DynamoDB 针对类似 IAM 服务的多对多关系
[英]DynamoDB Many to many relation for IAM like service
问题描述
So, I was trying to build IAM service like Amazon IAM, but simpler.
因此,我尝试构建 IAM 服务,如 Amazon IAM,但更简单。 Company has users, groups, and policies.公司有用户、组和策略。 As you can imagine users, groups, and policies has many-to-many relation between each other.正如您可以想象的那样,用户、组和策略彼此之间具有多对多关系。 Actions:动作:
- Policies can be added to groups策略可以添加到组
- User can be added to groups or policies可以将用户添加到组或策略
Now the issue is, if User try to login then I have to make 3 request:现在的问题是,如果用户尝试登录,那么我必须提出 3 个请求:
- Get group and policies from user partition从用户分区获取组和策略
- Get all policies form group in that list获取该列表中的所有策略表单组
- Get all policies获取所有政策
Then I have to do 3 roundtrip for every login.然后我必须为每次登录做 3 次往返。 Is there a better way to do this?有一个更好的方法吗? or design the relations differently.或者设计不同的关系。
1 个解决方案
解决方案1
0 2021-08-13 15:33:43
I would denormalize this.我会将其非规范化。
The effective policy of the user should be an attribute in the user document.用户的有效策略应该是用户文档中的一个属性。
The effective policy should be recalculated async after the user is added or removed from a group or a policy is attached/detached to/from the user.在将用户添加到组或从组中删除或将策略附加到用户/从用户分离后,应异步重新计算有效策略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.