Hi Scott, Using the ORole is exactly as you described for groups.
Best Regards, Luca Garulli Founder & CEO OrientDB <http://orientdb.com/> On 1 February 2016 at 06:35, scott molinari <[email protected]> wrote: > That is all fine and good, but we aren't going to be able to effectively > use this record level security, at least not at the application level and > expect this system to scale well. It won't. > > What could help this system of record access would be a user "grouping" > system (I never liked the term user groups for this). Instead of loading up > millions of ids into the _allow property, there would only be (in most > cases) several user group assignments. The system would only have to check > if the particular user is a member of the groups allowed to access the > record. You could still have the very fine grained user access controls for > those special cases (and they must be special cases) and also the higher > less resource intensive group access controls on individual records. > > Scott > > -- > > --- > You received this message because you are subscribed to the Google Groups > "OrientDB" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
