Control User Permission in C# windows application

Question

I already designed Windows app with C# and SQL 2008. Now ,I want to control that user can access to which part and its permissions.

So, I want to know is it better to design table in sql and set the permissions for each user or there are any other solutions?

Answer 1

Generally, what I have seen is something along the following lines:

Have a tblUser table something like this:

tblUser
    UserId
    UserName
    etc...

A roles table:

tblRole
    RoleId
    Name

And a linker table:

tblUserRole
    UserId
    RoleId

In your application, you would check to see if the current user has the respective role in the tblUserRole table. If so, allow the current user to use the feature, else display an error message, disallow the user entry etc...

In MS SQL for instance, you could have the following types of Stored Procedure :

Add User

CREATE PROCEDURE spAddUser
    @UserName AS nvarchar(256)
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;

INSERT INTO tblUser
    (UserName)
    VALUES(@UserName)

SELECT SCOPE_IDENTITY( ) AS 'Id'
END
GO

Add User Role

CREATE PROCEDURE spAddUserRole
@UserId AS int,
@RoleId As int
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;

INSERT INTO tblUserRole
    (UserId, RoleId)
    VALUES(@UserId, @RoleId)
END
GO

Does User Have Role

CREATE PROCEDURE spDoesUserHaveRole
@UserId AS int,
@RoleId As int,
@HasRole AS bit OUTPUT
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;

SELECT @HasRole = COUNT(UserId) > 0 FROM tblUserRole
    WHERE UserId = @UserId AND
          RoleId = @RoleId
END
GO