Hi all. I want only the admin can edit, update and delete the records in database. User can only view the information. Then unauthorized users are not allowed to view the information.
For your information, i stored my database in C:\ drive. Then i stored my project in C:\Inetpub\wwwroot\Project. Previously, i had used the Web Site Administration Tools to set the rules for user, which i deny user access the App_Data and App_Code folder. But when i run the website and test it, user still can edit, update and delete the records. How do i set the rules for the admin and user role? Please advice.. Now, i use these coding to hide the control buttons.

'Determine whether admin or user is visiting the page?
Dim userName As String = User.Identity.Name
If String.Compare(userName, "admin", True) = 0 Then
  'this is admin, show the functionality button
  btnAdd.Visible = True
  btnDeleteSelected.Visible = True
  btnReset.Visible = True
  GridView1.Columns(0).Visible = True
  GridView1.Columns(1).Visible = True
ElseIf String.Compare(userName, "user", True) = 0 Then
  'this is user, hide the functionality button
  btnAdd.Visible = False
  btnDeleteSelected.Visible = False
  btnReset.Visible = False
  GridView1.Columns(0).Visible = False
  GridView1.Columns(1).Visible = False
Else
  'this is unauthorized user, hide the functionality button and
    information
  btnAdd.Visible = False
  btnDeleteSelected.Visible = False
  btnReset.Visible = False
  GridView1.Visible = False
End If