Is there a possibility to set the access control lists per category and not only per stream?
We use the category for a simple multitenancy system.So every tenant stream is prefixed with a tenant identifier. The name for a customer aggregate then looks like this:
Tenant A
- tenanta-customer-7af1d88a-574a-4ffd-a65c-621ed1a5dcfc
- tenanta-customer-a5fcade5-71e5-4538-89ec-303e5cb0e90b
Tenant B
- tenantb-customer-bc31b7b7-bdb3-4160-8395-774ae8e922a4
- tenantb-customer-3745c63e-0297-4e4f-9303-a61416f7174c
So the ACL should allow tenant A only to access all streams starting with “tenanta-" and tenant B the streams with "tenantb-”.
Is there any way to achieve this with the current ACL system? (I saw there was a discussion back in 2016, but without any result).
The alternative would be to use a reverse proxy in front of the eventstore that does the authentication/authorization.