Hello, I would like to start a discussion about the relationship model between roles and permissions in Sentry. Currently it uses N:M model where a single permission may belong to multiple roles and a single role can have multiple permissions.
Given that all permission manipulations are always happening in the context of a specific role I would suggest changing that to 1:N model where a role contains a set of permissions, but any permission only belongs to a single role. I think that this is a simpler model both conceptually and in terms of implementation. The downside is that we may have multiple "duplicate" permissions (same permissions for the same objects) within multiple roles, but I don't see any problem with this. What do other folks think about this? - Alex
