Advice for policy simplicity
Hey, I'm just getting into policies and wanted some advice on how to make this easy to work with.
So I want all code interface actions to permit calling any function from the application itself or IEx. But I want all external callers to be verified for access. Is this a good start?
If I understand it correctly, this means that if an actor is absent or authorize? is false, the caller is authorized. If an actor is present we check if they are an admin. The Admin UI always disables authorization I think, and if I don't give any extra arguments in my code interface functions then they will go through too.
Is this a good design? What is the performance impact? Or would it better to make separate actions that are only exposed externally and not in the code interface and authorize only those?
So I want all code interface actions to permit calling any function from the application itself or IEx. But I want all external callers to be verified for access. Is this a good start?
If I understand it correctly, this means that if an actor is absent or authorize? is false, the caller is authorized. If an actor is present we check if they are an admin. The Admin UI always disables authorization I think, and if I don't give any extra arguments in my code interface functions then they will go through too.
Is this a good design? What is the performance impact? Or would it better to make separate actions that are only exposed externally and not in the code interface and authorize only those?
