Improve access control scheme
1. When a person requiring assigned user within an application, go to the application as an anonymous user without password, only gives privileges to record basic information: username (validated to not repeat), name of the person, telephone, email, company or person.
2. When the administrator of the application to activate a person assigned to a user and a profile within a company. At any time can inactivate the same manager.
3. Upon approval the system automatically sends an email to the person reporting that has been assigned a user, which profile within that company, with an automatically generated password and should change the first time you access the application. In addition, the list of privileges that gives the assigned profile.
4. Also the access control screen should offer the following options:
a. When a person first enters your new user, prompting you to change the password automatically generated by an easy to remember, taking the user to a screen to make the change after registration.
b. Change password at any time a user can decide to change your password, click on this option takes the user to a screen to make the change after registration with the current password.
c. Report that he forgot the password, in this case the system reverts to automatically generate a password and sends it to mail the person again.
5. The application administrator can set the number of failed login attempts before locking the user and not allowed access attempts. If the user is locked by failed attempts must reapply for password assignment.
6. The application administrator can set the timeout in the access control.
7. By entering a user to an application in the context of the implementation should always appear in the user session. In addition, you automatically get entered into the access log, with date and time their entry and exit of the application. To which also permanently in the framework of the implementation, there is a logout button.
8. The administrator may at any time check the access log of the application and see how many users that have logged on. And also that users had logged on, when, that company and for how long.
9. Instead of each developer to write all the required permits: Running, insert, update and removal for each screen, method or table; The system provides a matrix for each profile, the administrator of the application at runtime can assign or change these privileges with only click on each checkbox. So the same Lightswitch is responsible for verifying the privileges in the matrix of the scheme prior to the completion of each action to the user, and in the application menu will appear for each user only the options that gives privileges profile.
10. This new scheme also offers the option of adding an access control field, company or person, so that upon entry, the user must specify the data that companies seeking access and the system also checks if you have permission to access the data from that company or person. When the user enters all information will be filtered by the company selected to income. This is useful when sharing the repository of an application with multiple companies or individuals.