StrataFrame Forum

Question about a special scenario

http://forum.strataframe.net/Topic11337.aspx

By Fabian R Silva, - - 9/5/2007

I think if is posible to use the RBS on this scenario:



I try to develop a Mini - ERP, this have a ConfigDB Database with the RBS Tables (users,permission,etc), but have multiple DB (1 for each "enterprise", Enterprise1, Enteprise2, EnterpriseN, etc)



Questions:

1) I like to have the same users but not same permission

ex: on enterprise 1 the user "pepe" can make a invoice, but not on enterprise 2

- about this I think about if I can have the users on the ConfigDB and the permission on ConfigDB, and also if the permission need to be customized to enterpriseN, I have a copy of this permission on EnterpriseN DB and use it (something like on RBS how the user permissions have priority over the role permissions)

then if I found a same permission on the actual enterpriseN DB, I take that (if it no exist I use the configDB permission)



I have something on RBS to make this or have to check the permission on my actual db (on a copy of SFSRolesXPermission and SFSUsersXPermission) and see if this exist there, and if it not, use the one on configDB?



I not sure If I can explain the stuff correctly, I try to be clear but I speak in spanish and are newbie on .net and strataframe w00t



thanks guys for the great patience Smile
By StrataFrame Team - 9/5/2007

The RBS is designed so that all of the SFS* tables reside in the same database so that the tables can be joined and such.  So, splitting the permissions off and placing them in a different database would not be possible.  If all of the enterpriseN applications use the same permissions, then you would need to have to store the SFS* tables in the enterpriseN database so that each would have its own UsersXPermissions records to determine which user has which permissions for that database.  The closest you would get to having a shared users table would be to handle the AfterSave event of the SFSUsersBO and duplicate/update the user on the additional databases.
By Fabian R Silva, - - 9/5/2007

If I handle the aftersave and duplicate from one DB to another EXACTLY the SFS_users row, not having problems with us_data?



Can I change "online" the securitykey and get a permission from one or another DB?



Thanks for all the help.



- Fabian
By StrataFrame Team - 9/6/2007

Can I change "online" the securitykey and get a permission from one or another DB?

No, the security key is used as the seed for the byte[] that is the key used to encrypt/decrypt the us_Data field.  So, if you change the key, suddenly, you won't be able to see anyones passwords and the users will all become invalid.  Hence why the key exists within the SecurityMaintenance editor for adding users at design-time.  The data must be encrypted using the same key to be decrypted at runtime.

If I handle the aftersave and duplicate from one DB to another EXACTLY the SFS_users row, not having problems with us_data?

Yes, you can copy a user from one database to another with no problem copying the us_Data field, IF (as I mentioned above) the MicroFour.StrataFrame.Security.SecurityBasics.SetSecurityKeyAndVectorForUserAuthentication() method was called with the same security key for all .EXEs that use the access the users.

By Fabian R Silva, - - 9/6/2007

I Apologize for the last post that I made, I like to say "SecurityDataSourceKey" not "securitykey", I try to say if I can change the SecurityDataSourceKey to read another DB entirely and see the permisions of that database (with the logged user that exist on both databases with same user data but changed permission)



Sorry Ben, between my english and my knowledge of .net and strataframe, I´m making a mixture w00t



I attemp to not waste your time, but some things escape to me



I am thankful for your patience
By StrataFrame Team - 9/7/2007

I attemp to not waste your time

Oh don't worry, you're certainly not wasting my time Smile

Yeah, you can swap out the SecurityDataSourceKey at runtime to swap between databases.  The only thing is that a users permissions will be cached when created, so, you'll need to refresh the user after you swap to a new database.

You can get a new ISecurityUser object by calling MicroFour.StrataFrame.Security.LoggedInUser() and pass the SFSUsersBO that you populate with the user from the correct database.

By Fabian R Silva, - - 9/7/2007

Then It is posible.



I will test it and post here some aditional questions about this topic Smile thankyou so much
By StrataFrame Team - 9/10/2007

Yep, just let me know when you have new questions Smile