been thinking about how to selectively declare access control policies as granular and as narrow as a single fact, wish i had an answer
-
been thinking about how to selectively declare access control policies as granular and as narrow as a single fact, wish i had an answer
read an article that basically concluded the document centric model and rest architecture is insufficient for this unless you put one fact per document which is patently ridiculous
the other thing is where to even put those documents. some resources ought to be dynamic views, or possibly all documents can be thought of as views but to some extent hardcoded
-
been thinking about how to selectively declare access control policies as granular and as narrow as a single fact, wish i had an answer
read an article that basically concluded the document centric model and rest architecture is insufficient for this unless you put one fact per document which is patently ridiculous
the other thing is where to even put those documents. some resources ought to be dynamic views, or possibly all documents can be thought of as views but to some extent hardcoded
@trwnh I'm not 100% familiar with backend architecture or what you're specifically building, but you did remind me of work I was doing earlier today with Supabase. Which has the concept of "Row-Level Security", where your access to each row of data is dictated by a set of policies applied to that database table.
Common policies are: anyone can read the data, but only admin users can change the data. You can also do a thing where users can only change data on the rows of data that they added.
-
@trwnh I'm not 100% familiar with backend architecture or what you're specifically building, but you did remind me of work I was doing earlier today with Supabase. Which has the concept of "Row-Level Security", where your access to each row of data is dictated by a set of policies applied to that database table.
Common policies are: anyone can read the data, but only admin users can change the data. You can also do a thing where users can only change data on the rows of data that they added.
@chris_hayes yeah im thinking about how to do this with linked data web stuff, minimal amount of software needed and cleanest separation between resources and facts
-
@chris_hayes yeah im thinking about how to do this with linked data web stuff, minimal amount of software needed and cleanest separation between resources and facts
@chris_hayes i guess a minimum viable flow would be an OAuth-like flow could work where you have entities request certain facts and you authorize those facts to be shared in a trust envelope. not very optimal but it seems like it would work for smaller cases and you could have checkboxes or toggles to select optional information being requested.
i just wonder if there's a good way to have policies pre-made and auto-applied, or if this is "good enough". i suppose it's a matter of interface...
