undefined | Better HN

0 pointsolalonde10y ago0 comments

What I am recommending is an established best practice: YAGNI or perhaps KISS. When I meant something simple, I didn't mean to throw away the whole authorisation abstraction. I do consider things like role/permission based authorisation relatively simple as long as the whole logic doesn't live in a database a la http://blog.bronto.com/wp-content/uploads/2014/10/imagecache....

0 comments

1 comments · 1 top-level

ironchef10y ago

Ok. I guess the difference is I would never suggest RBAC to be "relatively simple". There are so many considerations (are negative permissions required? are there many to many required? separation of duties?) that without making things explicit it's hard to know what is meant by "role/permission based authorisation".

j / k navigate · click thread line to collapse