a long post but hope someone can help
i need to do a system as follows
as for database design, i was thinking:
Users table
- UserID
- Username
- Password
...
"ClaimSequence" < (dunno what to name it) table
- ID
- UserID - UserID of the employee who submitted the claim
- Number - Sequence number of the manager
- ManagerID - UserID of Manager in charge
- NextManager - UserID of the next manager in charge
abit abstract so i will give an example:
say managers man1, man2 needs to approve my claim
the admin when registering me will set that
ClaimSequence 1:
- UserID - ME
- Number - 1 - indicating the 1st manager
- ManagerID - UserID of "man1"
- NextManager - UserID of "man2"
ClaimSequence 2:
- UserID - ME
- Number - 2 - indicating the 2nd manager
- ManagerID - UserID of "man2"
- NextManager - NULL - indicating no more managers, or maybe the finance ppl in charge, i'll probably ask if the finance is fixed people doing it for all employees anot...
what do u think of this?
then for the 2nd part to have "Management/Finance" being able to see and approve/process claims of subordinates/colleagues they are in charge of. maybe i dont need this? cos i just do like a
if UserID IN ClaimSequence.ManagerID then able to see the page something like that
OR
i can do a Roles table and put people with management/finance roles and able to see respective pages?
which is better?
what kind of Accerss control is best? i normally use restrict access to page server behaviour but think ts not really efficient. is there somtthing like web.config like in ASP that i can restrict access by folder?