I have a need to build a SINGLE cloud server for multi-tenant app.
The app is essentially a CRM and operations platform for non-profits.
There are two pertinent data types: FAMILIES (accounts) and MEMBERS (people from those families)
What I need to deliver is this:
- a user can be granted access to their FAMILY ‘portal’
- the portal allows them to manage FAMILY contact info, data on themselves AND any other associated family MEMBERS, see FAMILY transactions/statements etc…
- no other MEMBER users (except internal staff) must be able to see any of this personally identifiable or sensitive data, suggesting the need to manage ACLs by family.
So, I am thinking I need to set up each MEMBER with a related USER account in order to grant access to data via ACL
Additionally, it seems that the best way to manage the data of family contact info by multiple MEMBERS (via their associated USER accounts) is to create a ROLE for each FAMILY and grant permission to certain MEMBERS (ie parents of that family) to have access to that ROLE.
The only problem of course is it leads to hundreds of thousands of USER accounts and 10s of thousands of ROLES.
Alternatively, would it be better to skip creating a role ROLE for each family, and just try to set each authorized MEMBER to each child data record’s ACLs directly as a user (likely as an afterSave callback)?
I would appreciate any thoughts/suggestions!