The second part of your question is very close to the description of the Repository template . This approach can be used to solve the problem of recording by recording by forcing user-specific filters.
This approach separates your client business logic from row-based security: if you later decide to change the way you record your records, all you need to change is to implement your repository. Customers do not even have to recompile.
EF defines the repository for all of your business objects as a partial class. You can add an interface on top of it (in a separate file) and implement the methods of your repository using the methods created by EF:
IMyRepository { IQueryable<ClientOrder> Orders; IQueryable<ServiceIssue> Issues; } // The other part of MyRepository is EF-generated. // Assume that EF provides properties these properties: // - ObjectSet<ClientOrder> AllOrders // - ObjectSet<ServiceIssue> AllIssues public partial SecureRepository : IMyRepository { private readonly Guid userId; public SecureRepository(Guid userId) : this() { this.userId = userId; } public IQueryable<ClientOrder> Orders { get { return AllOrders.Where(ord => ord.UserId == userId); } } public IQueryable<ServiceIssue> Issues { get { return AllIssues.Where(csi => csi.UserId == userId); } } }
You can add write methods that set UserId for orders and problems before storing them in the database.