How I can use Rbac in the following scenario.
for example - There are three locations and having Location Manager for each location. and each location then have two departments. Sales and production Sales department - Sales Manager, Sales Employee Production department - Production Manager, production employee. now say employee makes a leave request from either department.
EmployeeRole - can create and view requests.
ManagerRole - can update requests like approve/reject.
In the above circumstances, Manager can view all requests from Sales and product department. How I can restrict Manager to view/update records only from his/her department and as well as location.
That is Location manager can view or update from his/her location and not from other location.
One way I can think of can be achieved by getting the employee department,location and filtering the records based on requests from which department.
I wanted to know if and how this can be implemented using RBAC.