I have a general (best practice) question regarding where to enforce authorization to MaprDB tables. We are building a reporting layer that serves data from the MapRDB and the question really is about where to enforce authorization. Should we create ACE's within MaprDB to enforce security at tables / CF / columns and then user 'impersonation' to access MaprDB table data ? or should we keep a mapping / looking table like (user x has access to tables a, b c and CF t,y) at the API layer and then enforce the authorization outside the MaprDB.
I see pros and cons with both approaches but would like to hear about the best practices from the community.