I always struggled to build simple authorisation systems. It’s a multi-layer mess: API-level role checks, countless object-user DB tables, and SQL/ORM spaghetti just to manage rights.
With NPL, my authorisation lives in a single place.
When I create a new protocol instance (NPL data objects), I attach user attributes that define who can read and do what. And that’s it, the NPL runtime takes care of the rest — I have a fully authorised backend without adding layers and layers of authorisation.
0 comments