Permissions for single vs bulk search
See original GitHub issueHow would one limit the users ability to do bulk search on a collection?
An example use case:
You have user Wish Lists with some items, where the user can share individual items with others. The receiving user should be able to see some basic information about the wish list (_id, name, owner), but access should be limited to the item that was shared.
With CASL i would define
can("crud", "wishlist", {owner : currentUser});
can("read", "wishlist",["_id","name","owner"]);
can("crud", "listitem", {owner : currentUser});
can("read", "listitem", { sharedWith : currentUser });
This has the side-effect that users can bulk search all wishlists and owners, but the intent was only for them to have limited access to the specific wishlist associated with the item that was shared with them.
Issue Analytics
- State:
- Created 4 years ago
- Comments:9 (6 by maintainers)
Top Results From Across the Web
BULK INSERT permission on a single database
Answer: It doesn't matter if the ADMINISTER BULK OPERATIONS is server-wide, the user won't be able to BULK INSERT ...
Read more >Permissions (Database Engine) - SQL Server
Base securable Granular permissions on base securable Securable that contains bas...
APPLICATION ROLE ALTER DATABASE
APPLICATION ROLE CONTROL DATABASE
APPLICATION ROLE VIEW DEFINITION DATABASE
Read more >Edit user-specific permissions in bulk - Greenhouse Support
With the bulk action feature, you can edit individual user-specific permissions for a single permission level at a time.
Read more >You do not have permission to use the bulk load statement
You can provide permission to user to fix this issue. Go to MS SQL server management and connect to db. In Object Explorer,...
Read more >How do I enable Bulk Send for one or more users?
When a permission-controlled feature (such as Bulk Send) is enabled on an account, the related permissions are not added to all pre-existing ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Hi, so sorry it skipped my mind. Heres the code :
I close this for tidiness. Hopefully you found the right solution in your situation.
P.S.: frankly speaking I still don’t see where the issue is 😃 We discussed 3 different domains, despite the fact they are similar it’s hard to understand clearly what you have and what you want to achieve.