Besides securing access to the file, we may want to show a subset of the whole data to certain users. This is achieved by reducing the amount of data shown when a user is authorized and authenticated.
Although the data is reduced and hidden from the users, it will still remain in the application. This means the data doesn't get deleted, but it is only shown to whoever is supposed to have access to that dataset.
To understand this better, let's work with the following example. We have a list of sales managers. Each manager has access to one or more country sales figures, as shown in the following table:
Sales Manager |
Country |
Sales |
Peter |
Germany |
100 |
John |
United Kingdom |
100 |
John |
Germany |
50 |
Peter is a sales manager in Germany and should only see his or any other sales made in Germany. John can sell in Germany and the United Kingdom and thus should be able to see any sales generated in those countries by any sales manager. Based on these rules, we must use section access to authenticate and authorize access to John and Peter to our application, but once they are in, we should reduce the data so John can see data for Germany and the United Kingdom and only Germany for Peter.