I have one project which is the basic CRUD web application. The application handle the permission by role basis. The feature in an application will be available based on the role of that user account.
There's a new request which is the permission by account. User with the same role can access the same feature but cannot update or delete the content of the others. In other word, only the owner is allow to update or delete it.
What is the pros and cons of the permission by account?
What is the design pattern or best practice suits this request?
Is it usual to do it by account basis?
Aucun commentaire:
Enregistrer un commentaire