Role management using Classic ASP and VBScript

Hello experts:

I am using Classic ASP, VBScript, MS-Access and Godaddy shared hosting.

I am trying to build a website that will have folks with different roles logging in to do specific tasks.

For example, I will have SuperAdmin, Admin, Operators, Sales.

What is the easiest way for a noob like me to accomplish this?  They would log in using their email address and a password, but how will I tell the system

1.)  who can go where and,
2.)  carry this "credential" from page to page?

Any input will be greatly appreciated.


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I think this link will help you out:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hi driven13

In your MS Access database, you should create a table called logins. In that table, store email address, password and accesslevel. You could make accesslevel an id number:
1 = SuperAdmin,
2 = Admin
3 = Operators
4 = Sales
Next, you would create a login page where the person enters their email and password. YOu would then reference this against the database, if the username and password match an entry you should return the accesslevel id to your asp page. So the SQL would be something like
SELECT accesslevel FROM logins WHERE email = request.form("email") and password = request.form("pass")
If there are 0 results response.write a message like "log in not found"
If there is a result, set a session which will stay in the browsers memory indicating what the users access level is. Maybe in a select case statment like:
Select Case accesslevel
    CASE 1 : session("loginType") = "SuperAdmin"
    CASE 2:  session("loginType") = "Admin"
End Select
Then in the pages in the secure area you can check the login type has sufficient privilegde to access the pages:
<% If session("LoginType") <> "Admin" then response.redirect("Main.asp") %>

Good Luck!
The login system is the easy part. Note that there are different variants. The different roles could have cumulative rights ("operator" can do everything "sales" can plus something more, "admin" can do everything "operator" can do plus something more etc), or the different roles could have specifically defined rights which are not necessarily cumulative.

The hard part is to implement the roles in the actual pages.

What I have done in such a situation is to list all functionality in the application into a table in the database. In another table in the database I have listed all .asp pages in the application, with a reference to the functionality. Lastly there is a table for permissions where each defined role is mapped with the defined functionalites as "none", "read" or "edit".

A generic include is used in each page which finds the current page-name (as in "thispage.asp"), gets the functionality of this page from the database and checks the permissions of the role of the current user.

You could simplify it by organizing asp pages in directories and grant grant permissions to roles on certain directories (in my case that was not a good solution).

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.