jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-30 03:01:36 -05:00
Code Issues Projects Releases Wiki Activity
Files
11f0530d216d2fa07db63e17fa53b278fade2923
docs/data/reusables/apps/best-practice-store-data-with-context.md
Hirsch Singhal c2342d412a Add id and org contexts best practices (#50817) 
Co-authored-by: jokego <100397366+jokego@users.noreply.github.com>
Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com>
Co-authored-by: SiaraMist <siaramist@github.com>
2024-06-27 20:29:09 +00:00

975 B
Raw Blame History

Beyond tracking user identity via the id field, you should retain data for the organization or enterprise each user is operating under. This will help ensure you don't leak sensitive information if a user switches roles.

For example:

  1. A user is in the Mona organization, which requires SAML SSO, and signs into your app after performing SSO. Your app now has access to whatever the user does within Mona.
  2. The user pulls a bunch of code out of a repository in Mona and saves it in your app for analysis.
  3. Later, the user switches jobs, and is removed from the Mona organization.

When the user accesses your app, can they still see the code and analysis from the Mona organization in their user account?

This is why it's critical to track the source of the data that your app is saving. Otherwise, your app is a data protection threat for organizations, and they're likely to ban your app if they can't trust that your app correctly protects their data.

Reference in New Issue View Git Blame Copy Permalink