In the same approach we have taken throughout the framework, we have implemented features that give you as much or as little control over the security that you would need.
Will we have the standard strata type forms, etc. to implement the management or will we have to build something? Yeah, I know, it's lazy, but it's Sunday...=)
Looking forward to this.
As for windows security, we will definitely keep all permissions within the application's db and out of Active Directory. We're also probably going to allow the ability to link a particular user to the SID of an AD user to allow for Windows authentication.
In the security scheme that you are designing it would be nice if you included an option to use Windows authentication (the Windows/Active Directory user ID and password) or custom authentication where the user ID and password is stored in the application DB. The actual roles would be defined in the framework and not Active Directory.
Also do you plan to support multiple roles assigned to both users and objects?
-Larry
The overall design is relativly encapsulated. However, if you have a desire to use Windows Security and AD, you could easily write a program to import settings and assign permissions.
In designing your new security are you considering provding the ability to use Windows authentication and Active Directory groups (roles)?