One of the great paradigm of modern software in the age of networks, is that we want to share. We want to share everything. Pictures, songs, movies, ideas, diagrams, texts, friends, contacts, calendars, videos, personal information, you name it. We want to share with everyone or do we?
Alright, I would like to share my pictures with my friends and my family but I do not want to share them with my colleagues. I want to share my architecture diagrams with my colleagues but not with my parents. I certainly do not want to share my personal information but that is an other matter.
We want to share but not with everyone and at some conditions. As always, we want control over information. Here is an example from Facebook:
As you can see, this can get pretty complex. There are many challenges for software developers.
- What kind of granularity do you want to give to your users?
- Who should be responsible to grant permissions?
- How do you manage all those permissions when you have thousands of users?
- How do you manage permissions when there are multiple applications involved?
The most common solution to this is some kind of access control list or role-based access control list.
[...] an access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
Most database management systems use some kind of control lists.
If you ask your users, they will tell you that they need the absolute control over their information, that they need to be able to give temporary time-based access to some information or geographically based control too. Sometime you just have to say no but that will be for an other post.
Post a Comment