Access Control of Applications in a Corporate Environment 
Author Message
 Access Control of Applications in a Corporate Environment

Hi Tracey,

I do not use ODBC yet - but will be when we start using MS Sql-Server. I
suppose my gripes will start there.

As regards Application Security I do the following:

We are on Novell 4.1 and I use Joe Van Niekerks Net Tools to obtain from
Novell the users login ID.(Name)

I have 2 tables,
   1. Access
   2. Accexe (both Topspeed files)

The Access.tps (note the TPS suffix to differentiate form the MS Product
of similar name) Table contains a cross-linking from Novell User login Id to
Employee number (to our employee table)

Accexe table contains EXE Name and Employee number as well as level
of access (1-3) where 1 is highest and 3 is general.

Each EXE in our suite has a SYSID Global variable, preset to the EXE
name (Eg VENDOR in the Vendor application).

When a user starts an application, the network is queried for login Id
and this is then used to read the ACCESS table. If a user id is not found
in the access table the Employee browse is presented and the employee
must identify himself* from the list.

Some employees Id themselves wrongly, but due to the nature of the
table (Primary key on employee Number) the system does not allow this
as most employees are already registered.

Next the Accexe table is read using the employee number and the Global
SYSID variable.
This gets the employee's access if any.

Some applications are only limited to people with explicit access. If the
Employee No/Sysid is not found the exe terminates with a no access
message.

Other applications allow general level 3 access and users with no entry
in the accexe table are allowed through with their access level set to 3.

I have an application I use to administer the ACCESS/ACCEXE tables, but
due to the self propagating nature of the system, this is kept to a
minimum. (the way a new user is asked by the system to identify
himself*).

When a user uses a application his entry in accexe is updated with a
in-use field which is cleared when he exits.

In the evenings the batch processing clears all access live connections
caused by hangups etc.

Hope this helps you

Regards
Jimmy Lishman
Avitronics
Pretoria
Himself* also denotes Herself* to cover myself from feminine ire.



Mon, 29 Mar 1999 03:00:00 GMT  
 
 [ 1 post ] 

 Relevant Pages 

1. PHP, MYSQL, IIS5 and Win2k Server in a Corporate Environment

2. OREXX corporate application stories wanted

3. Corporate Applications Engineer, Synopsys Inc., Mt. View, Ca.

4. Job Opening - Corporate Applications Engineer

5. Job Opening - Corporate Applications Engineer

6. Corporate Applications Engineer, Synopsys Inc., Mt. View, CA

7. REAL Control Strip 1.0 - control strips for REALbasic applications

8. Accessing a control from control array

9. Access to DOS application memory from Win32/Win95 application

10. Smalltalk MT version control/team dev environment

11. Source Control for VW, VAST and added environments

12. Editor/Source control in Smalltalk environment

 

 
Powered by phpBB® Forum Software