Direcstore
Data Security
Data filter and authorization check
Overview
The data security rules can be implemented as javascript code on-the-fly to filter data and check user's authorization in addition to the data query.
The security rules can be updated directly in the data model object or via the administration UIs.
Data filter
A pre-defined tagging template support building additional conditions for the SQL query. For example in the select data rule, we add filter as following:
The direcstore engine will parse the string tagging template and add it to the select query as part of the "where" condition.
Authorization check
The default user authentication model has role based implementation which can be used for checking during data querying. For example of rule which allow only admin role to execute the query
User role can be maintained in Admin UIs