Im doing authentication/authorization in a generic way but i have a problem, some behaviors of system are dependant of user role and one user can have more than one role.
Its not only about user can/cant do some action but action itself change for each user role, there is a lot of metadata related with each role and cant realize how keep cohesion.
If i merge security with business the coupling will be hight and all become a messy and if keep separate creating tables for each i will get some entities double and i get a messy too.
One small part of metadata is:
One employ if junior can build only basic part for one job for only one customer or get basic job abandoned started by another junior in same customer
If master can build new basic part and fix/manage building made by all juniors from one customer.
If manager can do everything for all customers and control master job.
For each job one junior need choose one master related and one master need choose one manager, when one junior get abandoned job he become owner but when master fix one job the creator junior keep ownership.
Create one table to each entity until reach a tree, each time one new role appear create a new table, then use this structure to control system. Keep users on user tables and employees on employees table, each user has one password and login and after must login with employees password and login too. Its solve your problem.