Hi
I'm building an enterprise enabled (
EJB etc) solution for my company. (Well my team is..
)
The problem we have now is that 'security' constraints have blown way out of proportion to initial documents.
Initially using the application server's built in security was sufficient. I.E. If this role then execute this method. If you had the proper role to get a list of clients for your division you would be able to see all the clients returned, and, edit them all you wanted. (Kind of like the honour system).
Now we need to be more selective. If you, as a user, creates a client only the users in your division can see them. Also only you or someone higher than you in the 'roles hierarchy' can modify or delete this client. Additionally anyone lower then your on the role hierarchy could have SOME of the information with this client hidden.
In effect I'm filtering the data already returned by the DB/app server.
Now I've analysed some methods of using bitmasks and performing logical operations, but I think my experience is falling a bit short on a real robust solution, even though I do have one. (Too lengthly to post here).
What I was wondering is if anyone has built or bought a 'security' or filtering tool to handle just these kinds of scenarios.
Thank you for your help in advance.