Attributes & Deny Authorizations in NetSqlAzMan

Question

I am using NetSqlAzMan for managing authorizations in my application.

In my application, I would like to manage authorization on a record level; allow/deny a user/group to perform an operation on record (e.g. order, customer) #number

I am aware that the solution to such a problem in NetSqlAzMan is using attributes and I have set an small project to test how it works. My application looks like this:

DBUsers:

• John
• Bob

Roles:

• Admin
• Sales
• Marketing

Tasks:

• CreateOrder
• UpdateOrder
• DeleteOrder
• PrintOrder

Authorization examples:

I would like the Sales role to be allowed to UpdateOrder, but in the same time deny UpdateOrder (Attributes: OrderNum=12).

I would like to allow Bob to PrintOrder (Attributes: OrderNum=13) and deny Bob from PrintOrder (Attributes: OrderNum=16)

In both cases, I would end up with a Deny authorization overriding any allow authorization whether I CheckedAccess for (Sales,UpdateOrder) or for (Bob,PrintOrder).

Is there any way to get the AuthorizationType per attribute or does this require any changes.

Answer 1

NetSqlAzMan does not support this and it is not easy to modify it as well. Here is my discussion with the author.

http://netsqlazman.codeplex.com/discussions/282501