Document/action/command permission/access control, rbac, abac

Question

I'm developing a business web application for procurement. I use ASP.NET MVC Core 2.0, EF core 2.0, MSSQL Server. I've been searching for an answer for my question on the Internet for a couple of months but couldn't find one. Lets say i have a document and i want to control permissions for different actions on the document (read, edit, delete, edit doc number, edit different attributes of it, etc.). So i developed some IPermissionControl interface and several classes implementing this interface such as RoleBasedPermissionControl and etc. Now i have a problem. All my business logic is in .Net app, not in Db. So when user opens all permitted documents list all the documents are fetched from the db and checked for permission in the app. It makes a big performance issue, so if db has 1000000 docs, and user has permissions only for 10 of them, it is a bad idea to fetch all of them. How to solve this issue with leaving all the BL in c# app?

Thanks in advance!

Move the permissions stuff into the database so you can query on it? — , Feb 06 '18 at 19:39
Permission stuff is the part of the BI, so it is a bad practice to separate BI i think. — Orkhan Abdullayev, Feb 06 '18 at 21:06
Well then I'd say you have an architecture problem caused by your architecture. If you want to query based on permissions, you need a way to query based on permissions. Your architecture simply doesn't allow that. You can't have it both ways. — , Feb 06 '18 at 21:12
Another reason for not doing that is that in db you can not implement OOP. P. S. I use 3-layered architecture. — Orkhan Abdullayev, Feb 06 '18 at 21:14
Sorry, you aren't going to resolve this without changing your architecture. Can't have your cake and eat it too. — , Feb 06 '18 at 21:18
May be develop something like paging or make my permission controls generate c# IQueryable like ef does? — Orkhan Abdullayev, Feb 06 '18 at 21:35

Document/action/command permission/access control, rbac, abac

0 Answers0