You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
An Automated Role Based Access Control .NET framework with T-SQL Query Parser which automatically parse select, insert, update, delete queries based on the logged in user role
Technology solution is vast these days, and there is always at least one solution for every technical problem. A typical application has following layers:
Security Layer (Authentication & Authorization)
User Interface Layer
Business Logic Layer
Data Access Layer
And a RDBMS database
Security layer generally just performs authentication & authorization, and to facilitate roles (permissions & entitlements), developers implement variousHasPermission(), IsInGroup(), etc. type methods with manyifs elses & switches, various sql queries and inject code into these layers(2, 3 & 4). Basically to enure thatusers with appropriate rights are performing appropriate operations. Users shouldsee what they should see on the screens, users able todo what they are allowed to do with data.
During initial few releases, everything looks good, but messed up soon when complex business scenarios, exceptions are introduced, moreifs, switches are introduced in those layers, code quality decreases and code volume increases and makes production support & enhancements difficult. Nightmare for new team members!
What is aarbac?
aarbac isAn Automated Role Based Access Control .NET framework which can override all CRUD(Create, Read Update, Delete) operations automatically based on the logged in user role. It separates out permission related code into a complete new layer and let these layers (2, 3 & 4) do their regular job & not worried about the permission at all. Additionally it also maintains user entitlements.
Automated - Data Filter & Permissions are abstracted into a separate layer and all automated.
Schema based - Data filters and permissions are based on your database schema.
Clean Code - Clean code, less error, less testing, less maintenance.
Encrypted - The role, entitlements & user parameters are encrypted and stored as binary in the aarbac database.
Disable overriding for specific queries - As we do understand there will be few queries where aarbac may not able to produce automated result as desired, in those cases, just switch off aarbac.
Comes with REST API, Utility, WinApp testbed, Sample Code.
Pluggable.
deployed
1. Automated Data Filters & Permissions (Schema Based)
Apply row & column level permissions on your SELECT,INSERT,UPDATE & DELETE queries. For example, a read (or select) operation like the following …
...assuming user belongs to a role which allows him to see only 3 columns from author table and only allowed to see authors from New York and Charlotte cities.
- User ‘abc’ does have permission to update table ‘Author’ but does not have permission to update column ‘SSN’
Sample Code
Select:
using(Rbacrbac=newRbac("essie"))//<-- you should pass the logged in user name from the context{using(RbacSqlQueryEngineengine=newRbacSqlQueryEngine(rbac,query)){engine.Execute();//<-- automatically parse and transform query based on roleif((!engine.IsErrored)&&(engine.Parser.IsParsed)&&(engine.Parser.QueryType==RbacQueryTypes.Select))returnengine.Table;//<-- if it is select query, the table will be loaded}}
Inserts, updates and deletes
using(Rbacrbac=newRbac("essie"))//<-- you should pass the logged in user name from the context{using(SqlQueryParserparser=newSqlQueryParser(rbac)){parser.Parse(query);//<-- this will throw exception if not permitted//<-- if you are here, you are goood. Just perform basic insert/update/delete}}
Every rule in aarbac has screen entitlement, you can define entitlements for your applications in following 2 categories:
1. Menus - Menu and sub menues within (linked list nodes)
2. Screens - Screen and Screen Elements (linked list nodes)
And just set visible and enabled properties on those nodes.
When user logs in, i.e. authenticated and authorized based on your authentication mechanism(for example active directory of the organization), just map user with a specific aarbac role, & each role will have entitlement. App developers need to apply the entitlement xml into the menu and screen elements.
Prerequisites:
Microsoft SQL Server.
.NET 4.5.2+
About
An Automated Role Based Access Control .NET framework with T-SQL Query Parser which automatically parse select, insert, update, delete queries based on the logged in user role
