2
It is necessary to check whether the user is allowed to view/edit data from a particular client.
This verification occurs in almost all application operations.
Currently when logging into the application, I only query the database and check which clients are associated with the user and save in a session.
When it is necessary to check if the user is allowed to view/edit client data, I do a session FOR and check if the client ID exists.
It turns out that there are users with permission to view/edit 5 clients and others with 300.
Recording in session and doing a FOR will always be faster than a database query?
OBS.: data integrity is not a concern, only if reading an array will be faster than reading the database.
And if you used an ACL (Access Control List)? In that, for example, done in PHP, you would create the Handler and a Roll for the logged in user and then add a Resource (addition, editing...) for each client that the user would have permissions. If any Resource, of any client, if prohibited, as exclusion, you would create a denial rule. And on each page you would check permissions and authorize or not.
– Bruno Augusto