I'm getting a pretty good handle on MTS roles, but not sure where to draw the line between using roles and enforcing security within the component. For example, we have several products. Everyone has view rights to information about all products. Person A can add information about product A, but not products B & C. Person B can add information only for product C. Would this be better designed with appropriate roles for each product (which means adding roles when a product is added), or to have a product administrator role and then enforce add rights through tables?