by sajithw on 6/13/19, 8:07 PM with 8 comments
by yodon on 6/13/19, 11:08 PM
Those who build permission systems commonly think very deeply about the process and can hold tremendously complex permission systems in their head. The people who are tasked with setting permissions in the real world tend to view anything else as a more important part of their job to think about and tend to default to either granting permissions broadly so they aren't bothered again or granting permissions minimally so they aren't blamed for things.
A small number of well designed and well named roles is unfortunately commonly better in practice than a highly powerful and flexible fully configurable turing complete granular permissions management system.
by fabian2k on 6/13/19, 9:58 PM
Their use case feels a bit too micro-managed for my taste, but that is certainly a matter of opinion. And if their customers demand this, it's hard to convince them otherwise. My preference is to handle certain more subtle cases like their "only DNA design team can edit sequences, but Research team can edit metadata" as a convention, not a hard rule enforced by the application. And if you have a good history of changes, it still allows for transparency about who edited what.
by flevours on 6/13/19, 9:02 PM
I wonder if there are any open-source projects that operate in this realm and provide an off the shelf solution to this.
I’m thinking that it could be something like a small server to store the policies and a few libs in various languages to interpret them.
This could or could not be tied to a user management system.