Reputation: 9
Mask certain data based on user privilege
I need some inputs or guidance on the below scenario;
I have an existing aspx web application contains 10 different pages (search/list/details/reports etc..) using plain sql to fetch data back and forth. This application is to maintain student information. Would like to implement a new feature where certain teachers (access levels) should not be allowed to view student details (not to hide, masking a row in grid or table in all pages) based on some age (which can be configured in web config).
Would like to know the possible options to implement this feature in a best and efficient way in c# or sql server.
Thanks in advance guys
Upvotes: 0
Views: 239
Answers (1)
Reputation: 305
If I was implementing a feature like this I would put a new property on the teacher to indicate the access level that they have.
Hopefully you can extract this logic into a shared location (and not on every page) but when you load your page you check if the logged in teacher has the necessary access level. If the user does not have the correct access level then you can either modify the query being sent to the database to exclude records that do not meet the age criteria, or you can filter what data gets sent back to the page to be displayed.
If you gave us some sample code or more details I could be more specific.
Upvotes: 1
Related Questions
- How to restrict data access based on user login
- SQL Server Grantting permission for specific rows
- SQL Server Data Masking Minimum permissions needed to mask
- How to mask specific user in SQL Server
- Masking column in stored procedure
- Data masking or security using Views?
- How to mask data values from a group of users?
- How to set restrictions in code based on database privileges
- Set Row security with Condition
- Restrict access to certain rows in table based on user