I am using Rhino Security to secure NHibernate entities on a huge database. Part of the requirement is to implement business rules that'll map to Rhino EntityGroups to filter out data based on logged in Users UserGroup entitlements:
Entity: Account
EntityGroup: Confidential Accounts
BusinessRule: Revenue > $10000
My questions are:
1) Does it make sense to define business rules like above in security admin and then map those to EntityGroups
2) At what stage should I add Account entity to EntityGroup 'Confidential Accounts', obviously I can do at the time of Save/Update an account however, there can be n number of similar EntityGroups and to evaluate current Account entity membership on the fly will be a big hit to performance
Please suggest
Thanks, Roshan