Site Security

No, this is not possible with ASPRunner.

I'd like to see this feature as well. User entitlements are very important to companies. Review and update of privileges are critical to a companies ability to stay compliant. To recompile a program to give or take away access authority is not a industry standard. Security awareness and compliance is the one item that you cannot fail on audits. Working in a large company like I do security related audits are done quarterly. It is time consuming and difficult. To have to consistently update and recompile a program to reset security rights is wrong. Additionally, if the developer looses the right to access the database that the website points to you are dependent on a information security person to perform the recompile and not screw up the application.
This should be a top priority for Asprunner.
Abel Melchiore

Hi Abel, it is an easy task in ASPRUNNER. You will need to add a field for each page in each user table.

Example:

Suppose you have a user John and User Bill
John edit, Show and add to the customers, Show for the vendors, and show, add, edit and delete the supply table.

Bill read customers, print customers, edit, add, delete and print vendors, read only supply table.
In the users table add 4 fields, allow Char5 and call them permCust, permVendors, permSupply, permUserAdmin, when done recompile the pages, so your user table has included the additional fields.
In Table Users go to John and set permCust to AES, permVendors to S, permSupply to AEDS, and leave permUserAdmin blank.
In Table Users go to Bill and set permCust to S, permVendors to AEDPS, permSupply to S, and leave permUserAdmin blank.
Set permUserAdmin to AESPD for the individual responsible for the users.
In your website folder open the login.asp with notepad and look for Session("GroupID") = rs("UserName")

Add the 4 lines with the sessions as listed below
if RemoveWrappers("UserName")<>""then

Session("GroupID") = rs("UserName")

end if
Session("permCust") = rs("permCust")

Session("permVendors") = rs("permVendors")

Session("permSupply") = rs("permSupply")

Session("permUserAdmin") = rs("permUserAdmin") ' this will allow who ever you assign to admin the users

' AfterSuccessfullLogin Event

DoEvent "Call AfterSuccessfulLogin()"
Go to your Include folder
Open customers_aspfunctions.asp and look for the Get users permissions function, see 2 samples belows
The original will show multiple users**
Function GetUserPermissions()
sUserName = Session("GroupID")

Select Case sUserName
Case "yourdatabaseadmin"

GetUserPermissions = "AESPD"
Case "John"

GetUserPermissions = "AES"
Case "Bill"
GetUserPermissions = "S"
Case Else

GetUserPermissions = ""

End Select
End Function

**
Modified as shown below
Function GetUserPermissions()
sUserName = Session("GroupID")

Select Case sUserName
Case "yourdatabaseadmin"

GetUserPermissions = Session("permCust")
Case Else

GetUserPermissions = Session("permCust")

End Select
End Function
Open Vendors_aspfunctions.asp, Users_aspfunctions.asp and supply_aspfunctions.asp, repeat as required for Vendors, Users and Supply using the other three sessions.
When done, login like you are the other two users and you will find it works well.

Make sure you leave permUserAdmin blank for other users so they can not read or modify users permissions.
Pages you do not want users to see, leave the box blank in the users table which controls that page.
Hope this Helps

<img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=10354&image=1&table=forumreplies' class='bbc_emoticon' alt=':o' />)