I have a use case where i need to restrict a user when they are in a certain role to only edit "their own" record(s).
What's the best way of doing this?
I obviously know the user making the request and have/can load their roles up and if in this role, then check if the record belongs to them. I'm thinking I can write this code in the DataPortal_Fetch method for example and throw a SecurityException.
Is that the best solution here?
The authorization rules are per type, so no help here unless we can still do some sort of per-instance rule?
Thanks.
Richard.
