Currently I have tables like: Pages, Groups, GroupPage, Users, UserGroup
. With pickled sets I can implement the same thing with only 3 tables: Pages, Groups, Users
.
set
seems a natural choice for implementing ACL, as group and permission related operations can be expressed very naturally with sets. If I store the allow/deny lists as pickled sets, it can eliminate few intermediate tables for many-to-many relationship and allow permission editing without many database operations.
If human readability is important, I can always use json instead of cPickle for serialization and use set
when manipulating the permission list in Python. It is highly unlikely that permissions will ever be edited directly using SQL. So is it a good design idea?
We're using SQLAlchemy as ORM, so it's likely to be implemented with PickleType
column. I'm not planning to store the whole pickled "resource" recordset, only the set
object made out of "resource" primary key values.