index | search | no replies | posting guidelines | help login | register
Index » Products » ASP Report Wizard v2
search this forum:
:: User Level Security :: (4)Post a New Message | Post a Reply
May 18 2004, 4:40 PM
 User Level SecurityPost a Reply
 saz95

View this author's profile Send this author a private message

since: Nov 1, 2003
from: somewhere

Hi,

I wanted to use Session ID to restrict user on what they can do when they login. Basically, as a user you can add and edit the report but when you logged in as a guest, you can only view it. On top of that, they can only see data from their respective department i.e. Admin or HR. How do I go about setting these parameters in the report??

Thanks

May 19 2004, 6:23 AM
 Re: User Level SecurityPost a Reply
 whichman

View this author's profile Send this author a private message Visit author's homepage

from: Laurel, MD

Basically, I will create a user with Session varibles for the user's ID, department, roles etc so that when the user logs in, I then set these values  and use them later on when they try to view reports as shown below:

<%
  
  Dim objWiz,  strReports  
  Set objWiz = Server.CreateObject("AspWebSolution.ReportWizard2")  
  
  Select  Case Session("UserDepartment")
      Case "HR": strReports = "HR, INFO"
      Case "RD": strReports = "RD, INFO, FORUM"
      Case "MNGT": strReports = "HR, RD, MNGT, INFO"
      Case  Else : strReports = "Samples, TestGroup"
  End  Select
  
'remove all admin capability
objWiz.IsAdmin =  False
  
'set the report groups to display
objWiz.UseReports = strReports
  
  
  If Session("UserID") = "" Or  UCase(Session("UserID")) = "GUEST" Then
     'do something such as PAGE_TITLE = "Guest Reports"
  ElseIf Session("UserRole")=ADMIN_ROLE  Then
     'add admin capability
     objWiz.IsAdmin = True      
      
     'reset reports so that the admin can see all reports
     objWiz.UseReports = ""
  Else
     objWiz.CanAdd =  True
     objWiz.CanEdit =  True
  End  If
      
'Make sure you initialize before adding any HTML text
objWiz.Init(Connection String)  
  
    
'put this where you want your reports
objWiz.DisplayReports  
  
  Set objWiz =  Nothing
  
%>


Please let me know if this helps.




-------------------------
Master of the Game
May 20 2004, 5:26 AM
 Re: User Level SecurityPost a Reply
 saz95

View this author's profile Send this author a private message

since: Nov 1, 2003
from: somewhere

It doesn't work...the session variables were not passed to the report...the session object i.e Session("Department") & Session("UserLevel") does not contain any value.

Basically, I've set 3 UserLevel
    Admin = -1  ' can add, edit, delete and view reports
    User = 1   ' can edit and view reports
     Guest = 2  'can view reports only

Based on the UserLevel, each user can only see reports for their respective department only i.e Admin, HR, IT, Finance, etc.



May 20 2004, 6:12 AM
 Re: User Level SecurityPost a Reply
 whichman

View this author's profile Send this author a private message Visit author's homepage

from: Laurel, MD

Make sure you set your session parameters and then do something similar to the code below

<%
  
  Const ADMIN = -1
  Const USER = 1
  Const GUEST = 2
  
  Dim objWiz, intUserLevel
  Set objWiz = Server.CreateObject("AspWebSolution.ReportWizard2")  
  
'remove all admin capability
objWiz.IsAdmin =  False
  
intUserLevel =  CInt(Session("UserLevel"))
  
  Select  Case intUserLevel
      Case ADMIN  
          objWiz.IsAdmin =  True
          objWiz.UseReports = "Admin"
      Case USER  
          objWiz.CanEdit  =  True
          objWiz.UseReports = "HR, IT"
      Case GUEST  
          objWiz.UseReports = "Finance"
      Case  Else
          'invalid user level
          Response.Redirect (your_error_page.asp)
  End  Select
  
      
'Make sure you initialize before adding any HTML text
objWiz.Init(your_connection_string)  
  
    
'put this where you want your reports
objWiz.DisplayReports  
      
  Set objWiz =  Nothing
  
%>



-------------------------
Master of the Game
Pages: (1)   [1]

search this forum: