I am planning on have an unknown number of permissions. My intial estimate is roughly 20-30. These permissions will cover a variety of things related to whether a user can create/edit/view various items reports/limits/data etc.

 The questions is what is the best practice for this scenerio?

My thoughts below feel free to ignore and just make suggestions:

- A Permissions class that controls the whole mess and can be used in subsequent User Derivative classes. Then checked using something like User.Permissions.ReportsView

- A single [Flag] type enumeration with all the permissions that can be stored in a hex field in a database

- A system of [Flag] type enumerations; so that a user will be flagged for report permissions and then have those permissions defined using a second enumeration. These will be stored in set of database fields mirroring the same structure.

 Another option I've been considering:

Database Tables: permissionLookup, users, userPermission

The userPermission table holds the permissions using two foreign keys. This database structure allows for an unrestricted number of easily retrievable permissions.

 Code-wise;  To have a class that exposes permissions and will check them when supplied a user and permission (overloaded to take just IDs or full on user instances etc.).

 

This method still feels heavy to me, it seems like this issue should have an existing design solution, but I'm having very little luck discovering it via research. Any help or thoughts are appreciated.

 I'm sure self bumping isn't the most respected act, but I really would like some one else's thoughts on this.

Let me know if I haven't explained my situation clearly.

I just wonder whether permissions needs to be given to individual user or users could be grouped? If later is the situation then Roles Management might help? Or your second approach seems to be good... that way you can add any number of permissions for the users and with extra field called IsActive you can maintain the status of that permission (I mean whether that is still valid, it's better than deleting the record from the database).

Using typed datasets could ease your work of writing classes to represent tables in database and could also help you maintain separate DAL in your app...

I was not aware of Typed Datasets, they look promising for this purpose.

I believe I've decided to create a class (perhaps a Typed Dataset) that will provide user permissions from the database. I'm on the fence as far as Role Management goes, the initial talk of who has what permissions doesn't reflect any specific permission sets being repeated.

 

Thanks for the response Mohit!