Search Results

Search found 90315 results on 3613 pages for 'user roles'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 2/3613 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Windows service fails to start with custom user until started once with local user

    - by Gauls
    All of a sudden my Windows service application after installation does not start. (Some services stop automatically if they have no work to do.) The service uses a custom user. If I change the logon setting to use the local system account, the service starts fine. Then when I go back and change the login setting to use this custom account (local user - custom user under user group), the service will start. Why doesn't it work in the first place?

    Read the article

  • Apache Simple Configuration Issue: per-user directory is accessing /~user instead of ~user

    - by Huckphin
    Hello. I am just getting Apache 2.2 running on Fedora 13 Beta 64-bit. I am running into issues setting my per-user directory. The goal is to make localhost/~user map to /home/~user/public_html. I think that I have the permissions right because I have 755 to /home/~user, and I have 755 to /home/~user/public_html/ and I have 777 for all contents inside of /home/~user/public_html/ recursively set. My mod_userdir configuration looks like this: <IfModule mod_userdir.c> # # UserDir is disabled by default since it can confirm the presence # of a username on the system (depending on home directory # permissions). # UserDir disabled root UserDir enabled huckphin # # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disabled" line above, and uncomment # the following line instead: # UserDir public_html The error that I am seeing in the error log is this: [Sat May 15 09:54:29 2010] [error] [client 127.0.0.1] (13)Permission denied: access to /~huckphin/index.html denied When I login as the apache user, I know that /~huckphin does not exist, and this is not what I want. I want it to be accessing ~huckphin, not /~huckphin. What do I need to change on my configuration for this to work?

    Read the article

  • How long can a user remember what they were working on? [migrated]

    - by GlenPeterson
    A web application lets the user browse its screens for future or past months. The time period the user is currently viewing follows the user through every screen of the system. But users can be logged in for a month or more. After a certain period of inactivity, we will prompt the user: You were viewing November 2008 when you last clicked. Want to view the current (default) time period instead? How long between user clicks should we wait to show this message? I'm guessing somewhere between 30 minutes and 3 hours most people will forget what they were doing, but I'd love to have some data, or someone's experience to base it on. Other suggestions related to this issue?

    Read the article

  • In Winform I need ASP.NET like membership and roles stuff. But Roles doesn't work

    - by user512602
    Hi, following http://www.theproblemsolver.nl/usingthemembershipproviderinwinforms.htm I set up the membership & roles providers in app.config and try use it in code. Authentication works well, bur roles always returns empty roles array for connected user. This part works: If Membership.ValidateUser(userName, password) Then ' Set the current application principal information to a known user Dim identity As GenericIdentity Dim principal As RolePrincipal Dim user As MembershipUser user = Membership.GetUser(userName) identity = New GenericIdentity(user.UserName) principal = New RolePrincipal(identity) Threading.Thread.CurrentPrincipal = principal This one doesn't: If principal.IsInRole("Club") Then LoggedInUserRole = "Club" Return True Exit Function End If No error is thrown though. Similarly, if I try to add a user to a known, existing role, an exception is thrown : If Not Roles.IsUserInRole(userName, "club") Then Roles.AddUserToRole(userName, "club") End If Exception msg is: Cannot find role '' (I mean the role name isn't given back in exception.) Any clue? Please do not tell me to use Windows Client Administration within project services, I need my own SQL DB connection + the client app services is a bloated dfeature, bug prone.

    Read the article

  • Need to make a scheduled task run as another user but keep the current user’s environment

    - by Chad Marmon
    I need to backup users .pst files. The current method I am trying is making a shadow copy using Diskshadow. My script works great all but Diskshadow needs to be ran as administrator but also needs to retain the logged-on user's environment variables; specifically, the %USERNAME% and %HOMESHARE% variables so the right user’s files get copied up to the right network location. I have for the most part got this to work), but there’s no straightforward (or secure, at least) way to pass the password. If I set up a scheduled task to run the script as a domain user with local admin privs, the environment variables get lost. I need to run this script automagically so that there should be no user interaction. If I could figure out how to make a scheduled task run as another user but keep the current user’s environment, I think this would work, but I’ve been beating my head against that for a while now, without any luck.

    Read the article

  • What's the better user experience: Waiting once at startup for a long time or waiting frequently for a short time?

    - by Roflcoptr
    I'm currently design an application that involves a lot of calculation. Now I have generally two possibilities which I have both tested: 1) During startup of the application I calculated only the most important values and these values that consume a lot of time. So the user has to wait approximately 15 seconds during startup. But on the other hand a lot of user interactions require recalculation so that the user often has to wait 2-3 seconds after clicking somewhere until the application has calculated and loaded all values 2) I load everything during startup. This takes from 90 to 120 seconds... This is quite a long time, but the big advantage is that all the user interactions are executed immediately. So what would you generally consider the better approach? Loading all time-consuming operations during startup or when needed?

    Read the article

  • Server 2008R2 Server Manager Roles and Features won't refresh or allow addition of new roles or features

    - by MattChorba
    I have a standalone DC in an isolated lab. I have installed the SUR tool and found no errors. I ran SFC and found no errors. I have attempted to install Windows Backup feature using Powershell, but received the same error about the computer needing to be restarted. Powershell cmdlets will list all of the installed roles and features. The rest of Server Manager works without problems. What can I do to get Server Manager Roles and Features working properly again? Picture of Error: CheckSUR.log: ================================= Checking System Update Readiness. Binary Version 6.1.7601.21645 Package Version 13.0 2011-11-28 13:20 Checking Windows Servicing Packages Checking Package Manifests and Catalogs Checking Package Watchlist Checking Component Watchlist Checking Packages Checking Component Store Summary: Seconds executed: 413 No errors detected (w) Unable to get system disk properties 0x0000045D IOCTL_STORAGE_QUERY_PROPERTY Disk Cache CheckSUR.persist.log: ================================= Checking System Update Readiness. Binary Version 6.1.7601.21645 Package Version 13.0 2011-11-28 13:20 Checking Windows Servicing Packages Checking Package Manifests and Catalogs Checking Package Watchlist Checking Component Watchlist Checking Packages Checking Component Store Summary: Seconds executed: 413 No errors detected (w) Unable to get system disk properties 0x0000045D IOCTL_STORAGE_QUERY_PROPERTY Disk Cache

    Read the article

  • ASP.net roles and Projects

    - by Zyphrax
    EDIT - Rewrote my original question to give a bit more information Background info At my work I'm working on a ASP.Net web application for our customers. In our implementation we use technologies like Forms authentication with MembershipProviders and RoleProviders. All went well until I ran into some difficulties with configuring the roles, because the roles aren't system-wide, but related to the customer accounts and projects. I can't name our exact setup/formula, because I think our company wouldn't approve that... What's a customer / project? Our company provides management information for our customers on a yearly (or other interval) basis. In our systems a customer/contract consists of: one Account: information about the Company per Account, one or more Products: the bundle of management information we'll provide per Product, one or more Measurements: a period of time, in which we gather and report the data Extranet site setup Eventually we want all customers to be able to access their management information with our online system. The extranet consists of two sites: Company site: provides an overview of Account information and the Products Measurement site: after selecting a Measurement, detailed information on that period of time The measurement site is the most interesting part of the extranet. We will create submodules for new overviews, reports, managing and maintaining resources that are important for the research. Our Visual Studio solution consists of a number of projects. One web application named Portal for the basis. The sites and modules are virtual directories within that application (makes it easier to share MasterPages among things). What kind of roles? The following users (read: roles) will be using the system: Admins: development users :) (not customer related, full access) Employees: employees of our company (not customer related, full access) Customer SuperUser: top level managers (full access to their account/measurement) Customer ContactPerson: primary contact (full access to their measurement(s)) Customer Manager: a department manager (limited access, specific data of a measurement) What about ASP.Net users? The system will have many ASP.Net users, let's focus on the customer users: Users are not shared between Accounts SuperUser X automatically has access to all (and new) measurements User Y could be Primary contact for Measurement 1, but have no role for Measurement 2 User Y could be Primary contact for Measurement 1, but have a Manager role for Measurement 2 The department managers are many individual users (per Measurement), if Manager Z had a login for Measurement 1, we would like to use that login again if he participates in Measurement 2. URL structure These are typical urls in our application: http://host/login - the login screen http://host/project - the account/product overview screen (measurement selection) http://host/project/1000 - measurement (id:1000) details http://host/project/1000/planning - planning overview (for primary contact/superuser) http://host/project/1000/reports - report downloads (manager department X can only access report X) We will also create a document url, where you can request a specific document by it's GUID. The system will have to check if the user has rights to the document. The document is related to a Measurement, the User or specific roles have specific rights to the document. What's the problem? (finally ;)) Roles aren't enough to determine what a user is allowed to see/access/download a specific item. It's not enough to say that a certain navigation item is accessible to Managers. When the user requests Measurement 1000, we have to check that the user not only has a Manager role, but a Manager role for Measurement 1000. Summarized: How can we limit users to their accounts/measurements? (remember superusers see all measurements, some managers only specific measurements) How can we apply roles at a product/measurement level? (user X could be primarycontact for measurement 1, but just a manager for measurement 2) How can we limit manager access to the reports screen and only to their department's reports? All with the magic of asp.net classes, perhaps with a custom roleprovider implementation. Similar Stackoverflow question/problem http://stackoverflow.com/questions/1367483/asp-net-how-to-manage-users-with-different-types-of-roles

    Read the article

  • copying user profile on windows 7

    - by SwissCoder
    Is there a tool or a trick to easily duplicate a windows profile? My problem is that I have a local user profile and I like to copy that for another user. Additionaly that profile was created locally when a domain-user logged in, and I like to create a copy of that profile for a non-domain-user. Hope it's clear what my problem is. Thank you for reading! I've just seen there is a similar question: Copy Windows 7 profile from one domain user to another Now I like to know if it is possible to simply change the user-profile's Name and Password. Is this somehow possible?

    Read the article

  • SQL Server User Mapping - Limit view of databases for a user

    - by Jaime
    Hi there, I am adding a new Login with SQL Server Authentication. I set its Server Role as public and then went into User Mapping, selecting the only database this user should have access to. I then change the Default Schema to dbo and made this user the db_owner. I then connect to the instance using the new user's credentials and I can see not only the database he should have access to but all the other attached databases. How can I limit this user to just see the database he has access to? Thanks in advance!

    Read the article

  • Icon on user account desktop before the user has logged in.

    - by JHamill
    Currently working on a Windows 7 deployment project and I have a requirement to place an RDP icon on a specific users desktop, lets call this user 'Guest'. The image itself will be completely vanilla and all user accounts will be created using commands in the Unattend file. The 'Guest' account will not be a local admin and so it will not be the account used for autologon during the application of the unattend file. As a result of this, the 'Guest' profile will not have been created so I'm unable to simply place the icon at C:\Users\Guest\Desktop. Is there a way to place an icon on this specific users desktop prior to logging in with it? I know there are ways around this i.e. include this account in the base image and log in with it in order to create the profile but I'd like to keep the base image as vanilla as possible. Any ideas or pointers would be greatly appreciated. Thanks in advance.

    Read the article

  • Access Control Lists for Roles

    - by Kyle Hatlestad
    Back in an earlier post, I wrote about how to enable entity security (access control lists, aka ACLs) for UCM 11g PS3.  Well, there was actually an additional security option that was included in that release but not fully supported yet (only for Fusion Applications).  It's the ability to define Roles as ACLs to entities (documents and folders).  But now in PS5, this security option is now fully supported.   The benefit of defining Roles for ACLs is that those user roles come from the enterprise security directory (e.g. OID, Active Directory, etc) and thus the WebCenter Content administrator does not need to define them like they do with ACL Groups (Aliases).  So it's a bit of best of both worlds.  Users are managed through the LDAP repository and are automatically granted/denied access through their group membership which are mapped to Roles in WCC.  A different way to think about it is being able to add multiple Accounts to content items...which I often get asked about.  Because LDAP groups can map to Accounts, there has always been this association between the LDAP groups and access to the entity in WCC.  But that mapping had to define the specific level of access (RWDA) and you could only apply one Account per content item or folder.  With Roles for ACLs, it basically takes away both of those restrictions by allowing users to define more then one Role and define the level of access on-the-fly. To turn on ACLs for Roles, there is a component to enable.  On the Component Manager page, click the 'advanced component manager' link in the description paragraph at the top.   In the list of Disabled Components, enable the RoleEntityACL component. Then restart.  This is assuming the other configuration settings have been made for the other ACLs in the earlier post.   Once enabled, a new metadata field called xClbraRoleList will be created.  If you are using OracleTextSearch as the search indexer, be sure to run a Fast Rebuild on the collection. For Users and Groups, these values are automatically picked up from the corresponding database tables.  In the case of Roles, there is an explicitly defined list of choices that are made available.  These values must match the roles that are coming from the enterprise security repository. To add these values, go to Administration -> Admin Applets -> Configuration Manager.  On the Views tab, edit the values for the ExternalRolesView.  By default, 'guest' and 'authenticated' are added.  Once added, you can assign the roles to your content or folder. If you are a user that can both access the Security Group for that item and you belong to that particular Role, you now have access to that item.  If you don't belong to that Role, you won't! [Extra] Because the selection mechanism for the list is using a type-ahead field, users may not even know the possible choices to start typing to.  To help them, one thing you can add to the form is a placeholder field which offers the entire list of roles as an option list they can scroll through (assuming its a manageable size)  and view to know what to type to.  By being a placeholder field, it won't need to be added to the custom metadata database table or search engine.  

    Read the article

  • User Interface Annoyances

    - by Jim McKeeth
    I am looking for some of the most annoying user interface features that are common and keep being repeated. The first one that comes to mind is the modal pop up message box that developers like to use to let you know you did something right, but gets frustrating the 1000th time you have to close it. I would rather see the annoyances that are common in many applications instead of the one really odd ones that are only in one or two applications. Please: One per answer.

    Read the article

  • Managing user privileges, best practice.

    - by Loïc N.
    I'm am new to web development. I'm creating a website where different user can have different privileges, such as creating/editing/deleting a news, or adding/editing/deleting whatever kind of content on the website. I started by creating a "user type" that would indicate the user's privileges (such as "user", "newser", "moderator", "admin", and so on), but i quickly started noticing issues that made me think that this might be a naive approach to this issue. What if i want to give a regular user the right to edit a news (for whatever reason)? Then the user would be half "user", half "newser". But the system i use can only handle one user-type. So what would be the best practice here? I was thinking of removing the concept of roles (or "user-types" such as newser) and only have the concept of "privilege", where every user could have zero to many privileges. So, to re-use the above example, if i wanted a user to have the right to edit some news, i would only have to give him a "edit news" privilege. Is this the way to go?

    Read the article

  • Managing user privileges, best practices [on hold]

    - by Loïc N.
    I'm am new to web development. I'm creating a website where different user can have different privileges, such as creating/editing/deleting a news, or adding/editing/deleting whatever kind of content on the website. I started by creating a "user type" that would indicate the user's privileges (such as "user", "newser", "moderator", "admin", and so on), but I quickly started noticing issues that made me think that this might be a naive approach to this issue. What if I want to give a regular user the right to edit a news (for whatever reason)? Then the user would be half "user", half "newser". But the system I use can only handle one user-type. So what would be the best practice here? I was thinking of removing the concept of roles (or "user-types" such as newser) and only have the concept of "privilege", where every user could have zero to many privileges. So, to re-use the above example, if I wanted a user to have the right to edit some news, I would only have to give him a "edit news" privilege. Is this the way to go?

    Read the article

  • More efficent way to do this?

    - by Pez Cuckow
    I have a if function that works out how much of a users profile is completed however the way I include below was the best I could think of, however it seems really inefficient. What is the better way to do this? if($user['first_name']!==""&&$user['last_name']!==""&&$user['pemail']!==""&&$user['dob']!==""&&$user['ambitions']!==""&&$user['memories']!==""&&$user['thoughts']!==""&&$user['message_1']!=="0"&&$user['message_2']!=="0"&&$user['message_3']!=="0"&&$user['v1']!=="0"&&$user['v2']!=="0"&&$user['v3']!=="0"&&$user['v4']!=="0"&&$user['v5']!=="0"&&$user['v6']!=="0"&&$user['v7']!=="0"&&$user['v8']!=="0"&&$user['v9']!=="0"&&$user['image_1']!==""&&$user['image_2']!==""&&$user['image_3']!=="") { $completed = 4; } elseif($user['first_name']!==""&&$user['last_name']!==""&&$user['pemail']!==""&&$user['dob']!==""&&$user['ambitions']!==""&&$user['memories']!==""&&$user['thoughts']!==""&&$user['v1']!=="0"&&$user['v2']!=="0"&&$user['v3']!=="0"&&$user['v4']!=="0"&&$user['v5']!=="0"&&$user['v6']!=="0"&&$user['v7']!=="0"&&$user['v8']!=="0"&&$user['v9']!=="0"&&$user['image_1']!==""&&$user['image_2']!==""&&$user['image_3']!=="") { $completed = 3; } elseif($user['first_name']!==""&&$user['last_name']!==""&&$user['pemail']!==""&&$user['dob']!==""&&$user['ambitions']!==""&&$user['memories']!==""&&$user['thoughts']!==""&&$user['message_1']!=="0"&&$user['message_2']!=="0"&&$user['message_3']!=="0"&&$user['image_1']!==""&&$user['image_2']!==""&&$user['image_3']!=="") { $completed = 2; } elseif($user['first_name']!==""&&$user['last_name']!==""&&$user['pemail']!==""&&$user['dob']!==""&&$user['ambitions']!==""&&$user['memories']!==""&&$user['thoughts']!==""&&$user['image_1']!==""&&$user['image_2']!==""&&$user['image_3']!=="") { $completed = 1; } else { $completed = 0; }

    Read the article

  • PHP If/Else - More efficent way to do this?

    - by Pez Cuckow
    I have a if function that works out how much of a users profile is completed however the way I include below was the best I could think of, however it seems really inefficient. What is the better way to do this? if($user['first_name']!==""&&$user['last_name']!==""&&$user['pemail']!==""&&$user['dob']!==""&&$user['ambitions']!==""&&$user['memories']!==""&&$user['thoughts']!==""&&$user['message_1']!=="0"&&$user['message_2']!=="0"&&$user['message_3']!=="0"&&$user['v1']!=="0"&&$user['v2']!=="0"&&$user['v3']!=="0"&&$user['v4']!=="0"&&$user['v5']!=="0"&&$user['v6']!=="0"&&$user['v7']!=="0"&&$user['v8']!=="0"&&$user['v9']!=="0"&&$user['image_1']!==""&&$user['image_2']!==""&&$user['image_3']!=="") { $completed = 4; } elseif($user['first_name']!==""&&$user['last_name']!==""&&$user['pemail']!==""&&$user['dob']!==""&&$user['ambitions']!==""&&$user['memories']!==""&&$user['thoughts']!==""&&$user['v1']!=="0"&&$user['v2']!=="0"&&$user['v3']!=="0"&&$user['v4']!=="0"&&$user['v5']!=="0"&&$user['v6']!=="0"&&$user['v7']!=="0"&&$user['v8']!=="0"&&$user['v9']!=="0"&&$user['image_1']!==""&&$user['image_2']!==""&&$user['image_3']!=="") { $completed = 3; } elseif($user['first_name']!==""&&$user['last_name']!==""&&$user['pemail']!==""&&$user['dob']!==""&&$user['ambitions']!==""&&$user['memories']!==""&&$user['thoughts']!==""&&$user['message_1']!=="0"&&$user['message_2']!=="0"&&$user['message_3']!=="0"&&$user['image_1']!==""&&$user['image_2']!==""&&$user['image_3']!=="") { $completed = 2; } elseif($user['first_name']!==""&&$user['last_name']!==""&&$user['pemail']!==""&&$user['dob']!==""&&$user['ambitions']!==""&&$user['memories']!==""&&$user['thoughts']!==""&&$user['image_1']!==""&&$user['image_2']!==""&&$user['image_3']!=="") { $completed = 1; } else { $completed = 0; }

    Read the article

  • devise roles: different roles, in some cases same rights

    - by mattherick
    I have two roles in devise. The first is the admin and the second the normal user-role. Now I´d like to give these two groups in some cases same rights with before filters. How does this work? I have: before_filter :authenticate_user!, :only = [:new, :create] before_filter :authenticate_admin!, :only = [:new, :create, :edit, :update, :destroy] But now only a user can :new and :create...the admin not.. What I have to do here? Thanks, Mattherick

    Read the article

  • Windows Azure worker roles: One big job or many small jobs?

    - by Ryan Elkins
    Is there any inherent advantage when using multiple workers to process pieces of procedural code versus processing the entire load? In other words, if my workflow looks like this: Get work from queue0 and do A Store result from A in queue1 Get result from queue 1 and do B Store result from B in queue2 Get result from queue2 and do C Is there an inherent advantage to using 3 workers who each do the entire process themselves versus 3 workers that each do a part of the work (Worker 1 does 1 & 2, worker 2 does 3 & 4, worker 3 does 5). If we only care about working being done (finished with step 5) it would seem that it scales the same way (once you're using at least 3 workers). Maybe the big job is better because workers with that setup have less bottleneck issues?

    Read the article

  • Is there a user-comfortable Unix-like OS?

    - by Rob Kam
    Apparently BSD is like this but only for the OS not for the third party applications: Is there a Unix or Unix-like operating system (but not OS X), where all the installed applications and drivers either all work smoothly/properly or are not included in the distribution? But not something that's been dumbed down.

    Read the article

  • Local User & Local Admin User Server 2008

    - by Ammo
    Hi I had a test recently and one of the questions was to create a file and local user and give the local user write permission to that file. I created the local user successfully however when I went to add permission to the file it would not find the local user when name was entered correctly, and idea what could have prevented this. Secondly I was asked to create a local admin account and give full permissions to the file, to my knowledge server 2008 has a built in admin account, and neither was the server a domain controller. Could you tell me what you would do in this situation? Many Thanks!

    Read the article

  • Users and roles in context

    - by Eric W.
    I'm trying to get a sense of how to implement the user/role relationships for an application I'm writing. The persistence layer is Google App Engine's datastore, which places some interesting (but generally beneficial) constraints on what can be done. Any thoughts are appreciated. It might be helpful to keep things very concrete. I would like there to be organizations, users, test content and test administrations (records of tests that have been taken). A user can have the role of participant (test-taker), contributor of test material or both. A user can also be a member of zero or more organizations. In the role of participant, the user can see the previous administrations of tests he or she has taken. The user can also see a test administration of another participant if that participant has given the user authorization. The user can see test material that has been made public, and he or she can see restricted content as a participant during a specific administration of a test for which that user has been authorized by an organization. As a member of an organization, the user can see restricted content in the role of contributor, and he or she might or might not also be able to edit the content. Each organization should have one or more administrators that can determine whether a member can see and edit content and determine who has admin privileges. There should also be one or more application-wide superusers that can troubleshoot and solve problems. Members of organizations can see the administrations of tests that the participants concerned have authorized them to see, and they can see anonymous data if no authorization has been given. A user cannot see the test results of another user in any other circumstances. Since there are no joins in the App Engine datastore, it might be necessary to have things less normalized than usual for the typical SQL database in order to ensure that queries that check permissions are fast (e.g., ones that determine whether a link is to be displayed). My questions are: How do I move forward on this? Should I spend a lot of time up front in order to get the model right, or can I iterate several times and gradually roll in additional complexity? Does anyone have some general ideas about how to break things up in this instance? Are there any GAE libraries that handle roles in a way that is compatible with this arrangement?

    Read the article

  • Design For Asynchronous User Interface

    - by Sohnee
    I have been working on a integration that has posed an interesting user interface conundrum that I would like suggestions for. The user interface is displayed within a third party product. The state of the interface is supplied by calls to a service I have written. There can be small delays between the actual state changing the the user interface changing due to the polling for state by the third party. When a user interacts with the user interface, requests are sent back to my application. This then affects the state and the next state poll request will update the user interface. The problem is that the delay between pressing a button and seeing the user interface update is perhaps 1 or 2 seconds and in usability testing I can see that people are clicking again before the user interface updates, thinking that they haven't properly clicked the first time. Given the constraints (we can only update the user interface via the polling mechanism - if we updated it when they clicked, the polling might return and overwrite the change causing unpredictable / undesirable results)... what can we do to make the user experience better. My current idea is to show a message for a couple of seconds so people know their click was accepted, the message would not be affected by the state polling, so wouldn't be prematurely removed / overwritten etc. I'm sure there are other ideas out there and I'm also confident someone has a better idea that I have!

    Read the article

  • Should I manage authentication on my own if the alternative is very low in usability and I am already managing roles?

    - by rumtscho
    As a small in-house dev department, we only have experience with developing applications for our intranet. We use the existing Active Directory for user account management. It contains the accounts of all company employees and many (but not all) of the business partners we have a cooperation with. Now, the top management wants a technology exchange application, and I am the lead dev on the new project. Basically, it is a database containing our know-how, with a web frontend. Our employees, our cooperating business partners, and people who wish to become our cooperating business partners should have access to it and see what technologies we have, so they can trade for them with the department which owns them. The technologies are not patented, but very valuable to competitors, so the department bosses are paranoid about somebody unauthorized gaining access to their technology description. This constraint necessitates a nightmarishly complicated multi-dimensional RBAC-hybrid model. As the Active Directory doesn't even contain all the information needed to infer the roles I use, I will have to manage roles plus per-technology per-user granted access exceptions within my system. The current plan is to use Active Directory for authentication. This will result in a multi-hour registration process for our business partners where the database owner has to manually create logins in our Active Directory and send them credentials. If I manage the logins in my own system, we could improve the usability a lot, for example by letting people have an active (but unprivileged) account as soon as they register. It seems to me that, after I am having a users table in the DB anyway (and managing ugly details like storing historical user IDs so that recycled user IDs within the Active Directory don't unexpectedly get rights to view someone's technologies), the additional complexity from implementing authentication functionality will be minimal. Therefore, I am starting to lean towards doing my own user login management and forgetting the AD altogether. On the other hand, I see some reasons to stay with Active Directory. First, the conventional wisdom I have heard from experienced programmers is to not do your own user management if you can avoid it. Second, we have code I can reuse for connection to the active directory, while I would have to code the authentication if done in-system (and my boss has clearly stated that getting the project delivered on time has much higher priority than delivering a system with high usability). Third, I am not a very experienced developer (this is my first lead position) and have never done user management before, so I am afraid that I am overlooking some important reasons to use the AD, or that I am underestimating the amount of work left to do my own authentication. I would like to know if there are more reasons to go with the AD authentication mechanism. Specifically, if I want to do my own authentication, what would I have to implement besides a secure connection for the login screen (which I would need anyway even if I am only transporting the pw to the AD), lookup of a password hash and a mechanism for password recovery (which will probably include manual identity verification, so no need for complex mTAN-like solutions)? And, if you have experience with such security-critical systems, which one would you use and why?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >