I have a large application. Many tables, but just a few are used by external groups.
3 user groups. 1 Internal, 2 External. One external group is Clients and they need
access to some info about their account. I just can’t have them access anyone else’s info or other system info.
From a security standpoint, does it make sense to split things out? The external user has access to their account
(model = Client) and (model = Itemlist). I now have an app "client" that has a model for Client and List
and my internal application "myapp" has a model based on the same tables. Is this bad form?
The external user can log in and see their account, edit a few attributes and add or delete items from their list.
I have implemented so far as 3 seperate apps, but this to me does not make sense as the models and database for
the 2 apps are the same as the main internal app.
Any advice or suggestions?