Row level security (RLS) is key security element in building multitenancy applications.

It means that your application should provide data rows depending on a user context.

Other scenarios are role based data access, logical delete, enabled/disabled data, etc.

In this chapter we will dive in security aspect of your application and describe several solutions for implementing RLS.

Solution 1. RLS via configuration

  • Make all security relevant entities private (Security.Is Private property).
  • Create query for each security relevant entity and implement security logic (check Current User Context chapter).
  • Create wizards using corresponding queries (wizards using private entities will fail to work).  

Here is an example of security logic in query filter. Data filters by current user id except if current user has SecurityManagement permission.

This is the most easy way to build robust security application although it has its downsides.

For large scale projects when there are several queries per entity security logic should be copied.

So important security logic duplicates therefore increasing a chance of miss synchronization between its copies.

This is a bad scenario for supporting and developing an application.

There is a quick hack for this problem,- create similar query filters in Custom Code (not in configuration) and store them in one place.

But this will lead us to more "proper" way of building RLS (see next solution).

Solution 2. RLS via database interceptor

Inject security logic in EF database interceptor depending on entity interface.

This is a fully Custom Code solution (no configuration is needed).

Check this link for detailed example.

Created with the Personal Edition of HelpNDoc: Full-featured Documentation generator