Vivek Jalondhara. All writing
Back to portfolio
Security 6 min · Oct 2025

RBAC the Right Way: Module, Entity, and Field-Level Access

Real access control isn't a single role check — it's layered, and it belongs in one place.

Coarse role checks fail the moment a product grows. On the CRM I built access control across three levels: modules (can you see this area), entities (can you touch this record), and fields (can you read or edit this column).

The key is centralizing the policy. Scattering permission checks across controllers guarantees gaps; a single authorization layer that every request flows through is auditable and hard to bypass.

Visibility rules then power collaboration features — notes, documents, tagging, and search — so users only ever see what they're entitled to, without each feature reinventing the logic.

Vivek Jalondhara

Full Stack Software Engineer

Get in touch

More writing

View all
TypeScript 5 min

Why I Reach for TypeScript on Every Project

Types aren't bureaucracy — they're the cheapest documentation and the fastest feedback loop you can buy.

React 6 min

React Over Everything: How I Choose a Frontend Stack

The framework matters less than the ecosystem around it. Here's the checklist I run before committing.

Backend 7 min

Node.js vs. Django: Picking the Right Backend per Problem

I run both in production. The choice comes down to the shape of the workload, not religion.