Great points, there are a lot of benefits to using a separate service to manage access control. You could even imagine using one service to control access to different datastores, then forwarding a role/user credential to each datastore to allow it to further control access, (making the solution offered in this article just one of those stores).
Many datastores support RBAC natively, so each of your stores could define access controls exactly internally which seems like a great separation of concerns to me. Personally, I've been digging into row-level security in Neo4j and Elasticsearch, both of which may be on their way to stealing my heart from Postgres but haven't quite yet.
Many datastores support RBAC natively, so each of your stores could define access controls exactly internally which seems like a great separation of concerns to me. Personally, I've been digging into row-level security in Neo4j and Elasticsearch, both of which may be on their way to stealing my heart from Postgres but haven't quite yet.