?
Solved

Need help building some sort of Employee Viewing Access Tool

Posted on 2005-05-12
20
Medium Priority
?
206 Views
Last Modified: 2013-12-24
I currently have this Project Managment Tool built and I need to add security to it.
Right now I have 10 employees that can enter their daily tasks and hours.
I want to limit viewing access to Managers, Exective Staff, Team members etc...

So lets say I'm working with 10 Employees

1 President ( Can view All )
2 VPresident ( Can view All )
3 Team Leader A ( Can view All Team A  )
4 Team Leader B ( Can view All Team B  )
5 Staff Member Team A ( Can only view Themselves )
6 Staff Member Team A ( Can only view Themselves )
7 Staff Member Team A ( Can only view Themselves )
8 Staff Member Team B ( Can only view Themselves )
9 Staff Member Team B ( Can only view Themselves )
10 Staff Member Team B ( Can only view Themselves )

I'm alittle lost how I would do this?

Do I set up a another Tbl in my database?
Do I use my current Employee Tbl, and add new fields that list which employees can view which?

0
Comment
Question by:rurth24
  • 8
  • 5
  • 2
  • +3
19 Comments
 
LVL 11

Expert Comment

by:adonis1976
ID: 13990715
Add another column.. to your existing table..

say for "IsAllowed"

set that field to either 1 or 0..

1 is allowed.. 0 is not..
0
 

Author Comment

by:rurth24
ID: 13990795
That won't work for a complex system. I have that setup as a basic already.

Would this work?
Have a extra field in my employees TBL called "IsAllowed"
Each employee would have a list of people (employeeID's) that he/she could view..

For example:

Firstname          Lastname                 EmployeeID                    IsAllowed
Michael              Thompson                  5                                 16,67,58 (these would be other employeeIDs

Could this work?
0
 
LVL 9

Assisted Solution

by:Dain_Anderson
Dain_Anderson earned 500 total points
ID: 13990903
I would recommend setting up some additional tables here:

tbl_Users
----------
User_ID
User_First_Name
...etc...

i.e.

User_ID           User_First_Name
---------           -------------
1                     Michael  


tbl_Groups
------------
Group_ID
Group_Name

tbl_Permissions
------------------
Permission_ID
Permission

i.e.

Permission_ID         Permission
----------------         ------------
1                            Full Access
2                            Read Only
...                           ...


i.e.

Group_ID       Group_Name
-----------       ---------------
1                   Team A
2                   Team B

tbl_Group_Permissions
--------------------------
User_ID
Group_ID
Permission_ID

i.e.

User_ID         Group_ID      Permission_ID
---------         -----------     -----------------
1                   1                 1
1                   2                 1

So, Michael (User_ID 1) has full access permissions (Permission_ID 1) to Team A (Group_ID 1) and Team B (Group_ID 2).

This should give you enough to get started.

HTH,

-Dain
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:rurth24
ID: 13990990
Same as Windows Server: User and Groups
0
 
LVL 9

Expert Comment

by:Dain_Anderson
ID: 13991074
Ideally, yes. The IsAllowed method will work, but very cumbersome to edit/update. In addition, it isn't normalized. The example I gave used link tables to store foreign keys to the other tables. This is a pretty common was to handle security.

-Dain
0
 

Expert Comment

by:tpiazza55
ID: 13997183
i have a similar system in my office -- i did it will session keys -- when they login they are assigned a session securty level -- 1,2,3 dependent on who they are

from there the querys run differently based on the setting

if you want i can post the code

0
 

Author Comment

by:rurth24
ID: 13997233
That's how I have it now.. using session keys...

One problem it limits you...
I need a more robust tool
0
 
LVL 20

Accepted Solution

by:
trailblazzyr55 earned 500 total points
ID: 13998247
just to get it straight, bit confused, you have a group ID for each employee right and you want the employeeID to contain their access permission based on their list?

ID Key:

Level \  Position
----------------------------
1          President
2          VPresident
3          Team Leader A
4          Team Leader B
5          Staff Member Team A
6          Staff Member Team B


if you had a table..... named: Employees


Firstname          Lastname            EmployeeID             IsAllowed
-----------------------------------------------------------------------------------
Tom                   huck                        5                            5
Bill                     foot                         6                             6
John                   Doe                         5                            5
Suzie                   Que                       6                             6
Purple              PeopleEater                5                            5
bugs                   bunny                     4                            4,6
roger                  rabbit                     3                            3,5
Madd                  Hatter                     2                            2,3,4,5,6
Bugsy                 Seagal                    1                            1,2,3,4,5,6

so this is your idea right???

so let's say you have a form to fill in your employees info, access, blah blahh....

if this is how you wanted to do it and say you want to grant certain priveledges based on "IsAllowed" and "EmployeeID" then you could do something like this for a page...

SELECT Lastname, Firstname, IsAllowed
FROM Employees


then for your form do something like this in your form to find if they can see a certain item..

<cfif ListFind(3, query.isallowed) gt 0> then you'll know </cfif>

basically 3 is the access needed and it looks in their list for that value,
if it finds it great, they see it, if not, no can see!


For inserting a new user's access level assign lists then to terms or in a form however you think would be best for your setup..

let's just say you go with a drop down to select a users access level right

<select name="Permission">
   <option value="1,2,3,4,5,6">The Boss</option>
      <option value="2,3,4,5,6">Minni Me</option>
              <option value="3,5">Leader A</option>
              <option value="4,6">Leader B</option>
                 <option value="5">Grunt A</option>
                 <option value="6">Grunt B</option>
</select>

ok so now you have your users, way to select them, and so on, to insert the values then, you can do something like this.

INSERT INTO employees (LastName, FirstName, EmployeeID, IsAllowed)
        VALUES ("#FORM.FirstName#",
                      "#FORM.LastName#",
                     "#FORM.EmployeeGroup#",
                     "#FORM.Permission#")

That should work for you ;o) isn't the best method for security on a site, but from what you're asking this i think it how you can go about it. Hey you know what would be cool???? have a look at this link, this may be an interesting idea to add to you admin tools...

http://javascript.internet.com/forms/user-management.html

thoguth that was cool. Kinda like windows selecting groups and stuff. Anyway lemme know if you have any more questions. hmmm, maybe i should be posting to the other question??? will post there too ;o)

~trail
0
 
LVL 20

Expert Comment

by:trailblazzyr55
ID: 14155674
no word back from rurth24 yet.. ;o) waiting for feedback
0
 

Author Comment

by:rurth24
ID: 14155704
Sorry about the delay... I really haven't had anytime to work on this when I first posted it.. I got sidetracked..
When and if I get free time I want to revisit the question... How do I proceed?

Do I give points out?
0
 
LVL 35

Expert Comment

by:mrichmon
ID: 14155743
The best thing to do is to review the comments posted.  If you think any may help then the question can remain open while you have time to investigate, but please post letting us know which comments you feel may be helpful to you and if you have any immediate questions regarding them.

Thanks.
0
 

Expert Comment

by:tpiazza55
ID: 14155928
what are you still ahving trouble with?

still think session variables is the way to handle it
0
 

Author Comment

by:rurth24
ID: 14155947
I'm not having trouble, just haven't worked on it yet to figure out what the best way is..
I got stuck on another project, so I haven't been able to work on this...
0
 
LVL 20

Expert Comment

by:trailblazzyr55
ID: 14155969
Dain_Anderson had posted a good way and I posted an alternate way which seemed to fit what  rurth24 was asking more specifically without changing too much to what  rurth24 has already. Between the two I'd recommend

split Dain_Anderson & trailblazzyr55

or keep it open if rurth24 would like,.. rurth24 you can keep this open should you want to come back, but are busy at the moment ;o)

~trail
0
 

Author Comment

by:rurth24
ID: 14155985
Okay I'm going to split the points and close..
When I get a chance I'll look back and if I have any problems I'll post for help.

0
 
LVL 20

Expert Comment

by:trailblazzyr55
ID: 14156011
you don't have to split if you want to keep this open, when you're ready just post another comment or ask for more help and we'll get the email to have a look when you're ready, just don't let it go for too long without saying you aren't abondoning the question... ;o)
0
 

Author Comment

by:rurth24
ID: 14156020
Oh ... My bad... Oh well..
Well I'll post later on when I get back to the project..
Thanks again
0
 
LVL 20

Expert Comment

by:trailblazzyr55
ID: 14156055
lol...ok ;o) thanks!
0
 

Author Comment

by:rurth24
ID: 14156069
Just to let you and everyone know, this site rocks..
It's a great way to learn and get help..
Everyone keep up the good work..
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their VPS hosting experience that much smoother.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question