I'm not talking about access control to the DB, I'm talking about application users. Say you're writing a CRM, and you want a certain group of salespeople to not be able to view clients from Malta.
In our platform, the CRM manager can create a dynamic rule like:
Role: group1
Record Type: Clients
Rule: Country != 'Malta'
Then our ORM will dynamically apply that to any query that accesses the Clients table when the logged-in user belongs to group1. For example, when the user searches for clients with a certain name, the SQL-equivalent query is:
SELECT * FROM clients WHERE name LIKE '%John%';
But before sending it to the DB, the ORM see that the current user belongs to group1, and so will transform it into:
SELECT * FROM clients WHERE name LIKE '%John%' AND country != 'Malta';
In our platform, the CRM manager can create a dynamic rule like:
Then our ORM will dynamically apply that to any query that accesses the Clients table when the logged-in user belongs to group1. For example, when the user searches for clients with a certain name, the SQL-equivalent query is: But before sending it to the DB, the ORM see that the current user belongs to group1, and so will transform it into: