I'm designing a financial system that should grant access to data based on roles and privileges. For example, a manager can see the financial transaction of users under his domain but not information regarding other transaction. Although it's possible to implement ad-hoc I was wondering if there are patterns or guidelines for implementing such instrumentation.
Data Roles – Design Pattern for Data Privileges
dataroles
Best Answer
The Proxy Pattern has a few uses, one is specifically designed for access control. The C2 Wiki also has a discussion of the Proxy Pattern and its variants and more specifically the Protection Proxy.
When the client makes a request, it is forwarded through the Proxy, which would contain your permission checks and access control. If the request is valid, the results would be returned from the RealSubject through the Proxy.