The main project I work on has a sizeable database with a fairly deep taxonomy/relationship hierarchy. I am not exactly working at Silicon Valley startup scale, but to give you a sense of size, my “bottom-most” table in the taxonomy has ~1m rows and is growing fairly quickly.
Per-object permissions are vital for my application’s business logic as—apart from company staff—nobody has ‘global’ permissions. For example, if my project had a
School model, it is extremely unlikely that a user would have permission to create a
Class model without that permission being scoped to a certain
School. This in itself is a toy scenario and does not fully show the complexity of some permissions determinations. The relationship between the model hierarchy and permissions determination is not ‘strict’ and there is some ‘dynamic’ behaviour involved in determining if a certain user has a certain permission on a certain object.
The object permissions package people usually cite is
django-guardian, which at it heart seems to maintain per-object permission records in the database. This sounds like it has its merits as it’s easy to determine the permissions for any user/instance pair. Either I am misunderstanding how this is meant to be used in practice, overreacting to the theoretical performance impact, or this is not an appropriate strategy for my project. The way I see it, if I wanted to grant a user access to an object that is high in the hierarchy (like my
School example from before), I would then need to calculate how those permissions should filter down to child models. This sounds like it could be an expensive operation.
My application is much more read-heavy than write-heavy, so I understand that having the expensive operations performed on-write may be ideal. However I am not entirely convinced that this is the right approach regardless.
I currently have a custom auth backend in place that essentially climbs the hierarchy for every permissions lookup. I am not caching these lookups either! as caching tends to be hard to get right, and permissions caching is not something I want to get wrong given my application’s domain. This is obviously quite taxing on the database, and does not cover all use-cases (there are permisisons edge-cases that I have DIYd outside of the Django permissions system / my auth backend).
I am curous if anyone has had any similar thoughts and/or if I have a gross misunderstanding of django-guardian or even Django permissions altogether.