Strategy user security on Db record level based on permison defined in db table


#1

Hi

I have a question reagrding strategy for access control of records from a MySQL database.

In my application several users can have acess to several different workspaces

Ex.

Users: a, b, c, d

workspaces_table: ws1, ws2, ws3, ws4, ws5

ws_users_table: [a ws1], [a ws3], [b ws2], [c ws2], [d ws 3], [d ws4], [d ws5]

data_table: [ws1, data1, data2, data3], [ws2, data1, data2, data3], [ws3, data1, data2, data3] …

I know that roles can be used to control the security but I do not want to create a new role for each workspace as the workspaces can be allocated dynamically and be a large number over time.

Is there a good way to solve this in dreamfactory?

Any suggestions for a strategy would be appriciated.

I kind of want to add filter on the server side that only delivers records where the workspace id are present together with the current user id in the ws_user_table.

Grateful for any help or suggestions…

Best regards // Claes