I am working in a core banking domain and got a situation where need to handle the functionality based on the role of the user. For that its required to define some read or write base permission given to the each user and the functionality will workout accordingly.
Found some of the approaches like code-based security and role-based security in which both of them are best suitable for my requirement. But little confused now because I need to go through any one of the approach, so which one is good to go please suggest!
Basically code security always uses permissions and permission sets for a given piece of code or method of a class file to run. For example, an admin user can disable running executable of a function or method off the Internet or restrict access to corporate database to only few applications or can give only read or only write operation on functionality. Role-based security most of the time involves the code/function/class running with the privileges of the current user. This way the code cannot supposedly do more harm than mess up a single user account. So we can't say one of the method is better then other one. It's all like based on requirement we need select the approach.
Now as per your requirement as you have explained like user you want to give permission to access some method as read or write way so you need code based implementation where you can define the method as read for some user belongs to role xyz or write for some user with role abc.