4 Comments

Great article! On which level these ACLs are implemented? For example, if I add an admin to my company account and this user tries to access my company account dashboard would that be a call to the ACL service?

Thanks for the shout out!

Expand full comment

Thanks Akos!

While LinkedIn's approach with ACLs was more on service-to-service communication, it would definitely make a lot of sense to have ACLs on the user level like the way you've mentioned. In fact, we can couple ACLs with role-based access for even better control. The ACL service will be responsible for storing these access rules.

Expand full comment

LinkedIn uses a relative complex solution, which is totally reasonable to authorize such number of API calls per seconds.

Awesome write up, and thanks for the shoutout, brother Saurabh!

Expand full comment

Thanks Daniel.

Indeed, it's a complex solution particularly because of the scale they are operating at.

Expand full comment