Hi Brennan, This kind of thing really depends on the size/complexity of your application and the possible combinations of user privleges. In many cases you can get away with using "roles" (administrator, contractor, clerk...) to control application feature accesss. However, in other cases, each user may require an individual profile that allows complete flexibility of feature access. In addition, you have to decide which tier(s) will control access.
Traditionally, the back-end allows access to resources (tables, stored procedures, files, directories...) based on the user's login (role or individual). This is always a good practice and acts as a fail safe for possible attack. However, you can also control access in the middle tier(s) and the UI. Your choices depend on the infrastructure and the use cases. The description of your application implies that you are leaning towards the use of user roles. You can retrieve the user's role at login and conditionally control access to the various states within your Flex application. But, this can get messy very quickly. Another way is to control access dynamically. For instance, you could create a security profile table somewhere on the back-end or middle tier (role and/or user profile based) that contains all of the application features that allow conditional access. As an example, let's say that your application has a main MenuBar that contains all of the application screen links (states). When the user logs in, return an xml file, to be used as the dataProvider of the menuBar, that only includes the menu options that are allowed for the user's role or profile. Or return all of the menu options, but include an enabled attribute. Note: you can also include an event attribute in the xml, that controls what the menu option does (this works well with Cairngorm). Anyway, that's one idea. These types of issues can get complicated. However, with some careful forethought, you can avoid painting yourself into a corner. -TH --- In flexcoders@yahoogroups.com, "dreuimar" <[EMAIL PROTECTED]> wrote: > > Hey everyone, > > Currently in my application I have hard coded into the application a > number of states for each screen of the application. I want certain > users to have the option of selecting certain screens. Is there anyway > to pull the available screens at runtime and add them dynamically, > either by adding everything in a given directory or if I have records > for each screen in a DB, and depending on the user privelages, add > only the screens associated with each user's privelages. I'm guessing > I'd put the path of the state in the record itself? > > Basically I'm looking to have the administrator have every screen > available as a link on the main page, and something like an outside > contractor have only links available to him, etc. We have a > considerable amount of states, and coding each one in manually is > starting to affect the workflow of the project. > > Thanks, > Brennan > -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
