So, I was trying to build IAM service like Amazon IAM, but simpler. Company has users, groups, and policies. As you can imagine users, groups, and policies has many-to-many relation between each other. Actions:
Now the issue is, if User try to login then I have to make 3 request:
Then I have to do 3 roundtrip for every login. Is there a better way to do this? or design the relations differently.
I would denormalize this.
The effective policy of the user should be an attribute in the user document.
The effective policy should be recalculated async after the user is added or removed from a group or a policy is attached/detached to/from the user.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.