You probably want to grant full rights to an outside authentication/authorization service that handles the fine grained rights for private tables.
That way you don’t lock the main functionality up with the rights management aspect and 1,000+ custom permissions and role sets.
Authorization is the front door to a hallway with keyed doors behind. Have a peep hole to authenticate where necessary, but don’t complicate the core product with it.
Heck, roll your own version if you have time. With this system you can change it in and out and not have to rewrite your base to accommodate. An oversimplification, as are most things.
That way you don’t lock the main functionality up with the rights management aspect and 1,000+ custom permissions and role sets.
Authorization is the front door to a hallway with keyed doors behind. Have a peep hole to authenticate where necessary, but don’t complicate the core product with it.
Heck, roll your own version if you have time. With this system you can change it in and out and not have to rewrite your base to accommodate. An oversimplification, as are most things.
My .02c