I have used Azman in a previous project and it works well when authorizing operations on a system-level
In a new project, I need to manage authorizations on a record level.
What is the best way of achieving this? If there is an authorization API that supports this I would be glad to hear about it. Otherwise, any suggestion is welcomed.
AzMan has a feature called scopes that can accomplish what you are asking. A scope can be any piece of data. Here at work, for example, we have a branch scope. So, for a person assigned to a scope of 1234, that person can only perform the operations assigned to them on data belonging to branch 1234.