Where should RBAC be implemented?

To give you some background, I have frequently worked with RBAC implemented on the SQL level, but I read in some articles that it might not be very scalable.

Should RBAC be implemented on, say:

  • On the Database level (i.e. row or column based access control)
  • On the Application level (i.e. logic in the code) perhaps with some document storage support
  • On some other level

What are the pros and cons of each approach in terms of scalability and what is the gold industry standard?



Comments

Popular posts from this blog

Today Walkin 14th-Sept

Spring Elasticsearch Operations

Hibernate Search - Elasticsearch with JSON manipulation