My team is designing a RESTful API in JAX-RS, and we have the need to restrict the availability of certain rows in our database based on the ID of the authenticated "Operator" (our word for User). In other words, an Operator should only be able to access entities that are under his jurisdiction. At the beginning of each request, we authenticate the Operator making the request, allowing us to provide security features based on the Operator's role and ID.My team is designing a RESTful API in JAX-RS, a