09 Sep 2009
05 Dec 2009
Link to this post
Here is scenario::
i have 2 Roles , Admin & Normal Users. (Admin group is defined as unrestricted in web.config security tab)
1. "user1" has Role Normal User and when he tries to open admin pages, system throws Exception (FINE)
2. "user2" has Role Admin and he can see the admin pages (FINE)
3. "user3" has both Roles, Admin as well as Normal User, and when tries to open admin pages, System throws exception...(NOT FINE)....
As "user3" is in Admin role as well so he should have access to Admin pages
It should be like, when any user has multiple roles ,so it means he has
all the permission of the combination of all his roles rather just one.