aeppic

Appearance

Securing Your Data in aeppic

Security is essential in any business application, and aeppic takes a flexible, scalable approach with its locks and keys system. Inspired by real-world security principles, this system ensures that data is only accessible to those with the proper permissions, while maintaining clarity and simplicity in managing access.

Why Do We Need Locks and Keys?

In a business application, not every user should have access to all data. Whether it’s sensitive employee records, confidential project files, or restricted commands, it’s crucial to control who can see or modify specific information. The locks and keys system solves this by:

  1. Securing Subtrees of Data: Locks can be applied to entire sections of the data model, ensuring users can only access the information they’re authorized for.
  2. Defining Granular Permissions: Keys grant specific rights, such as viewing, editing, or executing commands, tailored to the user’s role.
  3. Aligning with Real-World Scenarios: The system mimics how physical locks and keys work, allowing layered access (e.g., grounds, building, office, safe) with clearly defined roles and rights.

How Does It Work?

Locks:

  • Locks are documents that can be applied to other documents or subtrees in the data model.
  • A document’s locks property is an array of references to these lock documents.
  • Users need a key referencing the lock to access the document.
  • Users can belong to groups, which can also have keys referencing locks.

Keys:

  • Keys are documents that reference locks and are assigned to users (directly or indirectly via groups).
  • By default, keys only grant visibility (read-only access). Additional rights can be associated with keys, allowing actions like editing, deleting, or executing commands.

Types of Locks:

  • Shared Locks: Used for broad, organizational-level access, like departmental folders or personnel files.
  • Dynamic Locks: Applied to individual documents or items, such as specific projects, where permissions need to vary significantly.

Real-World Example

Imagine managing a company’s digital infrastructure:

Shared Locks:

  • A lock secures the Personnel Files subtree, accessible only to HR.
  • Another lock secures the Project Management subtree, accessible to managers.

Dynamic Locks:

  • Individual project documents are dynamically locked, with keys assigned to specific team members.

Each key is tailored:

  • Some users can only view the data.
  • Others can edit documents, empty recyclers, or perform specific tasks based on their assigned rights.

This layered approach ensures both simplicity and flexibility, avoiding the pitfalls of overly complex group hierarchies while aligning with real-world practices.