Any obvious pitfalls of modeling access control policies using subject, scope, object?
Context
A small web application with REST API and postgres as db, that has users, documents and teams. A user can do basic CRUD operations on document.
A user is always a part of a team. A team is generated on user signup. A team has at le… Continue reading Any obvious pitfalls of modeling access control policies using subject, scope, object?