Enterprise Software Authorization / Security

December 5, 2010 - row-level-authorization field-level-authorization

Security Thoughts:

There are generally three types of authorization in enterprise applications:

1. Role based security - Which actions can a user do - aka role-based access control
2. Entity level security - A user can only perform an Action on certain objects/data - aka row level security
3. Field level security - A user can see or edit only certain fields of an entity – (this is really fine grained and usually a bad idea)