Granular & Role Based Permission System

Oct 22, 2012
St Arnaud, VIC
Programming Experience
Hey All,

We are in the process of writing a new in house software system which we need to have a permission system built into. Authentication is handled through Active Directory but what we need is to be able to manage a users permissions for performing various functions and have either a true or false value returned for that task.

We would prefer it if there was some of the shelf component within .NET which would allow us to achieve this easily and where the permissions are stored within the database so that permissions can be used on all installations across the network but have been having difficulty in finding reference to anything other than managing file and directory permissions.

Our needs are...
  1. Each win form will have a permission just to open the form.
  2. Each form will have a variety of permissions within it relating to what tasks on that form a user has permission to perform.
  3. Most permissions will be based on a role-based security system.
  4. Some users will need to be given a single additional permission on top of the current role they have.
  5. Some users will need to be given a permission for a specific record on a winform which will only be applied to that specific record and not others.

Is there something already out there such as a control or a class which I can add or is this something which we will have to custom produce ourselves and either way does anyone have any advice as to where to look for this. We don't want to manage permissions with a massive permissions table in the database as the current designs call for almost 1000 individual permissions with a future upgrade which is already planned needing an additional 300 permissions on top of the original 1000. We also have almost 500 users who will need to have permissions managed. If we did this as one massive database manually 1000 permissions x 500 users would result in us having a table with 1000 columns and 500 records, too difficult and complex to manage or work with effectively. Ideally we would like to be able to use something similar to active directory for permissions where a role is defined for a group of permissions and then users are assigned to a role and a user can also be assigned specific additional permissions as the need arises.

We have found something which would work well for us as the theoretical design for the permissions system but which was written for PHP and can be seen at PHP Generic Access Control Lists.

Any assistance you can come up with is appreciated.

Top Bottom