StrataFrame Forum

Role based security on multiple applications

http://forum.strataframe.net/Topic12368.aspx

By MarcoR - 11/2/2007

We are looking at how to streamline role based security for multiple applications. Each application or web service having it's own database is a little over the top, since we could easily end up having 50-100 roles databases. Don't want to maintain that Smile. Is there a recommended practice for doing this using StrataFrame ? Thanks!
By Trent L. Taylor - 11/5/2007

Well, I don't totally understand your post.  Do you use a single database for all of your applications?  Why do you need a different database for each role? 

If you use a single database for your applications, then all of your applications must be related.  In this case, why wouldn't you just have a single database with all available roles in that one database?

By MarcoR - 11/5/2007

We are wanting to consolidate rights management for many applications into one database, since we do not want to have manage as many roles database as we have applications or services. The applications or services do not have to be related. Is there a way of managing multiple seperate applications in one roles database or other ways of avoiding having a roles database for each application or web service group?
By Trent L. Taylor - 11/5/2007

The security is designed by project.  When you create a security project, this is generally representative of a single application.  So really, your options at the moment would really be to either have a separate database for each application or to use a single database with all of the roles available to all applications.  It sounds like you want the latter option with a single database, but want to fitler out records that belong to a single application.  At present there is not a way to filter out those records and will require a bit of a change to the RBS.  There is not any harm if a role or permission is selected if it is never used, but it would just be more items in the list than you are wanting to display.

We can discuss this in some of our development meetings, but at present there is not a simple way to accomplish this.