrator is a built-in user level that has all permissions plus the privileges to modify User IDs and User Levels. Its permissions are same as that of the hard-coded Administrator Login. The User Level ID of Administrator is -1.
Click to add a new user level. Enter the description, and default permissions. Click OK to finish.
For each user level, you can set refine the permission for different tables/views. Click OK to finish.
If you go to Field Setup Page now and view the Edit Tag for the User Level Field, you should see that the Edit Tag has been setup as "SELECT" and the user levels have been added automatically in the value list:
3. Generating ASP.NET Script
Click the [Generate] button and ASP.NET Maker will generate the required ASP.NET scripts automatically.
4. Running the ASP.NET Application
To assign different user level for the users, login as Administrator and go to the user table (the "Employees" table in this case). You'll find that the Edit Tag of the User Level Field is setup as "SELECT" (combobox) and the combobox is populated with the user levels we defined above automatically.
We assign a password and the user level "Sales" to the employee #1 (the employee with EmployeeID equals 1). Then we logout.
To see the Advanced Security works, we login again as employee #1 using "nancy" as user name and "1234" as password.
According to the user level defined by us, users with "Sales"
level has view and add permissions to the "Orders" table only.
They are not allowed to update or delete records. Employee #1 belongs
to the "Sales" level, so we do not see the links to the edit/delete