I already designed Windows app with C# and SQL 2008. Now ,I want to control that user can access to which part and its permissions.
So, I want to know is it better to design table in sql and set the permissions for each user or there are any other solutions?
Generally, what I have seen is something along the following lines:
Have a tblUser
table something like this:
tblUser
UserId
UserName
etc...
A roles table:
tblRole
RoleId
Name
And a linker table:
tblUserRole
UserId
RoleId
In your application, you would check to see if the current user has the respective role in the tblUserRole
table. If so, allow the current user to use the feature, else display an error message, disallow the user entry etc...
In MS SQL
for instance, you could have the following types of Stored Procedure
:
Add User
CREATE PROCEDURE spAddUser
@UserName AS nvarchar(256)
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
INSERT INTO tblUser
(UserName)
VALUES(@UserName)
SELECT SCOPE_IDENTITY( ) AS 'Id'
END
GO
Add User Role
CREATE PROCEDURE spAddUserRole
@UserId AS int,
@RoleId As int
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
INSERT INTO tblUserRole
(UserId, RoleId)
VALUES(@UserId, @RoleId)
END
GO
Does User Have Role
CREATE PROCEDURE spDoesUserHaveRole
@UserId AS int,
@RoleId As int,
@HasRole AS bit OUTPUT
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
SELECT @HasRole = COUNT(UserId) > 0 FROM tblUserRole
WHERE UserId = @UserId AND
RoleId = @RoleId
END
GO
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.