We plan to develop a new part in our application that we want to deploy as a portal for a selection of our suppliers. Our goal is to have fewer phone calls and less email traffic by allowing suppliers to check our supplier orders in our own database and to easily create packing lists from those orders inside our application through an interface we have yet to design. To accomplish this we will have to open up part of our data model to a new supplier role in IAM.
How can we ensure that every supplier gets to see only their data and not that of others? I assume this can be accomplished with hidden pre-filters but perhaps there is a better way. Is there a best practice concerning portals in general and data security?
Page 1 / 1
I think one way to achieve this is with prefilters.
Another way to achieve this would be with views .
I'd make a/some extra table(s) where you can determine which supplier can check which suppliers' orders and which users are with the supplier.
Both ways (prefilter/views) could use this data model to 'filter' data.
I think i'd choose views over prefilters, because you'll probably want to also change the rights for columns on the tables. Making views would make you be in control 100% of the data the suppliers can see. With prefilters you can risk the supplier sees too much information (columns, not rows).
Another way to achieve this would be with views .
I'd make a/some extra table(s) where you can determine which supplier can check which suppliers' orders and which users are with the supplier.
Both ways (prefilter/views) could use this data model to 'filter' data.
I think i'd choose views over prefilters, because you'll probably want to also change the rights for columns on the tables. Making views would make you be in control 100% of the data the suppliers can see. With prefilters you can risk the supplier sees too much information (columns, not rows).
Perhaps views aren't necessary when we enable only certain columns for the supplier role in IAM and hide those with information that are meant for internal use only. I do understand this makes our data vulnerable to errors in IAM. However I do prefer to use views only for those occassions where either IAM or table variants cannot fulfill the goal. Of course we will test our setup first before we release it to external parties to make sure we disclose just the right amount of information.
I think both situations will have it pros and cons and I think we've identified those in our posts.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.