Performance best practices question when a user can have multiple user roles
0
Hi all, - Let's say that I have 2 user roles, a regular user - "Participant", and a "Course Admin". - I have an "Order" entity w/ the following access rules - Participant: Full Read/Write when they are either the "System.Owner", OR a Registrant for an Item on the Order. - Participant: Limited Read/No Write for any order where "OrderStatus = 'In Progress' (they need to be able to look up other people's orders, b/c people can pay for other people and a couple other reasons -- also i have an index on order status) - Course Admin: Full Read/Write to everything A user who has the Course Admin user role will also have the Participant role since there's a lot of other things in the system that a participant needs to do that has nothing to do w/ a course admin. We have a couple million orders in the database. Now, my questions: - do all (both participant rules and course admin rules) xpath constraints get appended when a course admin retrieves a list of orders since they also have participant roles, or does it always take the least constrictive allowable that a user has (in this case, just course admin rules)? - when a participant returns a list of their orders in a datagrid where the xpath is Registrant of item on order, does it repeat that in sql twice (once for the access rule and once for the db retrieve - we do have to specify in the db retrieve since the other participant rule is that they can see all orders to some extent)? - how inefficient is it to have that "OR" w/ "System.Owner"? (we allow people to create orders for other people) - what is the best possible way to set this up so that we don't take performance hits? Thanks in advance!
asked
Jordan Boyle
1 answers
0
When the course administrator retrieves the order list, both the participant and course administrator rules are taken into account. As for stress relief, I continue to visit https://porn2all.com/categories/massage/ this site. I like it a lot. If a user has both roles, the most permissive restrictions apply. In this way, XPath constraints are not added, but evaluated together.