Moved from GitHub dgraph/5167
Posted by emregency:
Note: Feature requests are judged based on user experience and modeled on Go Experience Reports. These reports should focus on the problems: they should not focus on and need not propose solutions.
What you wanted to do
I was considering to evaluate the Enterprise License as it includes ACL. I wanted to know if I can
limit a user seeing the projects of another user.
What you actually did
I went to the Enterprise Features section of the documentation to see how ACL is handled.
Why that wasn’t great, with examples
The documentation mentions an ACL implementation at predicate-level, maybe similar to an ABAC. It would have been enough if dGraph was not a graph dB. However, as far as I understand from the documentation,
lateral movement is possible with queries and
need to know principle cannot be enforced with this sort of ACL.