Home/ Questions/Q 6783525
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T16:52:29+00:00

I’m trying to implement a very granular security module in an ASP.NET MVC 3

  • 0

I’m trying to implement a very granular security module in an ASP.NET MVC 3 app where only certain users can edit certain columns on records in a table. I can imagine that the update SQL statement’s list of columns would only include the columns that the user had the right to change. The thing is, I’m planning to use an ORM like NHibernate. I’m wondering if NHibernate provides a way to determine at runtime which properties of a model should be part of an Update. Or is my only option to, on the POST method, get the model again from the database, set only the properties that the user is allowed to set then finally Save the model. Also, is this a good way to handle my requirement of of granular security?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Would dynamic-update and dynamic-insert be enough?

    dynamic-update (optional, defaults to false): Specifies that UPDATE SQL should be generated at runtime and contain only those columns whose values have changed.

    dynamic-insert (optional, defaults to false): Specifies that INSERT SQL should be generated at runtime and contain only the columns whose values are not null.

    Otherwise it might be possible with events or interceptors, but I’ve never used them so I don’t know exactly.

    • 0