Introduction Policies are a fine grained model of applying security restrictions on the various entities in the business application. Can I achieve fine grained access only with Policies? The answer is NO. There are ways where we can model the same with the entity level permissions like feature. So what is so special about policies. Policies are typically a agreed upon JSON format that can be used to be built by the user and tie up with any entity or specific record in the entity. Since this is a JSON, it is easy to define and contain wildcards, regex matches etc which kind of becomes difficult to manage in other formats. Design The below diagram illustrates how the policies can be created and enforced in an application. As shown above, the Administrator is responsible to create the policies and bind them with the entities. Enforcement of the policies are done as part of the entity service, which passes on the request for access to a policy manager. The policy manager talks to the dat
I have 11+ years of experience in Software development. I am proud to be in the top 5 Multi-Tenancy answerers @ Stackoverflow. I have worked with C#, Java, MySQL, SQL Server, Multi-tenancy, AWS, Azure, Terraforms, Java with Spring boot and Python, groovy, bat scripts