Look into ABAC instead of RBAC
Some random links:
- https://docs.okera.com/odas/latest/access/authorization-abac/
- https://py-abac.readthedocs.io/en/latest/policy_language.html
Open questions:
How to deal with storage and collections in an efficient way without fetching/de-serializing everything?