PHP MySQL Row level security
I am looking for an example or information on row level security for PHP
and MySQL. I have done the basic google reasearch, I have read all the
posts / articles about using views and adding fields to table to specify
what user has the right to view the object. Those example are fairly
simple and would require lots of configuration / maintenance.
Here are a few real life examples of what i am looking for:
Clients data, allow to configurer what user or user group can view all or
parts of the client file. This must be persistent for all the application
features including reports and dashboards.
Employee files, give access to immediate supervisor and HR to an employee
file without having to reconfigurer the access rights when supervisors
change.
I think this should be handled directly from the database layer, but could
also be applied to other resources for examples, uploaded documents.
I'm hinting to some sort of "filter" that I could pass my data into so it
could be filtered.
Any interesting links to articles or frameworks that have implemented this
with success would be greatly appreciated.
Thanks.
No comments:
Post a Comment