close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Access Levels to Records

Thread began 4/22/2010 4:33 pm by fabianmacs370894 | Last modified 5/06/2010 6:28 am by Jason Byrnes | 1252 views | 3 replies |

fabianmacs370894

Access Levels to Records

I have built a CMS for an Events Website using Datassist. A client needs to enter CMS and add an Event particular to them. I have an Insert Page, Results Page, Detail Page, Update Page etc but when they Insert a record I want them to be able to just edit/delete the record that they have entered, and not be able to touch any other records entered by other clients. Is there any way that I can restrict them from doing this. I also want an admin section where an administrator can change all records. Is this possible with any webassist plugins?

Thanks,

Fabian

Sign in to reply to this post

Jason ByrnesWebAssist

yes, this can be done using security assist.


when the user logs in, a session variable is created with their ID number.

When the record inserts, you should have a column that the ID session variable is stored in to relate the record to the individual user.

Set the results page to filter on the users ID session variable so it will only display records they have created.

On the detail and update pages, you will probably want to edit the recordsets that are created. add to the where clause an additional filter on the user ID session variable so they cannot guess the query string of another users record.


For the supper admin, you should create another set of admin pages that only they can access that does have the filtering on the userID session variable.

Sign in to reply to this post

dan373824

restrict ID access

Hi

I have a similar issue on a site i am building for UK schools.

There need to be four levels of access (1. Corporate access which define schools, 2. schools that define teachers, 3. teachers that define pupils, 4. pupils)

It is important that pupils (who will try and break everything) only view their own content and that if someone deduces that if they manually enter a ID string to the end of the url that they will be denied access.

Please advise

Dan

Sign in to reply to this post

Jason ByrnesWebAssist

the userID and Access level should not be passed as a query string, they are stored in session variables.

See the "User Level Authentication" Tutorial in the solution recipe section of the security assist support page:
securityassist/

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...