Results 1 to 8 of 8
  1. #1
    Join Date
    Jun 2009
    Location
    Midlands
    Posts
    135

    Unanswered: Is this possible? if so how do i do it, and what would the syntax be?

    Hi all, hope you can help with the following.

    I'm not the best when it comes to coding, im still learning. So please forgive the lack of terminology and poor example.

    I am trying to write a statment that checks sevel conditions before sending the user to the page they need.

    I was wondering if its possible to have something like the following, and if so what would the syntax be?

    if firstname = jack
    and department > 10
    and securityLevel >= 10
    and roleID >= 20
    then
    response.redirect("page.asp")
    else
    response.write("sorry you access Level is too low")

    hope this makes sense, apologies if it doesn't.

    Any information is most welcome.

    Regards
    MG

  2. #2
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Absolutely.

    Just remember that string literals need to be wrapped in double quotes
    Code:
    If firstname = "Jack" And ...
    And that an If requires an End If!
    George
    Home | Blog

  3. #3
    Join Date
    Jun 2009
    Location
    Midlands
    Posts
    135
    Hello, thanks for the reply.

    I shall remember that.

    Regards
    MG

  4. #4
    Join Date
    Mar 2003
    Location
    The Bottom of The Barrel
    Posts
    6,102
    Provided Answers: 1
    I'd caution you against using numeric value ranges for security. You are creating a brittle security mechanism that ceases to work after an arbitrary number of "levels" or "roles" become necessary.

    If you're ok with that risk, then so-be-it. Just make a conscious decision to accept the flaws.
    oh yeah... documentation... I have heard of that.

    *** What Do You Want In The MS Access Forum? ***

  5. #5
    Join Date
    Jun 2009
    Location
    Midlands
    Posts
    135
    HI teddy, thanks for the reply.

    I'm still lacking much needed knowledge, so im a little undsure how id create a better version. Also, to be honest, I'm struggling to get this version working too. You Dont fancy lending me your brain do you? lol.

    Regards
    MG

  6. #6
    Join Date
    Mar 2003
    Location
    The Bottom of The Barrel
    Posts
    6,102
    Provided Answers: 1
    You might want to look at the ASP.NET membership provider model from an architecture perspective, which in turn shares many similarities with standard group-based security you might find in a common LDAP store.

    The idea being that you assign permission roles to either a single user, or a group of users. So instead of assigning a security "level" number which provides accessed based on how high the number is, you would instead creating a set of security "roles" and assign them to whoever needs to fill that role. It ends up being more of an "true/false" thing instead of a "somewhere between 2 and 8" thing. That allows you to have an infinite number of roles, and an infinite number of users and/or groups who are able to assume that role.

    Much more flexible, but it takes a bit more plumbing to make it work.
    Last edited by Teddy; 10-08-09 at 15:31.
    oh yeah... documentation... I have heard of that.

    *** What Do You Want In The MS Access Forum? ***

  7. #7
    Join Date
    Jun 2009
    Location
    Midlands
    Posts
    135
    I have a database with roles, department, user id and name, as well as security levels of 10 etc. Im just not clear how i would begin to write the code, or if it can be done be stored procedure?

    Regards
    MG

  8. #8
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Perhaps you should post this as a design question here: Database Concepts & Design - dBforums
    George
    Home | Blog

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •