PEPR '24 - Building Permissions into Data Modeling
HTML-код
- Опубликовано: 20 окт 2024
- PEPR '24 - Building Permissions into Data Modeling
Lingtian Cheng, Meta
Complex products like social network apps are unavoidable to have complicated permission checks. There are thousands of actions that could happen on the Facebook app, and each action requires a permission check to decide if the viewer is allowed to perform that activity in order to prevent unintentional or unauthorized action. For example:
• Can the viewer make a post on their friend's Timeline?
• Can the viewer change the cover photo of this Group?
• Can the viewer send a message to that seller on Marketplace?
The concept might seem simple at start, but as the products grow and add more features over time, managing complicated permission logics becomes challenging.
In this talk, I will describe a design pattern that enables engineers to define and implement permissions into data models. It contains three components:
1. a rules engine, which is responsible for modeling the permission logic;
2. an integration with the data modeling layer, which supports flexible abstraction and delegation of permissions;
3. an integration with the data fetching layer, which allows conditional loading based on permissions.
This design pattern has been widely used in Meta on numerous products, and has shown multiple improvements in reliability and performance of permission checks in production.
View the full PEPR '24 program at www.usenix.org...
