Tim,
Here are the topics that included discussions about how to tweak the security system to include row based security. Of course that can mean lots of things. What my app needs is security based on projects (not VS projects, but projects the clients (who are consultants) are working on and that are defined in the database). Access to projects based on the team working that project and the roles from one project to another can change for a single user.
The solution I'm using is to dynamically set which roles the user has based on the project they are working on. When they login, I have a custom login form that authenticates them and then checks to see what there 'default' project is (meaning which project they use when logging in, which they can set). I track which role(s) they have for each project, so I can assign the roles on the fly. I also have a form that allows them to set their default project and to switch projects. When switching projects, I close all forms and reinitialize the app for the new project (since their roles could change). This also means I need to track roles that are project based (some aren't, they are more 'enterprise' level roles). However, once this is done, it's just normal SF security.
Overview of Problem and discussion of Solution. Has other info not related to my problem, but might be useful
http://forum.strataframe.net/Topic3970-21-1.aspxDiscussion about how to handle users who have access to all projects vs those who are assigned to projects. The solution I'm using is to have a special permission which distinguishes the two (enterprise users have the permission, project users don't). Again there are other solutions and problems discussed.
http://forum.strataframe.net/Topic4164-21-1.aspxThis talks about what happens when a user switches roles or a security admin changes roles.
http://forum.strataframe.net/Topic4986-21-1.aspxA post by Tim Dol on how to support licensing.
http://forum.strataframe.net/Topic5721-21-1.aspxPost by Larry Caylor on row level security. Includes discussion about how SF might support this in the future.
http://forum.strataframe.net/Topic5759-21-1.aspxQuestion about how to authenticate using Windows when user isn't logged onto windows with the needed credentials (like when access is via a VPN, the user is logged onto their machine or another domain, but need to authenticate against a specific domain).
http://forum.strataframe.net/Topic6001-21-1.aspxDiscussion about logging in/out users or switching users. I used information to also determine how to allow users to switch projects.
http://forum.strataframe.net/Topic5981-21-1.aspxI couldn't figure out how to set the session lock timeout...
http://forum.strataframe.net/Topic6057-21-1.aspxThe AfterSessionLock event doesn't work in 1.5.1, but will be fixed in 1.6 (according to this post). Includes a work around.
http://forum.strataframe.net/Topic6102-10-1.aspxA bug in ShowLoginAndAuthUser() that allows session to time out while waiting for user to login.
http://forum.strataframe.net/Topic6058-21-1.aspxDiscussion about using the security views that are distributed with security tables.
http://forum.strataframe.net/Topic6275-21-1.aspxGood luck!
Greg