Activity based authorization is a great design pattern. It can save you a lot of work, and significantly increase the flexibility of your authorization system.
Three things are required to successfully implement activity based authorization:
- A mapping of roles to activities (usually in a database)
- A way of specifying which activities require authorization
- A mechanism to authorize a user for a given activity assuming the above
What is an activity?
Using CRUD as an example: