Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-648

document level access control

    • Type: Icon: New Feature New Feature
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 1.3.2
    • Component/s: Security
    • None
    • Server Security

      Access control to the documents in the system would be very helpful. What is done on my current project is to implement an interface that is called during all database operations and returns a boolean to indicate whether or not the document should be included in the result set. We have added some attributes/fields to the document to specify who should be able to access it, and we run through some business rules (ie. admin vs normal user, group belonged to etc.) to determine access.

      The backend that we use currently provided the hook for us via the java interface for us to implement, and it is simple and effective. I can't see an application layer where munging of the queries or doing sub queries to be as clean or error free.

            backlog-server-security [DO NOT USE] Backlog - Security Team
            mwaschkowski Mark Waschkowski
            27 Vote for this issue
            41 Start watching this issue