In the applications we designed so far, we took a very simple approach to access control. Based on someone's login credentials we either allowed access or not. We slightly expanded this notion in the books applications where deleting a book meant that the association between a book and an owner was deleted rather that removing the book instance from the database altogether.

In many situations, a finer control of privileges is required, but if this control is hardcoded into the application maintaining it will rapidly become unwieldy. We therefore need something that will allow us to manage access privileges in a simple way and in a manner that allows easy expansion.

Consider the following scenario: In a company using our CRM application, different accounts are owned by different sales persons. It's a small firm so everybody is allowed to see all the information on all the accounts but changing information for an account is restricted to the sales person that owns that account. Of course the sales manager, their boss, is allowed to change this information also, regardless of whether he owns an account or not.

We could implement such a strategy by letting the update() method of an Entity check whether this entity has an account and owned by the person doing the update and if not, whether the person is the sales manager.