challenge with usermanagement

I have a challenge with usermanagement in my application.

The eSapce is a kind of projcetmanagement tool. In the eSpace multiple projects can be defined.
When a user logs on to the application he/she can select one of the projcets he/she is somehow involved with (eg. hase a role in).
The problem is, the role of the logedin User is not in every project the same. On one project the user can be administrator and in an other project contributer or viewer.

How can I achieve that a user, depending on the chosen project, has the correct role (eg. permissions).

What I did upto now is.
- I created template roles.
- When I new project is created, I create new roles(eSpacename + ProjcetId .<templateRoleName>), copy from the template.
- Associate the template role permissions to the newly created role, copy from the template.
- Put the user who creates the project in the ProjectAdmin role of that project.

Now the ProjectAdmin can put users in the project roles.

PS. I use EnterpiseManager as userprovider.

Thanks in advance,

Dick Dokter

Hi Dick,

Even though I have little experience in developing such a system, I wouldn't do it with our usual roles/permissions, because - as you mentioned - roles are application-wide. A role for your application would be, say, Administrator, and ProjectCreator - someone who can create new projects.

I would create two new tables. One for PROJECT_PERMISSIONS which have all the different types of permissions related to a project (for instance, "Owner", "Manager", "Developer" or whatever), and another table for "USER_PROJECT_PERMISSIONS" which has only few attributes - a ProjectID, a UserID and a PermissionID. Then I'd store in this table all permissions each user has in each project.

If you have few permissions, it might be more performant to not have the PROJECT_PERMISSIONS table, and just have boolean flags in the USER_PROJECT_PERMISSIONS table.

I hope this helps. Let us know your thoughts, and how it goes!

Paulo Tavares

Thanks for your quick response , I think this is the best option.

I let you know how it goes.

Dick Dokter

I decided to create a new eSpace for Usermanagement so I can reuse this in other applications.
I created 2 Enteties  as you suggested:
attrs:                 Id
                          ApplicationId (eSpaceId)


Due to the fact that a project can be used in several application I want to set the rights for a project per application.

I can get the eSpace name by :  Replace(GetOwnerURLPath(), "/", "").

To get the Id of the eSpace I quiry the OSSYS.ESPACE table and compare the eSpacename. I could not find another way to get the EspaceId at Runtime.If the is another method to get the EspaceId please tell me how.

The problem now is that when I debug , Replace(GetOwnerURLPath(), "/", "") returns <eSpaceName>Admin and that eSpace is not in the OSSYS.ESPACE table so I do not get an Id and no-one has rights. When I use the published eSpace everything works fine.

How do I overcome this problem?

Thanks in advance,

Dick Dokter

Hi Dick,

As I see it there might be two alternatives.

1 - The best would seem to be to get the Site.TenantId property, and match it with the Tenant table's EspaceId.

2 - Use Site.TenantName to get the eSpace's name. This, however will not work properly if you're in a multi-tenant scenario!

Let us know how it goes.


Paulo Tavares