I have a few types of users who works with the app that helps to optimize processes for public libraries: Client, Librarian, Administrator.
Librarian has restricted access to data in comparison to Administrator. For example Librarian cannot view the Clients from the other library or the other department within the same library. So that I need to develop permissions logic.
I ask for advice on what are the best practices of designing permissions mechanisms? What should be done on database level? What should be done on business logic level?
Aucun commentaire:
Enregistrer un commentaire