A RBAC with resource granularity.
Example:
In my App I have the:
- Resources: organization, etc
- Roles: org_owner, org_delivery, etc
So, a user will have one of the above roles/permission over one or more resources, not over the App (all resources in the App).
User1:
- org_owner of organization1
- org_delivery of organization2
User2:
- org_owner of organization2
- org_delivery of organization1