Hi Datomic Folks,
How are people implementing access / security models in your Datomic apps? I’m working on a project and we’re looking into best practices around securing access to parts of our data according to domain (e.g. “users shouldn’t be able to update others users data unless they are admin role”). We chose to expose transact capabilities to our frontend to keep things flexible as opposed to wrapping things with REST style routing.
I’m wondering if people on the forum have had good experiences using
filter, reified transactions, or other approaches to restrict data access without falling back to more traditional architectures. Is there a with-the-grain approach with Datomic?