|
|
|
|
|
|
by miravmehta
877 days ago
|
|
|
Sure, here are the corrected sentences: 1. RBAC Policy
When there are multiple types of roles in a parent-tenant (pt) and child-tenant (ct), there could be cases where some resources can be shared between pt and ct, while others cannot. Hence, conditions to access these data are not limited to RBAC, but also depend on the type of data and metadata. Checks are applied on metadata. 2. Architecting Multi-Tenant
A significant challenge would be in schema design, especially the isolation of pt and ct. There are open-source solutions available that provide pre-cooked solutions, yet they may not be as effective as writing your own. 3. RBAC can go beyond ABAC and REBAC
This is an advanced problem. Customers in the cloud-native space have demanded this before as it provides granularity. This is heavily backed by your RBAC architecture. If that's implemented incorrectly, then your ABAC and REBAC will also be affected. |
|
|
1. I am not familiar with the parent-child tenant relationship in auth. Could you elaborate on that? Is it like some sort of logical relationship between a holding company and subsidiaries or maybe different cost centers in an organization?
2. I agree. Managing the schema changes in a siloed multi-tenant platform can be a nightmare. I would be keen the have a look at those open-source pre-cooked solutions.
Based on your response it sounds like you wanted to design/build a custom auth solution. May I ask what was the main motivation? Did you have any other pain points with the current offerings?