I am designing a user management system where there is a very large number of users (millions) and with a small number of user groups (100s) and a small number of applications (100s). Users can be added/removed from groups. Users are given roles per application. For example a user may have the GUEST role to an application, and another user may have the Administrative role to an app. Users who have a role/entitlement associated with an application, can access the application.
What is the industry level approach to creating the ACL for such system.
Easiest approach I can think of is to create an xml file (or a JSON) and attach it to every user profile. For example for 'user A' it could look like:
<USER id="user A">
<APP id="app 1"> <ROLE> GUEST </ROLE> </APP>
<APP id="app 2"> <ROLE> ROLE1 </ROLE> <ROLE> ROLE1 </ROLE></APP>
<GROUP id="group 1> <ROLE> MEMBER </ROLE> </GROUP>
</USER>
Now there are some use cases that should be addressed, for example:
The proposes system should be able to assign an entire group of user a specific role. Would I in this case a) reference the User to a Group , and reference the Group to an App. or b) Reference each user within the group to an App one by one in a loop.
I have to be able to easily see (query) the users of a group, or users accessing a particular app.
Is it better to create a separate database record for each User/App/Group relationship and store that? something like a 'shadow' record.
What are the industry guidelines or approaches to designing ACL for such systems?
Overall I should be able perform the following common tasks with the system:
- get a users profile and the apps and groups he is associated with
- get members of a particular group, along with their roles (yes group can have roles as well)
- get users of a particular app, along with their roles
- remove/edit roles of a every user for a particular app or group
- add new users to a group
- add apps to a group of users
- remove app from a group of users
