I’m running into the following issue. My data model has a bunch of entities and user’s can only access some of them. I want to do fine-grained permissions for each entity. So each non-admin user should not be able to access any of the 8 default fields (e.g. id, version, create_ts…).
In my startup script 30.create-db.sql I have to have 4 inserts for entity level permissions 8 inserts for default fields and 1-10 inserts for actual entity fields the user should or should not have access to.
This creates a real mess in 30.create-db.sql, especially if I add or remove a field and then have to remember to go in and add or remove permissions.
This is still in the early development phase of the data model and application.
It would be helpful to be able to have an arbitrary number of 30.create-db.sql (each named differently of course) for specific permissions for each table and one for each lookup table that needs to be initialized (which can have thousands of additional rows), sort of like you allow an arbitrary number of update scripts.
I played around with moving a lot of the stuff from 30.create-db.sql to the earliest update scripts, one for each table, but am having difficulties making it work. When I create the database, it says it applies all the update scripts but I don’t actually see them applied in the DB. It could be that this is another manifestation of the problem I reported yesterday (Run menu -> Update database doesn't generate db scripts - CUBA.Platform) in which case the capability basically already exists. But I haven’t been able to get it working with 6.4.0.