Performing centralized authorization for multiple applications

Posted by Vaibhav on Stack Overflow See other posts from Stack Overflow or by Vaibhav
Published on 2010-04-27T19:44:37Z Indexed on 2010/04/27 19:53 UTC
Read the original article Hit count: 219

Here's a question that I have been wrestling with for a while. We have a situation wherein we have a number of applications that we have created. These have grown organically over a period of time.

All of these applications have permissions code built into them that controls access to various parts of the application depending on whether the currently logged in user has the necessary permissions or not.

Alongside these applications is a utility application which allows an administrator to map users to permissions for all applications - the way it works is that every application has code which reads this external database of the said utility application to check if the currently logged in user has the necessary permission or not.

Now, the question is this. Should the user-permissions mapping information reside in and be owned by the applications themselves, or is it okay to have this information reside within an external entity/DB (as in this case the utility application's database).

Part of me thinks that application permissions are very specific to the application context itself, so shouldn't be separated from the application itself. But I am not sure.

Any comments?

© Stack Overflow or respective owner

Related posts about authorization

Related posts about centralized