Ask HN: How to handle object level permissions in a service based architecture?
As the title states. I'm curious how others have handled object level permissions in a system that consists of many services.
Particularly when the individual object permissions can be in the thousands.
Example:
Service A contains thousands of objects for which a user can have access to any number of. While Service B has meta data that relates to objects in Service A. If the user makes a direct request to Service B for a set of objects, how does Service B check if the user has permission to access metadata for the requested objects from Service A.
No comments yet.