I use a very simple model where everything that needs a permission is given a permission number or reference. In principle the user never even gets to see that a menu item even exists unless he has that permission.
It is an easy management setup because all it needs is a page with a load of checkboxes to generate and modify the user's permissions list. When the user logs in, his list of permissions is assigned to a client var (or whatever). Every menu item or other item needing a permission is surrounded by <CFIF listfind(client.allpermissions,"23")> show item </CFIF> The permission number or reference should not be related to a URL or form variable value so it is not hackable. Douglas Brown wrote: > > I am needing to implement a security module for an application that I am > working on, and was wondering how all you gurus handle things like this. > What I need to do is set security for many facets of the application. > > IE: > > 1. Department level security > 2. User level security > 3. Template level security > 4. Objects that may need security within the template where the template > is not secure. > > Douglas Brown > Email: [EMAIL PROTECTED] > > ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
