How to build authorization with groups and roles?

Hot Topic

Error when form is getting data from or to server
Multi-tiered Application with client Server Architecture
Sharepoint development future? .NET 3.5 and beyond...
ListTemplates with field definition for calculated fields and other problems
Workflow condition "Approvalstatus" - Approved don't work in SharePoint 3.0
Parsing;
Moss 2007 Problem to create an eventhandler Adding Item
Issues With Delay Activity
Custom incomming Mail Handler
getting in to "serious" programming, help needed with ER modeling

SharePoint Products

Active Directory , Exporting xml as users
Opening WSS site in VS 2005
Why take long time to open WSS site?
Modifying Approvers
Problems configuring for e-mail enabled libraries and distribution groups
A web part that is a consumer and provider at the same time.
Design Question about an "actor" in a use case
Application Block
What are "Newly Added Programs"?
Why would I ever use ServicedComponents for in-service data access?

How to build authorization with groups and roles?

I just implemented Membership and Roles. It all works great. I am using the AspNetSqlMembershipProvider and the AspNetSqlRoleProvider.

Here is my problem. We have different groups - Students, PTA and Coaching.

Roles would work fine for one person adminstering all three groups, however, we want the groups separate as far as authorization is concerned.

Any suggestions on how we can authorize first by group then by role.

Group Roles

Student Admin, Member, Basic

PTA Admin, Member, Basic

Coaching Admin, Member, Basic

The number of groups could grow quite large.

The groups and roles are stored in a SQL Server 2005 database.

Answer this question

How to build authorization with groups and roles?

  • DavidCeder

    I guess you mean that someone in the group Student with the role Admin has rights to only administer the group Student and not other groups So someone from PTA with role Admin is not able to administer the group Student

    If so you should create a class that implements the IPrincipal interface. This class should contain information about the active user (identity (meaning user and group) and role). You can then simply check in that object to see about the combination.

    For more info see the following link:

    ms-help://MS.VSCC.v80/MS.MSDN.v80/MS.VisualStudio.v80.en/dv_fxsecurity/html/91f0ac8c-13b1-4c52-af5f-fef388bbba54.htm

  • BrentB


    This is exactly what I am trying to accomplish. I will read up on your suggestion. Thanks.
  • How to build authorization with groups and roles?
Answer this question