Requirement:
Per user define access lever to Customer accounts by customer group.
Example:
User01 has read access to CustGroup A & B, updateaccess to groups C & D and no access to groups E & F. A new table stores the association between UserId, CustGroupId, and AccessLevel.
I understand how the security policy can prevent the user form CRUD for groups E & F. I don't see a mechanism for changing/assigning access level.
Thanks for your help and/or advice!