controller action access control


I have a issue I don’t know how to resolve.

I have some controllers and actions I want to give access to specific users.

For example one secretary needs access to reports however the other not. On the contrary the second one needs access to deleting customers while the first one shouldn’t. There are a lot of rules like that in my project but there is no pattern in these cases, so RBAC is rather not an option.

Has anyone of you run into such issue?

Thank you for response :)

Did you looked at this?

RBAC IS the option in your case. Just analyze your business demands in a finer-grained level and construct the RBAC hierarchy accordingly.