Sample application: EmployeeList
Requirements:
- This application presents a list of employees to a user.
- The list should only display those employees that the user has access to.
- The employee data is stored in an Employees table in a database.
- Administrators must be able to define which users can access each employee record by specifying active directory users and groups.
- The application must be able to handle up to 100,000 employees.
What is the best practice for storing the access permissions and checking the permissions at run time
For Example:
-
Employee A can be accessed by anyone in the Sales active directory group
-
Employee B can be accessed by anyone in the Corporate active directory group
-
Employee C can be accessed only by John Doe in active directory
John Doe is a member of the Corporate group in active directory. When John Doe accesses the application he should only be presented with Employee B and C in the list.
What is the best way for the application to store permissions and determine which employees to present to the user John Doe What data do you store in the database for each record How does the application use this data to determine which employee records to display
Performanc is key!
Any suggestions or can anyone director me to a sample application that implements the best practices for this type of solution
Integration with Active Directory
csoop
You can set proper access rights on the directory object to achieve this.
Here are sample codes: http://msdn.microsoft.com/library/default.asp url=/library/en-us/ad/ad/example_code_for_setting_an_ace_on_a_directory_object.asp