ice.NET Key Concepts: Profiles

Functional Access Rights

Normally, authorization applies to items (objects, folders, etc.) that contain ACLs. This enables intuitive, object-oriented permission management. However, there are situations where object-oriented ACLs are not applicable. Especially, when the objects/folders/packages are not yet created.

Example: In order to manage the authorization to create model packages there is no item that contains an appropriate ACL (the package does not yet exist).

Therefore, ice.NET provides a suitable abstraction, the Profile authorization item. The "System.Development" profile contains an ACL that determines the authorization to create new packages. (Once a package is created, the right to modify and delete the package can be managed by the package's own ACL.)

Arbitrary profile ACLs can be defined, managed, and evaluated in order to meet any application-specific requirements.

Example

The following example shows how to check if user John Doe has write permissions on the profile System.Development:

Repository.CheckAuthorization("System.Development", "John Doe", 
                              AuthorizationLevel.Write);

In ASP.NET applications permissions can be checked for the current user by using the IceNetWebPage.CheckAuthorization method:

protected void Page_Init(object sender, EventArgs e)
{
    CheckAuthorization("System.Development", AuthorizationLevel.Write);
    
    ...
}

ice.NET Website

Imprint
Sitemap
News

ice.NET Platform

Architecture
Application Areas
Features
Reference Projects

Support

Downloads
Installation
FAQ

ice.NET Key Concepts: Profiles

Functional Access Rights

Example

ice.NET Website

ice.NET Platform

Support

Topics

Data Model

PDM

UML

SOA

Integration

Business Objects