- Strange the article proposes itself for "Enterprise" yet has no mention of Google's Zanzibar and how it compares to the other approaches. AFAIK it doesn't use pre-computed values but just queries really fast (using Spanner so there's that)
- https://docs.feldera.com/use_cases/fine_grained_authorizatio...
Fine-grained authorization as an incremental computation problem
by bencyoung
3 subcomments
- If you're using Postgres then using the ltree module is great for permission systems. Available in RDS too
by charcircuit
3 subcomments
- >We added a point of failure, as the permissions table can get out of sync with the actual data.
>The main risk with pre-computed permissions is data getting out of sync.
It would make sense to have permissions be a first class concept for databases and to ensure such a desync could never happen. Data being only read or written from specific users is a very common thing for data so it would be worth having first class support for it.
- Isn’t Open Policy Agent (OPA) and Zanzibar not good enough to be in the article or author talking about specific permission controls?
by ExoticPearTree
0 subcomment
- Another approach to complex requirements without spending a lot of time querying databases is to use bitmaps. A set of permissions can be expressed through a bitmap and all you need to do in code is to "decode" that to what you actually let the user do.
The downside to this approach is that it requires some planning and to maintain in code what mask retrieves what permission(s).
- Permit.io
Scales both on the tech, and on the human side - e.g. your product manager can add roles (with CI approval) without requiring engineering involvement.
(I'm biased but still true)
Hacker News