We are developing a winforms CRM application with the use of ADO Entity Framework. For the security model we looked at role-based security but find it to sensitive to change. Our requirements are very complex since we need to define permission on a criteria. An example would be that "advisor" could only be modified by user X if the relation isn't a "customer" yet.
With this in mind we would like to implement a rights-based security model. The rights could be defined on entity level, but how do i implement the criteria part?
With our timeframe in mind, we have chosen to use NetSQLAzMan. It can define security based on role, tasks and operations. The criteria can be implemented through "biz rules" which are c# scripts that can access parameters which will be supplied when calling the access check methods.