Database level permissions #40
Description
Feature Summary
We would like to be able to define permissions at the database level that would apply to all tables in the database unless there is specific table-level permission defined.
Problem This Solves
Currently defining constrained permissions (outside of just super user privilege) is rather laborious since it has be defined for each table. This will hopefully make it simpler.
Proposed Solution
Here is proposed example permission definition:
"dev": {
"read": true, # default read permission for all tables in dev
"insert": false, # default insert permissions...
"update": true,
"tables": {
"dog": { # overrides default permission for schema to define permissions for dog table
"read": true,
"insert": true,
"delete": false,
"attribute_permissions": [
{
"attribute_name": "name",
"read": true,
"insert": true,
"update": true
}
]
}
}
An open question might be whether we treat a table override as the full set of permissions or merge database + table level. In the example above, does the user have update permission on dev.dog? Probably faster if no (no merging), but might be easier to define permissions to do merging and say yes.
User Stories
No response
Alternatives Considered
Defining flags on roles, and using those flags to programmatically determine permissions in the endpoint code is very real alternate approach for application endpoints, but this can provide a more native permission system.
Priority/Impact
None
Examples or References
No response
Additional Context
No response
Are you planning to fix this issue?
No, just reporting the issue
First-time contributor support
- I'm new to contributing and would appreciate guidance on the process
- I'd like help understanding the project structure
- I need assistance with setting up the development environment
- I'm comfortable contributing, but new to this project specifically