Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Greeting,
So we have a backend admin desktop app (accessible by the company employees only) and a public frontend web app that's accessible by anyone and it allows user creation.
We have a Roles table and all users (employees and non-employees) have roles assigned to them; however all user are stored in one table.
Is it a good practice to store all users in one table as opposed to having two different tables one for the employees and the second for users that sign up through the webapp?
Your feedback is appreciated.
My first reaction is that this sounds like a bad architecture. My reaction is based on a simple reason: employees should be using backend systems that are behind a firewall. The public web system is not behind the firewall. Hence, they should have different provisioning for security.
Your ask about one table versus multiple tables for security. For a single application, you should have a single table. This could even be shared among multiple applications, but I would definitely distinguish between internal and public applications.
You don't say anything about how the roles might interact with each other, but I could see further confusion if, say, an employee is "admin" on the internal system but just a regular user on the public system.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 days ago.
Improve this question
I have already tried these paradigms below and faced some problems with them
1. As you know, Roe-Based authentication, the problem is it works by linking a set of privileges with a role and assigning a role to a given user. this is a limited approach because I cannot give a user only one or two privileges from another Role to give him more access.
2. I tried to link the privileges directly with users (query the privileges linked with the logged-in user in the controller and check if a user has a required privilege to let him access), but this solution cost many database calls.
3. I tried to reduce the DB calls by injecting the roles in the token but this will cost me a lot of Bandwidth
4. I tried to use other types of (authorization) such as policy-based and resource-based but they all force me to change the code every time the business requirements have to change.
so what is the recommended solution for this?
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm working on a side project of mine using rails api. The app is like a project manager which the structure is gonna be different based on the company type. For example a company which is doing production is different with a company that provides services. Does it make sense to use multi db in this case so based on the company type the users are gonna have different interface and structures?
Thanks for your time in advance
It makes sense to use multiple databases when you're reaching the resource limits of a single database in your application. Of course this presumes you have also followed best practices along the way (efficient queries, effective caching strategies, etc.) Rails 6 has support for replicas which allow you to automatically separate your db writes from your db reads based on the HTTP verb. Beyond replicas, Rails 6 supports using a distinct database with its own replica for a custom collection of ActiveRecord models.
For more details I would recommend taking a look at the Rails Guides on Multiple Databases.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to create multiple services, which support an SSO (Single Sign-On) service.
To simplify, a google like services. With a single account you can use all services (and you log in once).
I found many ideas, but I want to have some opinions on how to design these services, and which technologies are the most adequate:
many or one database ??
creating an auth api ??
sharing session ?
using nosql databse or not ?
duplicate user information foreach database ?
separate users tables on a single database ?
node js vs php !!
...
Update
I know this is opinion based (I ask for your opinions), I wish to have different proposition of design patterns.
It's purely theorique, so I can understand how it can be done.
This is totally opinion based, and will likely be closed. But...
Don't write your own auth service. There are many good packages out there, and very few people are really qualified to write authentication and authorization platforms. If you really don't want to use a pre-packaged solution, at least use one of them as a template.
Here is a good list of SSO solutions, pick one or two and give them a try. Many are free and open-source. I have had luck with OpenAM, but many others are also very good.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Does anyone know where I could find a list of safe-for-work (i.e. no porn, piracy sites, etc) domain names that I can use to stress test software that performs asynchronous DNS lookups without raising questions if my network admin happens to be watching?
At least several thousand would be ideal. Most lists I've found have not been filtered at all. So far, using "raw" lists for DNS queries have not raised any questions, but my next step is to create TCP connections.
EDIT: I've cleared everything with local network admin people, however, this would still be nice to have for future developers on the project.
I think you probably worry too much. Having said that how about doing a google search for 'interesting facts about butterflies', parsing all the resulting domains and using those?
Your network admin will probably be more concerned with the fact that you're stress testing a network service on his network on the order of thousands of domains. If you have any kind of decent corporate firewall it's inspecting DNS queries and could choke on a high rate of queries. If your requirement is a legitimate business requirement the best option is to have your boss talk to the head of the network department to CYA.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
What is the difference table AGR_PROF from table AGR_1016?
Both tables deal with the generated profiles for a role. The role SAP_BC_JSF_COMMUNICATIONS does not come with a pre-generated profile, so unless you generate one for yourself or someone else has done that on your system, it's to be expected that the tables do not contain any information for this role.
AGR_PROF contains the language-dependent description text of the generated profile as well as the profile ID. As you can see by looking at the primary key, only one entry can exist for each profile and language. This entry defines the "master profile name". AGR_1016 can contain multiple entries for a single role, so it's technically not surprising that there are more entries in this table than in AGR_PROF. The conceptual reason behind this is that there's a size limit to a single profile. This size limit was hard-wired into the kernel at a time where there were comparatively few authorization objects. Nowadays, it's easy to create a role whose generated profile exceeds the size limit. Instead of changing the kernel structures, SAP decided to just generate multiple profiles for a single role, all of which can be seen in AGR_1016. You'll notice that for COUNTER > 1, PROFILE+10 is simply incremented.
And as a side note - "what profiles are included in the role" triggers the semantic equivalent of a ?SYNTAX ERROR. Profiles are generated from the role, not included by it.