/// <summary>
        /// Grant a particular rights holder specific rights to an entity.
        /// </summary>
        /// <param name="rightsHolderId">The rights holder's id.</param>
        /// <param name="entityId">The entity's id.</param>
        /// <param name="rightId">The specific right's id.</param>
        /// <returns>The id of the AccessControl row.</returns>
        internal static Guid GrantAccess(Guid rightsHolderId, Guid entityId, Guid rightId)
        {
            DataModelTransaction transaction = DataModelTransaction.Current;
            DataModel            dataModel   = new DataModel();
            Guid             currentUserId   = TradingSupport.UserId;
            UserRow          currentUserRow  = DataModel.User.UserKey.Find(currentUserId);
            RightsHolderRow  rightsHolderRow = DataModel.RightsHolder.RightsHolderKey.Find(rightsHolderId);
            Guid             rightsHolderTenantId;
            AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(rightsHolderId, entityId);
            Guid             accessControlId  = Guid.Empty;

            // Determine whether current user has write access to the entity.
            if (!DataModelFilters.HasAccess(transaction, currentUserId, entityId, AccessRight.Write))
            {
                throw new FaultException <SecurityFault>(
                          new SecurityFault(String.Format("{0} does not write permission to {1}", rightsHolderId, entityId)));
            }

            rightsHolderRow.AcquireReaderLock(transaction);
            rightsHolderTenantId = rightsHolderRow.TenantId;
            rightsHolderRow.ReleaseReaderLock(transaction.TransactionId);

            // Determine whether current user's tenant is upstream from rights holder we're modifying.
            if (!DataModelFilters.HasTenantAccess(transaction, currentUserId, rightsHolderTenantId))
            {
                throw new FaultException <SecurityFault>(
                          new SecurityFault(String.Format("{0} does not control over tenant {1}", rightsHolderId, rightsHolderTenantId)));
            }

            if (accessControlRow != null)
            {
                accessControlRow.AcquireWriterLock(transaction);
                accessControlId = accessControlRow.AccessControlId;
                dataModel.UpdateAccessControl(
                    accessControlRow.AccessControlId,
                    new object[] { accessControlRow.AccessControlId },
                    rightId,
                    entityId,
                    rightsHolderId,
                    accessControlRow.RowVersion,
                    rightsHolderTenantId);
            }
            else
            {
                accessControlId = Guid.NewGuid();
                dataModel.CreateAccessControl(
                    accessControlId,
                    rightId,
                    entityId,
                    rightsHolderId,
                    rightsHolderTenantId);
            }

            return(accessControlId);
        }
        /// <summary>
        /// Revoke any and all access a rights holder has to an entity.
        /// </summary>
        /// <param name="rightsHolderId">The rights holder's id.</param>
        /// <param name="entityId">The entity's id.</param>
        /// <returns>The error code.</returns>
        internal static ErrorCode RevokeAccess(Guid rightsHolderId, Guid entityId)
        {
            DataModelTransaction transaction = DataModelTransaction.Current;
            DataModel            dataModel   = new DataModel();
            Guid             currentUserId   = TradingSupport.UserId;
            UserRow          currentUserRow  = DataModel.User.UserKey.Find(currentUserId);
            RightsHolderRow  rightsHolderRow = DataModel.RightsHolder.RightsHolderKey.Find(rightsHolderId);
            Guid             rightsHolderTenantId;
            AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(rightsHolderId, entityId);

            // Determine whether current user has write access to the entity.
            if (!DataModelFilters.HasAccess(transaction, currentUserId, entityId, AccessRight.Write))
            {
                return(ErrorCode.AccessDenied);
            }

            rightsHolderRow.AcquireReaderLock(transaction);
            rightsHolderTenantId = rightsHolderRow.TenantId;
            rightsHolderRow.ReleaseReaderLock(transaction.TransactionId);

            // Determine whether current user's tenant is upstream from rights holder we're modifying.
            if (!DataModelFilters.HasTenantAccess(transaction, currentUserId, rightsHolderTenantId))
            {
                return(ErrorCode.AccessDenied);
            }

            if (accessControlRow != null)
            {
                accessControlRow.AcquireWriterLock(transaction);
                dataModel.DestroyAccessControl(new object[] { accessControlRow.AccessControlId }, accessControlRow.RowVersion);
            }
            else
            {
                return(ErrorCode.RecordNotFound);
            }

            return(ErrorCode.Success);
        }