Ah... the eternal problem of how to solve pushing down authorisation into the database layer without wrapping all "simple" queries with logic along the lines of "only if owner imatchess id...". I understand SQL is a generic tabular data store concept, but it would be nice sometimes to have a concept of users or data owners without mixing the authorisation and business logic into complex queries.
I don't think the current multi-user functionality of databases is terribly useful as most applications only use one database user to connect to the database, but then have to emulate record ownership on an application level (i.e. lots of website accounts) which tends to get pushed down into the SQL itself for performance reasons.
Now we move into big data, data ownership and user permission grants on that data, it would make sense to have a better concept of records having an owner (in the GDPR sense of the word) and it would be convenient if this could be abstracted somewhat into SQL itself instead of complicating all queries.
Yeah I assume most apps are still single SQL user so auth is code-managed while data lakes are better as native.
So my q is modern arch for the app code services -- like, authenticate via JWT and pass that around, maybe even through internal requests, but where does the authorization logic go? A middle tier REST microservice that does all SQL queries, like a graphql layer? (And then DIY RBAC wrappers over the graphql?)
I don't think the current multi-user functionality of databases is terribly useful as most applications only use one database user to connect to the database, but then have to emulate record ownership on an application level (i.e. lots of website accounts) which tends to get pushed down into the SQL itself for performance reasons.
Now we move into big data, data ownership and user permission grants on that data, it would make sense to have a better concept of records having an owner (in the GDPR sense of the word) and it would be convenient if this could be abstracted somewhat into SQL itself instead of complicating all queries.