Implementing Granular Authorization
Designing fine-grained authorization reminds me of a story of a renowned bank manager who was very disturbed by a robbery attempt made on his safe deposit vault. The bank manager was so perturbed that he immediately implemented multiple layers of security and passwords for the vault. The next day, a customer request required that he open the vault. The manager, in all his excitement, forgot the combination, and the vault had to be forced open (legally, of course).
As you may gather, designing fine-grained security is a tricky proposition. Too much security can be as counterproductive as too little. ...