Hi HN, I’m a fairly senior Danish developer with a challenge. We’re building a database that needs to accommodate different users, and different applications with different data access on a field/column level. We want to mask certain forms of data and ideally we want to build it code-first. It’ll be setup using Azure, very likely Azure SQL. I have been reading through the official documentation, and in a non-code-first situation the Azure SQL functionality seems to tick most of the boxes, but Entity Framework seems to lack behind, or maybe I’m just not understanding the EF documentation correctly. We’ve discussed handling the security in an one-ring-to-rule-them-all API, possibly using .Net and Microsoft Odata with EF, but we’re already seeing a lot of users with that considering we rub react fronts and do a lot of computing in various Azure Functions.

An example “use case” is two asset and one investment manager accessing an asset where they all have different access to the information. The asset managers get access based on their team and seniority/responsibility, the investment manager gets access to GDPR sensitive data. Now add this scenarios a hundred times, and also add this happening in 3rd party data consumers.

In the future most of the access will happen through a MDM, but the future is an enterprise architecture abstract.

How would you approach this? Do you know a place to read up on best practices for this?