Hello,
I am using the advanced, dynamic security and have multiple groups with various rights. I have discovered an issues (at least for me) in the way it works. It is a bit hard to explain in writing (agian, at least for me <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=question&id=11060&image=1&table=forumtopics' class='bbc_emoticon' alt=':(' /> ), but here is an example of steps to illistrate the issue:
First, make an "Everyone Group" with rights to view table.
Make user 1 a member of Everyone Group.
They can only view table - perfect!
Then create a Manager Group with rights to add, edit, and view table.
Add user 1 to Manager Group, in addition to Everyone Group (in other words, they are now in both groups).
User 1 can still only view table - not perfect.
The issue appears to be the order in which the group (or rather the group rights assignments) where created. It apears ASPRunner goes through the tablename_ugrights table until it finds the first group the user is a member of and assigns those rights. I know this because if, in my example above, I setup the Manger Group first, the more permissive Manager Group rights are assigned to the user. (or I can just swap the Everyone and Manager rows in the table and get the same result).
I'm not sure how others will feel about this, but I would prefer to have the most permissive rights from all the groups the user is a member of be applied. Is this possible? Or maybe a ranking of the groups... so the highest ranked group's right's are applied (e.g. Everyone Group = ranking of 1, Managers Group = ranking of 2... if user is in both, use the higher ranking Managers Group). Thoughts?
Hope this makes sense.
Thanks,
Tim