Hi, we are struggling trying to model our authz system, having the following components:
User -> (John Doe, Mary Blee) a user can have different roles on different Region/Location. For example, John could be SalesManager in Italy, and Accountant in Hungary and ITSupport in LATAM.
Region -> (APAC, LATAM) groups administrative locations. A user can have a specific role to an specific Region.
Location -> (Italy, Hungary) the resources belongs to locations.
Role -> (SalesManager, SalesClerk, Accountant, ITSupport) a role groups the permissions over the different resources.
Resources -> Orders, Bills.. etc.. Scoped to locations.
Our main issue is how to establish the relationships between user:John and role:SalesManager in Location:Italy.
Please, could you help us on this?