Role Based Security in 20/20 DataShed

20/20 DataShed's source code defines a set of permissions which enable a user to perform specific tasks in the admin area.

Permissions

permitAbout_Read
This permit allows a user to view (read) the "About 20/20 DataShed" page.
This permit should be assigned only to people who play an administrative function in the website.
permitAdminEmail_Read
This permit allows a user to view (read) the "Admin Email" page.
This permit should be assigned only to people who play an administrative function in the website.
permitApplicationOptions_Read
This permit allows a user to view (read) the "20/20 DataShed Options" pages.
This permit should be assigned only to people who play an administrative function in the website.
permitApplicationOptions_Write
This permit allows a user to write (i.e. change and modify) the options which are made available by the "20/20 DataShed Options" pages.
This permit should be assigned only to people who play an administrative function in the website.
permitChangePassword_Read
This permit allows a user to view (read) the "Change Password" page.
permitChangePassword_Write
This permit allows a user to write (i.e. change) their password via the "Change Password" form.
permitCompanyInfo_Read
This permit allows a user to view (read) the "Company Info" page.
permitContactInfo_Read
This permit allows a user to view (read) their own contact information.
permitCreateItems_Read
This permit allows a user to view (read) the "Add Listing" page.
permitCreateItems_Write
This permit allows a user to write (i.e. add/modify/delete) items using the "Add Listing" and "View Items" pages.
This permit is also subject to the "item_limit" property of the user's account.
permitDatabaseUtilities_Read
This permit allows a user to view (read) the "Database Utilities" page.
This permit should be assigned only to people who play an administrative function in the website.
permitDatabaseUtilities_Write
This permit should be assigned only to people who play an administrative function in the website.
THis permit allows a user to perform database backups, alter database paths and filenames, via the "Database Utilities" page(s).
permitManageCategories_Read
This permit allows a user to view (read) the "Manage Categories" page.
This permit should be assigned only to people who play an administrative function in the website.
permitManageCategories_Write
This permit allows a user to change (i.e. Add/Rename/Remove) categories via the "Manage Categories" page(s).
This permit should be assigned only to people who play an administrative function in the website.
permitManageItems_Read
This permit allows a user to view all items in the "View Listings" page. (Whereas, without this permit a user is allowed to see only their own items.)
This permit should be assigned only to people who play an administrative function in the website.
permitManageItems_Write
This permit allows a user to change (i.e. modify/delete) all items. (Essentially, this is "Full Control" of the items.)
This permit should be assigned only to people who play an administrative function in the website.
permitManageUsers_Read
This permit allows a user to view all user accounts in the "View Users" page. (Whereas, without this permit a user is allowed to see only their own account.)
This permit should be assigned only to people who play an administrative function in the website.
permitManageUsers_Write
This permit allows a user to change (i.e. modify/delete) all user accounts. (Essentially, this is "Full COntrol" of the users.)
This permit should be assigned only to people who play an administrative function in the website.
permitRSSManager_Read
This permit allows a user to view (read) the "RSS Feeds" forms. (i.e. to view information about the RSS feeds which are scheduled in the system.
This permit should be assigned only to people who play an administrative function in the website.
permitRSSManager_Write
This permit allows a user to create or delete RSS feeds.
This permit should be assigned only to people who play an administrative function in the website.
permitSQLReports_Read
This permit allows a user to view (read) the "SQL Reports" page.
As well, this permit allows the user to run any of the reports.
permitSQLReports_Write
This permit allows a user to create new reports.
This permit should be assigned only to people who play an administrative function in the website.

Default Roles

The default roles in 20/20 DataShed are: "Webmasters", "Administrators", "Users" and we have configured these roles appropriately for the most common business models.

In short, the "Webmasters" and "Administrators" role can be considered super users. The "Webmasters" role provides its members the ability to perform database backups ("Database Utilities") and view information about 20/20 DataShed ("About 20/20 DataShed"). The "Administrators" role does not allow access to those pages, but does provide its users with near full control of items, users, and other administrative tasks.

The "Users" role is a limited account and designed for users who need only administer their own data.

Custom Roles

A "Role" is, most simply, just a grouping of permissions.

A "Role" in 20/20 DataShed can be created easily and then assigned any combination of the following permissions. In this manner, users can be assigned to a role which allows them to add a listing, but not edit others' listings; to login, but not change their password; to view all information about categories, but not be able to change them; etc.

A single user account can be associated with any number of roles.

Verifying a User's Role(s) & Permissions

In _locals.asp is a function which looks like:

CheckRoles(ByRef authorizedRolesList,ByRef arrUserRoles)

The "CheckRoles()" function accepts two arguments:

Essentially, this fu ction asks "Does the current user belong to a role which allows this specific action?" and the function returns either "True" or "False".

© 2005 - 2007 20/20 Applications. All rights reserved.