Data Authorization
-
Does anyone have or know of a strategy for Data Authorization? I have a requirement to limit a list of records returned from the database depending on user-defined filters. E.g. a grid with employees is limited by the supervisor who is logged on. These filters can go to other tables etc. I was thinking about passing my DataSet to a class and let that class filter it for me but i wasnt sure to put it in the BLL or in the DAL. Thanks in advance for any help :) --Adam Turner
-
Does anyone have or know of a strategy for Data Authorization? I have a requirement to limit a list of records returned from the database depending on user-defined filters. E.g. a grid with employees is limited by the supervisor who is logged on. These filters can go to other tables etc. I was thinking about passing my DataSet to a class and let that class filter it for me but i wasnt sure to put it in the BLL or in the DAL. Thanks in advance for any help :) --Adam Turner
It depends if you are ever going to use those records. If not, why bring them over the wire (assuming this goes over or could go over a wire) or consume memory. If it does not interact with, nor effect, the business logic and the user cannot modify the filter (only set when the user logs in or starts the program), I personally think it would seem best to handle it lower in the tiers such as DAL. Rocky Moore <><