Using Themis in a hierarchical data query scenario

Aug 31, 2012 at 4:07 PM

I have the following (simplified) scenario for implementation in a business application and today I stumbled on Themis - as a possible authorization framework.

I want to model a hierarchy of dealers organizations, each dealer having an HQ, a set of points of sales, each point of sale can have many corner shops. From the point of view of the application, I treat all entities as "agents" organized in a tree. Each user belongs to a specific agent and depending on his roles he can view only the agent where he is assigned or if it is a manager he can see all subordinated agents.

I am using NHibernate and I successfully mapped the domain model. I want to implement the MVC app which can:

Each user 

Is Themis a good framework for managing the access rights for this kind of business scenario? Can you help me with a sample modeling of the roles/claims in Themis for this in order to be able to write queries like:

- give me all agents to which a user is allowed to see?