This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2022-09-06
Channels
- # announcements (12)
- # asami (3)
- # babashka (59)
- # beginners (20)
- # biff (1)
- # calva (87)
- # cherry (8)
- # clj-kondo (41)
- # clj-together (4)
- # cljdoc (5)
- # cljfx (4)
- # cljs-dev (2)
- # cljsrn (6)
- # clojure (63)
- # clojure-europe (22)
- # clojure-nl (1)
- # clojure-norway (35)
- # clojure-uk (4)
- # clojurescript (5)
- # conjure (2)
- # datalevin (4)
- # datascript (8)
- # datomic (16)
- # events (1)
- # figwheel-main (1)
- # fulcro (9)
- # hyperfiddle (4)
- # introduce-yourself (1)
- # jobs (3)
- # kaocha (10)
- # lambdaisland (2)
- # lumo (7)
- # nbb (1)
- # off-topic (29)
- # pathom (15)
- # re-frame (80)
- # releases (1)
- # remote-jobs (4)
- # shadow-cljs (13)
- # spacemacs (9)
- # sql (25)
- # squint (32)
- # tools-deps (6)
- # uncomplicate (6)
- # xtdb (15)
I am considering the suitability of Datomic Cloud for my org, and I am faced with the challenge of managing data ownership of many entities and attributes. We have several teams, each of which has their own domain of system ownership, and it makes sense to me that our system would somehow enforce the ownership of attributes such that only certain teams or processes are allowed to write to those attributes. I think what I'm looking for is essentially an ACL (access control list). Is this a good idea? What approaches are available for implementing this? Ideally I would implement this in the database itself, rather than in code that wraps the transact function, so that I could say definitively that the system behaves this way without a way to get around it.
Postgres is off the table for now for other reasons. I'm most interested in how others have tackled this problem in Datomic Cloud (or in Datomic On-Prem if there's a significant difference).
maybe others know better but I can see only two options, use custom transaction functions (what you are asking for)(https://docs.datomic.com/cloud/transactions/transaction-functions.html#custom) which can affect performance heavily or write your own abstraction at the application layer.
I suppose a restatement of my problem in more general terms is: "How do you keep track of what part of your system is doing what, when you have a large system and a large organization managing that system, and each part of the system has unconstrained write access to a shared datomic instance?"
With datomic on-prem I would have guessed the answer is "have a separate datomic instance for each domain of ownership. Constrain writes to a single instance at a time, and join reads across instances" but my understanding is this "join reads across instances" is not supported by Datomic Cloud.
I should clarify that the problem is not just about tracking what happened in the past, but about establishing certainty around what the system will do in the future.
I don't think event sourcing really addresses either the historical or the forward-looking aspects of this problem.
anyway, datomic is a dumb database, in the sense that the smarts are mostly done using something else or writing the code in the app layer
@UANMXF34G Keeping track of vs enforcing can be a pretty large gap. For the former you can https://docs.datomic.com/cloud/transactions/transaction-processing.html#reified-transactions to capture arbitrary information. I have seen this used to store a variety of data about who performed a transaction (user|system|etc) as well as why a transaction was made. A Datomic cloud system can also support connections to multiple databases if that better addresses your problem.
This presentation might contain the info you need: https://youtu.be/7lm3K8zVOdY
@U0508JRJC Thanks for your response! It's news to me that Datomic Cloud can support connections to multiple DBs. Can you help me locate more information about that? The info I had found indicated that Datomic Cloud queries could only run against one database. https://forum.datomic.com/t/joining-across-databases-in-datomic-cloud/1632/2
You can for sure def connections to multiple DBs and query each as needed. You cannot join across multiple DBs.
Hmm, yes that would be a significant downgrade in power for what I have in mind.