Hi Scott, Having millions of RIDs inside documents representing the allowed users could be an overkill.
For this reason we allowed to use a mix of OUser and ORole instances, so you could group users in multiple roles (a user can have multiple roles) and assign the role to have the access. In most of the use cases this solves the problem. Best Regards, Luca Garulli Founder & CEO OrientDB <http://orientdb.com/> On 31 January 2016 at 11:32, scott molinari <[email protected]> wrote: > Ok. Nevermind on this. I've found my own answer and the way I see it, > there would be millions of ids under the "_allow" property. So, I > understand now that the user security is only for database user security > and cannot be used for application user security. This is good to know. I > was going to use the ORestricted system for database user security for a > multi-tenancy approach, which it will cover well, I suppose. At the same > time, I was wondering if the user security could be also dropped down a > level and also be used for application data security. This is not possible. > > If I am wrong, please let me know, but I just can't imagine millions of > user ids being easily scanned to allow for access to each and every record. > > Scott > > -- > > --- > You received this message because you are subscribed to the Google Groups > "OrientDB" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
