|
|
|
|
|
|
by OrionSeven
3774 days ago
|
|
|
I tend to agree with olalonde. What you've described is a well accepted method to handle authorization (sounds like you've implemented role-based access control). But for things like, can't delete yourself, etc., those in my mind are business rules and not authorization rules. In fact that's a validation rule and not authorization rule. |
|
|