I would like to see some improvements when it comes to user/group management. Currently only being able to assign one group to a user makes it difficult to maintain permissions. I get that the primary purpose is more 'Role' based that individual table based, but we have a lot of people that don't fit the standard role thus we have to make specific groups for an individual person.
I would like to be able to assign a person to multiple groups and if any groups overlap, use the most permissive setting from each of them.
I would use this to create permissions groups based on tables or groups of tables.
For instance, we might have a table where we have an admin that can create/read/update/delete all records in a table, another that can only update a certain subset of columns, and another that has read only access. For this case, I would create 3 groups with the needed permissions.
We have 118 tables and 292 users so far and continue to add more every day. Allowing more than 1 group per person would greatly improve the functionality and ease of managing permissions. I often get requests to add certain permissions for certain tables and by going with the role based, I have to verify all permissions the group has and if its too permissive or not enough I have to make a new group, much easier to just add the user to the groups for permissions to specific resources.
Many other applications are designed this way, just look at how active directory is set up to be flexible and goes with the most permissive options.
I would like to be able to assign a person to multiple groups and if any groups overlap, use the most permissive setting from each of them.
I would use this to create permissions groups based on tables or groups of tables.
For instance, we might have a table where we have an admin that can create/read/update/delete all records in a table, another that can only update a certain subset of columns, and another that has read only access. For this case, I would create 3 groups with the needed permissions.
We have 118 tables and 292 users so far and continue to add more every day. Allowing more than 1 group per person would greatly improve the functionality and ease of managing permissions. I often get requests to add certain permissions for certain tables and by going with the role based, I have to verify all permissions the group has and if its too permissive or not enough I have to make a new group, much easier to just add the user to the groups for permissions to specific resources.
Many other applications are designed this way, just look at how active directory is set up to be flexible and goes with the most permissive options.
Upvote
0