I am building an MVC application that uses a database repository to access data.
My application has more than one role for security.
Based on roles, I need to restrict DATA access in a repository (which is basically a data access layer).
In some cases the entire query may be permitted for role A, but completely blocked for role B.
In some cases the database rows my be filtered based on role A versus role B. This could involve a variant on the LINQ query to get only certain rows based on your role.
I think it is a good idea to keep the security for data access as close to the database layer as possible to hide from the implementation in controllers and such.
I just do not know a clean and maintainable way to do this.
I would think restricting data and queries based on role would be common, but I cannot find a ton out there on any best practices.
Thanks.