*Users:* - User1 is Executive of Company1 - User2 is Manager of Company1 - User3 is Executive of Company2 - User4 is Manager of Company2 - User5 is Executive of both Company1 & Company2 - User6 is Manager & Executive of Company2 - User7 is Manager of both Company1 & Company2
*API endpoint:* https://api.example.com/users/{id} When I authenticate, the system already knows which company / companies I belong to and what role(s) I have. Given that I have few rules. *Rules:* - Every employee can access his own company's data. - Managers can access all Executive data. - Executives can only access personal data. - One person can belong to multiple companies. One person can have multiple roles. - Only the highest authorization counts if a person has two roles in a company. How can I implement it using Apache. I found few modules in https://httpd.apache.org/docs/2.4/howto/auth.html But not understanding, will i have to implement these logics in my app or can i use these modules to solve this problem? If this can be done using modules then please give me some sample config so that i can work with it.