| Module is available on www.snowcovered.com Module documentation on www.dnnmasters.com  Introduction
DotNetNuke provides rich set of API for security. The Core Team had done its work and had implemented full set of Microsoft Membership provider. This is the base for security provider, which can be applied at tab and module level.
What does it mean for end user? Basically, user running latest version of DotNetNuke is able to restrict access to selected pages and/or modules on them. Restriction means, that page is or not visible or editable for users belonging to specified roles. Security Editor available on the settings page gives the administrator (or other privileged user) ability to explicitly restrict access to this page/module for some roles. DotNetNuke provides some kind of security inheritance – module located on a page with specified view/edit security inherits full set of security restrictions set up on the page level.
The view/edit model is in most cases sufficient to successfully apply security restrictions. This is true for basic modules, which provide very simple set of functionality features. For most of currently available modules the Viewer – Editor access role is good enough. Some feature rich modules, notably DNNMasters Membership Management Suite PRO, which provide functionality on different levels of abstraction need something more, than just simple view/edit restriction. Such a powerful tool in wrong hands can do a lot of harm for the site and site administrator. Unfortunately, DotNetNuke core does not provide any system level security, which could stop destruction on data stored in security (and other) tables. A simple administrator’s mistake (giving users the ability to view and use DNNMasters Membership Management Suite PRO tool) can take the user database to the empty, sad end. DNNMasters Module Level Security Provider is remedy for this dangerous situation. It comes with additional libraries, which may be used separately from any module. Any action or other activity can be secured and made inaccessible for roles with insufficient permissions. In DNNMasters Membership Management Suite PRO, user, who has no access to the ‘Roles’ tab, will not be able to read and modify roles. User, who has no access to the ‘Add new user’ action will not be able to add a new user (though he may be granted permission to view and update existing users). DNNMasters Module Level Security Provider gives you following possibilities: -
one place, where the user of your modules may set the security settings -
easy way to provide additional security while in development mode -
self extending security editor, which gives you much more, than just simple ‘View’ and ‘Edit’ actions -
fine, granular control over access to module actions It was created to assist module developers with the task of maintaining security on module action level. Easy PA installation, no core changes or web.config modifications.
This module is a must-have tool for every serious and security conscious DotNetNuke developer.
Module source is free, upon request, for developers that want to implement this functionality in their modules.
Module users will have to purchase the module separately - just once, it will provide security for all modules implementing this feature.
Redistribution licenses for developers are available separately! | Module documentation on www.dnnmasters.com Module is available on www.snowcovered.com |