Summary

In this chapter, you have learned about programmatically controlling access to your system by means of role-based authorization. Role-based authorization enables you to create a single application composed of one or more .EXEs or .DLLs that allows a variety of users to perform different tasks in a safe manner. For example, the employee management system has features for data entry, administration, and personal data management built into a single application EXE.

To see the benefits of role-based security more clearly, think of a world void of the role-based security concept. In such a world, you would be forced to create a separate application tailored to the needs of each person when working in a specific role. In the case of the employee management system presented in this chapter, RKing, a human resources administrator, would need to use two separate applications that he is authorized to use: one to view and edit his own employee information, and another to manage roles for other employees. This would quickly lead to an unwieldy number of applications with some interesting problems, such as how to give the applications to only those individuals authorized to use them and how to ensure the individual will uninstall or return the application when they are no longer authorized to use it.

Fortunately, we live in a world where the role-based security concept exists—a world made a little bit better and safer because in this chapter you have learned how to apply role-based security techniques to your Visual Basic .NET application.

In the next chapter, you’ll learn about code-access security. This is a coarser, application-based form of security that is based on where the application came from rather than who is using the application.