Best Approach for Pagination with ACL in SQL
Scenario
- Table with about 100-500 k records
- Row level permission (eg user A can read row 1,2,3, user b can read and write row 2,3) (permission is another column for now)
- paginated access, offset + size
- SQL based queries
- Preferable the access check happens inside DB
- If not, then then obviously in application, but single round trip to DB for one set of records
Relevant resource I found
- https://www.fourkitchens.com/blog/article/anticipage-scalable-pagination-especially-acls/
- https://dzone.com/articles/why-most-programmers-get-pagination-wrong
My current approach is the most naive in my opinion
- Do query without access control where clause (select columns.., permission.. from table .. limit X,Y)
- filter results in app (check with permission)
- does not fetch more records if some records where removed in the filtering (so the limit" is not followed)
0 comments
[ 2.8 ms ] story [ 26.2 ms ] threadNo comments yet.