I would like to use Symfonys API platform for a BI application. I know it is great in security and flexibility, but I need something I have not yet found in documentation or here on stackoverflow.
I have multiple databases and each db contains data of multiple customers.
Now I want to limit which customers a logged in BI user can see. If a BI user is limited to see only data of a subset of customers (that relation is present in the DB), how can I make sure this user will only see data related to those customers, and not any other?
I could use a customer ID as entrypoint, would since it should contain data of all customers and the list of customers is dynamic, this will not work.
I know there must be a way to have that security on kernel level/Event Listener but was unable to find this.
Thanks in advance for any help!
Related
in the project i am working on, we have a database per tenant and each tenant consists of at least 1 department. One of the requirements we have is that when an admin user deletes a department using a custom frontend we've provided, the system should first archive the data of that department on a blob storage before the data is deleted. The same we have for the tenant, we need to archive the data before the database of that tenant is removed from the account.
Now, my question: is there any best practice to do this? We are planning to retrieve all the data from all collections, using a mongo query, based on the department id (which is also the partition key) and then send it to a blob storage. The challenge we have is the execution of the query to retrieve all the data because it can be a huge amount and the RUs required for that action may affect the performance of the system because other users may be using the system while we remove the data.
I looked at mongodump and mongoexport but these are applications so we cannot execute it from our code?
Any ideas? Thanks a lot.
I think one way to solve this is by using ChangeFeed, as it reallyhelps and simplifies writing a carbon copy somewhere else.
However, as of now the change feed processor won't notify you for deleted documents so you can't listen for them, this feature is planned as of now.
Your best bet is to write some custom application that does archiving using Query language support
I have seen a firebase api in which you can create firebase projects and it occurred to me for example, when a user wants to counter a SaaS, make it easier for me to create a project and connect it to their SaaS but I have the following questions:
If there are supposed to be limits to creating firebase projects in a google account, will there be a time when databases can no longer be created for new users?
If the above is true, how can this be solved?
I have seen that you can ask for more projects, but how many can I have?
I know that with firestore, I can model data and only in a database have all the information, but for example, each user may have special requirements in their system and also provide security and information saving operations that would be impossible if all information is in a single database.
Thanks for the help.
EDIT
"How many projects can you have as a developer?" Yes, that's what I mean, having all the user bases in a single firebase google account. For example, on a web page, the user wants to pay for the application, with firebase admin and google cloud functions, I can automatically create a project and have all the databases in a google account. And what I want to know is if you can have multiple databases. I have seen that you can ask google to give you permission to host several projects but, for example, can you have more than 100 projects or even 1000? (I may never have reached that number, but in that case, I would like to know the limits that can be reached).
Edit 2
This first structure I have all the documents in a "universal" collection and I identify them with an id to know the user who used it.
But the second structure seems to me more organized and clean, in addition to the fact that users at no time need to share information among others. I have read that having nested collections is not good but over the years and the progress that firestore has had, this is no longer or was a problem only that the limitation is that you can only have up to 100 collections anidades but I never think to reach that quantity.
Inside of list, have all products for that user, because inside of document, only can have 1 mb of data and download 1 mb and is not the best option.
in the firestore documentation I see that it does not reveal other problems, it only says that it is difficult to delete the subcollection, but I do not allow users to do that and if I need to delete the subcollections, with the Google Cloud functions i can do it.
So, the second structure is more intuitive for me, but is the best option for that? or actually firestore is not good for this strcucutre?
Am a little new to using Realm, but learning fast. I've seen that when using the Realm object server the default setting is that a new Realm is created for each new user. I also see that with quite some effort a Global realm can be created and permissions given to it, so that many users can access that realm. As I'm working on an app where users create orders, then the first approach seems more secure; each user would have access only to the orders created in that users Realm.
My question is, in this situation how would I be able to report on total order information across users e.g. total order quantities/amounts for September for all orders taken?
I haven't been able to find any reporting system or information about this. Any advice or hints & tips that would help me solve this would be really appreciated.
So after making many checks and hearing back from the guys at Realm, it seems that it is not currently possible to get summary info across Realms.
One solution suggested would be to create a "summary" realm and write total info to is as Im creating the other realms, which doesn't sound like a good solution.
So the only solution currently, that will allow you to get summary information across e.g. orders for different people, is to store the information in one Global Realm and set the permissions so that all users can access it.
A final note, Realm have told me that they plan to bring out an enhancement, that will help solve this issue, by letting you set securities for users within Global Realms. Hopefully that comes out soon :-)
I am a newbie to firebase and need some suggestions on structuring data.
I am designing a database for an application where multiple people may share a bank account and can update the status of this account. The group of people sharing this account may also keep changing. So, multiple people may perform actions which will influence the balance available in an account. I decided to list the linked accounts under each user so that one pull is enough to get a list of all user accounts once user logs in. If user is interested in details of a specific account (like balance) then I will go and fetch that child from accounts sub-tree. It all seems fine until I think about notifying users in a smartphone app if the balance associated with any of their linked account changes. Since the balance attribute is not under any specific "user" sub-tree, how to monitor for this change at the application level.
I don't want to bring balance attribute under "user" sub-tree or else I will have to find the duplicate copies and update all of them whenever balance of an account changes. Moreover this approach will not scale well.
Any suggestion?
I'm currently developing an app where the users are first asked to create an account trough a website (ASP.NET) to use the app. For a special reason I need to automatically generate a database for each customer creating an account, on the hosted SQL Server. The databases for all the customers are the same.
I was thinking about doing like that: as I have the script for creating the database, I was thinking to insert it in stored procedure or a trigger that will be launched as soon as the user has fully created his account.
I don't really see other solutions, maybe somebody could give me some guidelines? Thanks in advance.
I think such a design has been shown to not scale. I'd recommend redesigning the schema to allow multiple customers in a single database.
Amazon does not such thing. Neither should you.
I agree duffymo on you would have scalability issues.
However there are situations where in you might prefer separate database as your multi-tenant data approach.
In my last project I had to adopt separate DB approach as business wanted complete isolation for each customer. It was a school administrative system and number of customer was not expected to grow in more than three digits in 5-10 years time.
So the solution I designed was, I used Entity Framework code first approach. Every school will have a unique school identifier which will be used to name the database uniquely for each school. The connection string was generated at runtime obviously. A connection factory was used to create the appropriate DataContext based on passed school identifier. The database is created on first usage if not exist. At the same time SQL script was executed to create db users during db creation if not exist.
If this approach sounds appealing I can share code snippet if that helps.