There is a scenario in one of the projects I am working on, in which there is a central database that is being accessed by various branches and sub-units within the organisation. In addition to role-based entitlements (like operator, admin, approver etc.) which I am aware of how to tackle, there is a requirement to filter data at the organizational unit -level.
For example, see the organization structure depicted below:
In this scenario, any user working at HQ-level would have access to all the data across the branches in those screens for which the user has access (role-based). However, anyone in Branch 1 can see only data of Units 1.1, 1.2 & 1.3. The same holds with Branch 2 as well. As we generalize this to the next level, a user in Unit 1.1 can access only data of Unit 1.1, but not of the other.
So, is such a kind of access control possible with Domain Object Security or any other mechanism in Spring Security?
I am alternatively exploring a possibility of having an interceptor in Hibernate that will do the necessary filtering. Any help in that front also would be useful?
