I am new with Symfony. I have 3 Tables (user, group, role), for these tables I created an entity class for each one. Here are some conditions to meet:
Every User could be in several groups
Every group can have several roles
Each user can have many roles through group ca.
So my question is, how i can draw the relationship to these three tables with doctrine on a single pivot table? is it possible?
here is an image
I am sharing this for your convenience.
Related
So many tables in the fields/field tables, is there any methods to group them to folders, like the measure/measure group, and power query also can group tables/power query group.
Currently there is no such feature, but you can vote to implement it here:
Group Tables in Report View.
According to number of votes, it's not seen as super relevant by the users.
So, consider consolidating your tables and hide all the temporary ones from the view.
on a single table pattern on dynamodb, when you have a many to many relationship, how would you make an update
lets say a user-account table, consisting of a userId and accountId as the partition key & sort key, and a gsi of the reverse, a user can have many accounts and an account can have many users, what happens when the information on an account updates
would you go through and loop through all accounts and update each individual record?
For example, if a user updates an account information, then all users linked to that account would need the updated information now. In SQL it would be easy as the accounts would be linked via a foreign key, but in nosql, each row contains all the information about the account, so what would be the best approach to maintain consistent data for the updated account accross all users?
I am building a project using AppSync and GraphQL to enable Restaurants to track orders. There are four DynamoDB tables (one for each of the following entities): Restaurants, Staff, Tables and Orders. Each Restaurant can have many members of Staff, who are each allocated to one or more Tables. Each Table can have many orders, but an order can only belong to one table (see the System Design diagram for a visualisation of these relationships).
Problem
My issue is that I need very fine-grained hierarchical access control, with 3 main concerns:
Staff belonging to one Restaurant must not be able to Create, Read, Update or Delete any entities belonging to other Restaurants.
All staff in a Restaurant can view all tables in the Restaurant. However, they can only view orders belonging to a table if they are allocated to that table (e.g. a StaffTableJoin object which connects that particular Staff member to that table exists.) OR they are a Restaurant admin (see part 3)
A member of Staff who is a Restaurant Admin can view all orders belonging to any table in the restaurant.
A cognito user is created for each member of staff, and their permissions should be assigned based on the relationships between entities in my DynamoDB table.
Solutions Considered
I have visited the Authorization and Authentication page in the AWS docs to explore options for restricting permissions. So far, I have considered using COGNITO_USER_POOLS and AWS_LAMDBA authorization.
For the approach using COGNITO_USER_POOLS, I would create a Cognito User Group for each Restaurant. When new members of staff register, they are assigned to their restaurant's user group. I would then add an groupsCanAccess field to each entity in each database. My resolvers would check that the requesting user belongs to a group which is allowed to access each resource. However this would only address concern 1, as all staff in a restaurant would then have the same permissions to access their restaurant's resources.
For the approach using AWS_LAMBDA, I am not too sure how this would work, but I considered creating an Authorization lambda which checks which restaurant the requesting user belongs to. For instance, if the User was requesting an Order, I would need to check which table the order belongs to, then check if a StaffUserJoin exists (connecting the requesting User to the table). This approach seems very difficult (maybe impossible).
Any advice that could be offered is much appreciated, as I have been struggling with this for a long time. It seems like a common use case, where permissions are needed based on an object hierachy. Thanks in advance :)
I would like to allow users privileges by region with PBI DAX expression implementation to first get USERPRINCIPALNAME then proceed to get their region.
User Table:
Scenario:
When Shaun login to powerBI service. He only can view the dashboard and dataset in region R10.
If you have multiple tables you want to control with dynamic security, you might prefer an approach based on the propagation of the security filters through the relationships instead of using a DAX expression for every table you want to filter.
What we have to do is to create a new role and use this code to apply security filter for the user table :
[EMAIL]= USERPRINCIPALNAME()
The second thing to do is to apply bi-directionnal filtering for the relationship betwen user_region and region.
I have an entity that has many related entities that look like this:
Authorizable(one Authorization(many Role, many Acl))
User < Authorizable(
many Profile < Authorizable
)
Loading the User entity and resolving the roles and acls takes about 15 queries and I would like to reduce that to a minimum (one ideally).
The fetch="EAGER" option does not seem to use joined queries.