What is the best way to control access to specific records in a database? I have a table with widgets. Users have access to some widgets and not others, based on roles. So I created a widget permissions table that contains the widget id and the role that has access to that widget. The relation between widget and widgetpermission is one to many, meaning several roles may have access to the same widget. This works, but querying for widgets seems a little cumbersome. Is there a more efficient way to structure this?

I am using asp .net with sql server 2008, and accessing the database, although I am not sure this is really a technology question...

Related posts

Recent Viewed