In order for Iron Speed Designer to generate role-based security code, it must know which database tables contain user name and password details as well as the roles.

Creating User Accounts in your Database

Role-based security is predicated on your application’s ability to know who the user is so that appropriate page access can be granted. This requires users to sign into the application, which in turn requires your database to contain user name and password information for users.

If you are implementing role-based security, Iron Speed Designer requires one table in your database to be designated as a "User Table". The User Table contains a list of all of your application’s users and can be any table in your application. Within this table, you must have three important fields from which Iron Speed Designer builds the sign in mechanism in your application:

Any table in your database can be a User Table; there is no restriction on which table may be designated as a User Table nor what other fields it needs to have other than those listed above.

Selecting the User Table

In the Role-Based Security Wizard, make these selections:

Field	Description
User table	Note: Only a subset of the tables and database views in your database are visible in the User Table field. By default, only those tables used by Application Wizard (for generating pages) are available in the Role-Based Security Wizard. To make other tables appear in this dropdown list, check the "Include table/view in application" option for each table desired in the Databases folder in Application Explorer for each additional table you wish to appear.
User Name	The User Name is the text string entered by an application user on the Sign In page. This can be any field in your User Table, including a first name, last name, or email address.
Password	The Password is a text string entered by an application user on the Sign In page. This can be any field in your User Table. The User Name and Password together uniquely identify a user account in the User Table and are sufficient to authenticate a user and sign them in.
User ID	The User ID field is the unique record identifier corresponding to a record in the User Table for a particular user account.

As a matter of convenience, you may wish to set the Display Foreign Key As property for the Roles Table so that text descriptions of the roles are displayed in your application rather than the Role ID values.

Role-based security requires users to belong to different roles. Based on the roles assigned to individual users, they are granted access to specific pages that permit access for those roles. Your database will need a table that identifies the role(s) assigned to each user.

Iron Speed Designer supports two different styles of user-assigned roles:

1. User has only one assigned role. Each user has one and only one role assigned to him. The role assignment can be placed either in the User Table (see previous section) or in a separate Roles Table.
2. User has multiple assigned roles. Each user can have zero or more roles assigned to him. The role assignments are in a separate Roles Table, effectively creating a one-to-many relationship between each individual user in the User Table and multiple corresponding entries in the Roles table.

Field	Description
User Roles table	The table containing the list of user roles. Note: Only a subset of the tables and database views in your database are visible in the User Roles Table field. By default, only those tables used by Application Wizard (for generating pages) are available in the Role-Based Security Wizard. To make other tables appear in this dropdown list, check the "Include table/view in application" option for each table desired in the Databases folder in Application Explorer for each additional table you wish to appear.
User ID Field	The User ID Field designates the field in the Roles Table that uniquely identifies each user.
Role ID Field	The Role ID Field designates the field containing the role assigned to the user.

Placing Role Information in Your User Table

In situations where an individual user has only one assigned role, the role assignment is usually maintained in the User Table directly, although there is no requirement that this information be in the User Table.

Placing Role Information in a Separate Roles Table

In systems where individual users can have multiple assigned roles, the role information must be maintained in a separate roles table. A one-to-many relationship exists between each individual user in the User Table and multiple corresponding entries in the Roles table.

Iron Speed Designer generates application code for both of these scenarios based on how you identify the location of the role information in your database.

Selecting the Roles Table

In the Role-Based Security Wizard, make these selections:

Field	Description
User ID Field	The User ID Field designates the field in the Roles Table that uniquely identifies each user.
Role ID Field	The Role ID Field designates the field containing the role assigned to the user.

Use the Role-Based Security Wizard to configure your sign in and sign out pages.

Configuring Sign In and Sign Out Pages

In the Role-Based Security Wizard, make these selections:

Field	Description
Menu text	The Menu text is used for the Sign In and Sign Out menu items on the application’s navigation menu.
Page name	The file name of the sign in or sign out page to be created.
Page folder	The folder where the newly created sign in or sign out page will be placed.

Each web page or component on a page you wish to secure should be configured to accept only those users with the appropriate roles.

Specify access permissions on a page-by-page or component-by-component basis in the page’s Properties dialog.

The roles shown in the Security tab are from the Roles Table you select and configure in the Role-Based Security Wizard.

Mr. Fisher was a General Partner at Outlook Ventures, Inc., a venture capital company prior to co-founding Iron Speed, Inc. He co-founded Onsale, Inc. (now Egghead.com) and was its Chief Technology Officer from July 1994 to December 1999. He also Co-founded and was President of Software Partners, Inc, a developer and publisher of software products from August 1988 to July 1994. From April 1984 to August 1988, Mr. Fisher served as Technical Marketing Manager and Product Development Manager for Teknowledge, Inc., a developer of artificial intelligence software products. From June 1981 to April 1984, he served as a member of the technical staff for AT&T Bell Laboratories. Mr. Fisher serves on the Board of Directors of Infodata Systems Inc. (NASDAQ:INFD) an e-business consulting services company; He formerly served on the board of a number of companies including Onsale, Inc. (later Egghead.com and now Amazon.com), and FatBrain, Inc. an Internet retailer of technical and professional books.

Mr. Fisher received his B.S. in Electrical Engineering from the University of Missouri and received his M.S. in Electrical Engineering from Stanford University.