iccsi, you have been posting an awful lot of questions recently that are basically "can you do my work for me?"
Can you at least try to work it out for yourself first before posting here?
Read the docs, try things out, post what you've tried and how it didn't work, and then we can go from there.
All this stuff is in the docs.
Thanks for the message and help,
I did reasearch and check your document on line.
this page shows some security functions, but none of them talk about create role, only read login user and user role.
I went to ColdFusion admin page, there is user management page, but i can only create users, not roles.
Thanks again for helping and information,
page 31 of this doc has some security functions, but only what it can do, I do not see anything about to create a user roles.
Thanks again for helping and information,
Roles are application specific. In one application you might want read only, write only, and read write while in another you might want general user and admin.
The roles themselves are usually created in database tables. The details on how to this also vary. Depending on your requirements, you could have 1, 2, or even 3 tables to accomplish this.
ColdFusion's default security framework (involving cflogin, cfloginUser, cfNTauthenticate, getAuthUser, isUserInRole, and so on) assumes that you, the developer, decide the policy for storing usernames, passwords and roles. The usual place to store them is the database.
How you assign users access to various parts of your site is a science apart. In my opinion, the technique most relevant to you is Role-Based Access Control (RBAC). Google it for more information.
The simplest implementation of RBAC consists of five database tables, say, user, role, userRole, resource and resourceAccess. The user table has at least the 3 columns userId (primary key), username and password. The role table has at least the 2 columns roleId (primary key) and role. The userRole table has at least the 3 columns, namely, userRoleId (primary key), userId and roleId. The columns userId and roleId are actually foreign keys. So userRoleId is essentially a composite of the two foreign keys.
The resource table contains the resources, for example, the pages, to which you wish to control access. It has at least the 2 columns resourceId (primary key) and resource. The resourceAccess table has at least the 3 columns resourceAccessId (primary key), resourceId and userRoleId. The columns resourceId and userRoleId are actually foreign keys. So resourceAccessId is essentially a composite of the two foreign keys. We have now set up our basic security database.
If you wish to regulate just login to your site, then it is sufficient to implement the user table. Roles are then irrelevant. After verifying that the user's submitted credentials match the values in the user table, you would then log him in using code like
<cfloginuser name = "some_username" password = "some_password">
However, suppose you wished to regulate access to various resources on your site, based on roles. Then you will have to implement all 5 tables.
Suppose then that a user has requested a page which has restricted access. Firstly, you verify that the user's login credentials match the values in the user table. If so, you then query the role table to get the list of roles permitted to the user. You would then log him in using something like
<cfloginuser name = "some_username" password = "some_password" roles = "role1,role2,role3">
You now do a look-up of his userId and roleIds in the userRole table. The result is a list of userRoleIds.
Since the requested page is a restricted resource, we take it for granted that is has an entry is the resource table. Let us say resourceId = 103 for the page. Finally, you query the resourceAccess table to verify whether any of the userRoleIds corresponds to resouceId 103. If so, the user is granted access.
Thanks a million for helping and information,
I reallly appreciate your help,
Just seen some errors in my last post. I hope they didn't confuse things. The first line of the last paragraph should read:
Since the requested page is a restricted resource, we take it for granted that it has an entry in the resource table.