OrientDB: Large number of users with record level security

Question

Document model. Record level security is on. Average daily created records is 10000 records per user. Searches with no more than 100 records per request.

Where is the reasonable breakpoint for number of db users (hundreds, thousands, millions)?

I found a publication that says this is not a good idea (http://skwidge.github.io/OdbResource/doc/whitepaper.html)

OrientDB encapsulates a connection to a graph database with an instance of the class OrientGraph. The credentials must be passed in at instance construction. This means at least one OrientGraph instance must be created for each logged in user. This will eventually hit limits with large numbers of users.

Any experience with this approach?

Thank you.

Answer 1

I wrote that publication. I also wrote https://github.com/skwidge/OdbResource a library for managing OrientDB connection pools in Tomcat.

After I wrote that little paper one of the OrientDB devs pointed me in the direction of OPartitionedDatabasePoolFactory which allows for connection pooling in OrientDB.

I never really tested it at scale though, and I suspect it wouldn't scale that well. I think when they wrote the engine they just assumed that database users would be per application, just as for a traditional database.

These days you would probably use an identity management service (something like Ory Kratos and/or Hydra) and OAuth2 to solve this problem - especially in the currently more fashionable microservices architectures.

I still think there was a missed opportunity for Orient Technologies here.