I need security separation between user groups in a Rails application (ie multiple paying customer companies with individual users). Because the data is privacy critical (accounts data) it is vital that one user group can't see what is going on in another. But I still want shared physical infrastructure if I can get away with it.
So what is the accepted standard for implementing this aspect in Rails?
It seems to me that this problem keeps getting solved again and again. First the operating system has a security mechanism based on users and groups. So the database ignores that one and implements its own separation based on its own user database. Then the application ignores both of these solutions and does its own thing again.
Simplistically you do it in the application and risk a bug giving access to somebody elses data. Seems a bit dangerous to me
Beyond that you implement one database user and one database within the shared DBMS per client company and run up mongrels and a specific URL locked onto that database. That way you're guaranteed that the customer separation exists. But that doesn't appear to be easily handled by the configuration systems.
Has anybody got a good handle on this? It must have been solved dozens of times by now.
