How to handle massive storage of records in database for user authorization purposes?

Question

I am using Ruby on Rails 3.2.2 and MySQL. I would like to know if it is \"advisable\" / \"desirable\" to store in a database table related to a class all records related to

Answer 1

You should look at a hierarchical role based access control (RBAC) solutions. You should also consider sensible defaults.

• Are all users allowed to read an article by default? Then store the deny exceptions.

• Are all users not allowed to read an article by default? Then store the allow exceptions.

• Does it depend on the article whether the default is allow or deny? Then store that in the article, and store both allow and deny exceptions.

• Are articles put into issues, and issues collected into journals, and journals collected into fields of knowledge? Then store authorizations between users and those objects.

• What if a User is allowed to read a Journal but is denied a specific Article? Then store User-Journal:allow, User-Article:deny and the most specific instruction (in this case the article) takes precedence over the more general (in this case the default, and the journal).