I have a web application where Security admin will define a role, assign it to a userId , assign the list of functions (create,edit etc) to the userId. Also userId can be made read/write access so that throughout the application he will have only read-only.
Here comes my problem, I have these role to functions and role to user and role to access information in a database.
What is the best way to implement the authorization ? i.e, hide or disable some buttons/menu links based on the database values. Or is there a better way to implement this requirement as my company requires to assign functions to a user dynamically without a program change.