The problem space: High Level-> I'm looking for a way to apply security access policies during the runtime of my application (and use AOP to do this).
In detail-> I currently store customer's data into the same database tables and use Row Level Security to control who sees what. The current RLS policies use more "Military" security markings and I'd like to generalize my security markings to cover the broader concepts of healthcare, weather, city data and so on. I will probably have to ditch native database RLS and move towards a SW based solution (which is fine).
What I've tried: Nothing yet. I'm brainstorming and figured I'd reach out to the community to see if using AOP to inject security policies at runtime is a really good/bad idea. On the surface it seems like a good idea. In my mind, having one code base, but injecting security access policies based upon a context (military/healthcare/...whatever) seems to make sense.
