Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Storing and assigning user rights within an application with an unknown number of plugins

Posted on 2007-07-28
Medium Priority
Last Modified: 2012-05-05
I have an application that uses 0 or more plugins, but I need to assign user rights for access to various parts of the application and then iterate those rights to show or hide / enable or disable / modify menu and UI items appropriately.  At the moment users can log in, but only have three levels: basic user, power user, administrator.  Anyone with Administrator priveleges can access anything so that is easy enough and short circuits the need to deal with other checks.

All other users, though, may need to be allowed to access part of the system on a read only, read and write, or some other combination such as can add but cannot delete.

In trying to determine the best way to store and process this information I have considered a bitwise value, but that only provides 64 permissions and I have no way of knowing how many may be required.

Given that the application uses plugins the plugins need to store some sort of rule that determines who can do what which the host application can then impleent.

Can anybody give me some advice about implementing this type of structure?

Chris Bray.
Question by:chrisbray
  • 3
  • 3
LVL 29

Expert Comment

by:Gautham Janardhan
ID: 19583874
something like this might be feasible

say u number ur entities(ur addons) say

Addon - 1 is 100
addon -2 is 200
and so on

and for each add on u will have privilege from 1-99

like 101 - 199;

then for each user u can store the privileges in a string list

usera -   101,102,201,202,203,204,105,109
userb -  301,302,201,302,203,304,105,309 ,401


Accepted Solution

illusio earned 1500 total points
ID: 19587340
This is a very common problem you are facing.
The implementation I have seen the most is the following:
In a database(see this large, can be oracle, flat text file, hard coded, progesql, ...) there is stored the following data (i will use database notations to clear this up)
Table UserGroups

Table Users

Table Plugins

Table Rights
--> those rights can be stored in a byte but this is very unhandy if you want to adjust rights afterwards or want to quickly correct some errornous rights - it's difficult to see errors at a quick glance

In your application if someone logs in, you load the rights in a commonly visible object (static). Since you have only one user active (mostly - otherwise you just extend the system) you put all the rights in a hashtable (pluginname, rights). When you need to show a menu item of a plugin, you ask the rights to the hashtable (very fast operation) and you do the appropriate action.

You have now some scenario's to consider.
- The user that is logging on has no rights assigned. Most of the time when this happens, and a user can perform a valid login, you give him the rights from an "everyone" user group.
- You have a plugin that has no rights assigned, mostly you give the current user all the rights
--> those two scenario's limit the amount of data you need to keep inside your rightsmanagement system
You can implement the property in a way that this system is transparent. The object returning the rights, should always returns a right following the system above, that way the rest of your program just blindly follows the rights that are given.

A very tight structure to put the rights into in the hashlist is:
struct Rights // yes, structs do exist in C#, they are valuetypes!
bool Visible;
bool Read;
bool Write;
bool Delete;
bool Audit;

The most general way to make the rights available is, if you can make a call like:
Rights r = RightsManager.User["user"].Rights["Plugin"];
--> since you have only one user, you can make the User prop a simple array, but it provides easy extention for cases where more users can exist (e.g. execute a module with elevated rights)

Kind regards,

Author Comment

ID: 19754384
Hi Bob,

Illusio gave a good answer, but not necessarily what I was looking for.  Again, I was sincerely hoping for some more input from other experts....

That said, the suggestion was valid and I feel that perhaps some or all of the points on a B grade would be appropriate in this situation.  Please advise if you feel this would fit in with the ethos and rules of EE.

Chris Bray.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 19754694
Hi Chris,

Maybe you can comment on the ideas given and I can give further ideas and advise. There are some more solutions possible. The design I've lead out is a general one - usable in almost any case. For me the safest suggestion to start with since I don't know your specific situation in detail.

Maybe you can give some upper limits and minimum requirements.

Kind regards,

Expert Comment

ID: 19754710
Oh - grade of B is good for me - I'm not really in it for the points, just for the helping.


Author Comment

ID: 19755055
Hi Illusio,

To be honest I have passed your suggestion to one of my co-developers but due to family illness on my part and holidays on his we have not yet had an opportunity to review your suggestion in detail in comparison with the project.  Unfortunately that part of the project is more his responsbility so whilst I can ask the question and suggest he will have to make sure that your suggestion does not clash with whatever else he is coding.

We were certainly thinking of storing permissions for individuals rather than user groups, and the solution needs to be scalable.  Your suggestion is not (yet) a complete solution but may well lead to one once we review it in context, and hopefully that review will take place tomorrow.  I suggest that I ask him to review that before our meeting and I will come back and ask any further questions or request more assistance if required.  

I do feel that your answer deserves points rather than deletion, and thank you for both your help so far and your offer of further assistance.

Chris Bray.

Author Comment

ID: 19763648
Hi Peter

After all that my colleague is now ill and not fit for our coding review today!!  However, he has reviewed the suggestion youput forward and says that with modification it is workable for our purposes.  I therefore propose to assign you the points as described above and thank you for your efforts.

If we come across any further issues I will post another question which hopefully you will spot and be able to answer.

Chris Bray.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question