I am working on a project to monitor multiple sites with roles admin, manager and operator. Each site will have their own users with admin, manager, operator roles. Users from one site should not have access to information from another sites, except for “all sites” users. I am considering two options for the security setup:
What should be the best practices for these type of application? Any suggestions will be appreciated.