I have an application with many users. I'd like to limit the information that certain users can see. This is not done at a resource/controller level, but at an actual "item" level. For instance, User 1 has read access to Item 1 and Item 2. User 2 has read access to only Item 1.
I'd like to be able to leverage something inside the Azure cloud platform to be able to answer the question, "Does this user have this permission on this item?"
The answers I've found on Stack Overflow so far have lead me to a page on the azure documentation that says how to implement an ID as a service provider. It doesn't say how to use Azure to act like an IDaaS.
Ideally, I'd be able to set up a custom role that gives Read Access to Item 1 and I'd be able to assign that role to User 1 and 2. At some point in the future, I'd be able to ask Azure, "Can User 1 read Item 1?".
The other solutions I've seen on Stack Overflow link to examples that rely on using the .net framework and deconstructing the token Entra ID returns. Perhaps this is the way to go about it and getting and deconstructing the Entra ID token is the best practice. Is there a graph or API endpoint that I can call to get the Entra ID token without being in the .NET framework?