Our security model was never really thought out, it just grew organically over several years. We recognized that is was causing usability issues but also knew that fixing it would be a major undertaking that would affect every area of the app. Eventually, it started blocking us from introducing features that were essential for us to compete in the market place. After waiting far too long, we made the commitment to fix this. This is how we did it.
Check out my other video on how I used Principle Driven Design on this project to guide us to success.