My team is developing a new software system that is replacing several
existing applications. The applications being replaced focus on billing and
customer relationship management.
Our company is an international corporation that serves a large number of
customers (hundreds of thousands) spread throughout the US and Canada. For
administrative and accounting reasons, we have divided the customers into
groups based on geographic region (Eastern, Central, and Western US, Canada)
.
Customers are also grouped within their Region into Service Areas.
Our new system requires that authorization be performed based on both the
roles of the user (basic RBAC) and on the set of data that the user is
authorized to view and manipulate.
For example, a customer service rep for the West region of the country
should only be able to see and work with customers that are located in the
West region – to this user, the rest of our customers are irrelevant. The
system should behave as though the only customers that exist are those
located in the region with which they work.
In addition, we need to set up non-geographic data filters, such as the
customer classification (similar to SIC code) and value fields such as
Salesperson.
The filtering of data must allow for both unions (“Or”) and intersection
s
(“And”) between different security settings; for instance, we must be ab
le to
support the following overlapping sets of data filters:
1) All customers in the “East” region and all customers with the
classification “Hospital”
2) All “East Hospital” customers (but no Hospitals outside of the East
region or East customers that are not Hospitals)
3) All customers in either the “East” or “West” regions, regardless
of
classification
We also need to support the concept of “Data Restrictions”, where the
default access to customers with a specific attribute is False unless a gran
t
is assigned.
We need a solution, whether it is a proven architectural approach or a
third-party technology, which will allow us to apply the defined data filter
s
at the lowest level of our application as possible with as little performanc
e
impact as possible. We would prefer to implement something in the database,
but if necessary we could implement it in the data access layer of our
software.
The solution should allow flexible definition of ‘securable attributes’
of a
customer, so that if an additional attributes are defined in the future we
don’t need to modify the database structure or recompile any code.
Questions:
1) Is there a standard or best-practice architectural approach to applying
the sort of security/filtering described above?
2) Are there any third-party tools or technologies that we could purchase
that would provide some or all of this functionality?
3) What sorts of approaches have been used before to address this type of
security requirement?
Thanks in advance,
GuyAs I flew above your text, that thing came in mind for me:
http://vyaskn.tripod.com/ row_level...as
es.htm
HTH, Jens Suessmeyer.
http://www.sqlserver2005.de
--
"Guy" <Guy@.discussions.microsoft.com> schrieb im Newsbeitrag
news:B4BD9CCC-1B6C-4B49-BEFA-49551E7F6167@.microsoft.com...
> My team is developing a new software system that is replacing several
> existing applications. The applications being replaced focus on billing
> and
> customer relationship management.
> Our company is an international corporation that serves a large number of
> customers (hundreds of thousands) spread throughout the US and Canada.
> For
> administrative and accounting reasons, we have divided the customers into
> groups based on geographic region (Eastern, Central, and Western US,
> Canada).
> Customers are also grouped within their Region into Service Areas.
> Our new system requires that authorization be performed based on both the
> roles of the user (basic RBAC) and on the set of data that the user is
> authorized to view and manipulate.
> For example, a customer service rep for the West region of the country
> should only be able to see and work with customers that are located in the
> West region - to this user, the rest of our customers are irrelevant. The
> system should behave as though the only customers that exist are those
> located in the region with which they work.
> In addition, we need to set up non-geographic data filters, such as the
> customer classification (similar to SIC code) and value fields such as
> Salesperson.
> The filtering of data must allow for both unions ("Or") and intersections
> ("And") between different security settings; for instance, we must be able
> to
> support the following overlapping sets of data filters:
> 1) All customers in the "East" region and all customers with the
> classification "Hospital"
> 2) All "East Hospital" customers (but no Hospitals outside of the East
> region or East customers that are not Hospitals)
> 3) All customers in either the "East" or "West" regions, regardless of
> classification
> We also need to support the concept of "Data Restrictions", where the
> default access to customers with a specific attribute is False unless a
> grant
> is assigned.
> We need a solution, whether it is a proven architectural approach or a
> third-party technology, which will allow us to apply the defined data
> filters
> at the lowest level of our application as possible with as little
> performance
> impact as possible. We would prefer to implement something in the
> database,
> but if necessary we could implement it in the data access layer of our
> software.
> The solution should allow flexible definition of 'securable attributes' of
> a
> customer, so that if an additional attributes are defined in the future we
> don't need to modify the database structure or recompile any code.
> Questions:
> 1) Is there a standard or best-practice architectural approach to applying
> the sort of security/filtering described above?
> 2) Are there any third-party tools or technologies that we could purchase
> that would provide some or all of this functionality?
> 3) What sorts of approaches have been used before to address this type of
> security requirement?
> Thanks in advance,
> Guysql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment