Hi all, hope you can help with the following.

I'm not the best when it comes to coding, im still learning. So please forgive the lack of terminology and poor example.

I am trying to write a statment that checks sevel conditions before sending the user to the page they need.

I was wondering if its possible to have something like the following, and if so what would the syntax be?

if firstname = jack
and department > 10
and securityLevel >= 10
and roleID >= 20
then
response.redirect("page.asp")
else
response.write("sorry you access Level is too low")

hope this makes sense, apologies if it doesn't.

Any information is most welcome.

Regards
MG

Absolutely.

Just remember that string literals need to be wrapped in double quotes
And that an If requires an End If!

Hello, thanks for the reply.

I shall remember that.

Regards
MG

I'd caution you against using numeric value ranges for security. You are creating a brittle security mechanism that ceases to work after an arbitrary number of "levels" or "roles" become necessary.

If you're ok with that risk, then so-be-it. Just make a conscious decision to accept the flaws.

HI teddy, thanks for the reply.

I'm still lacking much needed knowledge, so im a little undsure how id create a better version. Also, to be honest, I'm struggling to get this version working too. You Dont fancy lending me your brain do you? lol.

Regards
MG

You might want to look at the ASP.NET membership provider model from an architecture perspective, which in turn shares many similarities with standard group-based security you might find in a common LDAP store.

The idea being that you assign permission roles to either a single user, or a group of users. So instead of assigning a security "level" number which provides accessed based on how high the number is, you would instead creating a set of security "roles" and assign them to whoever needs to fill that role. It ends up being more of an "true/false" thing instead of a "somewhere between 2 and 8" thing. That allows you to have an infinite number of roles, and an infinite number of users and/or groups who are able to assume that role.

Much more flexible, but it takes a bit more plumbing to make it work.

I have a database with roles, department, user id and name, as well as security levels of 10 etc. Im just not clear how i would begin to write the code, or if it can be done be stored procedure?

Regards
MG

Perhaps you should post this as a design question here: Database Concepts & Design - dBforums