Boost Fertility New Invention Ups Success Rates.pdf
Server side authorization
1. Server Side Authorization
● Data Access and Modification
● Operational Authorization
● Policy based Authorization
2. Data Access and Modification
● User who owns the data
● User who is eligible to access or modify data
E.g. Whether logged in user is authorized to access/modify data
3. Operational Authorization
● Operations are only allowed to be performed by Users having
specified roles and permissions
E.g. Only admin can view or update company account email
E.g. User who is alloted permission by admin can view or update
company account email
4. Policy based Authorization
● Operations are only allowed to be performed by users having
authorization defined under Policy (containing business rules for
authorization of access and operations)
E.g. Once user have spent all the available credit, he is not allowed
to spend anymore
E.g. User can download maximum 2 movies in a day
5. Admin
User 1
(Free subscription)
User 2
(Premium subscription)
Shared
Data
User 1
Data
User 2
Data
View Video details
Upload video
Delete Video
Free - max 5
videos
Premium -
Max 100
videos
Operations
Data
Access
6. Shared
Data
User 1
Data
User 2
Data
View Video details
Upload video
Delete Video
Policy based
Authorization
Operational Authorization
Data Access
/Modification
Authorization
Admin
User 1
(Free subscription)
User 2
(Premium subscription)
7. View Video details
Upload video
Delete Video
Operational Authorization
● Define service codes
● Define user roles
1. Service codes
a. VIDEO_VIEW
b. VIDEO_UPLOAD
c. VIDEO_DELETE
2. Roles
a. ADMIN
b. FREE_SUBSCRIBER
c. PREMIUM_SUBSCRIBER
Operational execution is
intercepted and checked whether
logged in user’s role has
permission to execute the
requested operation.
Admin
User 1
(Free subscription)
User 2
(Premium subscription)
8. View Video details
Upload video
Delete Video
Policy based
authorization
Operations
● Configure policy with
business rules
Policy module checks whether the
current user data qualifies the
policy rules.
Admin
User 1
(Free subscription)
User 2
(Premium subscription)
9. Shared
Data
User 1
Data
User 2
Data
● Logged in user
● Data contains information of
its owner
Video
● Id
● Uploaded by
● date
Video thumbnail
● Id
● Video id
Operation 1: User 1 deletes video
Parameters: video id, owner id
Operation 2: User 1 deletes video
thumbnail
Parameters: thumbnail id, video id,
owner id
Here in operation 2, video id is
required to check if thumbnail is
owned by the user.
Data Access and Modification
10. Shared
Data
User 1
Data
User 2
Data
Video
● Id
● Uploaded
by
● date
Video
thumbnail
Operation: delete child at Level 3
Problem:
How to check ownership at level 3
efficiently.
It is not recommended to fetch all
levels in application and traverse
it to check video ownership
Data Access and Modification
Level 2
Level 3
Solution:
Use SQL Joins to filter the 3rd
level
delete from Level3 L3
Inner Join Level2 L2
Inner Join VideoThumbline VT
Inner Join Video V
Where L3.Id and V.