Sharepoint Provider Hosted User Permissions

Question

I'm building a business app where read and write access permissions are important. The project is a Provider hosted MVC 5 / SharePoint app built in Visual Studio 2012.

Johnny needs to be able to Read and Write content on SharePoint App A AND SharePoint App B

Dave needs to only be able to Read content on SharePoint App A

I've looked over a lot of documentation including this tutorial: http://www.itunity.com/article/sharepoint-permissions-manage-access-sql-data-709

The problem is if I give Dave Read access at the site level he is allowed to access SharePoint App A but also SharePoint App B.

How do I effectively use SharePoint permissions to stop this unintended behaviour?

Should I even be using SharePoint permissions?

2nd example:

I am building an app for project management, there will be an Engineer who is able to create, read and edit projects, there is also an Accountant who views the projects billables.

If I give Read permissions to Engineer and Read permissions to Accountant, how do I know which can view the project details and which can view the project's billables?

Answer 1

I read the article you linked to, and I am not sure that this is "authorization", the right word is "authentication", in sharepoint you set what a user can do, authorization means- which data user can read or write

so a simple solution for you is creating Group in sharepoint, for any authorization type you have, for example, a group called "Engineer", and gives it the permissions you need, your engineers will be members in this group.

in your MVC attribute, accept the group as parameter and check if user is member in this group, show the user the relevant data according to its group

   public SharePointPermissionsAuthorizationAttribute( params string group) { _groups = groups; } 




[SharePointEffectivePermissionsFilter("Engineer"]
 public ActionResult Index() { ... } }