Row-Level Security
A table should be able to have an additional configuration parameter used to restrict access to data based on a specific column's value as it relates to the requestor's user_id.
"select * from dev.dog"
would only return results where the "owner_id" matches the user_id of the requestor based on the user/pass in the auth header.
Comments: 2
-
14 Jul, '21
MohronThis sounds a lot like Attribute-based access control (ABAC). Without a more advanced access control system, it's not really possible to use Harper DB for data where only the owner or a group of users the owner can define should able to access data created by them. This capability is absolutely vital to making HarperDB an option for for most applications without requiring an additional API layer to enforce access requirements.
The existing Role-Based Access Control (RBAC) just does not meet my needs. -
14 Jul, '21
Jacob Cohen AdminMohron, thank you for your input. HarperDB currently offers ABAC which allows you to create roles that limit users to specific CRUD actions on specific attributes. You can read more about that here: https://harperdb.io/docs/security/users-roles/.
This request is focused on row level security, which is what you're asking for here. The good news is, we're set to release HarperDB Functions in HarperDB 3.1 in a couple of weeks, which will allow you to define your own custom logic to enforce any access restrictions you'd like. This will enable flexibility in any level of access control.