Fine grained permission management

I suppose it’s not possible but :

For a data model, how can I give a read permission to a specific part of that data to a user and a write permission to another part ?

My use case is a Book data model that contains chapters. The owner user want to share specific chapter for betareading (Read permission) but don’t want give the all access. But he also want to share the entire projet to a user B with Write permission.

How could you do that ?
I imagine you will say me to cut the book in many data model but a book can can contain a no limited number of chapter that can contains a no limit number of children chapter that can contains also children etc.
So it would be complicated to do that.

Can you give me your point of view ?

Yes, we anticipated this use case but never implemented it due to its inherit complexity. I assume something like Firebase’s security rules are what you’re looking for?

I’m afraid that at this point you’d have to either:

  • Implement these permissions in your application code (perhaps storing the security rules in the book model) or
  • Split the chapters into separate models

Neither of which seem like a great option.

I would encourage you to create an issue describing your use case so we can track it. This is, of course, open source software, so you are welcome to take a stab at an implementation! We would be happy to assist you in this case.

Yes Firebase’s security rule seems a good format for the use case.

I understand the inherit complexity.
Thank you to encourage me to contribute to the project.
I will in a first time propose a solution without rights management to the customers. It’s already a very good innovation for my platform.

If I see in few months a important need about rights management, I would be enthousiast to implement it but for the moment, I don’t have the resources to do it.
I will already try to finish what I started but I keep this idea in my mind.

1 Like