That is all fine and good, but we aren't going to be able to effectively use this record level security, at least not at the application level and expect this system to scale well. It won't.
What could help this system of record access would be a user "grouping" system (I never liked the term user groups for this). Instead of loading up millions of ids into the _allow property, there would only be (in most cases) several user group assignments. The system would only have to check if the particular user is a member of the groups allowed to access the record. You could still have the very fine grained user access controls for those special cases (and they must be special cases) and also the higher less resource intensive group access controls on individual records. Scott -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
