In RDBMS, we use foreign key to ensure one-many relationship. For example, we will ensure one employee only belong to one department.
In graph databases, how can we ensure this?
Related
I am building a project using AppSync and GraphQL to enable Restaurants to track orders. There are four DynamoDB tables (one for each of the following entities): Restaurants, Staff, Tables and Orders. Each Restaurant can have many members of Staff, who are each allocated to one or more Tables. Each Table can have many orders, but an order can only belong to one table (see the System Design diagram for a visualisation of these relationships).
Problem
My issue is that I need very fine-grained hierarchical access control, with 3 main concerns:
Staff belonging to one Restaurant must not be able to Create, Read, Update or Delete any entities belonging to other Restaurants.
All staff in a Restaurant can view all tables in the Restaurant. However, they can only view orders belonging to a table if they are allocated to that table (e.g. a StaffTableJoin object which connects that particular Staff member to that table exists.) OR they are a Restaurant admin (see part 3)
A member of Staff who is a Restaurant Admin can view all orders belonging to any table in the restaurant.
A cognito user is created for each member of staff, and their permissions should be assigned based on the relationships between entities in my DynamoDB table.
Solutions Considered
I have visited the Authorization and Authentication page in the AWS docs to explore options for restricting permissions. So far, I have considered using COGNITO_USER_POOLS and AWS_LAMDBA authorization.
For the approach using COGNITO_USER_POOLS, I would create a Cognito User Group for each Restaurant. When new members of staff register, they are assigned to their restaurant's user group. I would then add an groupsCanAccess field to each entity in each database. My resolvers would check that the requesting user belongs to a group which is allowed to access each resource. However this would only address concern 1, as all staff in a restaurant would then have the same permissions to access their restaurant's resources.
For the approach using AWS_LAMBDA, I am not too sure how this would work, but I considered creating an Authorization lambda which checks which restaurant the requesting user belongs to. For instance, if the User was requesting an Order, I would need to check which table the order belongs to, then check if a StaffUserJoin exists (connecting the requesting User to the table). This approach seems very difficult (maybe impossible).
Any advice that could be offered is much appreciated, as I have been struggling with this for a long time. It seems like a common use case, where permissions are needed based on an object hierachy. Thanks in advance :)
I am new to GCP and NOSQL.
is it possible to have primary and foreign key in the GCP fire-store
Example: I have two table STUDENT and DEPARTMENT
table looks like below
Department-table
dept-id(primary key)
deptname
Student-table
dept-id(foreign key)
student-id
student name
can anybody please help in design this in GCP Fire-store?
To a database, a key is the same as any UUID/randomID and can be shared and used between users, teams, admins, businesses, of all kinds. what matters is how that data is associated. Since Firestore is a noSQL database, there is no direct relational references, so one key cannot be equal to another without including secondary lookups.
In the same way you would define a user profile by an ID, you can create an empty document with a random ID to facilitate the ID of a team, or in this case the department. You can also utilize string combinations if you have a team and a sub-team, so long as at the point of the database request you have access to the team/department ID, you can use Regex to match a string comparison.
Example: request.resource.data.name.matches('/^' + departmentID)
To make a foreign key work with Security Rules or within the client, you must get the key that contains the data as the key should be the name of the document in question to streamline the request as you cannot perform queries or loop through data within Security Rules.
I great read on this subject, I highly suggest this article
https://medium.com/firebase-developers/a-list-of-firebase-firestore-security-rules-for-your-project-fe46cfaf8b2a
But my suggestion is to use a key that represents the department directly rather than using additional resource to have a foreign key and managing it.
Firestore won't support referential integrity.
It means that you can use any (subject to rules and conventions) names for fields, but the semantic and additional functionality is to be maintained by you, rather than by the system.
In addition to my primary key, I would like to set up one or more alternate keys in my model in Django. For example, perhaps the primary key in the customer table is a Django-generated ID. But, I may want another, alternate key to ensure that no customer-name, insert-date combination is duplicated. Is there a way to do this in Django or must I go out and do this in the database?
Thanks!
How should I structure my Actors in Akka persistent (Eventsourcing/CQRS) ?
Hierarchical
Parallel
I have these domain objects in my ecommerce application
User - User can create account
Store - User can create store
Product - User can add products to it's store
Cart - A User can add any product from other User's stores into the Cart.
So my question is how should I structure my Actors ? What are advantages and disadvantages of choosing one over the other specially in relation to an Ecommerce domain model ?
I think your question is more about the boundaries of your aggregates.
In any case, there should be NO hierarchical structure between aggregates. Aggregates should be independent from each other. No parent child relationship.
According to your description. There is a User Aggregate that can create stores and add products to it.
Store could be an apart aggregate that is initiated by the User aggregate. Note that the fact that an user can create a Store doesn't mean that they should have a parent/child relationship. It's more about access control. A Store is created by a user and only this user have right to add products to it.
However, Product seems to be a entity inside the Store aggregate.
Your fourth example, "Cart - A User can add any product from other User's stores into the Cart", reveals something totally different. You have two kind of users. Users that create and manage stores and consumers of a given store. They are not the same and they should be modeled differently.
Try to model the domain of your business without trying to reuse objects just because they are similar.
I have a requirement according to which I have to create a central Login system.We have 2 things Corporate and Brand each represented by tables "Corporate" and "Brand".
When a corporate gets registered,corporateID is given,When a user under that corporate gets registered there is a table corporateuser in which corporateID is a foreign key and CorporateUserID is a primary key.Similarly in the case of a brand.
So we have CorporateUserId and BrandUserID.
Now i have a table called RegisteredUsers in which i want to have corporate as well as brand users.UserID is a primary key in this table which is a foreign key to both corporateuser as well as Branduser.
now when i enter a corporateuser,I do an entry to corporateuser as well as RegisteredUsers.When i enter CorporateUserID in userID for RegisteredUsers.It gives foreign key violation error.
I fully understand this error.How can i achieve this.This requirement is very rigid.Please tell a workaround
What you're trying to do is not totally clear, but it seems that you want the primary key of all three user tables to be the same. This is not a strict foreign key relationship, but it seems reasonable in your application.
You need to assign the userID in RegisteredUsers first, and use that key when you create your Corporate User or Brand User. Then the user id's will be unique across the whole system.
If that's not what you want, edit your entry with the table layouts to make the problem clearer.
If you are trying to insert records into tables with relational conatraints, you will need do all inserts under one SQL Transaction.