I want to be able to control directly in my program, what other users can do or can not do. I have an ActiveDirectory where the users are saved in 4 different right groups: "User" (Basic function to start the program), "Sales", "Accounting" and "Management" (Administration). The program checks which rights the user has. So right now I have to change the Code and release a new version if I want to change the rights for example "Accounting". But in near future I want to be able to just go to a special window in my program for something like "RightsManagement" and change which group can use which feature. These "RightSettings" should be saved in a global file which will be loaded from every user in our company. That's for the theory...I would like to know if there is a perfect way to do this, I would like to get many different approaches to this problem so I can choose the best for me. Something like a read-only Xml file? It could be a xml file which is placed in a network drive so the program can access the file from every pc in the company. And that file should be read-only for users so they cant change the settings in that file. Of course through code and the "special window" Admins can set these settings and therefore overwrite the file.
Thank you for your help!
There is no perfect way. You could use a file on a share; a database; AD itself, a web service etc etc. Each has advantages and disadvantages.
You need to ask yourself a set of questions:
and so forth, depending on which solutions you consider. Only you can ask the full set of questions and answer them and therefore come to a conclusion on which is best for you.