Access Restrictions


#1

Hi Datomic Folks,

How are people implementing access / security models in your Datomic apps? I’m working on a project and we’re looking into best practices around securing access to parts of our data according to domain (e.g. “users shouldn’t be able to update others users data unless they are admin role”). We chose to expose transact capabilities to our frontend to keep things flexible as opposed to wrapping things with REST style routing.

I’m wondering if people on the forum have had good experiences using filter, reified transactions, or other approaches to restrict data access without falling back to more traditional architectures. Is there a with-the-grain approach with Datomic?

Thanks!


#2

Are you using Datomic Cloud or Datomic On-Prem?

In the latter case, I would definitely lean toward filters as a mechanism for modeling access control. A simple example can be found here: https://github.com/Datomic/day-of-datomic/blob/master/tutorial/filter.clj


#3

Hey Marshall,

Thanks for the resource, had missed that one somehow. I’m currently using on-prem with peer