admin管理员组

文章数量:1297053

I'm working on an application for use with businesses that have multiple branches. The businesses want to limit User access so Users only see the data from the branch(es) that they work in.

There are many entities, so I would prefer to utilize some sort of cross-cutting feature where I do not have to implement this filtering for each entity type. For a given User, I have data stored to determine which branches the User works in.

Does hibernate provide any features to make this kind of filtering easy for me?

I'm using standard spring-boot (3.4.1) technologies in case something else would provide helpful features:

  • hibernate 6.6.4
  • spring-data-jpa
  • spring-security

I'm working on an application for use with businesses that have multiple branches. The businesses want to limit User access so Users only see the data from the branch(es) that they work in.

There are many entities, so I would prefer to utilize some sort of cross-cutting feature where I do not have to implement this filtering for each entity type. For a given User, I have data stored to determine which branches the User works in.

Does hibernate provide any features to make this kind of filtering easy for me?

I'm using standard spring-boot (3.4.1) technologies in case something else would provide helpful features:

  • hibernate 6.6.4
  • spring-data-jpa
  • spring-security
  • java
  • hibernate
Share Improve this question asked Feb 11 at 22:42 KevinKevin 1,6974 gold badges26 silver badges55 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 0

No, at least, not directly. This really depends on how your access system will be modeled. You may be able to get away with a simple common column that declares who has access to a given row, or you might have another table that joins a User's Role/Permissions with an Entity. It just depends on how you structure your access.

For example, if you were just trying to separate a set of objects from someone's account for multi-tenant access. That could be a simple column account_id or tenant_id, and in that case using the @Filter annotation might work well for that.

But let's say you have a dynamic access system where 1 or more users could be given access to an entity. In that case you'd need to have a separate table that would need to be joined against entity's table in order to filter the table. That is more complicated, and would either require specialized mapping configuration or custom SQL to accomplish that. With this model you might be able to create an Access entity that joins to your table as a OneToMany and then that would allow you to specify the user's credentials in some to your queries to filter it down. That mechanism could be pulled up to a base class to give that feature to all of your entities. There are some considerations about ID conflicts that need to be thought out, but nothing that couldn't be overcome.

本文标签: javaDoes Hibernate have features for limiting users to subsets of dataStack Overflow

版权声明:本文标题:java - Does Hibernate have features for limiting users to subsets of data? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741630361a2389325.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。