This question is related to my post on how to dynamically set a user's role based on some data (http://forum.strataframe.net/Topic3970-21-1.aspx).



As the plot thickens...



Not all users have their access controlled at the project (application defined 'project', not a VS project) level. Some are 'enterprise' users, who automatically get access to all projects. I have a permission setup, 'AllProjectAccess', which will used to determine which users need access based on project and which have access to all projects.



If the user was logged on when I needed this, this would be easy:



SecurityBasics.CurrentUser.GetPermission("AllProjectAccess").Action



Unfortunately, the user isn't logged in yet. I have a custom login form that handles the OK click and within this procedure, I need to determine:



1. Is the user an enterprise user or a project level user

2. Get default project for user (applies to all users)

3. If user is a project level user, setup appropriate role(s) for the project



When this is done, I continue on with the process, calling me.OnLoginAttempt(), letting the framework do its magic.



So the question is, how do I do step 1? I want to user the framework to handle all the complexities that can occur to finally determine what the action is for that permission.

Greg,

I think this whole think has become much more complicated than it needs to be.  If it were me, I would adjust application to work within the confines of the security so I would not have to make a lot of changes.

For example, when a user comes into the application, they are going to have to choose which project to work on, right?  Why not do something with security at that point.  Or what if your projects allows certain users to associated with it, rather than trying to go the other way around. 

I don't know your application, but I do know that we can come up with a more simple solution that what you have been doing lately.  When it starts getting complicated like this...we always sit down as a team and figure out another avenue to travel.

Yes, it may work fine...but I woudl still consider revising the approach you are taking.

But as I understand your security, you don't have the native (i.e. easy) ability to define a set of roles based on some application data element (in my case, some user's roles are defined by the project they are working on).







The application tracks a default project, which is the project that is used when they login.







Er, I thought I was As soon I know who they are (they have been authenticated), I have to figure out if they are 'enterprise' users or 'project' users, which will determine if their roles need to be changed. In all cases I need to figure out their default project, so I can setup the 'context' for the application.







Huh? I'm associating projects to users (remember, 'project' is an in application term, describing data within that application, not a VS project), or if you prefer users to projects. It is a linking table (userID, projectID).







I'm all ears, But here is what I'm dealing with:



1. Two basic classes of users: those who have access to all projects and those whose access is determined by project.

2. For users who have access determined by the project, I will need to dynamically set the access based on project.

3. In SF (as I understand it), I must set the roles for a user before they are logged on.