User authentication on an Intranet - best practices...
Posted on 2004-11-21
I am building an intranet for my company, we have the following departments:
1) Office Managers
All of these departments are stored using the same information in the same database... for example, if the telemarketer sets an appointment for office 1024 then the manager of office 1024 will see it come up, no other office manager will. (You get the idea...)
The first from this group is the office manager. This part of the intranet will allow him/her to keep up with every part of the office from inventory to sales reps.
The second part is the telemarketing department, this will allow the telemarketers to add appointments and call people to set them.
the third part is corporate, this is simply reports for the corporate side to see all of the offices.
My question deals with users... In this program, different users will login to different parts of the application. The directory structure is as follows:
/intranet/officemanagers/ <-- this is where the office managers go
/intranet/telemarketers/ <-- this is where the telemarketers go
/intranet/corporate/ <-- this is where the corporate users go
I would like to have one login box that will send users to the appropriate part of the intranet based on who they are and where they are suppose to go. My question is this: Is it bad practice to have ALL users in one table even though they login to differnet parts of the intranet? For example, a telemarketer has no relation to an office manager (not even in the same office) but they would be in the same 'users' table. Is this okay?
Or, should i have different tables for each type of user? Example: For telemarketers, I would have a table called tbl_telemarketer_users and for office managers, I would have a table called tbl_officemanagers_users etc... The downside to this would be that I would have to have different login pages for different people, and they would have to be told where to go, instead of login.mydomain.com
By the way, I am using VB.NET and Microsoft SQL 2000
Thanks in advance,