We have an architecture that allows our application's users to structure assets and customers hierarchically. We don't enforce any depth limitations on the hierarchy, and application users can be given authorization at any layer of the hierarchy. This means that whenever a user requests a resource, we need to traverse the hierarchy to determine if they are authorized to access the resource they're requesting.
In this diagram both user #1 and #2 have access to asset #1 because they are higher in the hierarchy than where the asset is located, however user #2 does not have access to organization #2 because the user is lower in the hierarchy. One other caveat is that the hierarchies can be re-structured at will, i.e. you can move an asset somewhere else, or assign a user to a different place in the hierarchy.
The more assets and layers of hierarchy we have, the more time-consuming the authorization process of traversing the hierarchy becomes. Are there any alternatives?
submitted by /u/sharddblade
[link] [comments]
from Software Development – methodologies, techniques, and tools. Covering Agile, RUP, Waterfall + more! https://ift.tt/v2atEYg
Ameer Academy 