Hi,
Assuming that the backend id is public (or can be reverse-engineered from the client code), without ACL any registered user could potentially access the data of another registered user. So ACL is needed to protect users from each other, but how can the protection be automatically set at the user group level ?
For instance, if I want user group A to be isolated from user group B, I can either:
- set ACL on object types for both user groups so that the objects created by users of each group can only be accessed from that group, but that means two sets of objects types.
- create a backend for group A and another for group B
The problem of these two solutions is that they don’t scale well to hundreds of groups or more. Is there another way to isolate user groups ?
↧
