Great article! On which level these ACLs are implemented? For example, if I add an admin to my company account and this user tries to access my company account dashboard would that be a call to the ACL service?
While LinkedIn's approach with ACLs was more on service-to-service communication, it would definitely make a lot of sense to have ACLs on the user level like the way you've mentioned. In fact, we can couple ACLs with role-based access for even better control. The ACL service will be responsible for storing these access rules.
Great article! On which level these ACLs are implemented? For example, if I add an admin to my company account and this user tries to access my company account dashboard would that be a call to the ACL service?
Thanks for the shout out!
Thanks Akos!
While LinkedIn's approach with ACLs was more on service-to-service communication, it would definitely make a lot of sense to have ACLs on the user level like the way you've mentioned. In fact, we can couple ACLs with role-based access for even better control. The ACL service will be responsible for storing these access rules.
LinkedIn uses a relative complex solution, which is totally reasonable to authorize such number of API calls per seconds.
Awesome write up, and thanks for the shoutout, brother Saurabh!
Thanks Daniel.
Indeed, it's a complex solution particularly because of the scale they are operating at.