I don’t like rights management with ADO.NET Data Services.
Indeed, you can use a method with ChangeInterceptor attribute to manage CUD operations and a QueryInterceptor attribute to manage Read operations. But if it’s a right logic, I think it should be in the entity class (in the BLL) and not in the service.
With my POC, you just need the entity type implements one or two interfaces:
public interface IEntityNeedRightToRead
bool CanRead(string login);
public interface IEntityNeedRightsToWrite
bool CanChange(string login, string propertyName);
bool CanChangeLinks(string login, string propertyName);
bool CanAdd(string login);
bool CanDelete(string login);
Moreover, in my sample, I have the Login property in my entity types so it’s easy to return the default value of a property if you don’t want to expose it for the connected people.
The next step is, in this case, to exclude the property if it is in ETags.