Databases Reference
In-Depth Information
ensure that users and administrators see and change only those parts of the organization
and the products and services they are entitled to manage, the application employs a
complex access control system, which assigns privileges to many millions of users across
tens of millions of product and service instances.
TeleGraph has decided to replace the existing access control system with a graph data‐
base solution. There are two drivers here: performance and business responsiveness.
Performance issues have dogged TeleGraph's self-service application for several years.
The original system is based on a relational database, which uses recursive joins to model
complex organizational structures and product hierarchies, and stored procedures to
implement the access control business logic. Because of the join-intensive nature of the
data model, many of the most important queries are unacceptably slow: for large com‐
panies, generating a view of the things an administrator can manage takes many mi‐
nutes. This creates a very poor user experience, and hampers the revenue-generating
capabilities of the self-service offering.
The performance issues that affect the original application suggest it is no longer fit for
today's needs, never mind tomorrow's. TeleGraph has ambitious plans to move into new
regions and markets, effectively increasing its customer base by an order of magnitude.
The existing solution clearly cannot accommodate the needs of this new strategy. A
graph database solution, in contrast, offers the performance, scalability, and adaptive‐
ness necessary for dealing with a rapidly changing market.
TeleGraph data model
Figure 5-8
shows a sample of the TeleGraph data model.
This model comprises two hierarchies. In the first hierarchy, administrators within each
customer organization are assigned to groups; these groups are then accorded various
permissions against that organization's organizational structure:
•
ALLOWED_INHERIT
connects an administrator group to an organizational unit,
thereby allowing administrators within that group to manage the organizational
unit. This permission is inherited by children of the parent organizational unit. We
see an example of inherited permissions in the TeleGraph example data model in
the relationships between
Group 1
and
Acme
, and the child of
Acme
,
Spinoff
.
Group
1
is connected to
Acme
using an
ALLOWED_INHERIT
relationship.
Ben
, as a member
of
Group 1
, can manage employees both of
Acme
and
Spinoff
thanks to this
AL
LOWED_INHERIT
relationship.
