To give you some background, I have frequently worked with RBAC implemented on the SQL level, but I read in some articles that it might not be very scalable.
Should RBAC be implemented on, say:
- On the Database level (i.e. row or column based access control)
- On the Application level (i.e. logic in the code) perhaps with some document storage support
- On some other level
What are the pros and cons of each approach in terms of scalability and what is the gold industry standard?
No comments:
Post a Comment