|
|
@@ -107,7 +107,7 @@ following SurrealQL query:
|
|
|
relate role:product_manager->can_select->(select * from product)
|
|
|
```
|
|
|
This gives us row level access control which is nice. For example we could
|
|
|
-restrict select access to *yellow* products for product_managers. However there are
|
|
|
-two things two keep in mind. This would need to be run as a database function or similar triggered
|
|
|
-whenever rows are inserted. Also this potentially creates a link for each pair of records in the products table and role table. This could lead to a explosive growth in entries - maybe control at the table granularity would be enough for some use cases.
|
|
|
+restrict select access to *yellow* products for product_managers.
|
|
|
+
|
|
|
+However there are two things two keep in mind. This query would need to be run as a database function or similar triggered whenever rows are inserted. This approach potentially creates a link for each pair of records in the *product* and *role* tables. Also one should make sure that these entries are unique. This could lead to a quick growth in entries - maybe access control with table granularity would be enough for some use cases.
|
|
|
|
david