> if I have 2 modules and a user has view access on > one and edit access on the other, because he has edit access on one > his role would see the edit links on the module the user had view only > access. The link would not allow him through due to privileges on the > page but the link will still show up.
I'm sorry but I can't follow the first sentence. Perhaps your problem is due to an improper use of roles, as I documented in "Discovering and defining roles" in the Plum documentation. Hopefully you aren't defining a "View" role and an "Edit" role, but are instead defining actual named familiar roles played by users in a company, then assigning those roles to the users who play them. If you are defining and assigning roles correctly, then a cf_Authorize paired tag call placed around a link will allow that link to display only if the user is a member of the role(s) specified in the call to cf_Authorize. Going a step further in your security, you place an empty (non-paired) call to cf_Authorize, using the same attributes and values, at the tops of the pages to which those links point, and to their corresponding action pages. If you want to discuss this in more detail then give me a call at 770-446-8866. I have limited availability today, but if I'm not in the David should be able to help you. Respectfully, Adam Phillip Churvis Member of Team Macromedia http://www.ProductivityEnhancement.com Download Plum and other cool development tools, and get advanced intensive Master-level training: * C# & ASP.NET for ColdFusion Developers * ColdFusion MX Master Class * Advanced Development with CFMX and SQL Server 2000 ********************************************************************** You can subscribe to and unsubscribe from lists, and you can change your subscriptions between normal and digest modes here: http://www.productivityenhancement.com/support/DiscussionListsForm.cfm **********************************************************************
