Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-648

document level access control

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: 1.3.2
    • Fix Version/s: Backlog
    • Component/s: Security
    • Labels:
      None

      Description

      Access control to the documents in the system would be very helpful. What is done on my current project is to implement an interface that is called during all database operations and returns a boolean to indicate whether or not the document should be included in the result set. We have added some attributes/fields to the document to specify who should be able to access it, and we run through some business rules (ie. admin vs normal user, group belonged to etc.) to determine access.

      The backend that we use currently provided the hook for us via the java interface for us to implement, and it is simple and effective. I can't see an application layer where munging of the queries or doing sub queries to be as clean or error free.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                23 Vote for this issue
                Watchers:
                33 Start watching this issue

                Dates

                • Created:
                  Updated: