Yesterday, I had to set some security in the shell of one of our clients. As you don’t want to make it that difficult for yourself, I’ve got some practical hints:
- Keep your security databases(scSecurity, scExtranet) clean by grouping users and roles in different folders(in 5.3, use the user defined folder and take advantage of the rename options!).
- Split rights in several roles, for example: Editor-Workflow-Role, Editor-ItemAccess-Role, Editor-ApplicationAccess-Role, Publisher-Workflow-Role, Publisher-ItemAccess-Role, etc. Divide them again in folders. Upgradres of securtiy are now easily made.
- Use a less security as possible. The more allows or disallows used how complex your model.
- Write down how your security model works. It might be clear to you, and client-security-webmaster isn’t that genious as you are, sorry ;-)!
- Do not take inheritance off unless necesarry, it will mess upm everything, I promise!
- Tak advantage of the Access Viewer. In 5.3 it shows you why an item has those rights and it can even show the access of a role these days.
- 5.3: Make sure you use the built-in roles as base-roles. The user definied(developer defined) roles should become an addition, not the base roles.
That’s everything for security…
For those who want to know: I passed my Microsoft exam(70-536) today :). I wasn’t fully happy with the score: 735, but I passed and that’s the most important. Up to the next 3! Actually, have already planned them: ASP.NET 2.0(70-528, February), Distributed Applications(70-529, March) and Windows Forms(70-526, May).