I am using NetSqlAzMan for managing authorizations in my application.
In my application, I would like to manage authorization on a record level; allow/deny a user/group to perform an operation on record (e.g. order, customer) #number
I am aware that the solution to such a problem in NetSqlAzMan is using attributes and I have set an small project to test how it works. My application looks like this:
DBUsers:
- John
- Bob
Roles:
- Admin
- Sales
- Marketing
Tasks:
- CreateOrder
- UpdateOrder
- DeleteOrder
- PrintOrder
Authorization examples:
I would like the Sales role to be allowed to UpdateOrder, but in the same time deny UpdateOrder (Attributes: OrderNum=12).
I would like to allow Bob to PrintOrder (Attributes: OrderNum=13) and deny Bob from PrintOrder (Attributes: OrderNum=16)
In both cases, I would end up with a Deny authorization overriding any allow authorization whether I CheckedAccess for (Sales,UpdateOrder) or for (Bob,PrintOrder).
Is there any way to get the AuthorizationType per attribute or does this require any changes.
