> Is there a reason why you're not using CFLOGINUSER then restricting > method > access using the roles attribute of CFFUNCTION? To handle the user > interface, controls can be selectively displayed using tests on the result > of one or more calls to IsUserInRole().
I have a reason, but it's not very good and I just made it up. :) Actually, I've never realized that functionality was in the CFFunction tag. > > ColdFusion MX's built-in security framework (CFLOGIN and its related tags > and functions) works very well as long as you treat roles the way they > were > originally intended: as established roles that users play in a system, and > not as individual permissions. I guess I am really trying to do individual permissions. I'm just trying to make sure that if the user is presented a list of records that they can edit, they can only edit those and they can't keep playing with the URL to try to edit other records. I'm thinking that the object should know something about the user so that it can cross reference with another table to make sure that the record being edited truly belongs to the editor. > > I have seen some very elaborate schemes for group permissions and > anti-permissions with another layer of individual user permissions and > anti-permissions on top of that, but that really is the wrong way to go, in > my opinion. Things get easily confused, and it's often easy to > accidentally > assign a high-ranking individual permission to a person who is nowhere > near > authorized to have such a permission, then have that mistake go > undiscovered > for a long time. > > A clearly defined set of roles discovered through a rigorous requirements > gathering process eliminates such dangers. Use these roles directly in > ColdFusion MX's security framework, and you should be good to go. > > Respectfully, > > Adam Phillip Churvis > Member of Team Macromedia > > Advanced Intensive Training: > * C# & ASP.NET for ColdFusion Developers > * ColdFusion MX Master Class > * Advanced Development with CFMX and SQL Server 2000 > http://www.ColdFusionTraining.com > > Download CommerceBlocks V2.1 and LoRCAT from > http://www.ProductivityEnhancement.com > > The ColdFusion MX Bible is in bookstores now! > > ---------------------------------------------------------- > You are subscribed to cfcdev. To unsubscribe, send an email > to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' > in the message of the email. > > CFCDev is run by CFCZone (www.cfczone.org) and supported > by Mindtool, Corporation (www.mindtool.com). > > An archive of the CFCDev list is available at www.mail- > archive.com/[EMAIL PROTECTED] ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
